General
-
Target
2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a.bin
-
Size
3.6MB
-
Sample
250328-137pcssvbs
-
MD5
689813313cff961a95d9da8003da5013
-
SHA1
092ffd924b34e150107fd4fe893c344a71de1a5b
-
SHA256
2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a
-
SHA512
e0504ca2b472f5317d3806636ef3a85ffbac53380ff2d368f00b335228e60914732c55f146fefda7f39b2dd79ff31158719ef5c3fc52272edca4d765a2a340be
-
SSDEEP
49152:FApGv7d2ZrNE720GG2thBPsDyGC0eD5NZY+jjB0gYD2K1eNqJqL:Zd2ZrNE7RuhiDFDe3ZseqqL
Malware Config
Targets
-
-
Target
2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a.bin
-
Size
3.6MB
-
MD5
689813313cff961a95d9da8003da5013
-
SHA1
092ffd924b34e150107fd4fe893c344a71de1a5b
-
SHA256
2d4c4afa385e7d3d0599198f7a1212bdd5bcd7b3e24ebf2e2d5d162728a9b50a
-
SHA512
e0504ca2b472f5317d3806636ef3a85ffbac53380ff2d368f00b335228e60914732c55f146fefda7f39b2dd79ff31158719ef5c3fc52272edca4d765a2a340be
-
SSDEEP
49152:FApGv7d2ZrNE720GG2thBPsDyGC0eD5NZY+jjB0gYD2K1eNqJqL:Zd2ZrNE7RuhiDFDe3ZseqqL
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1