Overview

overview

8

Static

static

7

9809c45c15...dd.apk

android-9-x86

8

9809c45c15...dd.apk

android-11-x64

8

Analysis

  • max time kernel
    1854414s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    24-09-2022 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9809c45c154f701411026554afcac82a7878a560e1d1ab1109ab0935165777dd.apk

  • Size

    20.6MB

  • MD5

    69dc952ec06cc84463a599ecab63feb1

  • SHA1

    3d04d86fdda2e3366adc98970eabd688e68d7309

  • SHA256

    9809c45c154f701411026554afcac82a7878a560e1d1ab1109ab0935165777dd

  • SHA512

    4cf8f3a925c734abd78e2229eaaaf336d30264a629dc65635b8f9367cd7120ac4da245260d8b25f1156bf42f7882a77e1ab0928e4840cc0b2d23a552010c46a3

  • SSDEEP

    393216:3OimsJA35z7A79L+rel1mbgafiubcRZ7bnT9i/zVN2I+TXchiKpPbNiRSKcsCJr:3PJA35z7c5LjmbBffcH7Fi/zVN2IkMYE

Score
8/10
banker

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the unique device ID (IMEI, MEID, IMSI).
  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell information.

  • Requests dangerous framework permissions 4 IoCs
  • Reads information about phone network operator.

Processes

  • edk.xmgm
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests cell location
    PID:4327
    • su
      2⤵
        PID:4379

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/edk.xmgm/Anonymous-DexFile@231935493.jar
      Filesize

      2.6MB

      MD5

      63920033eec478644532233e0e982f16

      SHA1

      5984ba1a96a007d37e9473a972f0d4f5bb090903

      SHA256

      c70d7ea83a482523f030e7ab863f1545afcae0babb7d70a07a5b9fa7cb96473c

      SHA512

      baf900785ea2b32dffeec56341062956c5025d2a414eed011db77e34f5217d4a568653430fffd0a09d3d3e24545d72240d812f788f557a8f68ef843abf455a6a

      Download Submit
    • /data/user/0/edk.xmgm/Anonymous-DexFile@4253453775.jar
      Filesize

      1.2MB

      MD5

      7966b622501444be4717bccbf53e2a02

      SHA1

      fcdc15d13ac100549004ee331bf051f3bb5b4521

      SHA256

      57ecfa98026ceed713a4c437bacbed2f2f3716ecf36c44f122e1d6c06ab58ae0

      SHA512

      67357f5c472d7a750f21cd908196bb6fb76b6fd8989c2d8a2bb55306f5dcd2b6a820273d3814c0e87d9f0d8c59ea8b7dad697bd6b748e499caec3ac47954e8ba

      Download Submit
    • /data/user/0/edk.xmgm/databases/SettingsDB
      Filesize

      920KB

      MD5

      c40b870e7e989a65fd7379378ec45423

      SHA1

      b583882e4e6ea29935d35d91785c04646a0c756b

      SHA256

      5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

      SHA512

      45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

      Download Submit
    • /data/user/0/edk.xmgm/databases/SettingsDB-journal
      Filesize

      1KB

      MD5

      3f738f6b61d062da88a6b9119c73f162

      SHA1

      7c8844f413de33b46e2745bd275764da824f6550

      SHA256

      774c4ff09ba4820f9f00c4f83ade779f937d39fe89ea5fe797a1793c4226406b

      SHA512

      670977f9145d132575c1b21f3f41046ac5eef7b8aa6aed761f796b019d21e97e35cd7e9f3c61d7781034b05db9a43e9ff2b50a57f8dbbf6ff07d6ec75f321531

      Download Submit
    • /storage/emulated/0/.am/dm/md/main.md
      Filesize

      2.6MB

      MD5

      ee557cbfdba8c92f97751ea509eecbee

      SHA1

      b65093e5ac59ef5ecf9b7c6788b25f98cf923471

      SHA256

      1df376407b91aaa1fe377be6fc90334b367afcae301869cc70ec830861846889

      SHA512

      b197a06c5c426a6d46310d93acbc76b9f137c4baaebafb7d35e289d55191ab90502625c84381bfb479f2c432e07740ed19e8a196d5d8f5f61e1640ceefc9335e

      Download Submit
    • /storage/emulated/0/.am/dm/md/main_tools.md
      Filesize

      1.2MB

      MD5

      e294a13036c08d9699255b1443bd22bb

      SHA1

      4dcf9b92ddfa02eea32f3284b2e6a26df13630e4

      SHA256

      b5e949d3d4389e472dc0f5b089dd7c1ff996c1cd3c5ab5c18b269c42c57e5542

      SHA512

      6f945cac9ad0387b3fd6462487ec6021b8dc95446133e0f2eda913960e138c0c430339371d4e0d299a1e20cd1b55a2c1037d5702fa4395e7d50f05f189ec6872

      Download Submit
    • /storage/emulated/0/.am/log.txt
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • /storage/emulated/0/.am/log.txt
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • /storage/emulated/0/.am/log_.txt
      Filesize

      49KB

      MD5

      b162f2d8714f869b62f9f0aa4b992085

      SHA1

      fc03fa14aa94585fc3f721a1f0c1eb1253dac111

      SHA256

      aa7e031dd87dada67be26ac12a4f00fe6cc04c2fac83bee9c0c79de207cf49d8

      SHA512

      15be20dd1b18cab2c4aa14fe07447e728c8df6656baf186a0f8feddad595090375fbebee45fbe9145e189c63312ebdf562854252f867344ae4875cbe7a21ec73

      Download Submit
    • /storage/emulated/0/.am/log_.txt.zip
      Filesize

      6KB

      MD5

      f66c5f91a78aab43124de606b4c475c7

      SHA1

      c1bcd4809268725a1d440e02d4e151bcc061eb4b

      SHA256

      acee9740b453342f00403fb1f139b73923f61789cd9715759343aef499502349

      SHA512

      100046fa75604497b412d8466475d7c8313bb80826f99077f7d1910982eba1dfd11dfefb4467bee8187acb5ed8bcc9fce684c15a877657a0bf3c3c284b09c06f

      Download Submit
    • /storage/emulated/0/.am/log_1664006617723.txt.zip
      Filesize

      217B

      MD5

      ca8a27c7cb91fb9b9ece2bb7c9cf96fb

      SHA1

      dadb656667144a1c5ca1ef81319ba6307e7c804d

      SHA256

      66fa4e491c241830eecec9e5176f535db7f1da109c00df4725aa88aa779344b5

      SHA512

      dad7dce3072bab3f209e35bcfd0ec3c9a5dd212006a0ef70673a0e230626018efecaedb2b0768b91e051ed4eeee8c02c613a9f561ddccdd2aaa7c02768994353

      Download Submit
    • /storage/emulated/0/.am/mch.apk
      Filesize

      126KB

      MD5

      9259a4e28d55bb8373986fea7ca01d33

      SHA1

      08045ae80e4016f719a3a930777a8a2c336e0cfa

      SHA256

      ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137

      SHA512

      2818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8

      Download Submit
    • /storage/emulated/0/.am/prog_class.name
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • /storage/emulated/0/Android/data/edk.xmgm/files/Download/mch.apk
      Filesize

      63KB

      MD5

      8accd9a542a0274ae4cff9d007d5b375

      SHA1

      9d743ef6332b815b42fa136e1f7379961f31b995

      SHA256

      e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855

      SHA512

      0c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b

      Download Submit