General
-
Target
NMail2.apk
-
Size
18.7MB
-
Sample
241202-t8talaykck
-
MD5
13e0f639963d3e10913c0180a4362ffd
-
SHA1
560e1a2f49bf7536512e78471540f1fcda0f5886
-
SHA256
63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
-
SHA512
dac76ec3629dd1f01a79d1416defac227bd4a5ca20d87d73026d742e6565ba78a78180234bcbceb092485497fd08df0f29f2e0faf11a2bdea5fd46755935216f
-
SSDEEP
393216:sWrLalIIclUJotDckP4Z4LbSYpJCmp6zJp7SPA9qdsmOn:94pUOBKLc7zX1qCb
Malware Config
Targets
-
-
Target
NMail2.apk
-
Size
18.7MB
-
MD5
13e0f639963d3e10913c0180a4362ffd
-
SHA1
560e1a2f49bf7536512e78471540f1fcda0f5886
-
SHA256
63bad53659039536c1d85f16e0f8ce085416f0dc8d7144ef3114cb9412d63663
-
SHA512
dac76ec3629dd1f01a79d1416defac227bd4a5ca20d87d73026d742e6565ba78a78180234bcbceb092485497fd08df0f29f2e0faf11a2bdea5fd46755935216f
-
SSDEEP
393216:sWrLalIIclUJotDckP4Z4LbSYpJCmp6zJp7SPA9qdsmOn:94pUOBKLc7zX1qCb
Score8/10-
Checks if the Android device is rooted.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1User Evasion
1Input Injection
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
2System Network Connections Discovery
1