Overview

overview

7

Static

static

7

TikTok_30....7a.apk

android-11-x64

7

event.js

android-11-x64

hk.jar

android-11-x64

libhexagonAlg_skel.so

android-11-x64

lynx_canvas.js

android-11-x64

lynx_core.js

android-11-x64

mask_frag.sh

android-11-x64

mask_vertex.sh

android-11-x64

nd

android-11-x64

omsdk_v1.js

android-11-x64

event.js

android-11-x64

slardar_bridge.js

android-11-x64

slardar_sdk.js

android-11-x64

event.js

android-11-x64

video_frag.sh

android-11-x64

video_vertex.sh

android-11-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    TikTok_30.8.4_armv7a.apk

  • Size

    155.6MB

  • Sample

    231015-tpvpbahc6z

  • MD5

    642e54ce53f181c53969c4a178b0f593

  • SHA1

    73c1a4e642ca69b87906fe8c7b3b66df7326b848

  • SHA256

    71bf95cdbf2bb1f27c0e13e211cbd17b973025c2296887874ed0477dfe568e76

  • SHA512

    88a35ea1f96b7da0dd54ee3d092c2d9c8a6560580abd3d646df93bdff7ee64df2c52a998d778a46d84ec9116663a7b786e1181a3f8da03a9472cb9da6c508b5c

  • SSDEEP

    3145728:p6nNpNXFUJpx4HANIAZw4Lfy1ylUjGn3CgK/7BwB/vbrwPypO8:p6NT1QlmAZDl60ygY7gvbrDN

Score
7/10
android

Malware Config

Targets

    • Target

      TikTok_30.8.4_armv7a.apk

    • Size

      155.6MB

    • MD5

      642e54ce53f181c53969c4a178b0f593

    • SHA1

      73c1a4e642ca69b87906fe8c7b3b66df7326b848

    • SHA256

      71bf95cdbf2bb1f27c0e13e211cbd17b973025c2296887874ed0477dfe568e76

    • SHA512

      88a35ea1f96b7da0dd54ee3d092c2d9c8a6560580abd3d646df93bdff7ee64df2c52a998d778a46d84ec9116663a7b786e1181a3f8da03a9472cb9da6c508b5c

    • SSDEEP

      3145728:p6nNpNXFUJpx4HANIAZw4Lfy1ylUjGn3CgK/7BwB/vbrwPypO8:p6NT1QlmAZDl60ygY7gvbrDN

    Score
    7/10

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1

    • Target

      event.lua

    • Size

      17KB

    • MD5

      550b0677a75de0e7ccbd7984bbd13ca2

    • SHA1

      498e28bda388d3592b8d195d1314e35f7b9f99cf

    • SHA256

      bd7855c41dc35a9def362acaf71f8cf25e3dbc0e6bdd637b4eac1afbc5886ded

    • SHA512

      cbd3508acb6b862a01ddbf4bf98ec29852998a7dc3b6b4a56a7a1ac871853b858b138f109d07743c140f761aee85819f6c26347248ef87b031356b1c886aef30

    • SSDEEP

      384:etJ2LlyW07lLP4qohllIvqtYZA1efS9lp6B7j7I+rJQXS7vz:etJ2LlyW07lLP4qohl5tYa1efsloB7oa

    Score
    1/10
    behavioral2

    • Target

      hk

    • Size

      1.5MB

    • MD5

      60bda01a60d9efa0bd33658373c8ba32

    • SHA1

      46095bfacefacd29662afd31eb59b0d2b69c0111

    • SHA256

      615d2da519a1648a24f461f73c830c4ae9c74e535e160db4dc6eb091fe399077

    • SHA512

      0ac396accf33f9573c907a37fa1a9c718cfeaa86f129fd1929063e1267f72e52e40ebf3730929a75ebcb6e416fd0de101df700b662f445150285e56d3871c495

    • SSDEEP

      24576:MefEzJQxU+oisJahfSpK3jBO+qoJp6TNOOT8K0MrqJILiaZ5VgPDxLsodBTW:N3xND0padqoJpDAkMrq1c5VgPeB

    Score
    1/10
    behavioral3

    • Target

      libhexagonAlg_skel.so

    • Size

      118KB

    • MD5

      b3dbc9a4a89726fa752b6f11360e8c4f

    • SHA1

      f9fcfacc878bff7b675be5a326c1f5b91885a07f

    • SHA256

      62045b81998c61206a2fb50515b2dfe4657c7dc9d2b6938ac8fb4da699e9acd4

    • SHA512

      abb4b49a62b126c48fc3ae246b627ab5aad797c71b01e14ad8e70f5b5ce7b4935ef47794d146f3bc61ff531eee87b7fb56521158927eee1a18852e54b94503fd

