General
-
Target
ready.apk
-
Size
4.4MB
-
Sample
250328-x2cwtasjy9
-
MD5
b2dfed5dcb6dd9d35dae33e2abd8dd3e
-
SHA1
6d6cf1497a24f565cda402b6ff1aa68f3ecefbf9
-
SHA256
fa1039e2f95d9f7931a092a3d0d56ddda607565ee0b95fb98cf039f8f2a622b4
-
SHA512
5be45e39bc3f36362b7f591932968e2be4620b82c100d16eb7f8da3dd69342989110a67c4dc3afa780361ebbf0c2013671bc382bcd3d68e1f7ee023c4b83c523
-
SSDEEP
98304:8yDoHMkXGqH6rGF3VQ98t2mzDzBBTm0tgMYj:8eoskgeQKBzvt2
Malware Config
Targets
-
-
Target
ready.apk
-
Size
4.4MB
-
MD5
b2dfed5dcb6dd9d35dae33e2abd8dd3e
-
SHA1
6d6cf1497a24f565cda402b6ff1aa68f3ecefbf9
-
SHA256
fa1039e2f95d9f7931a092a3d0d56ddda607565ee0b95fb98cf039f8f2a622b4
-
SHA512
5be45e39bc3f36362b7f591932968e2be4620b82c100d16eb7f8da3dd69342989110a67c4dc3afa780361ebbf0c2013671bc382bcd3d68e1f7ee023c4b83c523
-
SSDEEP
98304:8yDoHMkXGqH6rGF3VQ98t2mzDzBBTm0tgMYj:8eoskgeQKBzvt2
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1