Back

SecretCalls: A Formidable App of Notorious Korean Financial Fraudster

May 3, 2024, 11:50 a.m.

Tags

android
2024-05-03
south korea
financial fraud
secretcalls
voice phishing

External References

https://medium.com/

https://otx.alienvault.com/

Description

Voice phishing groups in South Korea build phishing pages and apps like SecretCalls to trick victims into installing malware and accessing phishing sites for financial fraud. Detailed analysis of SecretCalls Loader reveals anti-analysis techniques like DEX encryption, emulator detection, and installing additional apps before loading SecretCalls for remote control.

Date

Published Created Modified
May 3, 2024, 11:18 a.m. May 3, 2024, 11:18 a.m. May 3, 2024, 11:50 a.m.

Indicators

f2c48f0a34746fae9dd0bea3eaafc11058338b39736d6a1db715da42437dd601

eddf03eb7a3579026eec268e74209f68286bf07993c04ec24ffab10173b69877

e9b7980cde15f62dcceb98470b476b075659ef08b5a38c794b6e8954ccdcefbd

d65b2092ee471eb25c756fa4d1847b16895e57aa690c3f317df51afd79d28dd2

ce5082cb80719da6e91d4e5fb0b4c35fd4881fb4acbdc06243a00c86b42a4ded

baad6e7a9a06768682f5553c2b765ac5f74e708be69856d4f640a534a06da459

b7081e46af122391481235a4d0a542150db1f4500cfce90e07e227730981476f

b46f93c5b127ddbea341c45c42934e32248467f6d226cf8f89c20916491e4977

a4c6a52cabfddb57bdaad2532f324116f7900269339d9f41c6d3c46e3bd682ae

9e8c3d489ad519cc4185d9a69085bc85048f5481743fcc7480d3dde616639771

9b40ee23aa24a37cffe3dba91e4e490e4138ee3f593a135d17f6b2c2e02d69e6

7f1e4420025c544b9dd8b13929b04c82ac0abd08dba8c2f1e7a667345bf06dee

76bb1d3fa9b8b872c01da30bfac5fe52ae89d3ca43ce0dad967bc7da0a8e7644

662b84e31e38334394c35a0862dad21ef10086bd8a90619bc73c4b8598213526

649176de7d03d218952f72ff780f6f8532752066688192f4ae92e409efaf0864

54ee8358723132b4b6f41eee4c40c3a06a794201ce998d4c7cc6185a37ee0dad

32e668ab3cbcebaec73d7b8a5b1e5cfee1c8b07969f851df6fe0f1ba405d1a89

1d7702548185a610711e25e0f31bdf10719ee38543ec192a129268aafc683b0b

145f72fb0938f395c8d8dc71efa768241a00b7b1721bde4cc231e4233374a836

0d619094cd4d2c5fe7ffa917b4cef5852101128a31b25850bb4bdcfeb782b7c0

61.227.55.47

36.234.40.6

114.44.218.84

Attack Patterns

SecretCalls

SecretCrow

T1432

T1102.001

T1433

T1516

T1412

T1125

T1573.001

T1123

T1071.001

T1560

T1566