General
-
Target
Active_Senior_Trip[1].apk
-
Size
4.5MB
-
Sample
250219-ezq2jsxjg1
-
MD5
581ba26ed82b08421506d6f11646f50a
-
SHA1
838e292da9b4652ec91666bffebca2de76b29bbb
-
SHA256
bc87a72d231984dbf6061f13f858036b42aa9bd81b9a5e84271a160a6f146267
-
SHA512
65ec3242e9f828dd9eb9ed7b85da082efd2c03b24b06f81a4dc151a13be21f0e4b63cc2bab0f270f65edbdfa7328ce2fefec4aaf87e6ec0cda340985c421892e
-
SSDEEP
98304:nt+FzBjTumzkc0tuOvm4Ou2vnCDpvYD2wlLkQq7z/z9/:t6pzsuoV2fCpYplst
Malware Config
Targets
-
-
Target
Active_Senior_Trip[1].apk
-
Size
4.5MB
-
MD5
581ba26ed82b08421506d6f11646f50a
-
SHA1
838e292da9b4652ec91666bffebca2de76b29bbb
-
SHA256
bc87a72d231984dbf6061f13f858036b42aa9bd81b9a5e84271a160a6f146267
-
SHA512
65ec3242e9f828dd9eb9ed7b85da082efd2c03b24b06f81a4dc151a13be21f0e4b63cc2bab0f270f65edbdfa7328ce2fefec4aaf87e6ec0cda340985c421892e
-
SSDEEP
98304:nt+FzBjTumzkc0tuOvm4Ou2vnCDpvYD2wlLkQq7z/z9/:t6pzsuoV2fCpYplst
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1