hydra | 6e126b848c0b8b714bed2e031799bfb86aa6c8f06665a1a1763ec691045c3682

Analysis

max time kernel
2303147s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19-12-2023 23:41

Target

6e126b848c0b8b714bed2e031799bfb86aa6c8f06665a1a1763ec691045c3682.apk
Size

8.6MB
MD5

f05a404eca2aeb0f0baa640fd3d0628b
SHA1

1b823a1381d9cfcd0d64eea8041f610b1ffcaf76
SHA256

6e126b848c0b8b714bed2e031799bfb86aa6c8f06665a1a1763ec691045c3682
SHA512

97dd958ed47066b591410d10417bacb9ade4ceeeaa2ed84f9aeb4be7120a62723da19b9d21ba4bf4a42ce65ed289ce17854a7bcf0bca34c8a0c02206df782e32
SSDEEP

196608:rHQNs41/gagNADWx0RiQdyjynFAL99AhJekNjhG1YyN2Lv3G:rwNTgaCsWabyj409WZjQ19N2/G

Score

10^/10

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.veefctqv.umehtvs
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.veefctqv.umehtvs

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme	4284	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/oat/x86/base.apk.qhasptw1.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme	4255	com.veefctqv.umehtvs

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com

com.veefctqv.umehtvs
1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
PID:4255
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/oat/x86/base.apk.qhasptw1.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4284
- /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.veefctqv.umehtvs/app_torfiles/tor /data/user/0/com.veefctqv.umehtvs/app_torfiles/tor -f /data/user/0/com.veefctqv.umehtvs/app_torfiles/torrc __OwningControllerProcess 4255
  2⤵
  PID:4361

/data/data/com.veefctqv.umehtvs/app_torfiles/geoip

Filesize
60KB

MD5
555ef28dd5ff6726a47853949fb30376

SHA1
0476a34328ff097072a5b349e2909cf9433db3c2

SHA256
be48aff0b029e92b20c8cc6ebbd8b316a7aa94240766f00517f2b147fb7008fd

SHA512
a42f8ae85723884cc60b1d9b5330a64784703928dbd14ec251f9e211a77906caabe256ea720d89c88764825e7260e23d55ae1258b4d30de6217c1bb0b4e688bc

Download Submit
/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme

Filesize
3.9MB

MD5
3ebef90d3ff4e5f37d4626088c18b4e5

SHA1
7ea425b836e94ad2412b516f95197dd2f9365183

SHA256
b695399367e4a222e80d91167e3016f01c974e6f10fe39ebdc25ef53f484a615

SHA512
47cec922b6d16ba9c0da223cb4a9bff42957a692ac4c134dad4e6e3572d7bab915eaa074d478403013f9dce4480b462dddcddafdd456304586a671efa2b3f737

Download Submit
/data/user/0/com.veefctqv.umehtvs/vqcchbrmiq/lsafatkdczmuzcg/base.apk.qhasptw1.bme

Filesize
3.9MB

MD5
152982fd6a74135311c9eeb4667a6a29

SHA1
e3e3197afcbf6253cb8a9b41bb273a2778a1127c

SHA256
58d19e5b1e6aec570e3e6b9740aa2d250b0822a5db9912d536cee4569d6dd7f4

SHA512
921c0b04a9ba930af94cbeb54ddf80d862c8e3f17ab06458411dc6abdd7c04acaab573580d961347e69ca492d8ae7a01179c17fe3970b4be008974d36c3eba9a

Download Submit