antidot | 6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627 | Triage

Sharing

General

Target

Identitas Kependudukan Digital.apk
Size

21.8MB
Sample

241103-14jc6avmg1
MD5

c7deaaa7fece968cc24461261302cf15
SHA1

4e6fb0d472c206304f534cea438a57970b050908
SHA256

6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627
SHA512

d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7
SSDEEP

196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx

Score

10^/10

antidot android banker collection discovery evasion persistence

Malware Config

Targets

- Target
  
  Identitas Kependudukan Digital.apk
- Size
  
  21.8MB
- MD5
  
  c7deaaa7fece968cc24461261302cf15
- SHA1
  
  4e6fb0d472c206304f534cea438a57970b050908
- SHA256
  
  6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627
- SHA512
  
  d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7
- SSDEEP
  
  196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx
Score

8^/10

banker collection discovery evasion persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the SMS messages.
  collection
- Enumerates running processes
  Discovers information about currently running processes on the system
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondiscoveryevasionpersistence