General

  • Target

    6302ecdac4d5bc87ba4adb70a9b377cc.bin

  • Size

    6.8MB

  • Sample

    241107-bqf87strgr

  • MD5

    e211d9d894049e55705bdab4984c273b

  • SHA1

    9fbee457118aeb6028509a712c8f6a17364e30f5

  • SHA256

    a9d34a2f42e6b4f41de1ae3325c26db557bb2266b1fc205e776d13778ca43943

  • SHA512

    4cd78c2ecfdc0b493f044f5be5d23d42caaacf1204a7d0b721a8761e283cedf5d8dc68cfed1721d89134ad8ff41003496bd080ea5f863ff59e6e08e024d91538

  • SSDEEP

    98304:nUSM5whZwRI6m85Mzg9lE91wvo6xqofMcl9p80fX4vWpr+TSKhE+tU539oz:nc5JRHuo4wvoQhl9p/fI6+TSbt53Y

Malware Config

Targets

    • Target

      33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406.zip

    • Size

      12.9MB

    • MD5

      6302ecdac4d5bc87ba4adb70a9b377cc

    • SHA1

      d1cede3fb707c565b5360da2bfc8ce6d330f96c6

    • SHA256

      33066bfb04c8edd75de98004eba14762823977de63145db399de57c2166d1406

    • SHA512

      12a8a9fd8808022bc3e646412246de19764d79dd282de29fbc54df02ff94d8070ba212f9a92d0cc1f292deba333b51cf31da81b5c69853c47e24723842134883

    • SSDEEP

      196608:0xSLBQc/3zX68vAjC/Pu5z8MBi5nA3wGS+0LPmZ8:0saiD1H2ls5newGwLeZ8

    Score
    1/10
    • Target

      childapp.apk

    • Size

      9.3MB

    • MD5

      b9f9b3f15f1d46b2fcc7603c27fdd162

    • SHA1

      d07bb872d7f523e113986690302cd49577d4ddf8

    • SHA256

      a2c4875714b92fdaca68879b3227c937d57867479d9975465bc3a8413966342c

    • SHA512

      7619ac4ce1e727e56b7abad8663de921fa4ad5145d8100dc3099013f0f89c69d6412db8ecbe4d5a1d9566aecf30e9d2f5b8343ad9d5c9266faae5bcbca4c8583

    • SSDEEP

      98304:0OZqx0VfLBQ/kFx3zX6LInnvAjC/D80uemzvzBaTD0tYaWN:exSLBQc/3zX68vAjC/Pu5z8Mk

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Legitimate hosting services abused for malware hosting/C2

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks