Resubmissions

17-01-2021 18:50

210117-p29gjn9xre 10

13-01-2021 21:41

210113-sz9mt28ax6 10

13-01-2021 21:39

210113-tlgh3tnrwn 10

General

  • Target

    Riskware.apk

  • Size

    508KB

  • Sample

    210113-sz9mt28ax6

  • MD5

    b4e2d72bffd19ec64c5d51c035a4d569

  • SHA1

    47559f5e66b063e2b14390311d8fd1c1efd63f2a

  • SHA256

    d3c950ae2ad0e51127f271ea99931e823b70970279c0501525fd96e3aa2a10fc

  • SHA512

    0fbabfb3b0d4ce770054f290025400d256eb8ab06f9223e7c8402d2142d427bb7b0742dabc82128039b6aa947dd588a3b85db8d86783e7f4b2f874a32d118e81

Malware Config

Extracted

AES_key
DESEDE_key

Targets

    • Target

      Riskware.apk

    • Size

      508KB

    • MD5

      b4e2d72bffd19ec64c5d51c035a4d569

    • SHA1

      47559f5e66b063e2b14390311d8fd1c1efd63f2a

    • SHA256

      d3c950ae2ad0e51127f271ea99931e823b70970279c0501525fd96e3aa2a10fc

    • SHA512

      0fbabfb3b0d4ce770054f290025400d256eb8ab06f9223e7c8402d2142d427bb7b0742dabc82128039b6aa947dd588a3b85db8d86783e7f4b2f874a32d118e81

    Score
    10/10
    • Reads device subscriber ID

      Uses Android APIs to read subscriber ID (IMSI on GSM devices).

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks