Analysis
-
max time kernel
3019291s -
max time network
17s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
26-11-2022 00:59
Static task
static1
Behavioral task
behavioral1
Sample
3ac65a58b83fd16eaf835bab64a8678c6db3bb9179b208785a87c9fa151f05e8.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
3ac65a58b83fd16eaf835bab64a8678c6db3bb9179b208785a87c9fa151f05e8.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
3ac65a58b83fd16eaf835bab64a8678c6db3bb9179b208785a87c9fa151f05e8.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
3ac65a58b83fd16eaf835bab64a8678c6db3bb9179b208785a87c9fa151f05e8.apk
-
Size
1.4MB
-
MD5
0e6bc18ab586d00e538b457b9701fd12
-
SHA1
30d16dd30e1bcb00615fbe5d1ecd7a5be6c5ec5e
-
SHA256
3ac65a58b83fd16eaf835bab64a8678c6db3bb9179b208785a87c9fa151f05e8
-
SHA512
cfb8d010d7ffe994f99abebad8e0d652d14884ea23ad65baf5b544ece9b2752b500d999976f6c1e0fada9646aa42eb3b189c0cfa0961b12ff9dce0c531fb8eb7
-
SSDEEP
24576:2bYbnqVn6c1DBZoC7P/CwbmbU4bGBwRL2lbKiHKD/QwoxJol1Sl1T:rbn8n6c1DBbmym/V2N7HK8TxJFLT
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.eyzk.duus.akpqioc pid process /data/user/0/com.eyzk.duus.akpq/app_tjc/joy.jar 4617 com.eyzk.duus.akpq -
Requests dangerous framework permissions 9 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.eyzk.duus.akpqdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.eyzk.duus.akpq
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.eyzk.duus.akpq/app_tjc/djoy.jarFilesize
66KB
MD575ba605bcfe18a0b5f3f6f883f25d423
SHA1387cbab78be74a9a98d66f622f5d17d808af7163
SHA2560ade33f2144d84999286e47a59693634482f23ad028c1ed408963a843f9bca44
SHA512b3d43728f4c91f3422ff9b120e2669d4b9ab13bb85c538b5d0ae342073577ec671255221165592efd674dc8e6cc10fde0dd7b1fe680e41c37a5d35572ad5bf5e
-
/data/user/0/com.eyzk.duus.akpq/app_tjc/joy.jarFilesize
135KB
MD5b6dfe0e23cf40553349b3df37d5be11a
SHA1ac89b62afbd460f9aeb8a708dbf36df7f756c1ad
SHA256c67629746eb7eb4203a24e4843c824ff0e7eefd3905003f2790ce90c08dfaa29
SHA5121c944593a77d1af298e6fd8e9641958cb75c15c9ec697d3d72d1e9a0bf7c32529c50808a185fea9292af532d1c04dc688b32f37dea3f1a8cd16402d19b1b78be
-
/data/user/0/com.eyzk.duus.akpq/app_tjc/oat/joy.jar.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.eyzk.duus.akpq/app_tjc/tjoy.jarFilesize
66KB
MD5a583245803ebb7c627f6c5afe73dea3d
SHA18e0d18478a5230bf537580181abbbf80d81c65b9
SHA256764b3505b93a104a1dc63b041d0256f8fccf8de928de562b112aa0807830bf80
SHA512ed2dc92f657a0fb7ba68034d0504e7f0afb325b765c4dfa522918d65ffe126e058dfea1b910410c5f334e8aad17eadcf28ba4fff04067148eaf1195dd1a2ddf6
-
/data/user/0/com.eyzk.duus.akpq/shared_prefs/joyssp.xmlFilesize
303B
MD5d8de6910c0a6ae11c4a4a4bc31bd5314
SHA180a239b266d52073873f4f2b450f0e3b20ff6622
SHA2569894f6ac814212a02218e4448db53c3d4fc0a8f0a8936e2bf6e5464638fb47a9
SHA512a210bf5c796e9b5addfbb363ba3a636e7b29f3fd5d640a3c852ad0aa5528fc1b5da68eb3732a14191a1b9149940df0872781fd157bb22d42f50a8ec9541c5267
-
/storage/emulated/0/.cache/apk08Filesize
1.1MB
MD5c37be5a6cf9e1f357c01cc531abdb01b
SHA1a58dbd6c79ebe784e2f5cc6a1d5dff8ae3105408
SHA25698a55e9cadef6a80495bbe7b8dab3705db3a6a1a10e72a3f6494075c0d075cb0
SHA51295c9db87a60e7aa776943f33a91827b9a525c84ac3c30d27c2dc743906abc309846b81849106691d06d0fd53da616c3fe3f11a34e044e8c301272ac414158914
-
/storage/emulated/0/.cache/youla1108.apkFilesize
1.1MB
MD5275c1abd798c482a55b5e43470d0dc99
SHA1b54b63002fa6b0b77a390c5393aa87b3bc32a719
SHA256071dbc6ec94fd56b62e95bfbf71eae2fdfd1478ec1e8eafd5045e647ed7d71ca
SHA512bcf01883b4aa34bf7b6283c1cfa2444c10a1c915bc95f22b5c1556b6d86476b3259d40feecf718759bea92f4664a95e6ed260bc55a06053b63826457506e7292