General
-
Target
公司企业邮箱.apk
-
Size
10.4MB
-
Sample
250221-cfzhgazqer
-
MD5
c94f207bd94351319010f79117aa2549
-
SHA1
f0c9f0beaf2dcc702e5b774481f8187e34526218
-
SHA256
89dee7fc997371977805ad5b8cfa6a86351bd0f665e0460f28d4fb76523722e4
-
SHA512
71b34ea5eb98beb25335060b9388d7dc7b828075609308973ce07543806f71e4714993a37c85cf9069d4318baa22462e3206eee1e388a9577baf6282bde039d7
-
SSDEEP
196608:8OzSPFzluxK+8dqvoztMvFvPAWhAbDsWYp3XAI+fi+9H:ZOJVqvXZhC2p3QIT+9H
Malware Config
Targets
-
-
Target
公司企业邮箱.apk
-
Size
10.4MB
-
MD5
c94f207bd94351319010f79117aa2549
-
SHA1
f0c9f0beaf2dcc702e5b774481f8187e34526218
-
SHA256
89dee7fc997371977805ad5b8cfa6a86351bd0f665e0460f28d4fb76523722e4
-
SHA512
71b34ea5eb98beb25335060b9388d7dc7b828075609308973ce07543806f71e4714993a37c85cf9069d4318baa22462e3206eee1e388a9577baf6282bde039d7
-
SSDEEP
196608:8OzSPFzluxK+8dqvoztMvFvPAWhAbDsWYp3XAI+fi+9H:ZOJVqvXZhC2p3QIT+9H
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests dangerous framework permissions
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1