General

  • Target

    Mi GetApps_34.8.1.0_APKPure.apk

  • Size

    33.4MB

  • Sample

    241113-p7lf5svrfk

  • MD5

    8d3587ce38e51850be4dc3fde2f146e9

  • SHA1

    3bd248323f238aea696bed47bddcef82efcd1dc6

  • SHA256

    ea6afc83aebe255bb476fe32ae0b0256a65877f14d8483642912ecf02c8ed896

  • SHA512

    d3a1d609fba1218b7aedb35bbefc6068e738a01c06187c58adae2fa650cb788ca98b231f51a803ab5f2d85cb1e971a53d3f9058bccee59bd77d2d0180cffecbb

  • SSDEEP

    786432:Qklp6XWZ7uISNrMB2aQWcIPu9HKl5nZkYmKdiVLud:dlyquTM4aQtIGuMK+Ls

Malware Config

Targets

    • Target

      Mi GetApps_34.8.1.0_APKPure.apk

    • Size

      33.4MB

    • MD5

      8d3587ce38e51850be4dc3fde2f146e9

    • SHA1

      3bd248323f238aea696bed47bddcef82efcd1dc6

    • SHA256

      ea6afc83aebe255bb476fe32ae0b0256a65877f14d8483642912ecf02c8ed896

    • SHA512

      d3a1d609fba1218b7aedb35bbefc6068e738a01c06187c58adae2fa650cb788ca98b231f51a803ab5f2d85cb1e971a53d3f9058bccee59bd77d2d0180cffecbb

    • SSDEEP

      786432:Qklp6XWZ7uISNrMB2aQWcIPu9HKl5nZkYmKdiVLud:dlyquTM4aQtIGuMK+Ls

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks