Overview

overview

10

Static

static

10

Wizard.apk

android-9-x86

7

Wizard.apk

android-10-x64

7

Wizard.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wizard.apk

  • Size

    4.4MB

  • Sample

    241206-tklwlsvrhv

  • MD5

    8450f808254563144180446c5b78b1de

  • SHA1

    280e181461f3ed06041b481f79cb4a90aa805722

  • SHA256

    7105576408376a602b5478eb0be822e956674bcbdc5ab31e620016cb6b350980

  • SHA512

    1fcc4db7d9970786d341205f3ad6373689b77c714ebff6dbc8a70209d977ad534789e076a2c1ff6d5648629d5a3a2c1e2531df37dd01f4569bec4815365bfafc

  • SSDEEP

    98304:pc+5zBrTQmze+0t+SPst3P/zS+m4IC7dcY2ecv1Fw7arkN:Nvzg+SPKPbF7dHXG1F8SA

Score
10/10
spynoteandroidcollectioncredential_accessevasionexecutionpersistence

Malware Config

Targets

    • Target

      Wizard.apk

    • Size

      4.4MB

    • MD5

      8450f808254563144180446c5b78b1de

    • SHA1

      280e181461f3ed06041b481f79cb4a90aa805722

    • SHA256

      7105576408376a602b5478eb0be822e956674bcbdc5ab31e620016cb6b350980

    • SHA512

      1fcc4db7d9970786d341205f3ad6373689b77c714ebff6dbc8a70209d977ad534789e076a2c1ff6d5648629d5a3a2c1e2531df37dd01f4569bec4815365bfafc

    • SSDEEP

      98304:pc+5zBrTQmze+0t+SPst3P/zS+m4IC7dcY2ecv1Fw7arkN:Nvzg+SPKPbF7dHXG1F8SA

    Score
    7/10
    collectioncredential_accessevasionexecutionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks