General

  • Target

    99a74459be10ba8604298bf34ebb8c498b671db711a980b6e6cf5e22642b4bdc.bin

  • Size

    4.5MB

  • Sample

    241110-gp6elazrat

  • MD5

    e1ffc2a7e54d7dd2d66b2d32d633b22f

  • SHA1

    bb8e9c08fb918e8e32fd8ad909362d72f074b6eb

  • SHA256

    99a74459be10ba8604298bf34ebb8c498b671db711a980b6e6cf5e22642b4bdc

  • SHA512

    886cd10e3e4b08193323e890c921e1acd2036f6670fd6501a5dacbd44d574c711cc5c6f0d54d5218c5a8cfbde73cb181df8e67d3c44f9e6529559f16b2b15985

  • SSDEEP

    98304:m/gIrrMdS6XqjN9uUZ2QUR0bpw1h2FxL+vY/diE2Kp/g/NjtW1hu6cTLcL:PqrMdSMw9bZjrNwXcN+vYIBthKCHcL

Malware Config

Targets

    • Target

      99a74459be10ba8604298bf34ebb8c498b671db711a980b6e6cf5e22642b4bdc.bin

    • Size

      4.5MB

    • MD5

      e1ffc2a7e54d7dd2d66b2d32d633b22f

    • SHA1

      bb8e9c08fb918e8e32fd8ad909362d72f074b6eb

    • SHA256

      99a74459be10ba8604298bf34ebb8c498b671db711a980b6e6cf5e22642b4bdc

    • SHA512

      886cd10e3e4b08193323e890c921e1acd2036f6670fd6501a5dacbd44d574c711cc5c6f0d54d5218c5a8cfbde73cb181df8e67d3c44f9e6529559f16b2b15985

    • SSDEEP

      98304:m/gIrrMdS6XqjN9uUZ2QUR0bpw1h2FxL+vY/diE2Kp/g/NjtW1hu6cTLcL:PqrMdSMw9bZjrNwXcN+vYIBthKCHcL

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks