General

  • Target

    e4db0cd38c631dd5da8eef40244f1880cb20a3f7edbec615cbc49d460b360ddb.bin

  • Size

    848KB

  • Sample

    241103-12dpwsylam

  • MD5

    44103241fd2f00f0442888d9077d6181

  • SHA1

    dee3c4b7bbcf5cce86086f88fa14e514f3799199

  • SHA256

    e4db0cd38c631dd5da8eef40244f1880cb20a3f7edbec615cbc49d460b360ddb

  • SHA512

    4df23226f09513eb019ba3f2fa540224bf2ccd7bd84982541298b8219304d1c971bb5365770baa3e3479991073d8ad61f39defdf37bbf3b04ea585f5b0a787c2

  • SSDEEP

    12288:aLgCXtC2YampHHmTpHkNSIwF6qoXAVFMiO119//Knsmlvdnvql+shEeSU:Ig2M2/SngpHkIIC2xrl8u+Ob

Malware Config

Targets

    • Target

      e4db0cd38c631dd5da8eef40244f1880cb20a3f7edbec615cbc49d460b360ddb.bin

    • Size

      848KB

    • MD5

      44103241fd2f00f0442888d9077d6181

    • SHA1

      dee3c4b7bbcf5cce86086f88fa14e514f3799199

    • SHA256

      e4db0cd38c631dd5da8eef40244f1880cb20a3f7edbec615cbc49d460b360ddb

    • SHA512

      4df23226f09513eb019ba3f2fa540224bf2ccd7bd84982541298b8219304d1c971bb5365770baa3e3479991073d8ad61f39defdf37bbf3b04ea585f5b0a787c2

    • SSDEEP

      12288:aLgCXtC2YampHHmTpHkNSIwF6qoXAVFMiO119//Knsmlvdnvql+shEeSU:Ig2M2/SngpHkIIC2xrl8u+Ob

    Score
    6/10
    • Attempts to obfuscate APK file format

      Applies obfuscation techniques to the APK format in order to hinder analysis

    • Declares broadcast receivers with permission to handle system events

    • Declares services with permission to bind to the system

    • Requests dangerous framework permissions

    • Target

      final-signed.apk

    • Size

      188KB

    • MD5

      26269d3600ba7d3fa2c46fb50f7d2415

    • SHA1

      8fd322ff48087e167c133cbe4747ca4df7d5993a

    • SHA256

      025b3d0e8c25de1689ca434d473af2b4a387868d824245123152673873843ba5

    • SHA512

      8f0a5b5605bcbcd26fc88988260f4250af25b83939c5875cc34f1aaa5062b5048e8115d3d1c938efe6a6ac6139e7e921da400cc277b648a6bd7b67e6e8d39c72

    • SSDEEP

      3072:FnbTwxUr+Mgw/eEAQo5Etvby7+GVfR/IOVFIh7/OuwgcHEXd6nUN:FXMw2EPo5oXiLVFI9muWGdfN

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks