General
-
Target
7a509ad6d59484eb22f9f85e69c6f80a.bin
-
Size
4.2MB
-
Sample
241107-bykatssela
-
MD5
f5869b86e9aaa08dc434b11386a9333d
-
SHA1
c59d28ff1cc6540709f0574b27300d55788f7b28
-
SHA256
2f32023d0b6a7b84dcc9740353f4a79974fcd946a63391318021649e4587d9c7
-
SHA512
41ef01bcbc495c02495448e6c718f72edd1c5ebfa05574aef2c23a506e3ae1be75c740b2f54095c7bc5e9124a34d240d3f3ed4d99e7c401f9105d73e9bc3317f
-
SSDEEP
98304:JBvGeLHGJG0CPwVqwIlyLqpxZBfoEw3So7Aekbh42:JsezGJGH6GGqpxk94bhn
Malware Config
Targets
-
-
Target
39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd.zip
-
Size
8.3MB
-
MD5
7a509ad6d59484eb22f9f85e69c6f80a
-
SHA1
c3f939980bac1c6a18fbf0865487c84cc1355243
-
SHA256
39b2ae5434f9bf512812c6edd72da519bab87df26c1d362a9ae43f0dc03f8acd
-
SHA512
5006de6ae510937a6aa9fa21b521a22b321650e62fd52be3a0d06d8999d1988537267ef5d2d3a541fd59da2177dad601f1f2bdcb41adafa251c9109eda848a30
-
SSDEEP
98304:qSm06K62EwWs85P9iSh3QA+2RB5jK4zBumz+Td0tYy:o0dTp9gtzeSYy
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1