Overview

overview

8

Static

static

6

c7d855979c...37.apk

android-9-x86

8

c7d855979c...37.apk

android-10-x64

8

c7d855979c...37.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd5290ff42a7f6079b070cb6e13dbfbd95c1fae3b799620fc3b3ae4a6c6368ba.zip

  • Size

    1.6MB

  • Sample

    250327-e3ahzazjx2

  • MD5

    bbcf12392fdc62f67d91e82f40278314

  • SHA1

    4359e88ebab9e9683bd32e3f74a4cbc1d04becfa

  • SHA256

    bd5290ff42a7f6079b070cb6e13dbfbd95c1fae3b799620fc3b3ae4a6c6368ba

  • SHA512

    29564d387458bc8c322035cb44fd3793e2e9fb298af106c99c36d6bd2c0a15b8573e2f5d10eb50e1f29d51d790619c99606738ceb8ad62179c878e6425af2e99

  • SSDEEP

    49152:9DWHyvqSBJWE2/YWG53o7Rkx6AW4ZHNinWBspYK:ISC+hIG53sOpx8nWKR

Score
8/10
androidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Targets

    • Target

      c7d855979c61bafc116d1c0bfe6d87a1683bea96eecca3820bf0be954b80a237.apk

    • Size

      1.6MB

    • MD5

      cca20d1e7f3f55f29010317fa987e485

    • SHA1

      a3ba674cc763ee71723c64aba0c642ae21038e4f

    • SHA256

      c7d855979c61bafc116d1c0bfe6d87a1683bea96eecca3820bf0be954b80a237

    • SHA512

      82a8571f3af0f21f6bcb4035e4ff933956972555928b4e241e4f18282bd10e7986eb97f693edcf64d2c8914a414d1ff4cd77b49aaff88ed96faac151e988b235

    • SSDEEP

      24576:fbPk8jfSS5uBxAoPusA58aUhpB4qzWtSgw15od04B7S1zD0gBn0B5JbzfSaLx9:A8fSu+7pB4KkS+d04RSWq0B5J3t

    Score
    8/10
    bankercollectiondefense_evasiondiscoveryevasionimpactstealthtrojancredential_accessexecutionpersistence

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Acquires the wake lock

    • Queries information about active data network

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks