General
-
Target
f0605536d2a3bc8e57d978d71d596aeb.apk
-
Size
10.8MB
-
Sample
250326-p4akgavygv
-
MD5
f0605536d2a3bc8e57d978d71d596aeb
-
SHA1
1c6c1fa65b0960e5ef9ec8c335c085ced70784db
-
SHA256
8764d9efce4330f29c1119364d395b37ebb980031b9aef29a9ee73502da9ed66
-
SHA512
b93a773c73a06b25d1fd1ee8d0c359ac5ff4d583acf355cabafd7dbc5095b7f50a3f8df60235592e6bc158eaf075b38e3bd7be7ad444686294ddc0ecc77e756b
-
SSDEEP
196608:RFX3a/isaGmdMsjym0IIwItorSCWdDDo6pqIswY8p/cswRoGFIQBsHKj:jKaJ3dMsj9rIwICrSrXZrXwOGFIUsHKj
Malware Config
Targets
-
-
Target
f0605536d2a3bc8e57d978d71d596aeb.apk
-
Size
10.8MB
-
MD5
f0605536d2a3bc8e57d978d71d596aeb
-
SHA1
1c6c1fa65b0960e5ef9ec8c335c085ced70784db
-
SHA256
8764d9efce4330f29c1119364d395b37ebb980031b9aef29a9ee73502da9ed66
-
SHA512
b93a773c73a06b25d1fd1ee8d0c359ac5ff4d583acf355cabafd7dbc5095b7f50a3f8df60235592e6bc158eaf075b38e3bd7be7ad444686294ddc0ecc77e756b
-
SSDEEP
196608:RFX3a/isaGmdMsjym0IIwItorSCWdDDo6pqIswY8p/cswRoGFIQBsHKj:jKaJ3dMsj9rIwICrSrXZrXwOGFIUsHKj
Score10/10-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload
-
Tanglebot family
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
-
-
Target
rex.apk
-
Size
7.8MB
-
MD5
d8f788db9c5391cadc2f854a7d4a3231
-
SHA1
7ae6068449c1a79c4dbc15cc2f3d920ded64e2d6
-
SHA256
bb605ea69d8283489be0733098b22bfaf8ab45d4ea64eca0ef9b3b2299876531
-
SHA512
d967266c577823d64709178c2b0d384c7a24740d23b619ea644af83bd8a1fe5e0ce0706138facefc39d16dd3d5cd54cc91fc2da4cd908c4f9f2f6574a47f59c7
-
SSDEEP
196608:8cNnc/cvcDPpG1cscgA0TIrsE+5zFKKpEC6iOchpWy0O:1Nc0EDhGKFgA0krs7T9CLO
Score10/10-
Copybara
Copybara is an Android banking trojan first seen in November 2021.
-
Copybara family
-
Copybara payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Software Discovery
1Security Software Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1