AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)

AbstractEmu is mobile malware that was first seen in Google Play and other third-party stores in October 2021. It was discovered in 19 Android applications, of which at least 7 abused known Android exploits for obtaining root permissions. AbstractEmu was observed primarily impacting users in the United States, however victims are believed to be across a total of 17 countries.(Citation: lookout_abstractemu_1021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	1
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Access Notifications - T1517 (39dd7871-f59b-495f-a9a5-3cb8cc50c9b2)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	AbstractEmu - S1061 (2aec175b-4429-4048-8e09-3ef6cbecfc64)	Malware	1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Call Log - T1636.002 (1d1b1558-c833-482e-aabb-d07ef6eae63d)	Attack Pattern	2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Internet Connection Discovery - T1422.001 (45a5fe76-eda3-4d40-8f22-c186efd6278d)	Attack Pattern	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc)	Attack Pattern	Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3)	Attack Pattern	2