2978941eb958c92f7740352e24fe74170d42747673db95f571341323940ea07d

Analysis

max time kernel
203005s
max time network
155s
platform
android_x64
resource
android-x64-arm64
submitted
03-08-2021 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2978941eb958c92f7740352e24fe74170d42747673db95f571341323940ea07d.apk
Size

2.5MB
MD5

926aa9ae17a8ab3d64e0bb71cc170b12
SHA1

af62d25fd6d9e7a364faa9e1d4fca66bf9147d62
SHA256

2978941eb958c92f7740352e24fe74170d42747673db95f571341323940ea07d
SHA512

4b2357951ed9fb9019dc40c18478ee4c4e06ecf98f4e135553bef9c81013cb8bbb3f45f8d69eeded7cb11d8a3159124a5b4fe0038d552cbc41b103549fd9099f

Score

7^/10

obfuscation

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.ebncyg.qhmpntbe

ioc pid process

/data/user/0/com.ebncyg.qhmpntbe/code_cache/secondary-dexes/base.apk.classes1.zip 4152 com.ebncyg.qhmpntbe
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.ebncyg.qhmpntbe

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.ebncyg.qhmpntbe
Tries to add a device administrator. 1 IoCs

Processes:

com.ebncyg.qhmpntbe

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.ebncyg.qhmpntbe

ioc	pid	process
/data/user/0/com.ebncyg.qhmpntbe/code_cache/secondary-dexes/base.apk.classes1.zip	4152	com.ebncyg.qhmpntbe

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.ebncyg.qhmpntbe

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.ebncyg.qhmpntbe

Uses reflection 3 IoCs

obfuscation

Processes:

com.ebncyg.qhmpntbe

description	pid	process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4152	com.ebncyg.qhmpntbe
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4152	com.ebncyg.qhmpntbe
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4152	com.ebncyg.qhmpntbe

com.ebncyg.qhmpntbe
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
- Uses reflection
PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ebncyg.qhmpntbe/code_cache/secondary-dexes/MultiDex.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/code_cache/secondary-dexes/base.apk.classes1.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/code_cache/secondary-dexes/tmp-base.apk.classes8780552884295870935.zip
MD5
d421ee64aa731d6bb0fd4c38959ab857

SHA1
a8f71a87c9d2c0949d756311cd71dc0532984f79

SHA256
ea9873b60117e9b0bde4c0ad657f267877ee1a3257f10663db10395b65f2582e

SHA512
5e1a1817c3b35eb63d148fad972b27fcff762190d3f0faeb639bf235778725402ac55d41d43ad9117d2c95ccf3e07552c39560a96acb11b802771d1013e631a4

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
321f975b942eff7b1f4c8b804e385996

SHA1
93fe8c8a2c9919a4a445fde1edb8f2d9f11d90b1

SHA256
19f194e532daa6282542dfed86c0b929684d5802298f60e794fdcb27f93a9647

SHA512
3c21b0e2bfa34f7bd3124aa651b66380a414cdbd1d0fc14005c48cd0bd9ed256d1e43ad84cfb986ef0b0dbdbd61bc3c6b8810080439bb3ea5a70cd4b2dc335de

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
fbb217e125f1baab907190171a9c64ce

SHA1
32d4772c79a7b0c920fe00e14ef5040d9edd85d9

SHA256
edff4841e1700890d08b86dbd7107d1971ce2a418caf947c3b577a6dca19b461

SHA512
95df4c8f8dd6deb98b600297507a0d3d6daa47a4cf361e53bb30f92ce2dc39c6d2736edf25a414496141b9c05449250a35a8a219ddb60b26043dfa6517705569

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
b7c130361d3d4f71533be2339570c7b0

SHA1
7c384b53be1baf2d7ba80eb450dcfd8094cbd1cd

SHA256
1490537c00302d2bed87cbf8616ac33ee963c56023f3c6dbcaf31ee8bb663159

SHA512
a8d4f35b175387a81bf418d4866c88503549e4a70c50b4af3a002bc242cc91ceb327a33e98d8149f174ffd1525a2e97bb0acb3473c35b5365c3f6e468ce986f7

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
74e2684f049c9c426a4fa4695cfa48d2

SHA1
19ea6e740398f39f012fed21fd6ad34969e8553b

SHA256
dd87ed5dbc29398a1be1822a3d6f2f78a1e6fdf1fd836a39dadd79cd5bcfe5b4

SHA512
080a64131f962cd7cd149b2346ae680ff1381065224e3156d6212149692b752ba97a6be674a4467007821e4bf7e7e14cb4f4887494c22b14d560984964113104

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
74e2684f049c9c426a4fa4695cfa48d2

SHA1
19ea6e740398f39f012fed21fd6ad34969e8553b

SHA256
dd87ed5dbc29398a1be1822a3d6f2f78a1e6fdf1fd836a39dadd79cd5bcfe5b4

SHA512
080a64131f962cd7cd149b2346ae680ff1381065224e3156d6212149692b752ba97a6be674a4467007821e4bf7e7e14cb4f4887494c22b14d560984964113104

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
f6d306c3aeda2cf2f6471b849b4dc012

SHA1
8c7476f3a744137232bf3566af60059d6351cefc

SHA256
44a9db5faef42e27479aa2cd97936685494bcd94073fed0e6e6bb45c91eaaeca

SHA512
d51b604b8ad0fa07d981b84225a609234c33e5b6b156714098ecc1d8b071936c7a5ab4dcdaeee5805e6f9cdcfcae0312e35b8ca2776981918ca034febda02b32

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
47385d6cc3897c73a7a8a641891cfc47

SHA1
ff1d25b801b4f00ce945555a47be5476a4d52156

SHA256
b2fe9d34684da4066ee83f732fbf359e1d769d5a35ec934e0aa782c91d3dae5b

SHA512
1f8e39337d58192f00cc7e769fb2119f472d3a0ee954ceba7181a13cb183b2f42f0a909b3cc1c13c36eb86c151b241cf78ee2d8f0ed69c8ebf3e30a28720175a

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
079cb11cc44d622aef0efc5a75c003ad

SHA1
1a1c2a296326fe75aa3ab4247badc818d757fd70

SHA256
02de88dcfab9318b9750cfd6036e964db0aa29fc764d034d85a37dc32294d8e1

SHA512
192954a8564a1576ab5a27baf756520ccdb0822923294418e8420962c65a4222356f7ca8f1968b9cc8280a85c6a1c80962fbdcc3704b0f449821a0a7e9a70cd8

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
a8ce6dd3adf0185dd79902faf5a2b8aa

SHA1
f967054d4839fa28b078f0fc4b8a7da4d154c0df

SHA256
9efd63a3c515d3f6a6bbbcfbed82eba76738ca221c3537eb36e3a38e763173ea

SHA512
76ca08f2af83a7eee3c3a3955c4165a691e55daf36fc3eca08ad99c4231fe2c6705fefe402aa2357ef973b6c12899fc8c068038c2ff86f137cd37e4708db7feb

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/com.ebncyg.qhmpntbe.xml
MD5
c8d4ac9451dd01dde8858fc2c62f797b

SHA1
788d06c1cddbab868919011e8f0275671304b618

SHA256
f44231d0a40ce46e4d8dabefa3f80295b26acddc18835b77b079ba9313787b0f

SHA512
867a56b435d1773679ba5f352d9254ae7500759d3fca1f5e7e2c5a9abb6ecc5ebe1ee27fc23aee6c5ec40c3385cac4d03f089d3fbd719226eed5e09891fcd021

Download Submit
/data/user/0/com.ebncyg.qhmpntbe/shared_prefs/multidex.version.xml
MD5
6b131e4b93e8fc1d58dcc8c18f0c77d9

SHA1
cffcec6f3e9606f64250ab5671fa7177c60eec3c

SHA256
d0f3f1f0623a0200dfe4f7ae9921826d0d52b291c46557466931bad99a0fb0e7

SHA512
89ce72cc4d2ab5c5828dea099ff7887c89d9967e0b064fc4ecdca3bd1734dadfe19c1d37e141c0f02dcb8e3eff5a737f6cb9cafb2ec545e0fbb967eb0b62545e

Download Submit