antidot | f618a2bd91effd1cb6295407d83f7e6580775b49bb08747c7a2c552ce99ae639 | Triage

Sharing

General

Target

M-Pajak (1).apk
Size

22.1MB
Sample

250210-d7ah4a1kdz
MD5

d9828b6240c50cf0a2fe47177b2277d5
SHA1

32d732f41a12b8a91af60b9dba1442835d3a9661
SHA256

f618a2bd91effd1cb6295407d83f7e6580775b49bb08747c7a2c552ce99ae639
SHA512

151b9010918c7df69da6f4b80e2caf0bbb20b7d2cb2896b9b6b8a0c1e58ef6d286b92768c789d6b41f709ab643f91456afd06bfd6ed829184f6f24c082ab03ba
SSDEEP

196608:SxmSiQeqQTXH83vqJs1sgAXFNgI7a7YSu33Zu9yzhLrZdsnFphv1rnFphvwnFphD:SYSlbkH8fqss3FNgIuc9zhL9gY/+e/j

Score

10^/10

antidot android banker collection defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  M-Pajak (1).apk
- Size
  
  22.1MB
- MD5
  
  d9828b6240c50cf0a2fe47177b2277d5
- SHA1
  
  32d732f41a12b8a91af60b9dba1442835d3a9661
- SHA256
  
  f618a2bd91effd1cb6295407d83f7e6580775b49bb08747c7a2c552ce99ae639
- SHA512
  
  151b9010918c7df69da6f4b80e2caf0bbb20b7d2cb2896b9b6b8a0c1e58ef6d286b92768c789d6b41f709ab643f91456afd06bfd6ed829184f6f24c082ab03ba
- SSDEEP
  
  196608:SxmSiQeqQTXH83vqJs1sgAXFNgI7a7YSu33Zu9yzhLrZdsnFphv1rnFphvwnFphD:SYSlbkH8fqss3FNgIuc9zhL9gY/+e/j
Score

8^/10

banker collection defense_evasion discovery persistence
- Checks if the Android device is rooted.
  defense_evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the SMS messages.
  collection
- Enumerates running processes
  Discovers information about currently running processes on the system
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondefense_evasiondiscoverypersistence