Overview

overview

10

Static

static

10

virus-coffeeleak.apk

android-9-x86

8

virus-coffeeleak.apk

android-10-x64

8

Resubmissions

30/01/2025, 06:17

250130-g18n4a1lax 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virus-coffeeleak.apk

  • Size

    8.2MB

  • Sample

    250130-g18n4a1lax

  • MD5

    fd7ee5390b528fcfef3b88091ce878ff

  • SHA1

    9b6e7d884f552cc5ecaf491c06c7638c768333c7

  • SHA256

    fee09aa5744066469e21164c619ced76590939e56df8acb2d709bfbbfd26849e

  • SHA512

    c28bdf46986b1f3b1c61f7f6d58c6c0f425ef2bb7411bb969479abb40e837dfe7c88b051d06c654af69450b1715819f99012f0f93b47d1a088ba6efe2aab6176

  • SSDEEP

    196608:+0AAeNZmF3a/iBemD6NQMwiYGiv2i0BkPmy77Lfs4AKsoTp63e6:5neNZUKgemDQo+i0eVfLk4ApoTp67

Score
10/10
antidotandroidbankerdefense_evasiondiscoveryexecutionpersistence

Malware Config

Targets

    • Target

      virus-coffeeleak.apk

    • Size

      8.2MB

    • MD5

      fd7ee5390b528fcfef3b88091ce878ff

    • SHA1

      9b6e7d884f552cc5ecaf491c06c7638c768333c7

    • SHA256

      fee09aa5744066469e21164c619ced76590939e56df8acb2d709bfbbfd26849e

    • SHA512

      c28bdf46986b1f3b1c61f7f6d58c6c0f425ef2bb7411bb969479abb40e837dfe7c88b051d06c654af69450b1715819f99012f0f93b47d1a088ba6efe2aab6176

    • SSDEEP

      196608:+0AAeNZmF3a/iBemD6NQMwiYGiv2i0BkPmy77Lfs4AKsoTp63e6:5neNZUKgemDQo+i0eVfLk4ApoTp67

    Score
    8/10
    bankerdefense_evasiondiscoveryexecutionpersistence

    • Checks if the Android device is rooted.

      defense_evasion

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

      defense_evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      defense_evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Acquires the wake lock

    • Checks the application is allowed to request package installs through the package installer

      Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

      defense_evasion

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Checks the presence of a debugger

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks