Composition Strategy
- Standalone: ✔
- Repackaging:
- Library:
Installation Strategy
- Drop: ✔
- Drive-by Download:
Activation Strategy
- Event: BOOT, CALL, MAIN, SMS
- By Host App:
- Scheduling:
Information Stealing
- Personal Information:
- Device Information: ✔
Persistence
- Clean Evidence: block sms, hide icon
- Prevent Destroy:
Privilege Escalation
- Request Device Admin: ✔
- Root Exploits:
C&C
- Internet Server: ✔
- SMS Server: ✔
- Command Encoding: XML
Anti-analysis Techniques
- Renaming:
- String Encryption: ✔
- Dynamic Loading: ✔
- Native Payload:
- Evade Dynamic Analysis: encrypt network flow
Monetization Methods
- Subscribe to Premium Service: dynamic
- Banking Trojan:
- Ransom:
- Aggressive Advertisement: