General
-
Target
JIM-MIKE.apk
-
Size
4.4MB
-
Sample
250127-lc826ssrgj
-
MD5
719e43ebb998d0a2caf4fc58a951b9a4
-
SHA1
6c28cce3a13ee5a194d804da796a35828898717d
-
SHA256
8b3340ba3548fe02803d87f4c164ed7ae2082d71b7f9104d343c290d1bbfa7b4
-
SHA512
b7052d36b17895383a8a2623583b11ccd70e2cc45325c56273977ef1ef183fbf53ffe9910fd1ab3a51b2a1ade42226b19c3e3c6e4897c6bb8a1d85d4b1dd3fce
-
SSDEEP
98304:m91zBDTUmzMm0tKFUyfxF8X2p7AGG6QqJjBEsK4oG:KTzmKvZhlHJ+W
Malware Config
Targets
-
-
Target
JIM-MIKE.apk
-
Size
4.4MB
-
MD5
719e43ebb998d0a2caf4fc58a951b9a4
-
SHA1
6c28cce3a13ee5a194d804da796a35828898717d
-
SHA256
8b3340ba3548fe02803d87f4c164ed7ae2082d71b7f9104d343c290d1bbfa7b4
-
SHA512
b7052d36b17895383a8a2623583b11ccd70e2cc45325c56273977ef1ef183fbf53ffe9910fd1ab3a51b2a1ade42226b19c3e3c6e4897c6bb8a1d85d4b1dd3fce
-
SSDEEP
98304:m91zBDTUmzMm0tKFUyfxF8X2p7AGG6QqJjBEsK4oG:KTzmKvZhlHJ+W
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1