Overview

overview

10

Static

static

10

pewpew.apk

android-10-x64

8

pewpew.apk

android-11-x64

8

pewpew.apk

android-13-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    pewpew.apk

  • Size

    8.0MB

  • Sample

    241122-dksq6ayrdm

  • MD5

    6978bad509a19b59d3c48a223372186e

  • SHA1

    526364c3e659327f3eae799401060051c8f81807

  • SHA256

    7fc57befc6398456d08171e9e213ee3f60bf60ce9479472c66938d695c01aaee

  • SHA512

    ae0ebd0984fb7af4143ab55b420865b2c7cc8e97d4926bc523c2587f2fc06cb05bf560f17fed93f500176a6a6bfa4a63d08da505c96ecd0be65ccdc18e690db8

  • SSDEEP

    196608:PHJEDIYkIjh5TfE/Ujki/5ZEZ478q8DoZpaTp6v6:PS95LkUdee8/DoPaTp6i

Score
10/10
antidotandroidbankerdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      pewpew.apk

    • Size

      8.0MB

    • MD5

      6978bad509a19b59d3c48a223372186e

    • SHA1

      526364c3e659327f3eae799401060051c8f81807

    • SHA256

      7fc57befc6398456d08171e9e213ee3f60bf60ce9479472c66938d695c01aaee

    • SHA512

      ae0ebd0984fb7af4143ab55b420865b2c7cc8e97d4926bc523c2587f2fc06cb05bf560f17fed93f500176a6a6bfa4a63d08da505c96ecd0be65ccdc18e690db8

    • SSDEEP

      196608:PHJEDIYkIjh5TfE/Ujki/5ZEZ478q8DoZpaTp6v6:PS95LkUdee8/DoPaTp6i

    Score
    8/10
    bankerdiscoveryevasionexecutionpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      evasion

    • Queries information about active data network

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests allowing to install additional applications from unknown sources.

      evasion

    • Checks the presence of a debugger

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks