Overview

overview

10

Static

static

10

dream-league.apk

android-9-x86

8

dream-league.apk

android-13-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    dream-league.apk

  • Size

    8.1MB

  • Sample

    241128-3jzwhszqgp

  • MD5

    f8056c18ff1ccbed6eec670a9bdde19f

  • SHA1

    c578c1a757ea1625a0f7e234c32971eae2c36855

  • SHA256

    b514df612766d2dacbf621597ae9fc60b032bc8c3891ed86abb9af4fba3c3fe6

  • SHA512

    2c806abd2d7bba076091c09499a2aebd58d25f2f3e245534dc2ccd3295fe866fbe122a17ed813df0083ac5f90c8232e414928d8c0c4b8bc26ee887055c986976

  • SSDEEP

    196608:kl/4s/zrrC/TUOzf4IDCWhPlM7DM7Wq80oZdSTp6yv:gAOr+/YiMsW/0o/STp6C

Score
10/10
antidotandroidbankerdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      dream-league.apk

    • Size

      8.1MB

    • MD5

      f8056c18ff1ccbed6eec670a9bdde19f

    • SHA1

      c578c1a757ea1625a0f7e234c32971eae2c36855

    • SHA256

      b514df612766d2dacbf621597ae9fc60b032bc8c3891ed86abb9af4fba3c3fe6

    • SHA512

      2c806abd2d7bba076091c09499a2aebd58d25f2f3e245534dc2ccd3295fe866fbe122a17ed813df0083ac5f90c8232e414928d8c0c4b8bc26ee887055c986976

    • SSDEEP

      196608:kl/4s/zrrC/TUOzf4IDCWhPlM7DM7Wq80oZdSTp6yv:gAOr+/YiMsW/0o/STp6C

    Score
    8/10
    bankerdiscoveryevasionexecutionpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      evasion

    • Queries information about active data network

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks