Skip to content

S0544 HenBox

HenBox is Android malware that attempts to only execute on Xiaomi devices running the MIUI operating system. HenBox has primarily been used to target Uyghurs, a minority Turkic ethnic group.1

Item Value
ID S0544
Associated Names
Version 1.0
Created 17 December 2020
Last Modified 12 April 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1433 Access Call Log HenBox has collected all outgoing phone numbers that start with “86”.1
mobile T1432 Access Contact List HenBox can access the device’s contact list.1
mobile T1413 Access Sensitive Data in Device Logs HenBox can monitor system logs.1
mobile T1418 Application Discovery HenBox can obtain a list of running apps.1
mobile T1402 Broadcast Receivers HenBox has registered several broadcast receivers.1
mobile T1429 Capture Audio HenBox can access the device’s microphone.1
mobile T1512 Capture Camera HenBox can access the device’s camera.1
mobile T1412 Capture SMS Messages HenBox can intercept SMS messages.1
mobile T1605 Command-Line Interface HenBox can run commands as root.1
mobile T1533 Data from Local System HenBox can steal data from various sources, including chat, communication, and social media apps.1
mobile T1476 Deliver Malicious App via Other Means HenBox has been distributed via third-party app stores.1
mobile T1407 Download New Code at Runtime HenBox can load additional Dalvik code while running.1
mobile T1523 Evade Analysis Environment HenBox can detect if the app is running on an emulator.1
mobile T1430 Location Tracking HenBox can track the device’s location.1
mobile T1444 Masquerade as Legitimate Application HenBox has masqueraded as VPN and Android system apps.1
mobile T1575 Native Code HenBox has contained native libraries.1
mobile T1406 Obfuscated Files or Information HenBox has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.1
mobile T1424 Process Discovery HenBox can obtain a list of running processes.1
mobile T1426 System Information Discovery HenBox can collect device information and can check if the device is running MIUI on a Xiaomi device.1


Back to top