Analysis
-
max time kernel
4009118s -
max time network
24s -
platform
android_x86_64 -
resource
android-x86_64 -
submitted
22-11-2020 07:53
Static task
static1
Behavioral task
behavioral1
Sample
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d.apk
Resource
android-x86_arm
Behavioral task
behavioral2
Sample
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d.apk
Resource
android-x86_64
General
-
Target
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d.apk
-
Size
765KB
-
MD5
8e0d8b35aa77ced25b40ca6986696a0e
-
SHA1
e84c092a44400cd1face3d806349dec99f172f4e
-
SHA256
5c527a2bbb2894a199826059892202c28b7c0258c5dc7567fe9249332594fe8d
-
SHA512
76237f1a0da2a0799c91f87e9ac8bf53db5df0b976ab3399162a7e457aae5d6d342b9f52b5e112a89fc916e8600561392b09210bbad8b30b98caf6a241d29bd4
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
Processes:
com.sxhvm.hjdyosewndescription ioc process Framework API call android.app.ApplicationPackageManager.getInstalledApplications com.sxhvm.hjdyosewn -
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.sxhvm.hjdyosewnioc pid process /data/user/0/com.sxhvm.hjdyosewn/app_xrohgdt/ygdrewc.jar 3549 com.sxhvm.hjdyosewn -
Suspicious use of android.app.ActivityManager.getRunningAppProcesses 1674 IoCs
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn 3549 com.sxhvm.hjdyosewn -
Suspicious use of android.os.PowerManager$WakeLock.acquire 1 IoCs
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn -
Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn -
Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso 1 IoCs
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn -
Suspicious use of android.telephony.TelephonyManager.getSimOperatorName 1 IoCs
Processes:
com.sxhvm.hjdyosewnpid process 3549 com.sxhvm.hjdyosewn -
Uses reflection 20 IoCs
Processes:
com.sxhvm.hjdyosewndescription pid process Invokes method android.content.ContextWrapper.getBaseContext 3549 com.sxhvm.hjdyosewn Invokes method java.lang.reflect.AccessibleObject.setAccessible 3549 com.sxhvm.hjdyosewn Acesses field android.content.Context.MODE_PRIVATE 3549 com.sxhvm.hjdyosewn Invokes method android.app.ContextImpl.getDir 3549 com.sxhvm.hjdyosewn Invokes method java.io.File.getAbsolutePath 3549 com.sxhvm.hjdyosewn Invokes method android.app.ContextImpl.getAssets 3549 com.sxhvm.hjdyosewn Invokes method android.content.res.AssetManager.open 3549 com.sxhvm.hjdyosewn Invokes method java.lang.Class.forName 3549 com.sxhvm.hjdyosewn Invokes method java.io.FileOutputStream.close 3549 com.sxhvm.hjdyosewn Invokes method java.lang.Class.getClassLoader 3549 com.sxhvm.hjdyosewn Invokes method java.lang.Class.forName 3549 com.sxhvm.hjdyosewn Invokes method java.lang.reflect.AccessibleObject.setAccessible 3549 com.sxhvm.hjdyosewn Acesses field android.app.ContextImpl.mPackageInfo 3549 com.sxhvm.hjdyosewn Invokes method java.lang.reflect.AccessibleObject.setAccessible 3549 com.sxhvm.hjdyosewn Acesses field android.app.LoadedApk.mClassLoader 3549 com.sxhvm.hjdyosewn Invokes method java.lang.ClassLoader.loadClass 3549 com.sxhvm.hjdyosewn Invokes method java.lang.Class.forName 3549 com.sxhvm.hjdyosewn Invokes method android.app.Instrumentation.newApplication 3549 com.sxhvm.hjdyosewn Invokes method com.sxhvm.hjdyosewn.vagqxegu.yacvxtkfhf.onCreate 3549 com.sxhvm.hjdyosewn Acesses field android.net.ConnectivityManager.mService 3549 com.sxhvm.hjdyosewn
Processes
-
com.sxhvm.hjdyosewn1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Suspicious use of android.app.ActivityManager.getRunningAppProcesses
- Suspicious use of android.os.PowerManager$WakeLock.acquire
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Suspicious use of android.telephony.TelephonyManager.getNetworkCountryIso
- Suspicious use of android.telephony.TelephonyManager.getSimOperatorName
- Uses reflection