Extracted

• • Target

    CNC.apk

  • Size

    6.6MB

  • MD5

    1d3bf0fb430b02719e7dd9d593c7c9fa

  • SHA1

    68e0ea024fafb0c1c08557c7f6cfd84e418c5533

  • SHA256

    c684dd975ab9900f3ac0e7a5f0a0853f28a700513fa96f69d42a3276a47f061b

  • SHA512

    828831d1511204122f4f73545595e5f325c52a94d6dc0d0ca31aa5cd091a3842bfce817a7ae0a2f8a97d376872094a784d5108c35eefa6dbdc835a519a3f7a17

  • SSDEEP

    196608:sOk8v7XjvfAS9XzgHLE10b0mgMkmupz/oSmw:sOjjjvfAqXWLEiIkOgSt

  Score

  1^/10
  behavioral1behavioral2behavioral3

• • Target

    childapp.apk

  • Size

    3.9MB

  • MD5

    4fc7f8f6b649f1aa03655d44f4675d10

  • SHA1

    630689e1599bb4bd2807d35b5a529df96df2e7dc

  • SHA256

    212194705ddd7c56b71d044cd0a3577af87e61c2aaa0421822088583dc949598

  • SHA512

    3d6bfd78bad270a5297c8f4b3dd9120e1b898c7733e0eb998db23cb968d3866314a52fcadb5ae891695fde44574f1c8f14431271517835b94464b007b15e2341

  • SSDEEP

    98304:XxE10b0mg463yklQuumzZzBHTX0tZRSmV00zV:BE10b0mgMkmupz/oSm1

  Score

  7^/10

  bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries information about active data network

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral4behavioral5behavioral6