General
-
Target
1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494.bin
-
Size
3.5MB
-
Sample
250407-2b57wswxbz
-
MD5
fc2cddd695703c2803cbae0c17765758
-
SHA1
675e261902686cad8595d4c425178b45e72e31e1
-
SHA256
1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494
-
SHA512
b3cad164c17fc1d2a85f92bd1f96674d3a3df965bd8ba5d2f8750b2880f4f636ea8ad30e8fcd6215adcfe7f6dd263f157aa5aace4a307b130fd3b9931b4d205a
-
SSDEEP
98304:zy8qgP+VJP/XiawvIFWXYzMjHpBUpF5sr8Tgkbi:2keiawvIfaHCnTdbi
Malware Config
Targets
-
-
Target
1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494.bin
-
Size
3.5MB
-
MD5
fc2cddd695703c2803cbae0c17765758
-
SHA1
675e261902686cad8595d4c425178b45e72e31e1
-
SHA256
1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494
-
SHA512
b3cad164c17fc1d2a85f92bd1f96674d3a3df965bd8ba5d2f8750b2880f4f636ea8ad30e8fcd6215adcfe7f6dd263f157aa5aace4a307b130fd3b9931b4d205a
-
SSDEEP
98304:zy8qgP+VJP/XiawvIFWXYzMjHpBUpF5sr8Tgkbi:2keiawvIfaHCnTdbi
Score8/10-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Declares services with permission to bind to the system
-
Legitimate hosting services abused for malware hosting/C2
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests cell location
Uses Android APIs to to get current cell information.
-
Requests dangerous framework permissions
-