a6a184dfb4591547818c5ae3a0975b36267b8c4e1e0d3cfb1aefb655da316e09

General

Target

19710096274.zip
Size

11.7MB
Sample

241101-vmjpps1pb1
MD5

28c2b9d18fdb974285ba7ea375c0db76
SHA1

ca36004b45f3a3b436a56212cc5f96f8267e5147
SHA256

a6a184dfb4591547818c5ae3a0975b36267b8c4e1e0d3cfb1aefb655da316e09
SHA512

0bd7c3bf5df93f52ce257a7aea31286df2e989e1c5d61120f558b8c5951cecf8ca9f25b87fae23decd403eb464dd89b308b7fe13ac494a63a0dc7cf7f04860be
SSDEEP

196608:Tsjj37uI/smhdv+NTcJKGlWmMKiUEoAGQK5xFpydqOdU5cvRu8lTcYxoR6zFIpkv:TWr73smX+Zcw3GQCEdqTr2ISJIahUi+2

Score

7^/10

Malware Config

Targets

- Target
  
  e530813391ea660ddc3b94495b060a5b8d73368aff5ad8a3ab3f645234c764e5
- Size
  
  17.9MB
- MD5
  
  c878f89fc345d39a5b599c167ce23fa5
- SHA1
  
  eb323deaa19469557b81bf99cf1aeb13c268c1d8
- SHA256
  
  e530813391ea660ddc3b94495b060a5b8d73368aff5ad8a3ab3f645234c764e5
- SHA512
  
  a53b13d285d7c5962a45afc929228c2ce94de344a50def687285341b6fbf3f67dd445544e4e9cee8d4bc60998c0d0cb86d981c80fa5c69af2f01cff24c8e93d4
- SSDEEP
  
  196608:DS69BN8O5zZcRGGBEbcjxrlzDV6Ml7asRyOdtkXGXXwcKJmUMGlOrINAHKdMabDr:DL0OGBEbc1Has0OdtcugchNXrINndjX
Score

6^/10

evasion
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
- Declares broadcast receivers with permission to handle system events
- Declares services with permission to bind to the system
- Requests allowing to install additional applications from unknown sources.
  evasion
- Requests dangerous framework permissions
behavioral1 behavioral2 behavioral3
- Target
  
  update.apk
- Size
  
  8.1MB
- MD5
  
  4a2a8507583ce69ab265d7a042dbac62
- SHA1
  
  112148013a7cd0edffc21b0eec3addace9f96988
- SHA256
  
  4b98c2682cf0a97ad67c2c9e57048882b56477ecf966edac26352f2a52d4d7d4
- SHA512
  
  bf55a38e22cf8776e8dedf01047eed56d3d0875687cf71fec610206c4c9e0433468fd4f7532ce1d36a1babad9bd2d1f6a3692a6ad4f3af5dc0cf2e793313d5ec
- SSDEEP
  
  196608:k5DSkcg1MKk+TwUREMVpy9oQl2FsJe9UacZZoKV60T:kUg1MlAvEOyyQlxJtZZ5
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
behavioral4 behavioral5