Overview

overview

10

Static

static

10

RetiredTraveller.apk

android-9-x86

RetiredTraveller.apk

android-10-x64

7

RetiredTraveller.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RetiredTraveller.apk

  • Size

    4.4MB

  • Sample

    241212-d1sq4atmcj

  • MD5

    c3caa51ac5464ca58f891b6bad4a7990

  • SHA1

    b1b998e5c9d7091eed91292fa834964062dad07e

  • SHA256

    e61f76f23f31a80a601bf637a55df70ac886937c5103fdd1f32cadcab4c42c72

  • SHA512

    6ca29b647d70f95949a0665fdacb8b5165cd6f20cf2e0cdc820bdbe14619a1c1275028278c259f1f98363ace09e7fd5e5ca8065af0ad56b238cc60c90d77767b

  • SSDEEP

    98304:BFkHtzBnTfmzNE0tVW0lz4+7zjEs9XqL/6J1A6GT31HhzJKO2jZU:v2OzZVW0lb7fZqL/6PGT3v4VW

Score
10/10
spynoteandroidcollectioncredential_accessevasionexecutionpersistence

Malware Config

Targets

    • Target

      RetiredTraveller.apk

    • Size

      4.4MB

    • MD5

      c3caa51ac5464ca58f891b6bad4a7990

    • SHA1

      b1b998e5c9d7091eed91292fa834964062dad07e

    • SHA256

      e61f76f23f31a80a601bf637a55df70ac886937c5103fdd1f32cadcab4c42c72

    • SHA512

      6ca29b647d70f95949a0665fdacb8b5165cd6f20cf2e0cdc820bdbe14619a1c1275028278c259f1f98363ace09e7fd5e5ca8065af0ad56b238cc60c90d77767b

    • SSDEEP

      98304:BFkHtzBnTfmzNE0tVW0lz4+7zjEs9XqL/6J1A6GT31HhzJKO2jZU:v2OzZVW0lb7fZqL/6PGT3v4VW

    Score
    7/10
    collectioncredential_accessevasionexecutionpersistence

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks