General
-
Target
UncoverEncrypt.apk
-
Size
4.5MB
-
Sample
250211-vywteatpem
-
MD5
83a6f1f10aa0b4378e0f3fd3f005537b
-
SHA1
a71925e2de90ef9e2faa7141ad6479a4b1481665
-
SHA256
0035a515d73bbd11de68862c7be86be2ef06cf4436f92c2e3b8331bb5dc86a9c
-
SHA512
22511d7afb82df18c14206f47f4bbff737ec8e37d87a02dedfc54caa280332844b7983016e22be75134c238655d3899d377927592b3144eb0433c9d4e3c04200
-
SSDEEP
98304:iqjIUpi5b4JyoRx4qeAq1TLrmz7zBETk0tU1NweGZbkMcU:iqPSEJyfTL6z+X4tbMcU
Malware Config
Targets
-
-
Target
UncoverEncrypt.apk
-
Size
4.5MB
-
MD5
83a6f1f10aa0b4378e0f3fd3f005537b
-
SHA1
a71925e2de90ef9e2faa7141ad6479a4b1481665
-
SHA256
0035a515d73bbd11de68862c7be86be2ef06cf4436f92c2e3b8331bb5dc86a9c
-
SHA512
22511d7afb82df18c14206f47f4bbff737ec8e37d87a02dedfc54caa280332844b7983016e22be75134c238655d3899d377927592b3144eb0433c9d4e3c04200
-
SSDEEP
98304:iqjIUpi5b4JyoRx4qeAq1TLrmz7zBETk0tU1NweGZbkMcU:iqPSEJyfTL6z+X4tbMcU
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Requests enabling of the accessibility settings.
-