General

  • Target

    Imagine_AI_Art_Generator_v2.9.3_MOD.apk

  • Size

    91.1MB

  • Sample

    241111-l1vvfs1mcl

  • MD5

    939c6b9e68654e2374b7e88a668eb194

  • SHA1

    214952e728cee6cafe4b37d889d29d8a1444f14e

  • SHA256

    2e187df5bcdb87e9c797212823d47489c63beb4f6cf5a6dfd8f07c6a1b7a897f

  • SHA512

    2e654bb3da217e4e8551e50a9f0cdda923f2e1bbef74b2b2c010fbe3cb08d3c57b55b35755f6298a9d5ad0d4d919e321e5f7a18ef324232372c25a03d985b27b

  • SSDEEP

    1572864:5G0ldQyvK72he6BeN2aNV/J+ndtvBoKFvB+g9dYjuPANGn95y3YwY3fqRs4bKIIy:5DlE2e6IslndZG6vB+Kd9RweOuK

Malware Config

Targets

    • Target

      Imagine_AI_Art_Generator_v2.9.3_MOD.apk

    • Size

      91.1MB

    • MD5

      939c6b9e68654e2374b7e88a668eb194

    • SHA1

      214952e728cee6cafe4b37d889d29d8a1444f14e

    • SHA256

      2e187df5bcdb87e9c797212823d47489c63beb4f6cf5a6dfd8f07c6a1b7a897f

    • SHA512

      2e654bb3da217e4e8551e50a9f0cdda923f2e1bbef74b2b2c010fbe3cb08d3c57b55b35755f6298a9d5ad0d4d919e321e5f7a18ef324232372c25a03d985b27b

    • SSDEEP

      1572864:5G0ldQyvK72he6BeN2aNV/J+ndtvBoKFvB+g9dYjuPANGn95y3YwY3fqRs4bKIIy:5DlE2e6IslndZG6vB+Kd9RweOuK

    Score
    1/10
    • Target

      Imagine_.apk

    • Size

      62.4MB

    • MD5

      23b53f3e53a2be3d6dfc18e42657a7ef

    • SHA1

      cc58fec718fbf34a8d5be5ff429939f088aaed61

    • SHA256

      11e4b80a33e2080b81fdb42adf4491cb8d1582443ff7c1f09d7281b012d37112

    • SHA512

      a0a890186c444f7bf1de9e47a7ca5bfdffee3c5a50a1c1defdd54674741deb7d820049ff8e8139a81c6466506adb5cee6db70445e336db7cdbccc24bcd373572

    • SSDEEP

      786432:KgAhwOccu7fxGXdgbrBjxwAc5fWnmnriEhUNPuNWlj5Ss6Liz6f+vIzfN:5AhwAEfxGXdgBjxwP6luW5SwIh

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Checks the presence of a debugger

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks