16a2a064241f34c103d5903d8afd0a8d90f12646ffffe1ceb0d4393cb9797a4b

Analysis

max time kernel
3517973s
max time network
138s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
07-08-2023 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16a2a064241f34c103d5903d8afd0a8d90f12646ffffe1ceb0d4393cb9797a4b.apk
Size

1.1MB
MD5

72ffdb5ca77496a9147449a1a7fae0b5
SHA1

1d7fdfdd31edc3d49831f93ff62eb051f3b10172
SHA256

16a2a064241f34c103d5903d8afd0a8d90f12646ffffe1ceb0d4393cb9797a4b
SHA512

4bebc2d063124152318c814f975b8f6cb30fe4fb549722f14d431033893833d6c33d6b8ce33f2b03e844449f629ce22290a8c15d642aeb818ba0ecdce9883255
SSDEEP

24576:Cy9beV7TLZpYQDnOAnhkxNB3GtuaX6hNHjZ84r9Xk:Cyt8ZpYcnO+Wxj8/XENHjR9k

Score

7^/10

Malware Config

Signatures

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.zvozlqawx.vbnwjvqkqza
/dev/qemu_pipe	com.zvozlqawx.vbnwjvqkqza

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar	4232	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/oat/x86/yneaplc.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar	4129	com.zvozlqawx.vbnwjvqkqza

com.zvozlqawx.vbnwjvqkqza
1⤵
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4129
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/oat/x86/yneaplc.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar

Filesize
482KB

MD5
73097b1bb8e9d65cc5f9fcdaeffec385

SHA1
1e68478929d8665ca1ff693eabcb48ff64b6f10a

SHA256
0ece8ae459b8df4a0e7173121a6a33fd47c61894856324b5b2477aa23ea033b0

SHA512
9bc0a90f73e45c880a70221a9b5d65646cc097aac28270c799c9e1b2b1f96d3f4f6248bea4b2da8fafd6571c4596c24b50cd3548f4725889380b60b204932ca1

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar

Filesize
1.1MB

MD5
6aad1690cfbc25a6657531cc41952a7c

SHA1
3a4ed070d45c2ac0577966487045ed8bb6c08285

SHA256
ca47bdfd60bf378d82505b639ab6c77b409e71a1f15155c7bac8039bb7dc17eb

SHA512
e2cf39cfbb4cb0a40190c0f08150e76e9d600be57efeb138cbc015eead26cacf936dee2af72013824805f4f9751ab5f9421f150bd2df7b4dc277b0811ef16cdc

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/app_files/yneaplc.jar

Filesize
1.1MB

MD5
fc4a2a130ff1c5ef71652bc2f60ee123

SHA1
320f63a11d8d15f691facc63038e9fdb7ce38660

SHA256
8f5d5d8419a4832d175a6028c9e7d445f1e99fdc12170db257df79831c69ae4e

SHA512
bc00843b8e832a4bcaf68c7fb453bed877566346e54206cab456f26496da7806cc32f7d870fa670fee4475caf6726b3e3d1789346c84c46a87609485caaea3d9

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/shared_prefs/0227873f8b5111d9e4cdcf19e147bf59.xml

Filesize
168B

MD5
26c3a957c7e064b6e551d301b7e9e365

SHA1
c5b7a07f0aadb1f415de1d0f0013f3266585fb2a

SHA256
b665a414079db3a9da8caf893ff7307a24ecc952d7d1d31d9cab4d00ec548c50

SHA512
443a0c1e74fe7a1497283aa54aef2ff434b8a44856afd65a62da16390ca168e80f00af1a68907e2e40417cff432f47c29a63d5489c8ed179c237054637b82aa4

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/shared_prefs/0227873f8b5111d9e4cdcf19e147bf59.xml

Filesize
238B

MD5
f3ce61bf8ceb38570e048bbe486645f8

SHA1
5f24fbf72c391f59c0c95e2124faac0170f9e444

SHA256
6aa9332e26f5cc467ff0737735751edfccc64f2cfa087d464c412e45b192ce3b

SHA512
f112eb307dd6e4d6047adf160c91134edf469f077f03e34bc907b256d3ecd43d9ba69f07c383fc46b95e808fc86a0009ac899214e07aaee9916fa2c57e886d43

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/shared_prefs/main_prefs.xml

Filesize
114B

MD5
455c3696936dff5650602bf73ffc25b0

SHA1
e962e7cc389f483caab939c77e0a7fe2dec6c379

SHA256
4531a9f2204ae282463e15bca2dd88f410fda61a57af8ec03385d1b05434e31f

SHA512
78e69afe2ddb8d41fc8e05c251e9cc14e6040aebcd7b354287667894567066518c25fce4c3a435fbafeba122fd080d7c70076dcf20e837950e71a6c0a0bc615b

Download Submit
/data/user/0/com.zvozlqawx.vbnwjvqkqza/shared_prefs/main_prefs.xml

Filesize
163B

MD5
d5626652368be4c991f3725ab5763a27

SHA1
4acf29658392a9ee64b2df410f6ee0dd680f5161

SHA256
1ca03656b9a514ff66b26c3938fa8bc3fdefe3e7b250e11764112c84b5510c2c

SHA512
1a787b626eded9fe161f79b44bcdf9d78fc825eef0442a306d22716e4aa94c9d279b5bdb6153033e80f92cc7131b2fb826df9bb62377c50b322776afb6615659

Download Submit