General
-
Target
Wizard.apk
-
Size
4.4MB
-
Sample
241230-kgwf7stnfr
-
MD5
919dbf3867daedeb54244d41eceab15a
-
SHA1
a4f2dacdd12afd2636b81265ee65217f2e4b82bb
-
SHA256
aa90d6f12a6484044c2a2771419a397d5235620fba9af1315eeee79f9150af4e
-
SHA512
556294e3d9fd57b0e225ce10344838699e37b8491e3d1e2b0d5f05681089b796d99615211bb42d940a5c6811fb55415944584b66f5a94b69118c78bbc9eb6745
-
SSDEEP
98304:UXbgzB5TCmzxP0tMNcUb2wnFw3nNTRPBSfI4mtgSk9w4Oshhus:ltzKMNpw3nNqA45SkC4ys
Malware Config
Targets
-
-
Target
Wizard.apk
-
Size
4.4MB
-
MD5
919dbf3867daedeb54244d41eceab15a
-
SHA1
a4f2dacdd12afd2636b81265ee65217f2e4b82bb
-
SHA256
aa90d6f12a6484044c2a2771419a397d5235620fba9af1315eeee79f9150af4e
-
SHA512
556294e3d9fd57b0e225ce10344838699e37b8491e3d1e2b0d5f05681089b796d99615211bb42d940a5c6811fb55415944584b66f5a94b69118c78bbc9eb6745
-
SSDEEP
98304:UXbgzB5TCmzxP0tMNcUb2wnFw3nNTRPBSfI4mtgSk9w4Oshhus:ltzKMNpw3nNqA45SkC4ys
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1