ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1

Analysis

max time kernel
149s
max time network
150s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
27/03/2025, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1.apk
Size

1.1MB
MD5

26f529d46558a35cd93b3f6dc85a213f
SHA1

f3c68a5859d92d3048169dd28da19bb105aa0da5
SHA256

ca0989544a1511c773cf4f9da165e77a3be6d3b86a7b5484558b274ddc79a4b1
SHA512

56173d3d3ff48ef7a43428ae66a1187a83a2064d0cf3fdb6def5f917e9bc050998a347c131ee88b18750e8ce12689a46adad482e5f0735bba91bec93d024c5ed
SSDEEP

24576:wqJONrJCTE3x0yCcmMvJO4kc1NWEz1T7hwRq4OaNF:wqJOlt3GyCivJoUII1HhQvOGF

Score

8^/10

banker collection discovery evasion impact privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4790	com.qzhaswptmd.abtjut

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.qzhaswptmd.abtjut/app_yobqpj/veujwlbpb.jar	4790	com.qzhaswptmd.abtjut

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	com.qzhaswptmd.abtjut

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.qzhaswptmd.abtjut

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qzhaswptmd.abtjut

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

T1626.001

Account Access Removal

T1640

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.qzhaswptmd.abtjut

com.qzhaswptmd.abtjut
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Queries information about active data network
- Tries to add a device administrator.
PID:4790

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact