antidot | fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60 | Triage

Sharing

General

Target

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60.apk
Size

22.1MB
Sample

250317-lm1tjswxhx
MD5

c7dd3e08e9f1d2c16ac9d51aaeb4c1cf
SHA1

db342f35467cad79035f0fa2b77fdb427cf981d0
SHA256

fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60
SHA512

7b769e0d24a6e6da4801752b5fe5903d671e3ff629dad2daa33fa2c754b84aaa1865643699b170cc11e9a0d72d5c5b51c78e0a3b77afc9749aee3969db5c8b7f
SSDEEP

196608:UPCoCv1HxcjCVWy5RtVUs1sgAXFNgI7a7Yt3Zu9yzhLrZY/snFphv1rnFphvwnFF:UYMjCVWy/Zs3FNgIuQ9zhL93Y/+edD

Score

10^/10

antidot android banker collection defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60.apk
- Size
  
  22.1MB
- MD5
  
  c7dd3e08e9f1d2c16ac9d51aaeb4c1cf
- SHA1
  
  db342f35467cad79035f0fa2b77fdb427cf981d0
- SHA256
  
  fe4b2b288565cc1a85b7dd23398cc8ab850b0b0c73d46ec9e7c308af86a96d60
- SHA512
  
  7b769e0d24a6e6da4801752b5fe5903d671e3ff629dad2daa33fa2c754b84aaa1865643699b170cc11e9a0d72d5c5b51c78e0a3b77afc9749aee3969db5c8b7f
- SSDEEP
  
  196608:UPCoCv1HxcjCVWy5RtVUs1sgAXFNgI7a7Yt3Zu9yzhLrZY/snFphv1rnFphvwnFF:UYMjCVWy/Zs3FNgIuQ9zhL93Y/+edD
Score

8^/10

banker collection defense_evasion discovery persistence
- Checks if the Android device is rooted.
  defense_evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the SMS messages.
  collection
- Enumerates running processes
  Discovers information about currently running processes on the system
- Legitimate hosting services abused for malware hosting/C2
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankercollectiondefense_evasiondiscoverypersistence