xamalicious | 80ba8ee4a58e568ecd4954d9d688c02292090e6d0cddbf19dec2677f739d85d0 | Triage

Sharing

General

Target

infinite-flight-simulator-22.7-mod.apk
Size

573.5MB
Sample

250121-xer28axmcl
MD5

9b4f0c38a5e3300f384f26ad67c7006b
SHA1

a3f2a8050bd614cdb4c6220eb9686c7ff985b01a
SHA256

80ba8ee4a58e568ecd4954d9d688c02292090e6d0cddbf19dec2677f739d85d0
SHA512

2dd06b2a83d76f0288bbc4ba15e1af7d40bbdea040b3e457b8402213f6d4a46d0de775229fc9605696f9bbc23db0dcad7362e5670a511d8b37c42abfbb5f4f21
SSDEEP

12582912:dGnALlxVfjzpEvcGgTtUgNytbqbe2UEhwQPURFnRpTN/1iaK/SpXwcy/zCZJPJxV:oALPVf6HC6Mytbqq2UEh0RF/NcJ/SpXh

Score

10^/10

xamalicious android defense_evasion discovery evasion

Malware Config

Targets

- Target
  
  infinite-flight-simulator-22.7-mod.apk
- Size
  
  573.5MB
- MD5
  
  9b4f0c38a5e3300f384f26ad67c7006b
- SHA1
  
  a3f2a8050bd614cdb4c6220eb9686c7ff985b01a
- SHA256
  
  80ba8ee4a58e568ecd4954d9d688c02292090e6d0cddbf19dec2677f739d85d0
- SHA512
  
  2dd06b2a83d76f0288bbc4ba15e1af7d40bbdea040b3e457b8402213f6d4a46d0de775229fc9605696f9bbc23db0dcad7362e5670a511d8b37c42abfbb5f4f21
- SSDEEP
  
  12582912:dGnALlxVfjzpEvcGgTtUgNytbqbe2UEhwQPURFnRpTN/1iaK/SpXwcy/zCZJPJxV:oALPVf6HC6Mytbqq2UEh0RF/NcJ/SpXh
Score

7^/10

defense_evasion discovery evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasion