General
-
Target
Wizard.apk
-
Size
4.4MB
-
Sample
241229-e1nykssnav
-
MD5
578e77777d3e8a760da0c4fee51c3c61
-
SHA1
2ff58c40007146854c58f038cb4ef9747dc2ffb4
-
SHA256
9a7a3c15b79accc5652170a75cf844f05522597e2d696d99d4e53e0aff246c8b
-
SHA512
3f01f0ba33f279ebd380d29a5cdbe0d865e978ffa112e1b4befb36c1d822fc2a4b0d090cf1f34d547d8104b815e68e2055a83ca3f45f7cdd4b1688c196c5c4b4
-
SSDEEP
98304:uVi7zBbTImzAj0tIu5BkEicehR2oE7T/f/qkRnt7cB6zH:j3z/Iul9oE7TH/qkRnt706zH
Malware Config
Targets
-
-
Target
Wizard.apk
-
Size
4.4MB
-
MD5
578e77777d3e8a760da0c4fee51c3c61
-
SHA1
2ff58c40007146854c58f038cb4ef9747dc2ffb4
-
SHA256
9a7a3c15b79accc5652170a75cf844f05522597e2d696d99d4e53e0aff246c8b
-
SHA512
3f01f0ba33f279ebd380d29a5cdbe0d865e978ffa112e1b4befb36c1d822fc2a4b0d090cf1f34d547d8104b815e68e2055a83ca3f45f7cdd4b1688c196c5c4b4
-
SSDEEP
98304:uVi7zBbTImzAj0tIu5BkEicehR2oE7T/f/qkRnt7cB6zH:j3z/Iul9oE7TH/qkRnt706zH
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1