Analysis Overview
score
10/10
SHA256
1f90f166ff55a3a3e71e61edb6e3cba7b1a41c58870eec156f34b377950026ed
Threat Level: Known bad
The file sszytrbhuy.apk was found to be: Known bad.
Malicious Activity Summary
XLoader, MoqHao
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Uses reflection
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2021-03-16 11:27
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2021-03-16 11:27
Reported
2021-03-16 11:30
Platform
android-x86_64_arm64
Max time kernel
986507s
Max time network
160s
Command Line
k.iswm.shewn
Signatures
XLoader, MoqHao
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/k.iswm.shewn/files/dex | N/A | N/A |
| N/A | /data/user/0/k.iswm.shewn/files/dex | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
| Invokes method android.telephony.SignalStrength.getLevel | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Invokes method android.os.PowerManager.isIgnoringBatteryOptimizations | N/A | N/A | N/A |
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
k.iswm.shewn
Network
| Country | Destination | Domain | Proto |
| N/A | 172.217.168.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 172.217.17.68:443 | udp | |
| N/A | 142.250.27.188:5228 | mtalk.google.com | tcp |
| N/A | 8.8.8.8:53 | play.googleapis.com | udp |
| N/A | 142.250.179.202:80 | play.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | m.vk.com | udp |
| N/A | 8.8.4.4:53 | m.vk.com | udp |
| N/A | 8.8.8.8:53 | www.googletagmanager.com | udp |
| N/A | 172.217.168.232:443 | www.googletagmanager.com | tcp |
| N/A | 142.250.27.188:5228 | mtalk.google.com | tcp |
| N/A | 142.250.179.202:443 | play.googleapis.com | tcp |
| N/A | 142.250.179.202:443 | play.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| N/A | 172.217.17.40:443 | ssl.google-analytics.com | tcp |
| N/A | 8.8.8.8:53 | m.vk.com | udp |
| N/A | 8.8.4.4:53 | m.vk.com | udp |
| N/A | 8.8.8.8:53 | m.vk.com | udp |
| N/A | 8.8.4.4:53 | m.vk.com | udp |
| N/A | 87.240.190.78:443 | m.vk.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 142.250.179.206:443 | android.clients.google.com | tcp |
| N/A | 216.58.208.106:443 | youtubei.googleapis.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 216.58.214.10:443 | tcp | |
| N/A | 216.58.208.106:443 | youtubei.googleapis.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 142.250.179.138:443 | instantmessaging-pa.googleapis.com | tcp |
| N/A | 142.250.179.138:443 | instantmessaging-pa.googleapis.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 172.217.168.202:443 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 216.58.214.3:443 | www.gstatic.com | tcp |
| N/A | 216.58.214.3:443 | www.gstatic.com | tcp |
| N/A | 172.217.17.142:443 | dl.google.com | tcp |
| N/A | 216.58.214.3:443 | www.gstatic.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 8.8.8.8:53 | fonts.gstatic.com | udp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 8.8.4.4:53 | fonts.gstatic.com | udp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 8.8.8.8:53 | phonedeviceverification-pa.googleapis.com | udp |
| N/A | 172.217.17.74:443 | phonedeviceverification-pa.googleapis.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 216.58.214.3:443 | www.gstatic.com | tcp |
| N/A | 61.97.248.13:28846 | tcp | |
| N/A | 172.217.17.68:443 | www.google.com | tcp |
Files
N/A