Overview

overview

10

Static

static

10

Telegram.apk

android-9-x86

7

Telegram.apk

android-10-x64

7

Telegram.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Telegram.apk

  • Size

    4.5MB

  • Sample

    241203-qqccksxlgy

  • MD5

    d2c4b5bd6eaeaf44b1350aa20c0afc11

  • SHA1

    f972e78c7e75f2724fa75229ad2f6236b49e3b2c

  • SHA256

    068a087668566e778db6912e213cdabc5ad68c683ad13bccd7c242cb48fc75e2

  • SHA512

    01c481cabbc029aa83f6aa49e2cb0bd926084c3268ea145290d90eca126cb3269fe7652fe8f0f749aab1671e4fc5a64f5debdd5fbda07f7c6d2947c5f53468b5

  • SSDEEP

    98304:fBjJvWu/OPXrWzR0Gnq1tamzFzBmTd0tg0ciEb:fX+wOvrugzOS29

Score
10/10
spynoteandroidcollectioncredential_accessevasionexecutionpersistence

Malware Config

Targets

    • Target

      Telegram.apk

    • Size

      4.5MB

    • MD5

      d2c4b5bd6eaeaf44b1350aa20c0afc11

    • SHA1

      f972e78c7e75f2724fa75229ad2f6236b49e3b2c

    • SHA256

      068a087668566e778db6912e213cdabc5ad68c683ad13bccd7c242cb48fc75e2

    • SHA512

      01c481cabbc029aa83f6aa49e2cb0bd926084c3268ea145290d90eca126cb3269fe7652fe8f0f749aab1671e4fc5a64f5debdd5fbda07f7c6d2947c5f53468b5

    • SSDEEP

      98304:fBjJvWu/OPXrWzR0Gnq1tamzFzBmTd0tg0ciEb:fX+wOvrugzOS29

    Score
    7/10
    collectioncredential_accessevasionexecutionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks