General

  • Target

    rustore-mobile-1.54.0.0-release.apk

  • Size

    62.4MB

  • Sample

    241109-rc198awbpn

  • MD5

    9bc307838e914c0aba85887071b668ea

  • SHA1

    d174afafa44b2a307c6e94cb68a9fa1de139047b

  • SHA256

    468aebf85c542599bacc7022c6e512179a94aaf7336ebc22e97609a98167d579

  • SHA512

    3a3da0bd72991a10cba2a02a38bdef3eaa92313bcbb1b434df38a3cdee32718a452a612783e98e8adc6ff47e48e264b05258c1182e2a2d9c08a102ad945128b6

  • SSDEEP

    1572864:ogR92eyKpbU+l584ElVGIbnpPVi7ygq0iPsa8cNpZceW:/9sK56YIbnpPo7ygqLEypZ3W

Malware Config

Targets

    • Target

      rustore-mobile-1.54.0.0-release.apk

    • Size

      62.4MB

    • MD5

      9bc307838e914c0aba85887071b668ea

    • SHA1

      d174afafa44b2a307c6e94cb68a9fa1de139047b

    • SHA256

      468aebf85c542599bacc7022c6e512179a94aaf7336ebc22e97609a98167d579

    • SHA512

      3a3da0bd72991a10cba2a02a38bdef3eaa92313bcbb1b434df38a3cdee32718a452a612783e98e8adc6ff47e48e264b05258c1182e2a2d9c08a102ad945128b6

    • SSDEEP

      1572864:ogR92eyKpbU+l584ElVGIbnpPVi7ygq0iPsa8cNpZceW:/9sK56YIbnpPo7ygqLEypZ3W

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks