1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f

Analysis

max time kernel
3240638s
max time network
158s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
28-11-2022 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f.apk
Size

510KB
MD5

dc046192581af2848b8d233ceb93f450
SHA1

12a51a2daf21deb0306b1ac30db29e51aadceefa
SHA256

1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f
SHA512

ab4081ebe1dc51fbdf05807c601c86dcf09e06f4c5805311285b0d8a9780803ca29668da997cc8aaa3ae542fa8cf5bcc4623d128a6e1560ef85da46f7d48e04c
SSDEEP

12288:4OzuGu+nqpky+2Tch62plXwz2EINPISXgvAsAmb:I3+qpFNch3Xwz238AsAmb

Score

8^/10

evasion infostealer

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vdyc.nktx.bzsr

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar	4565	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.vdyc.nktx.bzsr/files/oat/x86/wbzsr.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar	4087	com.vdyc.nktx.bzsr

Reads the content of SMS inbox messages. 1 IoCs

infostealer

description	ioc	Process
URI accessed for read	content://sms/inbox	com.vdyc.nktx.bzsr

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.vdyc.nktx.bzsr

com.vdyc.nktx.bzsr
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Removes a system notification.
PID:4087
- chmod 705 /data/user/0/com.vdyc.nktx.bzsr/files/adsjar.apk
  2⤵
  PID:4188
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.vdyc.nktx.bzsr/files/oat/x86/wbzsr.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4565

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.vdyc.nktx.bzsr/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Cookies-journal

Filesize
1KB

MD5
e0f360a6b18366ccd929592e3e8d2ba4

SHA1
e7724cc1580f6341c6ca8ed9e27a50aa59cc3822

SHA256
7c7b533ab0e3266349696ac5cbf7c7e65427b907556c25442ed16907cbc0ddc8

SHA512
cd8f2aeba6f7281e3add26a8f862ea9f67b50d7afbe03c6feedb2ff47c083dc90c7004d4b1c275c494bb5f64c112b2de572436d8d7cafe23d24497a883e08bc7

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
f6753c38583b0035764cda9ad8e7be89

SHA1
2161045c70d4d536f3b5747f275cb06fe4dbc507

SHA256
09757722e6137a6c2876da9135e153edfb06e7afe9af0fe33e0282a18b4c3b9f

SHA512
c33ae6a1efbad374f75d3787b9988734e24fd2fc5ea4053b7e7bd05b666dba97bf36907b59392ae3c3e050b5cd0ae1152d5d59037286db87f39e59ce9019f591

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Web Data-journal

Filesize
1KB

MD5
4a1ebc4873a36a7b76f96b822d88dc4f

SHA1
05911b1ae7b1b99b9dda2ca9f35014fc98de5e37

SHA256
257a03367ecce04a1844747b63480cb5eb660c053f6330d00da48b83150ae989

SHA512
b21ef6a7671d509f20f5db9b5a1faf01e4a497122ba5badbf132c114a3d64681ca3a1bf2ad1365fbe5fb3cf00b843d65b7923e671e63566795709f6b9d37077c

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/metrics_guid

Filesize
36B

MD5
0057c717fadc60b97f43ce1f8d2c6edd

SHA1
9f896f4ce58e09ed41808b75030e5576c784f465

SHA256
ef91dc91f87e19956301e24fdbf0bd4d66ca3c156d9732cc512ecc871128323b

SHA512
fb88a7474c9f08e8540baaa8c9632690821c30dc6f0e4867283549cdc1138016b729db7472798d3f0c228f3ad65985ddfc6734842399e04c7771b5c1e5828607

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/org.chromium.android_webview/ef36863e8847e64d_0

Filesize
125B

MD5
0c8d04d6e13c3ff36ba78cda7c5b85ea

SHA1
0f5c0d86f38fbdb8d86c66116bbd62becae2f47f

SHA256
8430204b1d459bd26ffc996c65ade2d748bc04ec058fcfad847b7f4484610e4a

SHA512
8bfcab01d46b0c25cddf4a2afd7afa3d73d6b427b41d841ed1899b73c9a39e9a3309e07654c91c89444cd37687c2f630aa8c282bb8a6fe2c754e2c692c446d9a

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
f3c93beb58208f97b5687f87799e6abf

SHA1
9a12dc5a02fd07e70cc5cca7a16519a4702a03a2

SHA256
f3c2a3809cecfa5736f403112da5a1578f20995c2e58e606d6966cd44543bdfe

SHA512
3d3ac58504ea898c2e1e9807b0e5bd90d7a0de109d855f4e1838f46e83d07bf75a982646904c1eb871e6fec7d27e64f623a9bbb8c3d8111b6afe0c1bfcd13b37

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
248c6b78b3f893d45c352f3300539810

SHA1
d26c8c609d91c88ecf3a5ac4bf6afc8b1015509b

SHA256
fff496243bbe033977ed5c62327a781c259c2b3860cd1ad8d2159332d86caf84

SHA512
586bf250079088fe852bcc1489034d4bb9bf341bca808411b5510def219bf55756fd99b5219707c9c8cd4ee60c1b12310451e151ae923cfc89d43c68a194a560

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra-journal

Filesize
524B

MD5
14641f07bbb12842cee858fd287d8bb9

SHA1
fbb6393c13a8b290ef1ba303c8cf02035b3846b3

SHA256
65030b7722b14162e39db889a4ddc67ca247e639b7d6ef8232e20a8463713e1d

SHA512
ceadf2802b015dfbfd78872619810764b1f35d9933b9f890e63a2cf184d80fe34ac0328d4d04eb575e4f4cd06f64272232e6d50dca6293e0f68b683f62148674

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra-wal

Filesize
28KB

MD5
1b1ac6e00058f21c754b2adf3ada9e69

SHA1
8ef6ccd99cbc85008977b9ba5bb5b4be6e36b7ee

SHA256
264e54bdd78406ff640fb0b60e43d2cccfe39a0e3c081da1fc1de617c2171d9f

SHA512
581eb05a2017d1817e9fa3838db146cf015974388566b81ee1047abac7e72392873189f9401faee1ea27897a80ec5606e5c67353a5648c8a575b9d07a2ec33c1

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar

Filesize
442KB

MD5
87a5452fa4d3ffe09955c59620c4de6d

SHA1
aa06113e92b75b8f1efe4e3cd12c459e814854ee

SHA256
e9114883f7e1a5be447795e923824063db57585033e8b0ffb109f8a6155b5658

SHA512
37aa85ce4951732ffe7552e53b18601b5f6f4b9d05fba0381fa5cce1af2b8a5866e5518e298e8d57dd4b2a645a8ad0f3d66f951688f2900f633a05b1b7542a1c

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar

Filesize
442KB

MD5
e15339369d3cef17ec578fd788fd0dab

SHA1
1158169054b6875af7daab81c860b22b5fb1990e

SHA256
ef15eb76eeeb9f39f5357f8416f2dd7fe89808253d2657987c2273937d72a4de

SHA512
99dd24844eb8437d0af9419c3e05b5fc5dcada8de5e79c400361267fd8b32f4b6d679a09fb9b02b1c4510af91c3cb4069e344c661239e687dffa6d25fb58c756

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit