SecretCalls: A Formidable App of Notorious Korean Financial Fraudster

May 3, 2024, 11:50 a.m.

Description

Voice phishing groups in South Korea build phishing pages and apps like SecretCalls to trick victims into installing malware and accessing phishing sites for financial fraud. Detailed analysis of SecretCalls Loader reveals anti-analysis techniques like DEX encryption, emulator detection, and installing additional apps before loading SecretCalls for remote control.

External References

https://medium.com/s2wblog/secretcalls-spotlight-a-formidable-app-of-notorious-korean-financial-fraudster-part-1-fa4bbed855c0
https://otx.alienvault.com/pulse/6634c810aaaa04215ec4f690
Tags
android
2024-05-03
south korea
financial fraud
secretcalls
voice phishing

Date

  • Created: May 3, 2024, 11:18 a.m.
  • Published: May 3, 2024, 11:18 a.m.
  • Modified: May 3, 2024, 11:50 a.m.

Indicators

  • f2c48f0a34746fae9dd0bea3eaafc11058338b39736d6a1db715da42437dd601
  • eddf03eb7a3579026eec268e74209f68286bf07993c04ec24ffab10173b69877
  • e9b7980cde15f62dcceb98470b476b075659ef08b5a38c794b6e8954ccdcefbd
  • d65b2092ee471eb25c756fa4d1847b16895e57aa690c3f317df51afd79d28dd2
  • ce5082cb80719da6e91d4e5fb0b4c35fd4881fb4acbdc06243a00c86b42a4ded
  • baad6e7a9a06768682f5553c2b765ac5f74e708be69856d4f640a534a06da459
  • b7081e46af122391481235a4d0a542150db1f4500cfce90e07e227730981476f
  • b46f93c5b127ddbea341c45c42934e32248467f6d226cf8f89c20916491e4977
  • a4c6a52cabfddb57bdaad2532f324116f7900269339d9f41c6d3c46e3bd682ae
  • 9e8c3d489ad519cc4185d9a69085bc85048f5481743fcc7480d3dde616639771
  • 9b40ee23aa24a37cffe3dba91e4e490e4138ee3f593a135d17f6b2c2e02d69e6
  • 7f1e4420025c544b9dd8b13929b04c82ac0abd08dba8c2f1e7a667345bf06dee
  • 76bb1d3fa9b8b872c01da30bfac5fe52ae89d3ca43ce0dad967bc7da0a8e7644
  • 662b84e31e38334394c35a0862dad21ef10086bd8a90619bc73c4b8598213526
  • 649176de7d03d218952f72ff780f6f8532752066688192f4ae92e409efaf0864
  • 54ee8358723132b4b6f41eee4c40c3a06a794201ce998d4c7cc6185a37ee0dad
  • 32e668ab3cbcebaec73d7b8a5b1e5cfee1c8b07969f851df6fe0f1ba405d1a89
  • 1d7702548185a610711e25e0f31bdf10719ee38543ec192a129268aafc683b0b
  • 145f72fb0938f395c8d8dc71efa768241a00b7b1721bde4cc231e4233374a836
  • 0d619094cd4d2c5fe7ffa917b4cef5852101128a31b25850bb4bdcfeb782b7c0
  • 61.227.55.47
  • 36.234.40.6
  • 114.44.218.84
Download all indicators here!

Attack Patterns

  • SecretCalls
  • SecretCrow
  • T1432
  • T1102.001
  • T1433
  • T1516
  • T1412
  • T1125
  • T1573.001
  • T1123
  • T1071.001
  • T1560
  • T1566