1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f

Analysis

max time kernel
3244254s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
28/11/2022, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f.apk
Size

510KB
MD5

dc046192581af2848b8d233ceb93f450
SHA1

12a51a2daf21deb0306b1ac30db29e51aadceefa
SHA256

1d6dbed85f90e44a19ca90ff8691c8775f0c0fa31aacdaf6823ee087a89d877f
SHA512

ab4081ebe1dc51fbdf05807c601c86dcf09e06f4c5805311285b0d8a9780803ca29668da997cc8aaa3ae542fa8cf5bcc4623d128a6e1560ef85da46f7d48e04c
SSDEEP

12288:4OzuGu+nqpky+2Tch62plXwz2EINPISXgvAsAmb:I3+qpFNch3Xwz238AsAmb

Score

8^/10

infostealer

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vdyc.nktx.bzsr

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar	4583	com.vdyc.nktx.bzsr

Reads the content of SMS inbox messages. 1 IoCs

infostealer

description	ioc	Process
URI accessed for read	content://sms/inbox	com.vdyc.nktx.bzsr

Reads information about phone network operator.

com.vdyc.nktx.bzsr
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
PID:4583
- chmod 705 /data/user/0/com.vdyc.nktx.bzsr/files/adsjar.apk
  2⤵
  PID:4682

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/Cookies

Filesize
64KB

MD5
dfb2098ca7b3bf16d6f5f1e7d3839af5

SHA1
ebb7a8bc886062d77a4092bd306b77a0ce7a3e9d

SHA256
e4119d32577d7fc63b267cc23eb7a9bbfb12d238f23e08918c38838fe0181224

SHA512
fccec45399258eb98220b7f01b492a72b8b3d1254dec6e196e344d89a0376c6ee24534a31a6675c866d4a17256d3ac6823657eaf04e1d386757d0cbfc6597e50

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/Cookies-journal

Filesize
1KB

MD5
6f39273a45843e754e4677b28b98481f

SHA1
b6270e07a4cda230223c7007befe49afe46a2b68

SHA256
32791021aea8fbb2dd9876480a3b53b8fff39acb6b09024e78ec843f0539c672

SHA512
254a67550eb20ac05696a8f2bd4bde7870efab1bd886ddc92423119b977658e54e3c8a3a349c060a4b8209b223e6b230e3b7586b7477054085daea99f534353a

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
0943daac1d38c4da6c004b54279710ba

SHA1
af54e79b1b03986eff7fa7efe1774961789772b6

SHA256
76efbe442fcf4a15ac7e50c784dcacf863c361b201f27c3cfa3819bce63f259a

SHA512
0cc7f2513c2e52c17a839162367d02016024d2c01c9e4babd43b59d1d71078d46c7015dd722e689aa02fb3f60aef4058ac95d6779f7402067b0efae9013581be

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
5f7ebce0d128c06a69b1cd99968c0e9b

SHA1
287bc08b541cbcac590e7bce30a9f066190ea081

SHA256
b0c5989046ddab25943b6a381e006003f03f1812c5b0627c283eb385a77cf464

SHA512
0b0eca12457b2231bfadabc9464861e51c71934a6b8ff16bf60f73b72451e0da25db61674eb518f5f89f67243ba6e946e6e94d4cb9f45e65a80d63a577f4cef4

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/app_webview/webview_data.lock

Filesize
24B

MD5
01fd1c7ee3a684c6114d7507d70f3d87

SHA1
cd6a3879be85e546f0a5f2e8c335da4d15255ea5

SHA256
bc750ea424acc23d2140740b12ecff59f5a0b38e4fc5b790de3ad2282f50c494

SHA512
f6281e3019b9bb858813afc45765e8de895a3580489a36c1068c614eeff82e50b27ba72ab0ae441da232f006c07f4189152e263012beb5857b3db9f2d0dc58fc

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
067d5f7c8bd33a4b1a16c6ebc2e3da2a

SHA1
aa6d3f32c2e48d7275816bd3353a6b1db68f087e

SHA256
d0d6dc8f654e7c3029bdf222e631533a142442b281b677684e5fdf092fdc6116

SHA512
d8f40986ec5745e1c7f880da269cec11045712f8e02719513f80be9e6384bd8e24641ca7040f7783e9443926d3a785ff6f34b787d8d0751d838781ec2bd8f169

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
4784fa8550be704f0ea347eb33ad06dd

SHA1
bf5abda40c015a840d778d031f7b7e179f06df9e

SHA256
ee98904034b0a11ef9cdff9744862416eade0c151eb5d8dac7f5f1c90cc3e91d

SHA512
23d4d936feed9d4a1dd866dd07a9ec4f1d9a586e54398632cef6bc0c9cda5ce5152188d068c56155406095604758c746639e6e5993b133b689ad1cc88110e6ba

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
eadfa6f31e488e3f6ccf60e3c84c08d0

SHA1
8b0919c40f7d163cdbfb07d0727e407b00417de4

SHA256
1e87bb4e1db5d097fb53233538bd92b22b4709b11d25046e4ae38b0be5b663dd

SHA512
e2b6738c5bae67715e7184bad1dae42a6149dd3bf8409b7eb8bd7398a78fe9e1ee015a90d015943513ad89e21ae949b653b5a94de6999c58f83d01e84b2cc7cd

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/ef36863e8847e64d_0

Filesize
274B

MD5
1cc9a5c8d0c67ef15f4453c5b7c08520

SHA1
60f37db4bb3c19c3633f5ae1baf03621f39b5545

SHA256
f7e2c9fcfa820026f694f1a9076ee72f711bddbadf82964a33d191777e777c56

SHA512
c4f7ce8f32ba4533091d06827ab87a033cc5e0b062e18f015f4e4520a8d1c95618dca8c57755abf0f41cc128e3a82517b0f36172de9eec0f5072727f766bc518

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
144B

MD5
2af80f3bf2a76e528021f8ea8993d4c5

SHA1
498794156b8b8b2b7e101f5d0f5b0e6294247336

SHA256
e7af776e3c61292ae8b6ef1c4db60bbc771a898a25ed2ae6ced79d8b5ffe76ac

SHA512
40c77d91b2ca5b701616c516ffa7e45d9aa01f2eb420ef90033af57756b7e03a7dc505acf412d5af27781b9d5f86f2d0826d1df484021feddfa68ba92a17efe3

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/Default/HTTP Cache/index-dir/temp-index

Filesize
96B

MD5
7e11d8c2301c7122d4a5940d2dfb73f1

SHA1
8dd2d39a8d06a4968459ae1cdd9e66150a7058ba

SHA256
77a309960d2156749c82f3415fce14741bcd9846c2dac807e82b40f9bafb4c65

SHA512
83c71d169ba945cedc1455351ab149df189e7679f141640b63a690429b6df2eb0be093e9cd48a1b61c9ffe13aa0e237c570693eb66c8aa87fce6482d4f943d79

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra

Filesize
64KB

MD5
dcb12a6333a6c4823ea0e38655e436fc

SHA1
0f2058a442294dec84424b29cb9e99e7577da7bc

SHA256
c62497b413cae282dd3807bfdac3fecf14f6e12732131b69f68f6193795a6795

SHA512
ab814dd590e20fde57470d8ffa25b7abb85e493299eb21e4c2987062ecc21e5194856535cfdc69a5d6a6d332d2a06ca41e7a1e2df752159f2f908b625de5576c

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/databases/ultra-journal

Filesize
1KB

MD5
c94ab126aefd76d0e278a4f5a742f9a0

SHA1
52b8a7163ae79c8e20bd74f360f3b19c1f8f28c8

SHA256
49ee67f65b9d1882530eace74c0ec195b3f8baa496fef8efaa22094a309f798f

SHA512
795b9706c4acdd491d984d30d892f1528e00449af664c54dd83fea611021a00e71fae35329f699a196d4f566bdc4890da90036af3751a5815789d94ee698f133

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/files/wbzsr.jar

Filesize
442KB

MD5
e15339369d3cef17ec578fd788fd0dab

SHA1
1158169054b6875af7daab81c860b22b5fb1990e

SHA256
ef15eb76eeeb9f39f5357f8416f2dd7fe89808253d2657987c2273937d72a4de

SHA512
99dd24844eb8437d0af9419c3e05b5fc5dcada8de5e79c400361267fd8b32f4b6d679a09fb9b02b1c4510af91c3cb4069e344c661239e687dffa6d25fb58c756

Download Submit
/data/user/0/com.vdyc.nktx.bzsr/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit