General
-
Target
City Cleaning.apk
-
Size
4.4MB
-
Sample
250401-dql6kasvfv
-
MD5
84bda31f28ddca62c12223583582734f
-
SHA1
1cb639f6358a736451ece24eb9ad12f66dcee8e7
-
SHA256
83a391752a309339a35e4313cc420596ec9abf04fe972f389c95a49474236461
-
SHA512
f530018bf03af1c72f633b26b6816a93c70b49f5b5344cfdac8ded47547a2dca964b0f00f55bfef4ebcc5cacfbd7c012f8d20832aa08a1689355578c387b5b3c
-
SSDEEP
98304:fFbzBNTVmzVf0tU3eeJ8RO9QO5n6OFb3MYnJl4b/8:VYzOUuJR0F3Jn4A
Malware Config
Targets
-
-
Target
City Cleaning.apk
-
Size
4.4MB
-
MD5
84bda31f28ddca62c12223583582734f
-
SHA1
1cb639f6358a736451ece24eb9ad12f66dcee8e7
-
SHA256
83a391752a309339a35e4313cc420596ec9abf04fe972f389c95a49474236461
-
SHA512
f530018bf03af1c72f633b26b6816a93c70b49f5b5344cfdac8ded47547a2dca964b0f00f55bfef4ebcc5cacfbd7c012f8d20832aa08a1689355578c387b5b3c
-
SSDEEP
98304:fFbzBNTVmzVf0tU3eeJ8RO9QO5n6OFb3MYnJl4b/8:VYzOUuJR0F3Jn4A
Score7/10-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1