    • SSDEEP

      1536:Od6BvEu6pRDTtqy4RlF4wZMBRla4/qqYwWUBnHNKUnH/dtKaOOR3dp62Km8moDB:OABwXHZYkaqYwVNKQH/vKaOW62KPt

    Score
    1/10
    behavioral4

    • Target

      lynx_canvas.js

    • Size

      50KB

    • MD5

      b0e31a794bd2f49650d1c06553789789

    • SHA1

      f5cbc610c40c3ce0242088d1352470d0ae7572e4

    • SHA256

      4091a9dab0f9a0677708f82d9eaa46b1aa392a8fe76ceec547995944131db47f

    • SHA512

      2555e1b077a774384e7f51ff57e3addaba2ef1bba99eeacc7fd299e84a5449986b8a895ac179aa1ef8f815fb202592df374d32509fe6c8ab0b29b7f80e83a16c

    • SSDEEP

      768:lXa3H5j2/PtNe2LQcAvW1TAX46rtKG4FBk03YqQa4oDDUa6HyrY3fWSP3VRLuWo8:UqG9ZfWSc/qTdPEWn4CGbXbxz96F

    Score
    1/10
    behavioral5

    • Target

      lynx_core.js

    • Size

      120KB

    • MD5

      e8943cdfd82a962213d9edf8a5a9942f

    • SHA1

      4311631ef18bc118f30014fc1cd01dbc3728209d

    • SHA256

      893335af22b1cd45262684b2f625be5488cfa9daa6237a0b7000e2cec8041153

    • SHA512

      d47d7088787b5b304d82e50812b11ab399b651198e9327c6678c531d2f281470eb493927e90e3551528c10b1002be395606f9e045375191b54d018e38289b04e

    • SSDEEP

      1536:gAvzMQzZFW1Cux25DvIL0Bi4QAIWrghoHLSz+UU3OeZwQauuIfThGiOjGWflA8Gf:BrMqZ/CSS3jC

    Score
    1/10
    behavioral6

    • Target

      mask_frag.sh

    • Size

      386B

    • MD5

      03de012ad3ade34fc6a29f7f363869e8

    • SHA1

      8427ec0d21b8890298640d400f01d01766a43dcf

    • SHA256

      95533c223d81f88b33b88dce315dd8a1eb9699fa135c2ce1ce18efcedd110818

    • SHA512

      b7a7b6d7462e3638e3b0037652b0654492a16acc6ba225f1db0d95c78af21e138abcf1ea9ca6116c877e24a525d2ff80309afe5ad06578622924d8202aa30adb

    Score
    1/10
    behavioral7

    • Target

      mask_vertex.sh

    • Size

      273B

    • MD5

      dcebcb0b53c86fedc416e8448e1a8222

    • SHA1

      98c4cbe9ce1bbd10c7a4e01350b01e20deea4522

    • SHA256

      c86037e13a70263ae954cfce59a43382c91cf39c92b2b83cb7dc1305b5d934f3

    • SHA512

      33020e831e2d7cd23140d3f695eb6c4d1b0cf087e661e744cfab9d7a0f0e9f16673814fabd569dd4ebb64e69d99983ce6e22509b9cbcbed901b29ee7a4680241

    Score
    1/10
    behavioral8

    • Target

      nd

    • Size

      5KB

    • MD5

      cfb58d5a778a4da98783db9388bacfc5

    • SHA1

      4e826b8e65f7a81ee0c30836f132632054f338e7

    • SHA256

      64f11eb5134f29bcff547988289baff229b05faf93adac63d3a3bfe97c7f810a

    • SHA512

      1cac2288c9d222dbd195e3b929aebb887e5ff8d13c46675bcc879c762d09311b97a1e331389df520165cb994f1717ee5debf1a97a7563c474130943d5cd4267c

    • SSDEEP

      96:PWuzrX8H2mrqoAuRJff9SgbhWFllXU+9z:PlrXWRJ9Sgbh0l5

    Score
    1/10
    behavioral9

    • Target

      omsdk_v1.js

    • Size

      37KB

    • MD5

      cf86921424dd919105bc92848216d584

    • SHA1

      11166598981cee25e9e54152b47630dc4518f745

    • SHA256

      3fb7c9f15f067ccaf12ebdb517ab6afab78021360808ec532c5fd4990b315784

    • SHA512

      a7130d3e41f513a202c952c37d54dd8ccf4b34e5a704e7e8304827247bf4c3611b77ef1bc969df618aa6a5fcd665e9ce9fad0f6089a91d66e3f89137ea549b0e

