General

  • Target

    base.apk

  • Size

    15.8MB

  • Sample

    241110-m661caymbq

  • MD5

    dba2bc72834a337e57738b562b6f9cd7

  • SHA1

    20cc7d5c187df865807f2e376fb87c5f54206857

  • SHA256

    5aa96deb6e2f286c99f5cadd6fecdd319ccf97dc5041e2e262f884ffa7cd6c1a

  • SHA512

    85655226a746735adfee314dfd455cb63ac2135d4e17f3bf16f323e8b2fecb587fd5db02d549d1e267a2bd402f0a19a400812998f072539c61fe6b7b9436519e

  • SSDEEP

    393216:3yBqWNxOeHVT/2CAHobSmo8XXquvdiNNUpISKP32Nobw:CBPGeHECAI3Zi7q/KPMsw

Malware Config

Targets

    • Target

      base.apk

    • Size

      15.8MB

    • MD5

      dba2bc72834a337e57738b562b6f9cd7

    • SHA1

      20cc7d5c187df865807f2e376fb87c5f54206857

    • SHA256

      5aa96deb6e2f286c99f5cadd6fecdd319ccf97dc5041e2e262f884ffa7cd6c1a

    • SHA512

      85655226a746735adfee314dfd455cb63ac2135d4e17f3bf16f323e8b2fecb587fd5db02d549d1e267a2bd402f0a19a400812998f072539c61fe6b7b9436519e

    • SSDEEP

      393216:3yBqWNxOeHVT/2CAHobSmo8XXquvdiNNUpISKP32Nobw:CBPGeHECAI3Zi7q/KPMsw

    • Checks if the Android device is rooted.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries the mobile country code (MCC)

MITRE ATT&CK Mobile v15

Tasks