General
-
Target
Credito.apk
-
Size
5.8MB
-
Sample
250331-qnd4dsz1cy
-
MD5
e9ca5e13007ea758be96b07765006ccb
-
SHA1
dc624df4e10a68beae346d2750efeb43ac680df8
-
SHA256
ec856bb2a5c3359e06e672ca9effc7a22553b6ecc31936f378857c3390dd6b3d
-
SHA512
1d4fca4ab588514194b967486cdc24c902da5af6e7e19209e341bea6db1ab6fc9ed5cf3e26fac04c43d9d4bcd974ece826791cb5fa3ce77681ea068125339434
-
SSDEEP
98304:89hxu/kp+roxXMLgN/2B+24/90CgGnDcmz8aLEunh+zBjj0my9K+X7:89XOo9MLy/2Qj5g8DLz8aLEuC67
Malware Config
Targets
-
-
Target
Credito.apk
-
Size
5.8MB
-
MD5
e9ca5e13007ea758be96b07765006ccb
-
SHA1
dc624df4e10a68beae346d2750efeb43ac680df8
-
SHA256
ec856bb2a5c3359e06e672ca9effc7a22553b6ecc31936f378857c3390dd6b3d
-
SHA512
1d4fca4ab588514194b967486cdc24c902da5af6e7e19209e341bea6db1ab6fc9ed5cf3e26fac04c43d9d4bcd974ece826791cb5fa3ce77681ea068125339434
-
SSDEEP
98304:89hxu/kp+roxXMLgN/2B+24/90CgGnDcmz8aLEunh+zBjj0my9K+X7:89XOo9MLy/2Qj5g8DLz8aLEuC67
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1