antidot | 4a6fe0fa75fce1fe0029a0dbbe4e0b263812b011dfb0ba509e52f7f480389acf | Triage

Sharing

General

Target

M-Pajak.apk
Size

22.1MB
Sample

250201-h3mebawjeq
MD5

c4ed726c3d5668d29193c664dda421b3
SHA1

d1a667675e2c3c6f8ce851e73acf75bfcf638951
SHA256

4a6fe0fa75fce1fe0029a0dbbe4e0b263812b011dfb0ba509e52f7f480389acf
SHA512

6bf9ec9f47043c261c4eb03ed0a47d1b06644a2dfd5f6f36c1f39bbcc885c6ceb2c90b180a3cb10c05c324d11f54875c2c5a98c565d86c42f11d860640032f15
SSDEEP

196608:iHOLwtZ/1WYD4u0fNEjHz6hJs1sgAXFNgI7a7YSu33Zu9yzhLrZXsnFphv1rnFpL:qUc1W6KYgss3FNgIuc9zhL9WY/+enC

Score

10^/10

antidot android banker collection defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  M-Pajak.apk
- Size
  
  22.1MB
- MD5
  
  c4ed726c3d5668d29193c664dda421b3
- SHA1
  
  d1a667675e2c3c6f8ce851e73acf75bfcf638951
- SHA256
  
  4a6fe0fa75fce1fe0029a0dbbe4e0b263812b011dfb0ba509e52f7f480389acf
- SHA512
  
  6bf9ec9f47043c261c4eb03ed0a47d1b06644a2dfd5f6f36c1f39bbcc885c6ceb2c90b180a3cb10c05c324d11f54875c2c5a98c565d86c42f11d860640032f15
- SSDEEP
  
  196608:iHOLwtZ/1WYD4u0fNEjHz6hJs1sgAXFNgI7a7YSu33Zu9yzhLrZXsnFphv1rnFpL:qUc1W6KYgss3FNgIuc9zhL9WY/+enC
Score

8^/10

banker collection defense_evasion discovery persistence
- Checks if the Android device is rooted.
  defense_evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the SMS messages.
  collection
- Enumerates running processes
  Discovers information about currently running processes on the system
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondefense_evasiondiscoverypersistence