General

  • Target

    f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae.bin

  • Size

    3.5MB

  • Sample

    250309-1xcxsssyey

  • MD5

    5575425d89794f40c72e1f388853df09

  • SHA1

    7d9c4f38514f2cff9ba23a653e292ea2645dd81b

  • SHA256

    f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae

  • SHA512

    ad0c8ae07cb21672b094729b6dd02a9eb7e1faca896ea75f3c750fe3a6a945b2f71161ce30a808943a0ef1a49e670e1383049da295543feec863f5c127848b6d

  • SSDEEP

    98304:Q0xGhvwDqQ9rFY2mhXKHpBUpF5sr8Tgkbd:bxG6DqYfHCnTdbd

Malware Config

Targets

    • Target

      f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae.bin

    • Size

      3.5MB

    • MD5

      5575425d89794f40c72e1f388853df09

    • SHA1

      7d9c4f38514f2cff9ba23a653e292ea2645dd81b

    • SHA256

      f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae

    • SHA512

      ad0c8ae07cb21672b094729b6dd02a9eb7e1faca896ea75f3c750fe3a6a945b2f71161ce30a808943a0ef1a49e670e1383049da295543feec863f5c127848b6d

    • SSDEEP

      98304:Q0xGhvwDqQ9rFY2mhXKHpBUpF5sr8Tgkbd:bxG6DqYfHCnTdbd

    • Checks if the Android device is rooted.

    • Checks Android system properties for emulator presence.

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Declares services with permission to bind to the system

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Requests dangerous framework permissions

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks