Overview

overview

10

Static

static

10

d11d8e348c...8a.apk

android-9-x86

8

d11d8e348c...8a.apk

android-10-x64

8

d11d8e348c...8a.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a.bin

  • Size

    4.1MB

  • Sample

    250409-1z8ggstwgw

  • MD5

    675f4bc84ed3d61cf057a3de8a00426a

  • SHA1

    592dedaaf6216addaff3489492b6c02608b805c6

  • SHA256

    d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a

  • SHA512

    dd6a8f5b06bf70ac992981b8eb7002d41ffdf1a94744fd45a859d4e035e1c27caad17c9e45e0f7ce882b9b28a1d5a52638e258ff211fcdfda1556407eb871275

  • SSDEEP

    98304:O2+v/7fp9OtWgWpcsdSeeyxcNXdCggrnHDnlZzSSyGO2pNDRYdq+5jKgkbrQJF:O2+v/vKqpcCe/RQlRSSzOqK952db8JF

Score
10/10
smswormandroidbankercollectioncredential_accessdefense_evasiondiscoveryexecutionimpactpersistence

Malware Config

Targets

    • Target

      d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a.bin

    • Size

      4.1MB

    • MD5

      675f4bc84ed3d61cf057a3de8a00426a

    • SHA1

      592dedaaf6216addaff3489492b6c02608b805c6

    • SHA256

      d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a

    • SHA512

      dd6a8f5b06bf70ac992981b8eb7002d41ffdf1a94744fd45a859d4e035e1c27caad17c9e45e0f7ce882b9b28a1d5a52638e258ff211fcdfda1556407eb871275

    • SSDEEP

      98304:O2+v/7fp9OtWgWpcsdSeeyxcNXdCggrnHDnlZzSSyGO2pNDRYdq+5jKgkbrQJF:O2+v/vKqpcCe/RQlRSSzOqK952db8JF

    Score
    8/10
    bankercollectiondefense_evasiondiscoveryexecutionpersistencecredential_accessimpact

    • Checks if the Android device is rooted.

      defense_evasion

    • Checks Android system properties for emulator presence.

      defense_evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      defense_evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v16

MITRE ATT&CK Mobile v16

Tasks