General
-
Target
City Cleaning.apk
-
Size
4.4MB
-
Sample
250127-dcqltsxrgl
-
MD5
0e4adcefdc61d30e4ca82f9181d43043
-
SHA1
4a88e18ecb2a9fc65e3cecf996404627e84c893d
-
SHA256
7ce7dbea9b2246c338763e7f38c6db3aa81c619b6c8f91b4d15590f3a9087e5d
-
SHA512
46475801d117dc5951032cff2c0c163d13411db99f65d27fbf2949c0405398df71672da343cbc463431c3e2ff4a2bd1a52ce18be85330b6ebea753dfc12a0599
-
SSDEEP
98304:nuEzBTTtmzqe0tjA6y9xHSGg/1i8UMdUE12EQCIChV+9D1:JgzcjA3xHSH/1i89UWzVs1
Malware Config
Targets
-
-
Target
City Cleaning.apk
-
Size
4.4MB
-
MD5
0e4adcefdc61d30e4ca82f9181d43043
-
SHA1
4a88e18ecb2a9fc65e3cecf996404627e84c893d
-
SHA256
7ce7dbea9b2246c338763e7f38c6db3aa81c619b6c8f91b4d15590f3a9087e5d
-
SHA512
46475801d117dc5951032cff2c0c163d13411db99f65d27fbf2949c0405398df71672da343cbc463431c3e2ff4a2bd1a52ce18be85330b6ebea753dfc12a0599
-
SSDEEP
98304:nuEzBTTtmzqe0tjA6y9xHSGg/1i8UMdUE12EQCIChV+9D1:JgzcjA3xHSH/1i89UWzVs1
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1