tgtoxic | 14738acb5d7e082ef950f0d42af019fa5fa270959e9bf4b3474a1c68e7d88c28 | Triage

Sharing

General

Target

14738acb5d7e082ef950f0d42af019fa5fa270959e9bf4b3474a1c68e7d88c28.bin
Size

3.7MB
Sample

241225-3a8gas1lev
MD5

d92c0d97c8beabde5d41777e98f8e9f6
SHA1

6e074e132de20cea49cdabbfbb6c1048ed3d1e04
SHA256

14738acb5d7e082ef950f0d42af019fa5fa270959e9bf4b3474a1c68e7d88c28
SHA512

046b031cc5c6e2226f1acc2f1a02bdf514f65be43bd7cd05ea26f81eb4aed1aee17e30664d1036f0bf93e6d70c6457200061d7ee3b13c893fef19463a1a99c27
SSDEEP

98304:KI1y8VlJ8mgRNdWSJCyZx4dBXa2QFjL6/CSZdf+x8F678YLNcjXr:By8V38miWVXdNAmaSZ0uM8GNcDr

Score

10^/10

tgtoxic android collection credential_access discovery evasion

Malware Config

Targets

- Target
  
  14738acb5d7e082ef950f0d42af019fa5fa270959e9bf4b3474a1c68e7d88c28.bin
- Size
  
  3.7MB
- MD5
  
  d92c0d97c8beabde5d41777e98f8e9f6
- SHA1
  
  6e074e132de20cea49cdabbfbb6c1048ed3d1e04
- SHA256
  
  14738acb5d7e082ef950f0d42af019fa5fa270959e9bf4b3474a1c68e7d88c28
- SHA512
  
  046b031cc5c6e2226f1acc2f1a02bdf514f65be43bd7cd05ea26f81eb4aed1aee17e30664d1036f0bf93e6d70c6457200061d7ee3b13c893fef19463a1a99c27
- SSDEEP
  
  98304:KI1y8VlJ8mgRNdWSJCyZx4dBXa2QFjL6/CSZdf+x8F678YLNcjXr:By8V38miWVXdNAmaSZ0uM8GNcDr
Score

7^/10

collection credential_access discovery evasion
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasion