General
-
Target
LATAM Airlines.apk
-
Size
13.8MB
-
Sample
241113-d6mf9svlhw
-
MD5
8ada57d186ea5d659ad9af00db631b59
-
SHA1
62e9b66f1b8846f4587e8e75f0e05f5abb63d5f9
-
SHA256
0e0ce73acfe2c4fdead8fa8f25aa665fcd989884be0bb480cce24aca2a53dc0d
-
SHA512
371228b0069dcc627c163b62b4a1e22414d3effce934aece9d92986601ec71c808cb02b34c98937552fa4ccafc06909b3059ea9f3183042325b9bafad53635cb
-
SSDEEP
196608:E2yGZ4Fh2ZSBbCj7Retx+ZMgSuU7zxXsuyRwAAjd3aRhV8DBMeUsGJDURjNY2yYp:9yh70xMggzxX59aGlM7MRyR+y6
Malware Config
Targets
-
-
Target
LATAM Airlines.apk
-
Size
13.8MB
-
MD5
8ada57d186ea5d659ad9af00db631b59
-
SHA1
62e9b66f1b8846f4587e8e75f0e05f5abb63d5f9
-
SHA256
0e0ce73acfe2c4fdead8fa8f25aa665fcd989884be0bb480cce24aca2a53dc0d
-
SHA512
371228b0069dcc627c163b62b4a1e22414d3effce934aece9d92986601ec71c808cb02b34c98937552fa4ccafc06909b3059ea9f3183042325b9bafad53635cb
-
SSDEEP
196608:E2yGZ4Fh2ZSBbCj7Retx+ZMgSuU7zxXsuyRwAAjd3aRhV8DBMeUsGJDURjNY2yYp:9yh70xMggzxX59aGlM7MRyR+y6
Score7/10-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Reads the content of the SMS messages.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
MITRE ATT&CK Mobile v15
Discovery
Process Discovery
1Software Discovery
1Security Software Discovery
1System Network Connections Discovery
1