Overview

overview

10

Static

static

10

dropper.apk

android-9-x86

1

dropper.apk

android-10-x64

1

dropper.apk

android-11-x64

1

base.apk

android-9-x86

7

base.apk

android-10-x64

7

base.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dropper.apk

  • Size

    4.7MB

  • Sample

    250107-ne23ra1jhj

  • MD5

    ffff634146506b11adae437103dc15fc

  • SHA1

    f70e96b4eb7d6dd2f1972ff1fb589097fd74844c

  • SHA256

    bc95e8c80931ff2205c89f7d78fc96a1d0dc7c6f3c6ccb68f7e926143aa6e42e

  • SHA512

    1a45fccbcee9a27bd2731ce99c00262808cf84521e7df3df87c3e3e89181404b869c4fe9a15ff05ff29f4894f8993fe1ec7758dd80e539fd96c45d428290445f

  • SSDEEP

    98304:i3mUMdkaoLKauoeQtcPHeXqmr4fgfVeXwTjZn0Bft2n:i3mUEpauoeQ4HCxUfIbTjZo12n

Score
10/10
tgtoxicandroidcollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      dropper.apk

    • Size

      4.7MB

    • MD5

      ffff634146506b11adae437103dc15fc

    • SHA1

      f70e96b4eb7d6dd2f1972ff1fb589097fd74844c

    • SHA256

      bc95e8c80931ff2205c89f7d78fc96a1d0dc7c6f3c6ccb68f7e926143aa6e42e

    • SHA512

      1a45fccbcee9a27bd2731ce99c00262808cf84521e7df3df87c3e3e89181404b869c4fe9a15ff05ff29f4894f8993fe1ec7758dd80e539fd96c45d428290445f

    • SSDEEP

      98304:i3mUMdkaoLKauoeQtcPHeXqmr4fgfVeXwTjZn0Bft2n:i3mUEpauoeQ4HCxUfIbTjZo12n

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      base.apk

    • Size

      3.5MB

    • MD5

      d3dc0e8a0db31899df2a09e95041cd5a

    • SHA1

      2e946eb2cdf0fe428b57dc72f20d0cbe23980a4f

    • SHA256

      1c15920c729c30cb9fc758e7993515a006e2b86829a1136c5b2d875ae3a4e3e8

    • SHA512

      157d0ddb9a88a518fdae71f10b3269cf9a3f245ae2b4727f932f777d49aa08e75ac9efda211433e2af86fb3a9deb91c35938d4b8cfe420f5c1bb4aaac32689a1

    • SSDEEP

      98304:G1y8VlJ8Y7H8/jRRb4A1RtZLrqOfLDcjzg:Ky8V38eH8PbptZL3zDc/g

    Score
    7/10
    collectioncredential_accessdiscoveryevasionexecutionpersistence

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Reads information about phone network operator.

      discovery
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks