Overview

overview

10

Static

static

6

rex.apk

android-11-x64

10

Resubmissions

27/03/2025, 10:40

250327-mq2exssqt4 10

27/03/2025, 08:05

250327-jzbzvayyhz 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rex.apk

  • Size

    7.8MB

  • Sample

    250327-mq2exssqt4

  • MD5

    5e6c199096fb378865454af7fe158a38

  • SHA1

    9be62d38f7fdf15f2841c442f57e74768bb9c264

  • SHA256

    12b59f6d4c21c1b4ca25dab0618ed5ffb57ad8f9c7ba7b731ea0f8b2aac251cc

  • SHA512

    2c93b6faa6f6fafe786f7ba6236ed8648a3fc599c6e6c72921633195649daafc41eac05aa3a019e84a1863e054ea28c87b06635b2cfc92f5e8f784ae2ab2c67a

  • SSDEEP

    196608:8cNnc/cvcDPpG1cscgA0TIrsE+5zFKKpEC6iOchpWy0e:1Nc0EDhGKFgA0krs7T9CLe

Score
10/10
copybaraandroidbankercollectioncredential_accessdefense_evasionevasionimpactinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      rex.apk

    • Size

      7.8MB

    • MD5

      5e6c199096fb378865454af7fe158a38

    • SHA1

      9be62d38f7fdf15f2841c442f57e74768bb9c264

    • SHA256

      12b59f6d4c21c1b4ca25dab0618ed5ffb57ad8f9c7ba7b731ea0f8b2aac251cc

    • SHA512

      2c93b6faa6f6fafe786f7ba6236ed8648a3fc599c6e6c72921633195649daafc41eac05aa3a019e84a1863e054ea28c87b06635b2cfc92f5e8f784ae2ab2c67a

    • SSDEEP

      196608:8cNnc/cvcDPpG1cscgA0TIrsE+5zFKKpEC6iOchpWy0e:1Nc0EDhGKFgA0krs7T9CLe

    Score
    10/10
    copybarabankercollectioncredential_accessdefense_evasionevasionimpactinfostealerpersistencetrojan

    • Copybara

      Copybara is an Android banking trojan first seen in November 2021.

      bankertrojaninfostealercopybara

    • Copybara family

      copybara

    • Copybara payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1

MITRE ATT&CK Mobile v15

Tasks