harly | 05b4c4dd8bf9f376c767330e649d725ad35c0c9c3b1b2dbbfab7f39e90c5bac4 | Triage

Sharing

General

Target

05B4C4DD8BF9F376C767330E649D725AD35C0C9C3B1B2DBBFAB7F39E90C5BAC4.apk
Size

24.1MB
Sample

250217-pzvpvaypdt
MD5

20119bda1b6c51fb1e14d9c14e0bca00
SHA1

2af901160d51d4060b10721b7db958fce6813bc6
SHA256

05b4c4dd8bf9f376c767330e649d725ad35c0c9c3b1b2dbbfab7f39e90c5bac4
SHA512

7d3314d39c785c47a7ee9f029a11d1c3ab66786e77c7e3a8c31e95b2ce35513265bd686ef07f807e17836e488ddd618c5afed29c9fd78329bdfde52abbdc0384
SSDEEP

786432:UTMyS8RbcSQTJwG6RV+oWOVzTZEBvD9WKLabY:KMyS4bpyJIoO1mBvgKLabY

Score

10^/10

harly android defense_evasion discovery evasion impact infostealer persistence trojan

Malware Config

Targets

- Target
  
  05B4C4DD8BF9F376C767330E649D725AD35C0C9C3B1B2DBBFAB7F39E90C5BAC4.apk
- Size
  
  24.1MB
- MD5
  
  20119bda1b6c51fb1e14d9c14e0bca00
- SHA1
  
  2af901160d51d4060b10721b7db958fce6813bc6
- SHA256
  
  05b4c4dd8bf9f376c767330e649d725ad35c0c9c3b1b2dbbfab7f39e90c5bac4
- SHA512
  
  7d3314d39c785c47a7ee9f029a11d1c3ab66786e77c7e3a8c31e95b2ce35513265bd686ef07f807e17836e488ddd618c5afed29c9fd78329bdfde52abbdc0384
- SSDEEP
  
  786432:UTMyS8RbcSQTJwG6RV+oWOVzTZEBvD9WKLabY:KMyS4bpyJIoO1mBvgKLabY
Score

10^/10

harly defense_evasion discovery evasion impact infostealer persistence trojan
- Harly
  Harly is an Android trojan subscriber first seen in September 2022.
  trojan infostealer harly
- Harly family
  harly
- Checks if the Android device is rooted.
  defense_evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Listens for changes in the sensor environment (might be used to detect emulation)
  defense_evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

harlydefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan