4fcbd8c814be79e576ecde6eb0b7dd3b751b1408e95ce90d64e259804e20e5bf

Analysis

max time kernel
2555547s
max time network
152s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4fcbd8c814be79e576ecde6eb0b7dd3b751b1408e95ce90d64e259804e20e5bf.apk
Size

12.1MB
MD5

04f27ee846c45fbbd32f4280c710bd98
SHA1

adb5396f39dfa3b84aadd5f3d0cfd03db6962182
SHA256

4fcbd8c814be79e576ecde6eb0b7dd3b751b1408e95ce90d64e259804e20e5bf
SHA512

0dd981e8da0e2e908a1c216541d3de7f2e5446c21247088d9f06d374f72bcbe1eaa53ba6f0034549223fbbf2677b9bce6651893d6106c49dc176e78dccfcc7d6
SSDEEP

393216:e4h2puw7Zn9z47+v+w1z6x48d3LRtq+xpQWR18L7xkMq1tb0GSPplX1C:eU2pTa+F6x9dbjqb5L18jEpllC

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/AdDex.3.1.0.dex	4990	com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy
/data/user/0/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/AdDex.3.1.0.dex	4990	com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy

com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4990

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/app_model/TinyCnnModel

Filesize
468KB

MD5
636f0edcec0dc531018ce63f9ab58df4

SHA1
4525523307910e29a2268c5c74d87d4b839c5a36

SHA256
11719c5ae113758c4ec778e90faf13806a5e1817f1111053aa60c50fb55a8d67

SHA512
6cb901d9c81407d67fa9ed1db59bdcb733712b6ef988713f438b8f089a93dea1a9f366dd17204cbe3729aaf01c888f64fa447127c5f5b31c0dca601939d03177

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/AdDex.3.1.0.dex

Filesize
253KB

MD5
2429e2c4eba58edb99dfd431dd5d919e

SHA1
465f3d22eafabf71fd30fb2266fb92e3c880738f

SHA256
4f9492e8020e6c033d14652ddeeac7267984484c28fee90b8fdbcbdc477eb1f4

SHA512
67b32138d265da3b069d0251cb1afff76f5a1570645982607b1bdd9c35100ec6d50558ffab1c30f81ab17ca5bb48b8056f6fa651fca06e408ab17149d939db99

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/oat/AdDex.3.1.0.dex.cur.prof

Filesize
157B

MD5
214cc660f36eb75ef514a72da1f4dc83

SHA1
825d8b951d49bc5ffe1b0f47b47885e0e08ed969

SHA256
9ffa5aa942eef0bf0429283bde8d0dcb336e1e17ff6196a3807972577c2af759

SHA512
f981bdf06241b972ee791c99db18fbd2461b55c5df558d2e3d8b4cd0f4ac411c0b3704763957527866abe07dea2361c7eb766fdb552ac8697d2960433180772b

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzYyNTA1MzYz

Filesize
1KB

MD5
bbc3e6ee63c74cc153f04984cd609b36

SHA1
c18f55224d2d489380fc6173670c59275fbaae9d

SHA256
e74e1901d112293ba1257c683bed32fd823c0049985d08ea5f8faa3d46f054dd

SHA512
9c16ab984ba520eda9818fe75f779783a31f54bf040d496b671344c9cdb9052e6e8f85e912bd21d4044915854e6a66aafb3e9e966da92162de6b65a9dbfcbf0b

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzYyNTM1NjMz

Filesize
1KB

MD5
7538f2ef9254d0c63bd34098333c1453

SHA1
ded25c32cefc5125c3fe7661ad8b636dbbad4fdb

SHA256
1a15a191de4343fc9231e216e3e6998321d9b98b91f69854cc9f56ecb3f141ab

SHA512
20c3756e08c3e2ae8b04136a8a5da2ea0bd12427f33c4799f02c61ef050062ab677728ea34b70251a68d6cb19006541fa98b177cb9c759b2e3aee83c16476ac6

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzYyNTY1ODg5

Filesize
1KB

MD5
acdc8f50a470856121795e90ff4f4802

SHA1
bd874f19bb45148cd83d780832b28004150f0d18

SHA256
a1a9cbeeaf74be64d68433cbd1332e6319ffbe10a267fcea06f7d2b7e5831dd6

SHA512
f00d052d92a9c18e3c0f9b58cb94afe85c48a65b87f469586ad8cabb3f1a090bc507035f27e11b04525c212b2034b6f5eb7f14b0f50b8d88026f9c27ef551a15

Download Submit
/data/data/com.dobccjfeckejckccdndjbecdcldc.chsaowyyyy/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzYyNTk2Mjk1

Filesize
1KB

MD5
73fa12bff70a3ab49636406ba737eb47

SHA1
2d6f45bcd12abee16ffa194d8feba3f87ca7596a

SHA256
f5f5ec82d104d785c2ee03d1ad4e62c03a584a86317313dcc6f1f23c37a1a952

SHA512
9091a2898917ab8b6a0383b6db773ff8cbc1408d3ecf4e5c8674f612a18020ffe3d2b87ae49de7d50e27fdf63f016703335f269d3b737dba2713339803d71297

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
843dc8120eeafac9ab7fc58c802e9d99

SHA1
35d1bc5d7955617bbe8d2be7f6b343bc91add573

SHA256
80854397684590c71fa4381cf98ff0007ebb8348f0db75ed636fb0dd57340734

SHA512
5c2c994a54b5726e96b80c9ad48df67d38fca07e97719c81ac94f23142ecdc40c9cebf4c1d0d9d0bad32e91a4e26f4c33b5a4e29fa6c60b88fe7176314923cf1

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
95e5b596bc7035e12a3252a905799f3c

SHA1
d540b7c970e02eeb8227ee7a33bc989ec634bf35

SHA256
63dac39787126ff6c7781a39f9b5e4e5f36197bef13531ad9d973b3572e19659

SHA512
db9972d0ea661e4f450b7af58f5c80e3b76c19de7fb5d051bfc4abf84cf8532f60de5f25ddc0174fb21571394522317b94d3735313f14790342bd46a1f56c8cc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
d322ae201b565b94fae57c7c6c37524b

SHA1
32ce0af29faaed9710a590de09b2553fc73f28ea

SHA256
626fddad5593d2b8526f69a64771d93cdaba956ff6bf4f801d38e2c29a164cc5

SHA512
63a36aa5e7c12cfaba2539fc83749b93af0c6b61b8c0c717ba734420d5ce2f426802d0a18ef1edfc556d8bbe48627970e28ad63ba175af67ab2a2cf5c5d2e349

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a2ba4520facde2e6db4ec73eddb41938

SHA1
f1836038a7112273908837c6567fc5f3a29e9cde

SHA256
5cc10aa46a49893a72879e3d244bb34b44a12763eb3b23085039815270483423

SHA512
376bab47ff445708ebfff333c6aaf11d41d337b57c7957323584c005c1a3e2d27859ec70ce3cbb1c6403a26b794b68b9747ed47104b3209d37406aadf604a479

Download Submit