b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3

Resubmissions

06-10-2022 16:35

221006-t3rjtaabhq 10

29-09-2021 15:14

210929-smfa6sfbg7 8

29-09-2021 15:11

210929-sk47hsfbg5 8

Analysis

max time kernel
840946s
platform
android_x86
resource
android-x86-arm
submitted
29-09-2021 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3 (1).apk
Size

6.8MB
MD5

b1101bb941285fc54a21c271ee7bf60e
SHA1

e883525faf27f91493f17a657577289be038cd64
SHA256

b2e592c5cf8ccc944c06a11ff156efdfa4233fe46e2281bab3fd238f03b505e3
SHA512

c6368129febea4c32145c3f941590afdea9370ceb4ea10d7920125da8807bd733cc27b70d248750afffad832012a5bc2131e08717af1e89a30d1a74539efe881

Score

7^/10

obfuscation

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oatcom.faax.kcnbvlo.dtojtuo/system/bin/dex2oat

ioc	pid	Process
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip	4851	/system/bin/dex2oat
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip	4523	com.faax.kcnbvlo.dtojtuo
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip	4880	/system/bin/dex2oat
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip	4523	com.faax.kcnbvlo.dtojtuo

Uses reflection 22 IoCs

obfuscation

Processes:

com.faax.kcnbvlo.dtojtuo

description	pid	Process
Acesses field dalvik.system.BaseDexClassLoader.pathList	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.DexPathList.makePathElements	4523	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	4523	com.faax.kcnbvlo.dtojtuo
Acesses field dalvik.system.DexPathList.dexElements	4523	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.ActivityThread.currentActivityThread	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mBoundApplication	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.info	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplication	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mAllApplications	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.LoadedApk.mApplicationInfo	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread$AppBindData.appInfo	4523	com.faax.kcnbvlo.dtojtuo
Invokes method android.app.LoadedApk.makeApplication	4523	com.faax.kcnbvlo.dtojtuo
Acesses field android.app.ActivityThread.mInitialApplication	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.get	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.open	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.get	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.open	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.get	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.open	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.get	4523	com.faax.kcnbvlo.dtojtuo
Invokes method dalvik.system.CloseGuard.open	4523	com.faax.kcnbvlo.dtojtuo

com.faax.kcnbvlo.dtojtuo
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4523
- com.faax.kcnbvlo.dtojtuo
  2⤵
  PID:4851
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4851
- com.faax.kcnbvlo.dtojtuo
  2⤵
  PID:4880
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
320690c351271c8a84e4c19b8d908364

SHA1
6c981a50c94412ffe03ba33c2736bc50a215a9d8

SHA256
28b087b595d7e6d1eeca546dcd6cb7c86d28f2d7ce5a5027224cf5fcc6733a96

SHA512
3cfe415fa8a22b7c341d446402304bb177413a52738717d38f5dfa8e55cfcc9340c0b297639c68dc661db7c23d5b9a5a577c03f91ba49c27ecf28267a8203cc5

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
165f5a75a92503a0a5162be087516215

SHA1
bfbf5c54195b2b3689fd830904a53095f29601c3

SHA256
b768505db146d767d5bda612b571aae893f6be86935138216bea5c8dca2e6380

SHA512
90421eb1b6d91a6d4195bd52815fcb0b7e138e58f33aa142876570680b83eb1792965d8c9223808f52fe0b0c3e793fd64d4c92f3b9a45a3ec8bf9596bbb2a83e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/base.apk.classes2.zip.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5
bc79329a7a09fb6d3fa1f69422c87198

SHA1
b4cca601ecc8a5fceb59dca5257c4ed75c3024a5

SHA256
cb5bce04571a813bb2da789af6c4e3df495b2d594d5a6492947c3c78331da42e

SHA512
e67470d9924e4e4cee18df853a91ed4f30e62003b504543c49282b1045b3a401e728afb50c753da1156afe44ee730dd710d8b403e30c1c80ab0a103cfc284c9b

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5
fa129688d3c618d329534bca644a6956

SHA1
92a47359b745f6f6c0667d599a3ff1754a74f1b0

SHA256
3632b0bf397f02a2ce03841309631c20d31ef189940cb172a9898919e06ecf0d

SHA512
e69204e5415262721a8c89ab55064586453d31172236a0cf14a102a8806ba0e91e24cd5abcfa819131f4269e19bb89536e47431793cb469d251b295428e1b57f

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/oat/x86/base.apk.classes2.odex

MD5
2b13cb152ce7ffa343dc03403eb1d709

SHA1
bc3886bc47c0c5ed5f59f82d58e0bc7f2bbd2cfb

SHA256
7f1577dbfcf15d4ba144d9700db52ff354da0b44b497be9f6f30c9b2e93ac5a5

SHA512
cb67ae96039de2410be9a6470ba03b27edcd52d9d52d998e32f0a620b47f18b4ffbe03acc5e3e270dd911b2d23709d77db5832066e07964f2d6e15bc4e8a4017

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/oat/x86/base.apk.classes2.vdex

MD5
d6e08bb6aac5cd4fec163b93ca7d2e77

SHA1
2833b7203d41f898a41897be283e7a1137d94d41

SHA256
86b42f2660e09eb380fd4d9e8a0350cf2dae215919f598ef38a26a5457a9b33e

SHA512
dd9b85de16a35673a838aaeda807b6d26fe0ee1bf7de94e2fddad7aa45911c313c9617b12d999cd6481bc2db1af6c7ab1d5974c399d207fa26b61393a87fdecf

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/tmp-base.apk.classes2946801794550981483.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/code_cache/secondary-dexes/tmp-base.apk.classes5438846953177979021.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.faax.kcnbvlo.dtojtuo/shared_prefs/multidex.version.xml

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit