0ad737848a03c5c39a08a79f8b871859f7824ee19917deb590deaefeaffd8bc8

Resubmissions

14-06-2021 19:17

210614-dz7janzdx6 8

14-06-2021 18:48

210614-6tyympk936 8

Analysis

max time kernel
200735s
max time network
124s
platform
android_x64
resource
android-x64-arm64
submitted
14-06-2021 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ad737848a03c5c39a08a79f8b871859f7824ee19917deb590deaefeaffd8bc8.apk
Size

1.1MB
MD5

c7f023e73ce2fc19f0f4d4a591c20567
SHA1

9c2d059a280f738fb0c9bfaf65ebced27fc5c7a5
SHA256

0ad737848a03c5c39a08a79f8b871859f7824ee19917deb590deaefeaffd8bc8
SHA512

2f2fedd995625c3f666b8e8ed64d83ecd7ff929aba178e5a08d8b7363d43b2a18b4c0b3e6ad540fdba795a724f47c01a27659003944f458a435247b96b1333c1

Score

7^/10

obfuscation

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

Processes:

iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description ioc process

Accessed system property key: ro.product.model iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description	ioc	process
Accessed system property	key: ro.product.model	iqqgvtb.bcyindziyckutotnchpw.fddgdwak

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

iqqgvtb.bcyindziyckutotnchpw.fddgdwak

ioc	pid	process
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4092	iqqgvtb.bcyindziyckutotnchpw.fddgdwak
/product/app/TrichromeLibrary/TrichromeLibrary.apk	4092	iqqgvtb.bcyindziyckutotnchpw.fddgdwak

Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName iqqgvtb.bcyindziyckutotnchpw.fddgdwak
Reads serial number of SIM 1 IoCs

Processes:

iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description ioc process

Framework API call android.telephony.TelephonyManager.getSimSerialNumber iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getSimSerialNumber	iqqgvtb.bcyindziyckutotnchpw.fddgdwak

Uses reflection 2 IoCs

obfuscation

Processes:

iqqgvtb.bcyindziyckutotnchpw.fddgdwak

description	pid	process
Invokes method android.net.Uri.parse	4092	iqqgvtb.bcyindziyckutotnchpw.fddgdwak
Invokes method android.net.Uri.parse	4092	iqqgvtb.bcyindziyckutotnchpw.fddgdwak

iqqgvtb.bcyindziyckutotnchpw.fddgdwak
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Reads name of network operator
- Reads serial number of SIM
- Uses reflection
PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/.com.google.Chrome.ZVlEVP

MD5
f41a6d6b2484fe6b00711d8bb51eda54

SHA1
226ea093ff7a1e4a0b5017223660b41630711701

SHA256
9b5a666e70f686a03865391c448af6f9eb2a940ab2fe54f422e6a2985fcb0d45

SHA512
f20d27ef4815acd939a260ff5abe88ae39ea1ba2802a806a5ac4986a6f06c911456b61dbbf2b429a5272d1781cbbff8da79ab1fc58f91715f829a58c6d740197

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/Default/GPUCache/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/Default/GPUCache/index-dir/temp-index

MD5
1096e84ca35aaa9f7328112784c06dfe

SHA1
35370ec22d9d959df41ad1060b5983927d66ed12

SHA256
d9de97e42747f5c6fb292179c8366f872be56eaba59e4354473eb2b655b48f60

SHA512
e878591bd4b1fc5006d9304f94bb13fbceda8191d3b84cf34fd93ed47f5f898484edde33c7bed7c644fac99c8d6950092c73fe4e648811b990e36591e1b1f8da

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/Default/Web Data

MD5
536e58581641e767a8bf8eca3b8cde9e

SHA1
750a88189322e36147068f1c585f02163ff3a388

SHA256
3ba04fa6622801be4e625176b175ff75caf19c8966c13418bf1433433eefa1a0

SHA512
498da0911c702bc683cf153ce9b66044642378eafb79bffe0afd7f7460bd12a4c9bb424e1606550d8bbfb25dede34b5ad6ad1f7ee698c8d5ff67208625612319

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/Default/Web Data-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/variations_seed_new

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/variations_stamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/app_webview/webview_data.lock

MD5
d3aeffc38969b68a609622b57537ceab

SHA1
00d3121539fc609d629b010c5f6c242a42d9b113

SHA256
67a4a56d03436f71468ed7ca277a54512dea214d737d3d8062b09f34ddd87b71

SHA512
718ffdc3de3ec74396a9417c8946ce483e0ff2a01432d38d89d5d852fbc509119087f4a733fde0b5dd90c9985b24f0214b2a714cbffd507445bab20472f94005

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/Crashpad/settings.dat

MD5
f619796f1eea60949fcd6af339cb12cf

SHA1
6217f79aa133f8c37eeaf870fa84b86b67a82e32

SHA256
9452c2e9d6e99a0aa8110c60d7d04fbeff4743af8b7128cb534c5451a758705e

SHA512
90c74cda0d3199ae94e781ecaac61765acfa79e7230bf30e2fda50058ce63dca4e60174ceda1ec199d5cad7b5524f9c1cc7dfe95325bd24159ebf714b7ea5a14

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/Default/HTTP Cache/Code Cache/js/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

MD5
cbf42367d7a3cd3e125b2b66db6d2ea3

SHA1
d7e4a1c1ee7a13a52e720e1c856f0e3ebb259c6d

SHA256
5bc62f0866a58038eaf6bb542a609789cb6b07e7595916f6d2d307d327713444

SHA512
01e7cee272c2d6c7cc629117ff2c1ec6c06af6eaabc8a7fc57c5d97605a9186d6dc3003647bf01041ade56c806f23fa4c459a13be7278ced8cd3ca8c5b31e487

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/cache/WebView/font_unique_name_table.pb

MD5
b18833d483828180924a6d4048fca1a0

SHA1
d7edde78cc26221c9455a87ca3eca8960b6673a8

SHA256
d9c4ea0a7c399884f8a908a33a4d675a64b557b50916e62ab96fa2213e6d4801

SHA512
11e6bf7e067884138dcd6908e311321a9eca1e4926323f49736f9dfdebd4b548064beacc356f78e3f32a99769109b154e145ef1162e6a9547aca878f0dd4ee7c

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/shared_prefs/WebViewChromiumPrefs.xml

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/shared_prefs/bugaga.xml

MD5
3becee408d08be0def613cd2edddf8b7

SHA1
93a713c814a8a5da8d2896def738c1b98bfeea3d

SHA256
8d68dd1d3f009982ca6b1ba00b88012cf8602efa3ac7e811fc72fbdd24ded241

SHA512
ad0d06d860d13397de1a75027f0cbbb42f3ee1700604d17cbbc8d87a565ec9550120f0290995fec5613efe63ae247a057c29a465a9256f2f5f3efcd2436347f2

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/shared_prefs/bugaga.xml

MD5
89d7f744be9256f4f629dbd94b99b5b8

SHA1
c347d16b2ed833019de49e7c451040cab8b75089

SHA256
f7ea143d16a3e14445ead915f1cfc63e47cb065cfc0057073b76bd914f03234e

SHA512
de1273b00bb3424f6a7f9849111bcfa1d5b6ecea4be069c115fe55aea998bbc210d5cf640b3aaf0501a371ca25b91c68755fc53bbfd32f8df94c0901c7d66f3b

Download Submit
/data/user/0/iqqgvtb.bcyindziyckutotnchpw.fddgdwak/shared_prefs/bugaga.xml

MD5
0d40650d8c57258a463b156e5f4b0274

SHA1
2ef9f1a227160c2a9e60ce1589b16ed8e338d91f

SHA256
dae412a7f32820cd7c405190a7c5baea1de93680bcc397ac2ccf362c4a57460d

SHA512
8929952ec5e61b7724ad66e4a3c07bd8382a69cd4ccfcb9d2c2a77fccf7c151b6e0b9c6ca8707b863669a71855231953a34095aeea6030177b757d851fd72ef0

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit
/product/app/TrichromeLibrary/TrichromeLibrary.apk

MD5
39528daeaf7245ec0be5c52098c44a95

SHA1
e10152848a684f53e9dc35c38d99ff0add509227

SHA256
4d59ccc291c4f9a6170a14baa457d50111354c8ee389043b6b40b08092da835b

SHA512
fa5ea98f323a05d2da2934021cd42f3791cb9c11a391ff0d026bf66a1af48f008c465f8eaa1580949c125cb758b16f47efece125919bda440876dbb843dc3e09

Download Submit