Overview

overview

10

Static

static

10

f01e810de5...ae.apk

android-9-x86

8

f01e810de5...ae.apk

android-10-x64

8

f01e810de5...ae.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae.bin

  • Size

    3.5MB

  • Sample

    250309-1xcxsssyey

  • MD5

    5575425d89794f40c72e1f388853df09

  • SHA1

    7d9c4f38514f2cff9ba23a653e292ea2645dd81b

  • SHA256

    f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae

  • SHA512

    ad0c8ae07cb21672b094729b6dd02a9eb7e1faca896ea75f3c750fe3a6a945b2f71161ce30a808943a0ef1a49e670e1383049da295543feec863f5c127848b6d

  • SSDEEP

    98304:Q0xGhvwDqQ9rFY2mhXKHpBUpF5sr8Tgkbd:bxG6DqYfHCnTdbd

Score
10/10
smswormandroidbankercollectioncredential_accessdefense_evasiondiscoveryimpactpersistence

Malware Config

Targets

    • Target

      f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae.bin

    • Size

      3.5MB

    • MD5

      5575425d89794f40c72e1f388853df09

    • SHA1

      7d9c4f38514f2cff9ba23a653e292ea2645dd81b

    • SHA256

      f01e810de599c765983c775bbbba1b18c14abab61fac8459321fd215a52672ae

    • SHA512

      ad0c8ae07cb21672b094729b6dd02a9eb7e1faca896ea75f3c750fe3a6a945b2f71161ce30a808943a0ef1a49e670e1383049da295543feec863f5c127848b6d

    • SSDEEP

      98304:Q0xGhvwDqQ9rFY2mhXKHpBUpF5sr8Tgkbd:bxG6DqYfHCnTdbd

    Score
    8/10
    bankercollectiondefense_evasiondiscoverypersistencecredential_accessimpact

    • Checks if the Android device is rooted.

      defense_evasion

    • Checks Android system properties for emulator presence.

      defense_evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      defense_evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Declares services with permission to bind to the system

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery

    • Requests dangerous framework permissions

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.