General
-
Target
DBtMXcRf.apk
-
Size
8.2MB
-
Sample
241112-lkllvaymdw
-
MD5
2a196f72ec81faa752957f81222dbe3d
-
SHA1
ca3c451c697be9b31b0301632a4c61279a16473e
-
SHA256
d9e7c484d439cfa181ff9a14aabcc4117b48bb0232e39d5abf93d114210d0130
-
SHA512
c9aa805f1be1004b414d8cbcb7791501c1b716c0146c08d2323f1321570986ec1f28c33fe66c48a5aec3d3ade5d11ba152d9f7f45fd4f480a7787e1035e63d1e
-
SSDEEP
196608:hBnYX7Z7sBnTeuAESz8MPaDj4PBMWlcFzg:hBE7+xTeuA18MPCjiBM9g
Malware Config
Targets
-
-
Target
DBtMXcRf.apk
-
Size
8.2MB
-
MD5
2a196f72ec81faa752957f81222dbe3d
-
SHA1
ca3c451c697be9b31b0301632a4c61279a16473e
-
SHA256
d9e7c484d439cfa181ff9a14aabcc4117b48bb0232e39d5abf93d114210d0130
-
SHA512
c9aa805f1be1004b414d8cbcb7791501c1b716c0146c08d2323f1321570986ec1f28c33fe66c48a5aec3d3ade5d11ba152d9f7f45fd4f480a7787e1035e63d1e
-
SSDEEP
196608:hBnYX7Z7sBnTeuAESz8MPaDj4PBMWlcFzg:hBE7+xTeuA18MPCjiBM9g
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-