Analysis

  • max time kernel
    3016383s
  • max time network
    146s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    26-11-2022 00:58

General

  • Target

    9eecc7d2c881b1eafaac932684ee5f768895cd577cd28c1fd7c413a0b0c29d87.apk

  • Size

    1.5MB

  • MD5

    9288592d14bb98cc5a7ed1dcd13c63d0

  • SHA1

    c322e90ee840a6fa82cf42d4fee156ffaae5aad7

  • SHA256

    9eecc7d2c881b1eafaac932684ee5f768895cd577cd28c1fd7c413a0b0c29d87

  • SHA512

    ac7fd8fd4a3d9d9a31d044f53f68685a258606c9ed08ab4f0e47c10fc78b265fcb6ecb3573cba2a8a99f5770617a5300126f55b39c365b0faa04e2b4177a5708

  • SSDEEP

    24576:EBjlxt4kPRxCzQGs/SY024jHxV81M9QXekk4Xv72sMbskxJcRgmw8Ci8CkjQwh:Ehl/PXq2B7GA14QX04Xv10dxJ5HLfjnh

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests dangerous framework permissions 9 IoCs

Processes

  • com.oreq.bhcu.emvo
    1⤵
    • Loads dropped Dex/Jar
    PID:4095
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.oreq.bhcu.emvo/app_tjc/joy.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.oreq.bhcu.emvo/app_tjc/oat/x86/joy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4166

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/djoy.jar

    Filesize

    66KB

    MD5

    75ba605bcfe18a0b5f3f6f883f25d423

    SHA1

    387cbab78be74a9a98d66f622f5d17d808af7163

    SHA256

    0ade33f2144d84999286e47a59693634482f23ad028c1ed408963a843f9bca44

    SHA512

    b3d43728f4c91f3422ff9b120e2669d4b9ab13bb85c538b5d0ae342073577ec671255221165592efd674dc8e6cc10fde0dd7b1fe680e41c37a5d35572ad5bf5e

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/joy.jar

    Filesize

    135KB

    MD5

    c5bb5be786ddaec106ec3080356ea624

    SHA1

    08d25c914f1f21bc50d3ecc61425572fd96324ed

    SHA256

    71dbe5da8437a831733e0f7c397498dfff4e8567b9dc251d316a725a7db3eec2

    SHA512

    fa119d5aefc8586fe56ea722ab0c70508d6e17a85d40938fd7f830dd30f16c67bbeb3dc8d6e199bd7904a1a67e9c3b6574641ace67ed86a113c8e0eb4e11355f

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/joy.jar

    Filesize

    135KB

    MD5

    b6dfe0e23cf40553349b3df37d5be11a

    SHA1

    ac89b62afbd460f9aeb8a708dbf36df7f756c1ad

    SHA256

    c67629746eb7eb4203a24e4843c824ff0e7eefd3905003f2790ce90c08dfaa29

    SHA512

    1c944593a77d1af298e6fd8e9641958cb75c15c9ec697d3d72d1e9a0bf7c32529c50808a185fea9292af532d1c04dc688b32f37dea3f1a8cd16402d19b1b78be

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/joy.jar.x86.flock

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/oat/joy.jar.cur.prof

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/oat/x86/joy.odex

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/oat/x86/joy.vdex

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • /data/user/0/com.oreq.bhcu.emvo/app_tjc/tjoy.jar

    Filesize

    66KB

    MD5

    a583245803ebb7c627f6c5afe73dea3d

    SHA1

    8e0d18478a5230bf537580181abbbf80d81c65b9

    SHA256

    764b3505b93a104a1dc63b041d0256f8fccf8de928de562b112aa0807830bf80

    SHA512

    ed2dc92f657a0fb7ba68034d0504e7f0afb325b765c4dfa522918d65ffe126e058dfea1b910410c5f334e8aad17eadcf28ba4fff04067148eaf1195dd1a2ddf6

  • /data/user/0/com.oreq.bhcu.emvo/shared_prefs/joyssp.xml

    Filesize

    303B

    MD5

    d8de6910c0a6ae11c4a4a4bc31bd5314

    SHA1

    80a239b266d52073873f4f2b450f0e3b20ff6622

    SHA256

    9894f6ac814212a02218e4448db53c3d4fc0a8f0a8936e2bf6e5464638fb47a9

    SHA512

    a210bf5c796e9b5addfbb363ba3a636e7b29f3fd5d640a3c852ad0aa5528fc1b5da68eb3732a14191a1b9149940df0872781fd157bb22d42f50a8ec9541c5267

  • /storage/emulated/0/.cache/apk958

    Filesize

    1.1MB

    MD5

    79a0a7eaf924d233cba83bcf5e689a48

    SHA1

    cd3163ae2ca44e9104468ba3dcfb96f4a6057615

    SHA256

    c30d2fe8ad09243a805b1b3542dc4de133dd0b5574f30210fd2be2e5a5172285

    SHA512

    9f6218134d2a9bfd3291847477f2e9c8c9de5bb4f2d334b27437d39e3f742215abb88925de03d89e1c389d2e0686d34f4cd5c5bd7d3a8b933085f9f4a33259a5

  • /storage/emulated/0/.cache/meise958.apk

    Filesize

    1.1MB

    MD5

    9cabdd5e71a414460ff8de61026eb7f9

    SHA1

    27f159e13f918df3a044a1c437a1d611727c58d4

    SHA256

    b95b74c030a8b6a8837a4937157a2842152cc383c621acfe118f717088b3c547

    SHA512

    66646203123914a4558d8d6428fe1918f9ceba51b36ee182d8099006325f08a79f0be5ad0caf84a7c0c4f79b5738870a074df26e49090acfa5a7eed61228a0e4