b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3

Resubmissions

06/10/2022, 16:35

221006-t3rjtaabhq 10

29/09/2021, 15:14

210929-smfa6sfbg7 8

29/09/2021, 15:11

210929-sk47hsfbg5 8

Analysis

max time kernel
840867s
max time network
34s
platform
android_x64
resource
android-x64
submitted
29/09/2021, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3 (1).apk
Size

6.8MB
MD5

b1101bb941285fc54a21c271ee7bf60e
SHA1

e883525faf27f91493f17a657577289be038cd64
SHA256

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3
SHA512

c6368129febea4c32145c3f941590afdea9370ceb4ea10d7920125da8807bd733cc27b70d248750afffad832012a5bc2131e08717af1e89a30d1a74539efe881

Score

7^/10

obfuscation

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip	3650	com.faax.kcnbvlo.dtojtuo
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip	3650	com.faax.kcnbvlo.dtojtuo

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.faax.kcnbvlo.dtojtuo

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
10	api.ipify.org

Uses reflection 19 IoCs

obfuscation

description	pid	Process
Acesses field dalvik.system.BaseDexClassLoader.pathList	3650	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.DexPathList.makePathElements	3650	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	3650	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.ActivityThread.currentActivityThread	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mBoundApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.info	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mAllApplications	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplicationInfo	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.appInfo	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.LoadedApk.makeApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3650	com.faax.kcnbvlo.dtojtuo
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3650	com.faax.kcnbvlo.dtojtuo
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.os.Handler.createAsync	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.os.Handler.createAsync	3650	com.faax.kcnbvlo.dtojtuo

com.faax.kcnbvlo.dtojtuo
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3650

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads