General
-
Target
City Cleaning.apk
-
Size
4.4MB
-
Sample
250221-kdghwaxmas
-
MD5
0c348b1f18fbf73d7099de420b0a1ff0
-
SHA1
94a591f9a56a511fa3aca50c45bae2b44785eddc
-
SHA256
5259b7012719e705478287fc5fb271751cad2fb69d7bb442ec9a89013dba21ed
-
SHA512
59918df1f7274bc4b99f0bdc900e0db8a5dc69effd700dcc90a527f425a5a6220c41e61d829dcd2b503fa24d0136a2ebe6b3764bceaf23fbe68c56343b1b58ef
-
SSDEEP
98304:mPFzBbTcmzr60ti43CnvDjxQXAd2w3yXyvgHAGemKVl:MLzdi4yLjxQe/yi4gGemu
Malware Config
Targets
-
-
Target
City Cleaning.apk
-
Size
4.4MB
-
MD5
0c348b1f18fbf73d7099de420b0a1ff0
-
SHA1
94a591f9a56a511fa3aca50c45bae2b44785eddc
-
SHA256
5259b7012719e705478287fc5fb271751cad2fb69d7bb442ec9a89013dba21ed
-
SHA512
59918df1f7274bc4b99f0bdc900e0db8a5dc69effd700dcc90a527f425a5a6220c41e61d829dcd2b503fa24d0136a2ebe6b3764bceaf23fbe68c56343b1b58ef
-
SSDEEP
98304:mPFzBbTcmzr60ti43CnvDjxQXAd2w3yXyvgHAGemKVl:MLzdi4yLjxQe/yi4gGemu
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1