Overview

overview

8

Static

static

6

f76524d907...e4.apk

android-9-x86

f76524d907...e4.apk

android-10-x64

8

f76524d907...e4.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed312ad4570dcc30aea67e40b672c4735fcecebef8a24190f9317149376cd5fb.zip

  • Size

    2.0MB

  • Sample

    250327-twqzpsvvcw

  • MD5

    389622c81e145628e3f8dc0783851e26

  • SHA1

    663b22ab7ca512d8efe6c157e58fddb3fc5f9850

  • SHA256

    ed312ad4570dcc30aea67e40b672c4735fcecebef8a24190f9317149376cd5fb

  • SHA512

    d2509e407665da5e85a6c8e928e1df17c609120124ce823361ce5740641a2eb94869f6c3516be51e55a387c51224d6de3565dbcd3e7226c663ede7756af9f3fe

  • SSDEEP

    49152:SPQiPOSJaBJCHgdmQJCLp/khxgYAnAxRCNm88eeZ8lzYPJpJoNWVV:sQFGEigdZCLKgYAnoRCae22kJ8NWVV

Score
8/10
androidcollectioncredential_accessdefense_evasionevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4.apk

    • Size

      2.1MB

    • MD5

      9495d2a58fb5efe2189ab890fe98a2fa

    • SHA1

      e30941e6adb3411176509c79e0377a9b4903717d

    • SHA256

      f76524d907aa6b2e6f192e3e513622ab31489997d0754df775f9f5e8e111e3e4

    • SHA512

      31e828bec5be506c823c3eeba6c1174d339510c5479ef93f0000453095c319c1c9330c859a133d7ac4af4df4b8ed6caccf744b57a0ecac012a2dbc7ebe46b141

    • SSDEEP

      49152:aaErDVPV5HJzTpkb6flyDqqQT775RPxpXQEg0JT4tYT+x8hw5zpcViOJouzoS8A:aaCpHJzTpkbHDqF75JxpOs42TybpuNoM

    Score
    8/10
    collectioncredential_accessdefense_evasionevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      defense_evasion

    • Requests enabling of the accessibility settings.

    • Listens for changes in the sensor environment (might be used to detect emulation)

      defense_evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks