General
-
Target
6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627.apk
-
Size
21.8MB
-
Sample
241104-cv9xra1dme
-
MD5
c7deaaa7fece968cc24461261302cf15
-
SHA1
4e6fb0d472c206304f534cea438a57970b050908
-
SHA256
6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627
-
SHA512
d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7
-
SSDEEP
196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx
Behavioral task
behavioral1
Sample
6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627.apk
Resource
android-x86-arm-20240624-en
Malware Config
Targets
-
-
Target
6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627.apk
-
Size
21.8MB
-
MD5
c7deaaa7fece968cc24461261302cf15
-
SHA1
4e6fb0d472c206304f534cea438a57970b050908
-
SHA256
6499730a01703cad20711803829862f3d19ee7a3fedbe72fea2f319394b29627
-
SHA512
d988f0fc9fa905c6c38c2248445190bdab31a48d074fb9ef3cf4efc4a26879e1a6ce6b1d7906f660d49884a20218569d9e26f9af1a49b04ad91628726de2ece7
-
SSDEEP
196608:UH9Tk1h3dBQlogWNJs1sgAXFNgI7a7YSu33Zu9yzhLrZOOZ3mJB4iyyVbUr8hCLV:qkFTss3FNgIuc9zhL9XZ30Fknx
-
Checks if the Android device is rooted.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Reads the contacts stored on the device.
-
Reads the content of the SMS messages.
-
Legitimate hosting services abused for malware hosting/C2
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
3System Network Configuration Discovery
3System Network Connections Discovery
1