6cf4b4cd5ae971c031cfd9f6169145999a3ce1a8f4209312258511b9e4f849c9

Analysis

max time kernel
2251009s
max time network
152s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
19/12/2023, 23:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6cf4b4cd5ae971c031cfd9f6169145999a3ce1a8f4209312258511b9e4f849c9.apk
Size

263KB
MD5

0c646d2ab6aa53d4d285c0beaaab8106
SHA1

88955f595100aa6d9917f22f188fb8deb6e8fed5
SHA256

6cf4b4cd5ae971c031cfd9f6169145999a3ce1a8f4209312258511b9e4f849c9
SHA512

52a3f1216d69f0f1080fcc52196eb10153c7f69c8d3d78bbdc0ef2f7cc5a6e2ca8a01a6d8828bb6806e98a0c6499297f83fa6a0aec6b3e54ad71f5f5bcd18885
SSDEEP

6144:WbPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNc:W5i6tQIwsBFa/IvcR9Uc

Score

8^/10

stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
5054	com.bangkok.knbja.ivaqkryma

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.bangkok.knbja.ivaqkryma/app_tfile/fields.jar	5054	com.bangkok.knbja.ivaqkryma

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bangkok.knbja.ivaqkryma

com.bangkok.knbja.ivaqkryma
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5054

com.bangkok.knbja.ivaqkryma:RemoteProcess
1⤵
PID:5094

com.bangkok.knbja.ivaqkryma:guard
1⤵
PID:5547

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bangkok.knbja.ivaqkryma/app_tfile/fields.jar

Filesize
138KB

MD5
cceb8db3b057d24673d49eda229e9892

SHA1
b18f6353b2156410249079a3b7b86ef3a530e8ee

SHA256
e900cb4c3fe9d8f45196a7457e9645c65b0f3cde820f4161950252cff67a4d97

SHA512
4a42cde3165a706e823caa1362001ed8aa647caf22325a4f2554c64fc4ebcd79afe44fe5eab5474221806f26e7aca9d2901026de6e597ef62fe867f123e4bd57

Download Submit
/data/data/com.bangkok.knbja.ivaqkryma/app_tfile/oat/fields.jar.cur.prof

Filesize
369B

MD5
6de41202d76cfb91657a014430e7f33d

SHA1
1c066a98ee1dae3493881522b42a6978ef72ffee

SHA256
51491488aa5999f64c4d74c50676559497e9890b2a3978cdc8f07dc782e945ec

SHA512
765ef4f4ca7a832af8677b8cb38b705a5cf809b6d321f7d86bcb03471d5e55d8c9b8dc04dbad9f89b10febd5e87b29d29e1bd36fa91259ba00ea863ad1225236

Download Submit
/data/data/com.bangkok.knbja.ivaqkryma/databases/tbcom.bangkok.knbja.ivaqkryma

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.bangkok.knbja.ivaqkryma/databases/tbcom.bangkok.knbja.ivaqkryma-journal

Filesize
512B

MD5
f20b59f71ede51c7ad2821c64375b833

SHA1
8361735efc4d10b6028c986f2d2ba9642d6a2f5e

SHA256
e1bd2fbdb2f30ab02c4190fb14c66c5c81e87ffe9732b2ace83f70cda41107d9

SHA512
40e7e0e688a532037b5d53e7824fb96b3a58208533554387fd2c9ddb3b2f80481e118d27606b66d52a97c7ee4447ca424ffd0d04636a8f7d468e3eeca854454f

Download Submit
/data/data/com.bangkok.knbja.ivaqkryma/databases/tbcom.bangkok.knbja.ivaqkryma-journal

Filesize
8KB

MD5
0ce7edd3fba54652abe0809cd712e8f5

SHA1
90a06f02fcdc7d7a6aeb40d0eb5f8ca7042fa026

SHA256
9cc4566b5535fc18ab03bec380ff9c955ae0195e2a31725cc5c69179fe1cb2cf

SHA512
7d6b788214acef9fb0222c95a053b06b84fa5e3a208d35b793491f64b139d20485006a898c3cc53e22fcccbe9ca5ab3310ee6e36b802714553ccebeb9c62ed28

Download Submit
/data/data/com.bangkok.knbja.ivaqkryma/databases/tbcom.bangkok.knbja.ivaqkryma-journal

Filesize
8KB

MD5
1ce6cb131a8928a0bf612ad52f931148

SHA1
20ac3307135b6e49cc4218d2fbc83300d0e9d43c

SHA256
6363a43ad944bef3da8dd1e184e2e97beeb3109a4574167c95c74c6f601ddcf8

SHA512
e6fd35b62f4d227487fbb6d372456fc1a62007b2ca8aca2ace44221ba6ddcd7843ad7b1ae2d87ddf2b59e6eb64cff558b96fd98ee5142459a9c7beb6b3a262bc

Download Submit
/data/user/0/com.bangkok.knbja.ivaqkryma/app_tfile/fields.jar

Filesize
281KB

MD5
73b11c4c10150bbd4f29ad012dc11dde

SHA1
65c83ad32c29f9811c32eda75d7fcdc92ef42dda

SHA256
52132037e9b950a9cb48d6374ee2c6747a6bfe776e13a726395771f1b40ee9da

SHA512
3e53b1ee22a00e60896da86d2695195e0965c93d190c4d1c0dba2eb5c611d670ee7693a9f8756858255e2b170cb82a753719dd4d6a827af437309b7a1dcc6f01

Download Submit
/storage/emulated/0/Download/sdsid

Filesize
4B

MD5
b8c37e33defde51cf91e1e03e51657da

SHA1
dd01903921ea24941c26a48f2cec24e0bb0e8cc7

SHA256
fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

SHA512
e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

Download Submit