General

  • Target

    HBOMaxModv52.55.0.3espacioapk.com.apk

  • Size

    31.9MB

  • Sample

    250503-jym1qafn7z

  • MD5

    cacb327648e3a1c35b2d7f21ce990ffa

  • SHA1

    40220696c71d299b441ecaee02109ccac16dec4e

  • SHA256

    e6d1cd80f1f0fcae89e6d3fa1a3a220cfd00eb35db0b37186d0aaef707190db7

  • SHA512

    b74372458e70a4e2a579e84c3c7a6e0d5c9bc5a98b2f0e4ba1c73e48c5b6b5dbd819a978810716470464d90720cae5b14753a795325f3558a39563ac596163f8

  • SSDEEP

    786432:GqXgtRyNtC5ymuhawnk3P+a7p8enjw4PK0ujyo6i2qpI/:+yn/awkff7mejw4qjB6PZ/

Malware Config

Targets

    • Target

      HBOMaxModv52.55.0.3espacioapk.com.apk

    • Size

      31.9MB

    • MD5

      cacb327648e3a1c35b2d7f21ce990ffa

    • SHA1

      40220696c71d299b441ecaee02109ccac16dec4e

    • SHA256

      e6d1cd80f1f0fcae89e6d3fa1a3a220cfd00eb35db0b37186d0aaef707190db7

    • SHA512

      b74372458e70a4e2a579e84c3c7a6e0d5c9bc5a98b2f0e4ba1c73e48c5b6b5dbd819a978810716470464d90720cae5b14753a795325f3558a39563ac596163f8

    • SSDEEP

      786432:GqXgtRyNtC5ymuhawnk3P+a7p8enjw4PK0ujyo6i2qpI/:+yn/awkff7mejw4qjB6PZ/

    • Renames multiple (189) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

    • Queries the mobile country code (MCC)

MITRE ATT&CK Enterprise v16

MITRE ATT&CK Mobile v16

Tasks