Analysis

  • max time kernel
    2377602s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    15-03-2022 13:11

General

  • Target

    6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d.apk

  • Size

    1.9MB

  • MD5

    1a5d505ba25689bfe85b14b47072141b

  • SHA1

    cf86ffaec68c120b6b38e9bc90b0a910f1a4a207

  • SHA256

    6af8683c314fd060631e4789b7a793e73d209d87918f3112e8903a090940237d

  • SHA512

    76a932dca1d74ac1963cd9d7726258e13d0cf8c4e1ff567fafec22184d35d65e0c43a97609651f4e4b048c76b011474bf80667ab3c704c4478736c8b87271108

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

AES_key
AES_key

Signatures

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

Processes

  • com.venture.raw
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:6280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.venture.raw/app_DynamicOptDex/oat/rZ.json.cur.prof

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/app_DynamicOptDex/rZ.json

    MD5

    c2ff232ae74d684a9684f6467e12e254

    SHA1

    36cd06267653c8cc426720e70368a9ebc92416c6

    SHA256

    62983e31a2020b1af6844d060bbe381bb45e63be1aaedd64e7502613ea5fb4b8

    SHA512

    dc75d1fcce92983d3fe07423fbf03a7a71200acd6d7a8a2f72707b6a1a48959b55295baf5574415e432fb3a2382e63413bc79d69ef80d98a51d2677da2f36538

  • /data/user/0/com.venture.raw/app_DynamicOptDex/rZ.json

    MD5

    2f6d76363f9ed2d2cc69b54541ab6a54

    SHA1

    86568338bc7b80afc16d5f7fdf9c8d109a987e30

    SHA256

    1b1ce75b41465d1241f4cd407317f28c5f2cc74de40935e5b0dbd3f20497c3fe

    SHA512

    d70a1ee19ff47310bed6c78a5ea10c96e1acc5eabed7ae201a87efa4432c488323785fb348f9a81cb9c98bc2ece326391793eea3428128722d14555926314848

  • /data/user/0/com.venture.raw/app_webview/.com.google.Chrome.XQI1tb

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/app_webview/GPUCache/index

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

  • /data/user/0/com.venture.raw/app_webview/GPUCache/index-dir/temp-index

    MD5

    1586b433398130530b168eda2c944987

    SHA1

    8a7f52b288cb589105e05357f0af36b977cebf8a

    SHA256

    483d60f8bbb836f939bf427847bdecb7bb43a9f9328618d2297c55e6e535c021

    SHA512

    2b7b4f0b776743aa426fedf24c72e15d05d7c8a126e87f72a5200df9717a25d988703f03e8a7fe7108e7edfd78ff32c48cca36851c623413137b8e85566f7929

  • /data/user/0/com.venture.raw/app_webview/Web Data

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

  • /data/user/0/com.venture.raw/app_webview/Web Data-journal

    MD5

    12c56d37f7d1a06514fb83f622cfbd34

    SHA1

    f6502347a1b701467a32e3d2e14b07fd6fcb3170

    SHA256

    aba42f7b61944d4ef1b7a1e1932b284094f94162b6a161cd4a96f05747073208

    SHA512

    50299738cdc41a655d9b818d4e22ddb0e5078ea71497bb523eab54dd4be1ffce83dedbd24e8e02a2a5a97b62eaa8b785ff642dea2e758dd8df96aec3bc5a6e4f

  • /data/user/0/com.venture.raw/app_webview/metrics_guid

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/app_webview/metrics_guid

    MD5

    de38bca17dc2552ed72f12043043b921

    SHA1

    ea0431c74f5ef2842e7786bffc38f978900ca9f5

    SHA256

    149d06fe96dfb2eb2e76fd948031b290980d1da56a8d55a7a512068637fdd3ae

    SHA512

    d8d56f08013f9b8eae9c469cf7a7b6fa5aa0abe54d8dbfa808bf8b5bb6e325451c7b6feba2cb4ecab05d5077b920ee450b6a506fd06846ac7f910a0360bf9eb6

  • /data/user/0/com.venture.raw/app_webview/variations_seed_new

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/app_webview/variations_stamp

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/app_webview/webview_data.lock

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.venture.raw/cache/WebView/Crashpad/settings.dat

    MD5

    11c59c7b9304203317de106084af5486

    SHA1

    73801dd3530f78c2d7e4ac61faa7957841a2b93c

    SHA256

    fc8c8c44670e24cd89c1f50e89784d3cc983234a55bff2014ecb4b34eb98a09c

    SHA512

    0ef5cf5f5b5efdbe7a837968d9b18075311f6698c45d0c30b763f1268bbad3de25cc82941c8cea04e0c31b72fbc3d8e2c962a916f0e8fbf3e700befa2dca3d92

  • /data/user/0/com.venture.raw/cache/org.chromium.android_webview/Code Cache/js/index

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

  • /data/user/0/com.venture.raw/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

    MD5

    3255fb83c3615d11dae044f8fa8c51bc

    SHA1

    9022b3b8bb9125f4a455e43b66247d2e896da33d

    SHA256

    9c64dd5974c58a6c33bc3b466f47d1fca96b765cd7fe8b54c14bbca3f36466b0

    SHA512

    bd58576c0ac4b5a4fb3d00b97339262740b214bb25faaf28dd3fbea20d93bc5f449b3f684fb6c35e410bb47850bb7ca9876bfddd8750b5ee4992167e9d304eb9

  • /data/user/0/com.venture.raw/shared_prefs/WebViewChromiumPrefs.xml

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9