General

  • Target

    8b6d047c9a1985c0c15ef0452828e8a77270fe122f51b953d16f0d81c507cce3.apk

  • Size

    8.2MB

  • Sample

    241124-cxv7dawjck

  • MD5

    6bc387da039c291fb62616d6e8074823

  • SHA1

    83d6bf50024cb4e955a9392bb68311ad05f74290

  • SHA256

    8b6d047c9a1985c0c15ef0452828e8a77270fe122f51b953d16f0d81c507cce3

  • SHA512

    712ebce39bf9cd9eb3506b935e6c7819b845558a495bd6d9de8acf54fcdff3222552666ae83500a90fec2f6aec6942386256993c768deddfb52f578d5221903c

  • SSDEEP

    196608:+aI3W+FAOiCyrWC+DFB7jKIyXfipcLpuLqp8IwcFyWIBcDRDKDrDjDCPDvDADgtJ:y31+Dr8FpR4umqYZIK9ev3O7UkJ

Malware Config

Targets

    • Target

      8b6d047c9a1985c0c15ef0452828e8a77270fe122f51b953d16f0d81c507cce3.apk

    • Size

      8.2MB

    • MD5

      6bc387da039c291fb62616d6e8074823

    • SHA1

      83d6bf50024cb4e955a9392bb68311ad05f74290

    • SHA256

      8b6d047c9a1985c0c15ef0452828e8a77270fe122f51b953d16f0d81c507cce3

    • SHA512

      712ebce39bf9cd9eb3506b935e6c7819b845558a495bd6d9de8acf54fcdff3222552666ae83500a90fec2f6aec6942386256993c768deddfb52f578d5221903c

    • SSDEEP

      196608:+aI3W+FAOiCyrWC+DFB7jKIyXfipcLpuLqp8IwcFyWIBcDRDKDrDjDCPDvDADgtJ:y31+Dr8FpR4umqYZIK9ev3O7UkJ

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Requests accessing notifications (often used to intercept notifications before users become aware).

MITRE ATT&CK Mobile v15

Tasks