Overview

overview

10

Static

static

10

f984ad6b07...30.apk

android-9-x86

1

f984ad6b07...30.apk

android-10-x64

1

f984ad6b07...30.apk

android-11-x64

1

base.apk

android-9-x86

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f984ad6b075426be8dda2f28e1212d5c070fb92318d6590ab4436427aa556730.apk

  • Size

    4.8MB

  • Sample

    241212-dew7dsyjdw

  • MD5

    4f618b5c8486c15bb859756eb092d9b2

  • SHA1

    e3de3139ab8f352c125a76f53dddde919f3b4ed9

  • SHA256

    f984ad6b075426be8dda2f28e1212d5c070fb92318d6590ab4436427aa556730

  • SHA512

    09c9364a8665edeb59adb8f41b4f97c888fee345d2e2d434f77f367cbe6b4108bbda7606ea28c2fc3ff0410846558b7268f2588894f95d5ab757e4563adb0d1d

  • SSDEEP

    98304:m3mUMdkaoLKauowdapCAx/MV3REvmXbGH+wIsFKX5+:m3mUEpauowdwCApvmLOI0U+

Score
10/10
tgtoxicandroidcollectioncredential_accessdiscoveryevasionpersistence

Malware Config

Targets

    • Target

      f984ad6b075426be8dda2f28e1212d5c070fb92318d6590ab4436427aa556730.apk

    • Size

      4.8MB

    • MD5

      4f618b5c8486c15bb859756eb092d9b2

    • SHA1

      e3de3139ab8f352c125a76f53dddde919f3b4ed9

    • SHA256

      f984ad6b075426be8dda2f28e1212d5c070fb92318d6590ab4436427aa556730

    • SHA512

      09c9364a8665edeb59adb8f41b4f97c888fee345d2e2d434f77f367cbe6b4108bbda7606ea28c2fc3ff0410846558b7268f2588894f95d5ab757e4563adb0d1d

    • SSDEEP

      98304:m3mUMdkaoLKauowdapCAx/MV3REvmXbGH+wIsFKX5+:m3mUEpauowdwCApvmLOI0U+

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      base.apk

    • Size

      3.6MB

    • MD5

      133e25a18b8500d6abd78fbcc60bc044

    • SHA1

      f1638daab573cbc191e97fefb04daf030fbfb311

    • SHA256

      86fdfff09f03b0cde4cd0cde3ce0f75e37859925ef6fd89b372bbfada1ace572

    • SHA512

      86fcb70d305ed5a0339bbba113b476e47447f5927f2903adfa109dcdb1cafeb2e79dbef1564088a982e5e4031e091a6416500f94d1980176887320b8c6cb1929

    • SSDEEP

      49152:abgWswiy8VQ7mZt8zvnPxv+rbvleFmLzz6f37LKrYEkw2w/RnJorzvvR9j00oln4:aq1y8VQuGpGJeFmXtYDw2kErLPjz1

    Score
    7/10
    collectioncredential_accessdiscoveryevasionpersistence

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral4

MITRE ATT&CK Mobile v15

Tasks