62cef38385d786ed216b106b32038d44a2272ccac292380f2b1b6444d8cc8e3b

Sharing

Copy URL

Twitter E-mail

General

Target

_iplogger_17583383.apk
Size

22.4MB
Sample

231012-cbhn6aha6w
MD5

54ff85c547ddf90ada88f359b2065813
SHA1

825244448d2b27eb931e19d8e6ded52258ac0d22
SHA256

62cef38385d786ed216b106b32038d44a2272ccac292380f2b1b6444d8cc8e3b
SHA512

59e8a46b528ca54615e2da1c7d49dd8da43d41a7ea2355950597ae190e38b126c630f6378ceb67d9b5e5d61d9906b2e448d7ded72334ea382a8c0822b45eb2ef
SSDEEP

393216:afpfA21NdpazDnK/Vqd4KLoTUYCV1GZwwTWa7P1MJEzvA/LrnyH2nruWYcgizf:afp/1RcrK/Vqd4TUT+R7P1MJEDKrnyWb

Score

7^/10

Malware Config

Targets

- Target
  
  _iplogger_17583383.apk
- Size
  
  22.4MB
- MD5
  
  54ff85c547ddf90ada88f359b2065813
- SHA1
  
  825244448d2b27eb931e19d8e6ded52258ac0d22
- SHA256
  
  62cef38385d786ed216b106b32038d44a2272ccac292380f2b1b6444d8cc8e3b
- SHA512
  
  59e8a46b528ca54615e2da1c7d49dd8da43d41a7ea2355950597ae190e38b126c630f6378ceb67d9b5e5d61d9906b2e448d7ded72334ea382a8c0822b45eb2ef
- SSDEEP
  
  393216:afpfA21NdpazDnK/Vqd4KLoTUYCV1GZwwTWa7P1MJEzvA/LrnyH2nruWYcgizf:afp/1RcrK/Vqd4TUT+R7P1MJEDKrnyWb
Score

7^/10

evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1
- Target
  
  aps-mraid.js
- Size
  
  10KB
- MD5
  
  3fee870a8ea9b50a2763ea4247c4f753
- SHA1
  
  d1d1c166dd8d09b2a5633fc453f4e9118c8153cb
- SHA256
  
  f852ff40ac55cb1e1a55972307c253db4b7e99ad541c116bd356f5af7b9ae1ec
- SHA512
  
  baa8ab9597f20431b5d78ea153a7118f3f9578330abd2857c52e29a8c28c648205963c42b4d46cc0a996dbc139fa1ea9713e9a309970e8be29d595d5aa742900
- SSDEEP
  
  192:RiCYiIp5RsHMSP2io9SyKMnbCXnBtdyvgVHGlzjTSWiwviX:RJ6VsHVP2io2MnUjyvgVkzP3iv
Score

1^/10
behavioral2 behavioral3
- Target
  
  dtb-m.js
- Size
  
  33KB
- MD5
  
  18ba4c6ce9e10c685f9926d297c3ffc8
- SHA1
  
  7d3d1a6841e9b24aecce376966b6bef160e9b658
- SHA256
  
  93d2248bd639fc007b4eb1f565e81d2ccbc7179ba43f50df7f5fbd368f0a17fe
- SHA512
  
  ca2c1d69afc109fd4e661accede3aaf8bd7c311303e7107dc12470a7c3f97a62bc5ad9125ac806c6e56c89ecedd11fa502457462b07e3ed4a59995630f359004
- SSDEEP
  
  768:cM85TLOVEVU3SGgmAms+SBED+tSklU+EV:c1JO6VU3ZymWBUH
Score

1^/10
behavioral4 behavioral5
- Target
  
  omsdk-v1.js
- Size
  
  39KB
- MD5
  
  7b5d234fac7559511a447554e1830154
- SHA1
  
  eb7fe9da6145c8499201442794adef89d110620b
- SHA256
  
  d7a8a6e3508e661b9a0f8d1ba2de04d669f299079fa862c7e2d4e747369d2a24
- SHA512
  
  47296a52cb9e014b9ca307ca8f6f53e2371d73d30e90e201aaa63d84e8493d919d503eaa217e4898c9de1a9fa82aa5afac0116a0fd258d365b7f72599358db34
- SSDEEP
  
  768:X6kymXjv8OPXwfBKn3ySNiTTUpdpnoPq1KMIQ2/9vt5ZBFus9cAZhmUsaezqhKQB:X6kPXzss3v3noPq1KMIQ2/9vt5ZBF59h
Score

1^/10
behavioral6 behavioral7
- Target
  
  tt_nd
- Size
  
  5KB
- MD5
  
  cfb58d5a778a4da98783db9388bacfc5
- SHA1
  
  4e826b8e65f7a81ee0c30836f132632054f338e7
- SHA256
  
  64f11eb5134f29bcff547988289baff229b05faf93adac63d3a3bfe97c7f810a
- SHA512
  
  1cac2288c9d222dbd195e3b929aebb887e5ff8d13c46675bcc879c762d09311b97a1e331389df520165cb994f1717ee5debf1a97a7563c474130943d5cd4267c
- SSDEEP
  
  96:PWuzrX8H2mrqoAuRJff9SgbhWFllXU+9z:PlrXWRJ9Sgbh0l5
Score

1^/10
behavioral8
- Target
  
  user_custom_script.js
- Size
  
  909B
- MD5
  
  f084be4583f5b532fe99212d13c57e5e
- SHA1
  
  2b5196250483f97ac933407eff7c848a632f2634
- SHA256
  
  e7dd2279029645d6b35f9cce0419bfe88afee30469e1d509b465c823d046c7ee
- SHA512
  
  a0c90326685f90864c1f9670b3f2f42d4f2dc5d1f821f7078e5e8ad7035675da4a3e45d6b70430b9ebf86e3f556ad2ea05313b5ab82fa06b239cf70995709487
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped Dex/Jar

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Removes a system notification.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10