General
-
Target
EZFN.apk
-
Size
4.4MB
-
Sample
241228-vavanszkhw
-
MD5
b54e7fcfeb827f0ca29a35b457d260a8
-
SHA1
9164dd11e93f10202ea500ed892853143bf9ef18
-
SHA256
7e686cc0a9a7a0bb7f7f7e4f76ce11865fefef641a793172d6d8c11f7fe4ff11
-
SHA512
80a063f119511885cd4650ed666115d8ba01e764a3ec37287dde027a18bae92b28ef4b2c7e4e7be2032fff1cf88f58eae64f2f26a1bc2c2d343593155c4bba61
-
SSDEEP
98304:hoaKzDhTKJj3Lx6FR3aNaVNmzFzBKT90tQYLzc:hJY1KLjzayLc
Malware Config
Targets
-
-
Target
EZFN.apk
-
Size
4.4MB
-
MD5
b54e7fcfeb827f0ca29a35b457d260a8
-
SHA1
9164dd11e93f10202ea500ed892853143bf9ef18
-
SHA256
7e686cc0a9a7a0bb7f7f7e4f76ce11865fefef641a793172d6d8c11f7fe4ff11
-
SHA512
80a063f119511885cd4650ed666115d8ba01e764a3ec37287dde027a18bae92b28ef4b2c7e4e7be2032fff1cf88f58eae64f2f26a1bc2c2d343593155c4bba61
-
SSDEEP
98304:hoaKzDhTKJj3Lx6FR3aNaVNmzFzBKT90tQYLzc:hJY1KLjzayLc
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Launchs application uninstaller.
-
Makes a phone call.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Indicator Removal on Host
1Uninstall Malicious Application
1Input Injection
1