Overview

overview

10

Static

static

10

dropper.apk

android-11-x64

1

dropper.apk

android-13-x64

1

base.apk

android-11-x64

7

base.apk

android-13-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dropper.apk

  • Size

    5.4MB

  • Sample

    241116-2bsa2ayqhm

  • MD5

    9e7d671e6d45dc805d846c1bf3ab60aa

  • SHA1

    a2aa5f3258b4ed4c0e9189dca411bf2ded23e426

  • SHA256

    e2840f0ccb7f2d1f719eb2bef275efe19b1b76af86f8f504804c6b42aa1b678d

  • SHA512

    d679eb8711ceb69615f277b30e8d85766a0840746fe4b9b42dc587686f367de54cd4ab3257df0309807531b5b5721b8108dd7da7918274f7b97f2d1dadd87dda

  • SSDEEP

    98304:EXVSsuxGCamIBlOMdY23SHQtuXKUIIa9OiEbBrb1zyVZPlOxS:EXKlamcHkQA6N9EbRqn

Score
10/10
tgtoxicandroidcollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      dropper.apk

    • Size

      5.4MB

    • MD5

      9e7d671e6d45dc805d846c1bf3ab60aa

    • SHA1

      a2aa5f3258b4ed4c0e9189dca411bf2ded23e426

    • SHA256

      e2840f0ccb7f2d1f719eb2bef275efe19b1b76af86f8f504804c6b42aa1b678d

    • SHA512

      d679eb8711ceb69615f277b30e8d85766a0840746fe4b9b42dc587686f367de54cd4ab3257df0309807531b5b5721b8108dd7da7918274f7b97f2d1dadd87dda

    • SSDEEP

      98304:EXVSsuxGCamIBlOMdY23SHQtuXKUIIa9OiEbBrb1zyVZPlOxS:EXKlamcHkQA6N9EbRqn

    Score
    1/10
    behavioral1behavioral2

    • Target

      base.apk

    • Size

      3.5MB

    • MD5

      20cec677a95b399dcf803a27ef676665

    • SHA1

      581dd0f7826caddd2da2fb60d5a0016735a6c254

    • SHA256

      6dd3b5e01f18ef927d2a15dd0adef150be7eca8860f727e63faf7a292418a760

    • SHA512

      706f7f8a92591b31b9f1273e784a1609bc8e38fb1da503d17757eafc7df9df3e63585c687d7960d9c9acc7b8b0ee9fbbc1eec6b354059d8273fa058e164e0b48

    • SSDEEP

      49152:+gW6Vs7LxUOmZtTsvb3Y5tWWqbFg+BgKDhEVe14mMcCnJMzvvD9jz0o/Gn:n67Lxmub38tWtbF9pBaPcrLxjQz

    Score
    7/10
    collectioncredential_accessdiscoveryevasionexecutionpersistence

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral3behavioral4

MITRE ATT&CK Mobile v15

Tasks