New Enchant Android Malware Targeting Chinese Cryptocurrency Users
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading
country: China
maec-delivery-vectors: Watering Hole
attack-pattern: Data Software Discovery - T1418 Application Layer Protocol - T1437 Credentials - T1589.001 Exfiltration Over C2 Channel - T1646 Impair Defenses - T1562 Impair Defenses - T1629 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Prevent Application Removal - T1629.001 Private Keys - T1552.004 Security Software Discovery - T1418.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Web Protocols - T1071.001 Web Protocols - T1437.001 Standard Application Layer Protocol - T1071 Exfiltration Over Command And Control Channel - T1041 Input Capture - T1056 Masquerading - T1036 Private Keys - T1145 Masquerading
Show in Graph
Common Information
Type Value
UUID 5af35317-81aa-4e46-b0e1-2b2d85a6c582
Fingerprint cc2503b9adf2af45
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 23, 2023, midnight
Added to db Nov. 19, 2023, 6:24 a.m.
Last updated Nov. 7, 2024, 2:09 a.m.
Headline New Enchant Android Malware Targeting Chinese Cryptocurrency Users
Title New Enchant Android Malware Targeting Chinese Cryptocurrency Users
Detected Hints/Tags/Attributes 73/4/30
Source URLs
Redirection Url
Details Source https://cyble.com/2023/10/23/new-enchant-android-malware-targeting-chinese-cryptocurrency-users/
Details Source https://cyble.com/blog/new-enchant-android-malware-targeting-chinese-cryptocurrency-users/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 98 Cyble https://cyble.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
xnxnxx.top
Details Domain 1 
xnxnx.cyou
Details Domain 6 
im.token.app
Details Domain 7 
com.okinc.okex.gp
Details Domain 1 
pkg.java
Details Domain 1 
bat.xnxnxx.top
Details File 1 
xnxx.apk
Details File 1 
pkg.java
Details File 1 
send_device_apps.php
Details md5 1 
cc2ec00fe8e7e8cbe0889a04256093b9
Details md5 1 
b336405d59b6cecb58aee654e39b7524
Details sha1 1 
deb91020b411a453ea7831e63eec03acf429e0ed
Details sha1 1 
b733b61a11c82491e18748696515b679080f74a2
Details sha256 1 
c4adaa29e31d0c91b9f1edfc6efe3cb1e62daf9065eb9f17b352f019bdb4bc39
Details sha256 1 
4d10cd933559b74ce6c576f8291d550d5a9212b0d88d7186d04724844033e575
Details MITRE ATT&CK Techniques 9 
T1629.001
Details MITRE ATT&CK Techniques 2 
T1418.001
Details MITRE ATT&CK Techniques 12 
T1417.001
Details MITRE ATT&CK Techniques 17 
T1437.001
Details MITRE ATT&CK Techniques 16 
T1646
Details Url 1 
https://xnxnxx.top
Details Url 1 
https://xnxnx.cyou
Details Url 1 
https://xnxnxx.top/download/xnxx.apk
Details Url 1 
https://xnxnx.cyou/download/xnxx.apk
Details Url 1 
https://bat.xnxnxx.top/api/v6/get_upgrade_url?package_name=pkg.java.xnxx&version_name=5.0.9
Details Url 1 
https://bat.xnxnxx.top/api/v6/send_device_apps.php
Details Url 1 
https://bat.xnxnxx.top/api/v6/send_wallet_address.
Details Url 1 
https://bat.xnxnxx.top/api/v6/send_wallet_mnemonics.
Details Url 1 
https://bat.xnxnxx.top/api/v6/send_wallet_password.
Details Url 1 
https://bat.xnxnxx.top