General
-
Target
99095cea6afd91e0b5ad5ac0ea1cd2053f46c3a513b90caf337d91a4b0a35d09.zip
-
Size
9.3MB
-
Sample
241106-dqwd8stdqh
-
MD5
524488067ba84450bceb38aee1dba1c5
-
SHA1
22f4ffc5c3e57caf845ae2711cbe35894e4b85a1
-
SHA256
99095cea6afd91e0b5ad5ac0ea1cd2053f46c3a513b90caf337d91a4b0a35d09
-
SHA512
180cd272ed3ac19617b41f2c9c16b10f953df328b460d2893835b52b07b4ff8d2ab83fbda353b14e448708e2f693d66fee4e019d96772c9501e2f60cc68a02e1
-
SSDEEP
98304:8ut0PvDF5QkZw/3CLgwaaZxKbmWX+mzvzBbTo0tQJdi:CPrFQ/eH8JZzhTl
Malware Config
Targets
-
-
Target
99095cea6afd91e0b5ad5ac0ea1cd2053f46c3a513b90caf337d91a4b0a35d09.zip
-
Size
9.3MB
-
MD5
524488067ba84450bceb38aee1dba1c5
-
SHA1
22f4ffc5c3e57caf845ae2711cbe35894e4b85a1
-
SHA256
99095cea6afd91e0b5ad5ac0ea1cd2053f46c3a513b90caf337d91a4b0a35d09
-
SHA512
180cd272ed3ac19617b41f2c9c16b10f953df328b460d2893835b52b07b4ff8d2ab83fbda353b14e448708e2f693d66fee4e019d96772c9501e2f60cc68a02e1
-
SSDEEP
98304:8ut0PvDF5QkZw/3CLgwaaZxKbmWX+mzvzBbTo0tQJdi:CPrFQ/eH8JZzhTl
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1