Analysis
-
max time kernel
2486793s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
20-12-2023 06:40
Behavioral task
behavioral1
Sample
8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac.apk
Resource
android-x86-arm-20231215-en
General
-
Target
8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac.apk
-
Size
3.3MB
-
MD5
fe3b5985245adca99a4f2adfd6275303
-
SHA1
998b433f96dfeee09774257d4b3042308665e1d5
-
SHA256
8c51d677df5b35eb6a737cffa020b323d989cb904d8bbf18ef0c2addf3f00eac
-
SHA512
53070327191fc5857855e7627c1b0b615fdd4f426a3660880d0d3900276d0e087a321a0557d7a57b4867df3a42a8bcf0284270debaecf05dfea2c41a97e924b3
-
SSDEEP
98304:sxK963fpHI4iYoIytk5GLf1G1eAZQsk9sCOpBs3fS2Hj6Fsbc:QKGRo4ihOeAZ2Ei7Dnbc
Malware Config
Signatures
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/realrat.siqe.holp/cache/natives_sec_blob1424921492337847694.dex 4273 realrat.siqe.holp /data/user/0/realrat.siqe.holp/cache/natives_sec_blob1424921492337847694.dex 4301 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/realrat.siqe.holp/cache/natives_sec_blob1424921492337847694.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/realrat.siqe.holp/cache/oat/x86/natives_sec_blob1424921492337847694.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/realrat.siqe.holp/cache/natives_sec_blob1424921492337847694.dex 4273 realrat.siqe.holp -
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal realrat.siqe.holp
Processes
-
realrat.siqe.holp1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4273 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/realrat.siqe.holp/cache/natives_sec_blob1424921492337847694.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/realrat.siqe.holp/cache/oat/x86/natives_sec_blob1424921492337847694.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4301
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
550KB
MD5ffcba9530d4f171ab67983f5d1950b54
SHA1e74f816c65dc89dfbd668d27b65b4da0cde26b49
SHA256ced12259631608d6af65bf72ddb6695d0c945bdc3f539a4e7778377f0ed25e3d
SHA512c6251e08db812b41a63476755ff34f2f4fec232e910a6a4769b0a77a281e7ad48e7cb86f5d7bd7b67b579d3e5ab770b6145600f8877d72aabe626e2bc944ded6
-
Filesize
10KB
MD5d08c86b93470645b80e6371892c307bb
SHA162d258e4770ebc8e0ea0774cc4254229b0b57d39
SHA2566b41f67a335794eb95c9f68363d2f98a81e6934c1e7d2915195ec690971275c2
SHA512630bafe967883899311b60207322f8252fd22ca311dd4dd2932baa40869bd5e1dd644532c2ebd2711c354de12887acc947cd641bf0b40d5549471dcf0bd621be
-
Filesize
550KB
MD54ecdf266a248c661a60e78b21cac0857
SHA15cf08634f40c63bf2b48d51e13935168e465a4cf
SHA256fc42736ea857ccbcca8f65cfb9fb4d32f643be781724020026a386233b304546
SHA512b7edb37b3df48ecd7cfffc60b32d5e800e4de5ad321e91e2ac441daa2377ff5f9fc4bc37bd47c0156926556dfea35ef00e4e1ace86fe646cfeeeed957be65c92