General
-
Target
CRM.apk
-
Size
6.8MB
-
Sample
241204-kewdesvmaj
-
MD5
62ea9a0b6bcf8f005748dd71c1af6372
-
SHA1
c136cd43cb634ff692ddc8cc31f906986c83748e
-
SHA256
c98aed544aed512f1f96d7dcb5068473f1a8359e9602b791df64a04edd0efa69
-
SHA512
ffd3ef96f845142f2f54de04b67b2819fa46a75b4481d3dd04af7bd36e63bf35436d6a39babef960068b605f23c7d91bdcad872d9685323291d592a0d53f4709
-
SSDEEP
196608:VfZOFQCEHjiUpwVSnLMtC8iByQKtZdiwCNup4c5:eFQCEufQoSByFraup3
Static task
static1
Behavioral task
behavioral1
Sample
CRM.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
CRM.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
CRM.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
cugocevi.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
cugocevi.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
cugocevi.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
CRM.apk
-
Size
6.8MB
-
MD5
62ea9a0b6bcf8f005748dd71c1af6372
-
SHA1
c136cd43cb634ff692ddc8cc31f906986c83748e
-
SHA256
c98aed544aed512f1f96d7dcb5068473f1a8359e9602b791df64a04edd0efa69
-
SHA512
ffd3ef96f845142f2f54de04b67b2819fa46a75b4481d3dd04af7bd36e63bf35436d6a39babef960068b605f23c7d91bdcad872d9685323291d592a0d53f4709
-
SSDEEP
196608:VfZOFQCEHjiUpwVSnLMtC8iByQKtZdiwCNup4c5:eFQCEufQoSByFraup3
-
Antidot family
-
Antidot payload
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries the mobile country code (MCC)
-
-
-
Target
cugocevi
-
Size
6.1MB
-
MD5
84185dac99c265e47be6ba6a8ab6d22b
-
SHA1
5afcac432c684d8e2ed916fb6b194e58ffbc393c
-
SHA256
27288c9e94cb2ce71b3807beddca4258e1a13bcfba63d422eaad49af434bf5c7
-
SHA512
f237c0f00dcd0f19d18e7e6274f7da276defba7a8bc5397b4d851f1eca3795930a5c206731200e0753b9ea5002024f9d1f14624ee9e64a5881ef779b8e1b9875
-
SSDEEP
98304:Eo/KrsCeL8RCvKPP4mgsvWc8v2ieSyeTgnrSsdbK2krznVOBU4ucy91/Px:2eL8ReKomgsvW4YErSsElzVQU4S
-
Antidot family
-
Antidot payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests modifying system settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Subvert Trust Controls
1Code Signing Policy Modification
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1