copybara | e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1

General

Target

e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1.bin
Size

3.9MB
Sample

241202-1hesvazmhk
MD5

ba1c2891d626401c5e1eb5b677ef2804
SHA1

4a541fdc55f63fbd24474587920d161af0adcf8f
SHA256

e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1
SHA512

1cd3b9e99d6008e3a88da594cb1899ad0462b8fb77c490fbdd26cd96f5abe43365c0b841e4aa9b3057f91378595e82d5402ffd8446e3e89ec8aaf4419899063c
SSDEEP

98304:Ehindhin69hinmhinyhin0hin1Ob4JiQZUR0szTZBUUk2ai52SzZzE5:aC7C6bCICECqC1Oaviq+TZBUUk5i52aW

Score

10^/10

Malware Config

Extracted

Family

copybara

C2

176.126.113.210

Targets

- Target
  
  e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1.bin
- Size
  
  3.9MB
- MD5
  
  ba1c2891d626401c5e1eb5b677ef2804
- SHA1
  
  4a541fdc55f63fbd24474587920d161af0adcf8f
- SHA256
  
  e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1
- SHA512
  
  1cd3b9e99d6008e3a88da594cb1899ad0462b8fb77c490fbdd26cd96f5abe43365c0b841e4aa9b3057f91378595e82d5402ffd8446e3e89ec8aaf4419899063c
- SSDEEP
  
  98304:Ehindhin69hinmhinyhin0hin1Ob4JiQZUR0szTZBUUk2ai52SzZzE5:aC7C6bCICECqC1Oaviq+TZBUUk5i52aW
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Checks the application is allowed to request package installs through the package installer
  Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests accessing notifications (often used to intercept notifications before users become aware).
  collection credential_access
- Requests allowing to install additional applications from unknown sources.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Requests modifying system settings.
  evasion
behavioral1 behavioral2 behavioral3