Overview

overview

8

Static

static

6

d7511298f5...73.apk

android-9-x86

8

d7511298f5...73.apk

android-10-x64

8

d7511298f5...73.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaf9a9940634e0db36afeccabdbc92abc8c329894d287fc0dfc74318c276704b.zip

  • Size

    531KB

  • Sample

    250327-s8395at1ft

  • MD5

    32e8e65861381e398b1c1545507dde0a

  • SHA1

    f8bb548ef31581bc5dded2b8be33d53cc3b444ad

  • SHA256

    eaf9a9940634e0db36afeccabdbc92abc8c329894d287fc0dfc74318c276704b

  • SHA512

    0df64042a54b2ce85825b81c4a5cf258f7d716d08be5f13701aa993f7dd29c559ff23e995f69ca4534121762e255e4bed74f2b797edae045772a4fc23ddf667b

  • SSDEEP

    12288:R5nUw1Ox29ny9HpnQx0ej2T1RB9rHvd4GzPCX8:R5UwAIy9JQRyRrvtaM

Score
8/10
androidcollectioncredential_accessdefense_evasiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      d7511298f5f6c7205eb753ecd7a4e0070e9f4e353f8e6c94ef3339b4a1886b73.apk

    • Size

      571KB

    • MD5

      ade1103bc0846281305ec85703ee7308

    • SHA1

      de708dc470c4d06a7845dfc9b331a6bf61a520bf

    • SHA256

      d7511298f5f6c7205eb753ecd7a4e0070e9f4e353f8e6c94ef3339b4a1886b73

    • SHA512

      6c44f561ded4982ba90ab9ec074ac1f3dac57b14b131c4086afc8da2f7852f3aed1e798dbc7a14345d0ae7190bffbdb68feae3c272901687da75d8e979b862a3

    • SSDEEP

      12288:uZkhGoyQPoGLHTrgkhGoyQPoGLiVkhGoyQPoGLgkhGoyQPoGL8khGoyQPoGLhXmB:uZmyQgoTrgmyQg1VmyQgrmyQgtmyQg33

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks