b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3

Resubmissions

06-10-2022 16:35

221006-t3rjtaabhq 10

29-09-2021 15:14

210929-smfa6sfbg7 8

29-09-2021 15:11

210929-sk47hsfbg5 8

Analysis

max time kernel
840867s
max time network
34s
platform
android_x64
resource
android-x64
submitted
29-09-2021 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3 (1).apk
Size

6.8MB
MD5

b1101bb941285fc54a21c271ee7bf60e
SHA1

e883525faf27f91493f17a657577289be038cd64
SHA256

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3
SHA512

c6368129febea4c32145c3f941590afdea9370ceb4ea10d7920125da8807bd733cc27b70d248750afffad832012a5bc2131e08717af1e89a30d1a74539efe881

Score

7^/10

obfuscation

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.faax.kcnbvlo.dtojtuo

ioc	pid	Process
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip	3650	com.faax.kcnbvlo.dtojtuo
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip	3650	com.faax.kcnbvlo.dtojtuo

Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.faax.kcnbvlo.dtojtuo

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.faax.kcnbvlo.dtojtuo

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
10	api.ipify.org

Uses reflection 19 IoCs

obfuscation

Processes:

com.faax.kcnbvlo.dtojtuo

description	pid	Process
Acesses field dalvik.system.BaseDexClassLoader.pathList	3650	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.DexPathList.makePathElements	3650	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	3650	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.ActivityThread.currentActivityThread	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mBoundApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.info	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mAllApplications	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplicationInfo	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.appInfo	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.LoadedApk.makeApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	3650	com.faax.kcnbvlo.dtojtuo
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3650	com.faax.kcnbvlo.dtojtuo
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3650	com.faax.kcnbvlo.dtojtuo
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.os.Handler.createAsync	3650	com.faax.kcnbvlo.dtojtuo
Invokes method android.os.Handler.createAsync	3650	com.faax.kcnbvlo.dtojtuo

com.faax.kcnbvlo.dtojtuo
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3650

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
165f5a75a92503a0a5162be087516215

SHA1
bfbf5c54195b2b3689fd830904a53095f29601c3

SHA256
b768505db146d767d5bda612b571aae893f6be86935138216bea5c8dca2e6380

SHA512
90421eb1b6d91a6d4195bd52815fcb0b7e138e58f33aa142876570680b83eb1792965d8c9223808f52fe0b0c3e793fd64d4c92f3b9a45a3ec8bf9596bbb2a83e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/tmp-base.apk.classes2908399770179059245.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/tmp-base.apk.classes8297119121602874001.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/device_info.xml

MD5
606f11bfeea9fde2e0509958f085985f

SHA1
d38ddfa610eed3d16f26d115953788ede51fc143

SHA256
ed6b9f0ea14b59db0f406b23ec39290b1a9cf929c666cacb6d098ccbbc9d6742

SHA512
24fc0ae24a9f34fbdec0458150cd0f52f8de8293cc1a3c6431ae6a67fcd1cbe93aa02f8afbf08b6bb5b37454670a399ff7e2afd06de24f0c3c2e6be3f9a4f445

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/device_info.xml

MD5
931a799e2f1c444fd6eaa884e80c19da

SHA1
af15b08591163ec41ae8eafa8f64e5a246fb3c7e

SHA256
23e92fb4f65fdc314f878da694bab86840a505c865926d7c345bbd398b5e2758

SHA512
3f6c0c88acc9ffcdfb250034572312124caed05127602e932be6842720e24a82ca7e4601558941d15a4821543b214123fbf15dbc6c90bc97b9eb9f0dd04b3218

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/device_info.xml

MD5
3bd539b960b2f0b1ba1819ff1835d0bb

SHA1
f32694d96fd92fd40a7c65b88ae0a8d31d2ff6e4

SHA256
e65a588ae072ba8032014161b82c09dc651e0089e1253fefd570a2de584a7753

SHA512
84e52c1c44451b168f4530ceda5ac75dc45d963a458664fa84eb94821208e9fe06e2ba2d28327aac82d22f9289c8150c4f06429c93ec8def854691c5308a4a5c

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/granted_accesses.xml

MD5
7a906158ee73a3cb265d849d99e405de

SHA1
872ac08f045107a30783256d3c71ff872c7de1d4

SHA256
a771188c64890bbcc62f6b9f6928b29a97236900ffcff71655555de0f80a9062

SHA512
50ba253d00de84c5abd8e6e70992fc37b42de38701269140d24a8079eba6de8fa3f9d5aaee8c85a7b3b15ed97f4aae292684187d6cdde79d89321cff1757b985

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/granted_accesses.xml

MD5
bb208fc404e7cc11d5e0d0030a0976b8

SHA1
68d53daff2ec9d633d2233bae5dab6c19d1b2b57

SHA256
c6238a6506b370d2e9aebba47e80c6d2687f21013f1422126f5785c0f68e0007

SHA512
054b7220147cd38c88f75f05fb843c1012d269994c697b59ddfd9c3fb73e2dbf2d57b898185d609e6af7b24fe827f32b77d6bcc1bc57d666e5ed707c4da062ba

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/multidex.version.xml

MD5
35dd30eb8eaefac6396f42eb8c89c293

SHA1
d5cb82af5297132ed833a67a0f24307c22e0ab82

SHA256
b9e2d3af8eb4625e028d7978f03f1964106d47c10a0ac6417df608e6e6c48e62

SHA512
a058d6f1ac808a31e4c2a2744c8db02b77ceab8f11225b62700937e4d7bf24679517135e19dc689d57230bf959cad08c5a6643b0c69a1a556e6fd2b00b90177d

Download Submit