    • SSDEEP

      768:EBBqa6jwx37E+fmKgv3tOsMxVwg8zoPq1aHRQgB9vt5ZxFuq9cAppmUsIyUnkGzP:EBBX6sx37sv3UJSoPq1aHRQgB9vt5Zx5

    Score
    1/10
    behavioral10

    • Target

      event.lua

    • Size

      953B

    • MD5

      30876b5caed9d6ec8b7f8bd9880e02bf

    • SHA1

      1bf78cc1cc1f8f077095a8722eb72f75af81b429

    • SHA256

      b9a61469b740cdf410ab9bbacd5c8bbed02489eccf975766e9c1b31f7e2c4647

    • SHA512

      e2ca33281bf62efebcb28cbb971ebc16796475ee17affd91b1b07c9296adeb01811c8c04397053283c0ba1662503639b16d37b3c5e905a7fb9c1c4c12e8fd12e

    Score
    1/10
    behavioral11

    • Target

      slardar_bridge.js

    • Size

      2KB

    • MD5

      349e520b0982901856818d59eaf73aae

    • SHA1

      93c99d13873c6e154f7b7c4f5933d871826ac328

    • SHA256

      d4bf58db1027c9d79f791f40769783705017d9a3b9d36623950bea88cdab1f45

    • SHA512

      a6003296a240d3f52bc99d3b03ca20c2129b10a9ced5f34252c7d753995714216a5a0e7cf39fd70e23b768e93498738626ee265f01a2d7da420eba832ab582eb

    Score
    1/10
    behavioral12

    • Target

      slardar_sdk.js

    • Size

      42KB

    • MD5

      43ece1b87f117edfa1d183f4f3587321

    • SHA1

      f0912abb17058174af952feadfd8c57e68e07964

    • SHA256

      178d54b94bcf53f9588442cf288a36cc46fcf1e82dbb8eba8eeaf506147c131e

    • SHA512

      4694be474d3f7e98a27a9eee62718d6f97d388526701cccba0c73592ac7caf0eb2662fe403ccf0733065901b76ddf4b64adcef72cef8f0289e125fd49937a6d3

    • SSDEEP

      384:S2nimUpzmKzdzgCTLbADaMLs3kfGeFvj3JSlsdeFZ/zKBgdQcwVSMwjq7HY5245k:6zmcZbWrHvj3CK24y5kImxw+5SLOeS5P

    Score
    1/10
    behavioral13

    • Target

      event.lua

    • Size

      497B

    • MD5

      0aea184594829d7e8f5388d2436b55bd

    • SHA1

      1942f3499c11eb755fca06c47e0f94e9bda9f531

    • SHA256

      d92c58a8a9c88f84ec71bb3259549bfe435378df01ea43833bdcfe9d9339dcb0

    • SHA512

      4e0305ace3e1adca191b0702874430771cc19dd21b0586cd1aad8aa213fc5888585f39d061c40b3e13b01f9b37e89d2ee53e1c5a670252faea949e659dffecb0

    Score
    1/10
    behavioral14

    • Target

      video_frag.sh

    • Size

      342B

    • MD5

      d48fa38327adb686eee2dad149e2f4e3

    • SHA1

      c27040a7c062afbe5548051c4923d4f9732ccaeb

    • SHA256

      1af62376ba904054d70f3bd8ba00bf1dc759c7339ff7185f6f8f06e5bf08f701

    • SHA512

      1e137108cfa34b6f87e9d16c4040a538c926f44cb2200bbf7128045c106492777749ad9897148b864cad777f7c1930d2efad62419ff110a75d1cb0467912b7a9

    Score
    1/10
    behavioral15

    • Target

      video_vertex.sh

    • Size

      277B

    • MD5

      dfa4fb09ec2e730fdbeb93e3e5d4be80

    • SHA1

      2e5633c188500b7bded554314dbd7a51bd82a14d

    • SHA256

      ed33e3bd4ff1c17b53ce0f84646f55cc5151d60162506f43f428884530cc3bc6

    • SHA512

      0089d949a184a5469fdd200431cc1f313c80a429d7849d2374a559f78c90f06f6f684f30d53eed54972334746ecd9a8a34ec7c881a28eae9eb7e950d7eacc027

    Score
    1/10
    behavioral16

MITRE ATT&CK Matrix

Tasks