Composition Strategy
- Standalone: ✔
- Repackaging:
- Library:
Installation Strategy
- Drop: ✔
- Drive-by Download:
Activation Strategy
- Event: BOOT, CALL, MAIN, NET, PKG, SMS
- By Host App:
- Scheduling: ✔
Information Stealing
- Personal Information: Call Log, Contacts, GPS Location, Phone Number, SMS, User Account
- Device Information: ✔
Persistence
- Clean Evidence: block sms, block audio
- Prevent Destroy: restart on destory
Privilege Escalation
- Request Device Admin: ✔
- Root Exploits:
C&C
- Internet Server: ✔
- SMS Server:
- Command Encoding: Json
Anti-analysis Techniques
- Renaming: ✔
- String Encryption:
- Dynamic Loading:
- Native Payload:
- Evade Dynamic Analysis: device id, fingerprint, model, brand, manufacturer, device
Monetization Methods
- Subscribe to Premium Service:
- Banking Trojan: ✔
- Ransom:
- Aggressive Advertisement: