Overview

overview

10

Static

static

10

ChatGPT paid.apk

android-11-x64

1

ChatGPT paid.apk

android-13-x64

1

childapp.apk

android-11-x64

7

childapp.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ChatGPT paid.apk

  • Size

    8.8MB

  • Sample

    241110-a9ghmswbrm

  • MD5

    a6bed9fded4d95140311bfa917a61e36

  • SHA1

    03bbec61ed93bfcd602a9a15b5cc7f1bff690b14

  • SHA256

    e0fb4911989ab2f83bf5d61335ab22c89bd3777e05b0e28c734ae65ef65f4105

  • SHA512

    5ff2baff9961e33404e795756fe25203db99045e512d4fc2869163f8cc1184fe2b43a58754ee1b33f8fb892b60abc29db9d07917fbdff73740129a8c85016502

  • SSDEEP

    196608:HHwUBwQUXiWdTiM0LhlHUuwiw/VzSt2mIC0E+HqzJ7GMeVyU2id:ttUSWdTiM0LTQ5/da0EeU7GZVyhid

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      ChatGPT paid.apk

    • Size

      8.8MB

    • MD5

      a6bed9fded4d95140311bfa917a61e36

    • SHA1

      03bbec61ed93bfcd602a9a15b5cc7f1bff690b14

    • SHA256

      e0fb4911989ab2f83bf5d61335ab22c89bd3777e05b0e28c734ae65ef65f4105

    • SHA512

      5ff2baff9961e33404e795756fe25203db99045e512d4fc2869163f8cc1184fe2b43a58754ee1b33f8fb892b60abc29db9d07917fbdff73740129a8c85016502

    • SSDEEP

      196608:HHwUBwQUXiWdTiM0LhlHUuwiw/VzSt2mIC0E+HqzJ7GMeVyU2id:ttUSWdTiM0LTQ5/da0EeU7GZVyhid

    Score
    1/10
    behavioral1behavioral2

    • Target

      childapp.apk

    • Size

      6.1MB

    • MD5

      e9e01401adbf727736e0be21b8956cf5

    • SHA1

      3340db486e589bc26e26962848ff24ade6b371c6

    • SHA256

      9f72d50a94b8d41406e5ffa13d3a3a4a62249e254ba30d3a0ca56a75da1678b4

    • SHA512

      4e00c03b311ef522d5be19b92e217fc78f9c1c70cae391943c8deb32dc6a5ab8ed34fd7b09a67e7b58c90eb7d680d17dc6bb6fe2762eaa7dde906a8b3ccd7822

    • SSDEEP

      196608:ZzuyaLE6Wkg873iiaWcUApNS3TGf8AMlVO:duf+kg8DicbA3nDMlY

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks