General
-
Target
ayugram.apk
-
Size
9.3MB
-
Sample
241206-zjxvdawqe1
-
MD5
e2c55b1fcfe8962547e351495e940a9d
-
SHA1
6b65d71cb8bb9918d6dc05fb27be5926f9148772
-
SHA256
a7cb84213db69ffe2dac5b1fac7ebb0b8ad5f671f1b8f881455f8abde0d9da58
-
SHA512
83ec839ecf71faea4529a987cd36f8d24e4144344ffc60e858c9f81fe67e63e48ac948f7aea5cc72e0460850904d749ab3fd6e43497f7de761f2b7b588965deb
-
SSDEEP
98304:XU3SCdlESFAioeEHYPL4MAShx6kVYBGfSmzTzBfTm0tselFD:EldTaioH9kMudzVtJ
Malware Config
Targets
-
-
Target
ayugram.apk
-
Size
9.3MB
-
MD5
e2c55b1fcfe8962547e351495e940a9d
-
SHA1
6b65d71cb8bb9918d6dc05fb27be5926f9148772
-
SHA256
a7cb84213db69ffe2dac5b1fac7ebb0b8ad5f671f1b8f881455f8abde0d9da58
-
SHA512
83ec839ecf71faea4529a987cd36f8d24e4144344ffc60e858c9f81fe67e63e48ac948f7aea5cc72e0460850904d749ab3fd6e43497f7de761f2b7b588965deb
-
SSDEEP
98304:XU3SCdlESFAioeEHYPL4MAShx6kVYBGfSmzTzBfTm0tselFD:EldTaioH9kMudzVtJ
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1