General

  • Target

    Floating+Apps+v4.22+(142201012).apk

  • Size

    48.3MB

  • Sample

    241114-z29xnatcqb

  • MD5

    816a94cf288828a9ddb43a0598570eb1

  • SHA1

    d93b07dbc22b71264859037372b50ebd8a565927

  • SHA256

    5dc7e0b37a243b8b3f29ca6d7a0a1207115c52819ab4639e449cce51ed66f1c6

  • SHA512

    bd20a809319e76e332f20985203583e6b4d80083bb31ddff1acf04c2d97e5c5f0014f4284783888b9c41e93b5675d69732c0a32c05d7acc4a9fec6b16eb521aa

  • SSDEEP

    786432:7A6Zhq4aiWovCZhMbVTXMyvQ8hEmK5e3Z0p9pQryexm6rVt:pW4avovahgh8yIOEmUZpor9

Malware Config

Targets

    • Target

      Floating+Apps+v4.22+(142201012).apk

    • Size

      48.3MB

    • MD5

      816a94cf288828a9ddb43a0598570eb1

    • SHA1

      d93b07dbc22b71264859037372b50ebd8a565927

    • SHA256

      5dc7e0b37a243b8b3f29ca6d7a0a1207115c52819ab4639e449cce51ed66f1c6

    • SHA512

      bd20a809319e76e332f20985203583e6b4d80083bb31ddff1acf04c2d97e5c5f0014f4284783888b9c41e93b5675d69732c0a32c05d7acc4a9fec6b16eb521aa

    • SSDEEP

      786432:7A6Zhq4aiWovCZhMbVTXMyvQ8hEmK5e3Z0p9pQryexm6rVt:pW4avovahgh8yIOEmUZpor9

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks