4f17b1272b31b4529a6f6e06ecf2923ffa7ec34925bca97f04210182a93ec893 | Triage

Resubmissions

03/04/2025, 20:55

250403-zqj7vswps8 10

03/04/2025, 20:50

250403-zm117stwbt 8

Sharing

General

Target

tphmr.apk
Size

3.2MB
Sample

250403-zm117stwbt
MD5

cefb4cf044c9c7b3cc96cd689272b071
SHA1

2eab21f8331adc61308ec5febc7d1bfa65ac575d
SHA256

4f17b1272b31b4529a6f6e06ecf2923ffa7ec34925bca97f04210182a93ec893
SHA512

8b77ab02a8868bc90259e8fd1798e55bf44206c2869e11f37f9a175fcd8aa1c65c0f07d676f50345f218ee9109191e1d2eb26525ad5bc275bd3dfd201794fa46
SSDEEP

49152:wYUMhcQRP2il3jVgz+73s8b5IoEPNSF6Xr0n5QbdK+t7Igix6pU6C:wYUgNRP2il35gzA3s45Izd5k+U6pq

Score

8^/10

android collection defense_evasion discovery evasion persistence

Malware Config

Targets

- Target
  
  tphmr.apk
- Size
  
  3.2MB
- MD5
  
  cefb4cf044c9c7b3cc96cd689272b071
- SHA1
  
  2eab21f8331adc61308ec5febc7d1bfa65ac575d
- SHA256
  
  4f17b1272b31b4529a6f6e06ecf2923ffa7ec34925bca97f04210182a93ec893
- SHA512
  
  8b77ab02a8868bc90259e8fd1798e55bf44206c2869e11f37f9a175fcd8aa1c65c0f07d676f50345f218ee9109191e1d2eb26525ad5bc275bd3dfd201794fa46
- SSDEEP
  
  49152:wYUMhcQRP2il3jVgz+73s8b5IoEPNSF6Xr0n5QbdK+t7Igix6pU6C:wYUgNRP2il35gzA3s45Izd5k+U6pq
Score

8^/10

collection defense_evasion discovery evasion persistence
- Checks if the Android device is rooted.
  defense_evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries information about the current nearby Wi-Fi networks
  Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery defense_evasion
- Acquires the wake lock
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Execution Guardrails

Geofencing

Credential Access

Discovery

Location Tracking

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Location Tracking

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondefense_evasiondiscoveryevasionpersistence