Overview

overview

7

Static

static

6

cdba45fc49...7b.apk

android-9-x86

7

Analysis

  • max time kernel
    3001091s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24/12/2023, 04:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cdba45fc490fe6e49f19da472440d4e1524b8b092efc2814e24673c00627287b.apk

  • Size

    21.1MB

  • MD5

    02ecbae7a6105f37d3824f6156cb01fd

  • SHA1

    c7d05989c72649cf596ce575d9ff8ad20757b977

  • SHA256

    cdba45fc490fe6e49f19da472440d4e1524b8b092efc2814e24673c00627287b

  • SHA512

    b8ed74f5bff9359de457663769057d8477c457e163dc49549db9a9246ce8a4fa2c65bb3aa9e807a01fcbcef108c9e0212bbb04510f238425fb5c6082cd5af2f6

  • SSDEEP

    196608:JnwKAC9YV0MK7lvl1EfWq/rdYgxQnmmxBr8Q7XTD+DGmMJZvkH0kA:WKi0/1XqzdYganc4DSD/MvLkA

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.sec.android.app.launches
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4239
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sec.android.app.launches/cache/natives_sec_blob8939632801135575800.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.sec.android.app.launches/cache/oat/x86/natives_sec_blob8939632801135575800.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4270

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.sec.android.app.launches/cache/natives_sec_blob8939632801135575800.dex
          Filesize

          550KB

          MD5

          ffcba9530d4f171ab67983f5d1950b54

          SHA1

          e74f816c65dc89dfbd668d27b65b4da0cde26b49

          SHA256

          ced12259631608d6af65bf72ddb6695d0c945bdc3f539a4e7778377f0ed25e3d

          SHA512

          c6251e08db812b41a63476755ff34f2f4fec232e910a6a4769b0a77a281e7ad48e7cb86f5d7bd7b67b579d3e5ab770b6145600f8877d72aabe626e2bc944ded6

          Download Submit

        • /data/data/com.sec.android.app.launches/cache/oat/natives_sec_blob8939632801135575800.dex.cur.prof
          Filesize

          151B

          MD5

          17841e439b2bcc20304508200625c178

          SHA1

          c3a3b890649766930e034b34238948d6e88ee36f

          SHA256

          050388b253a46d3ecb6a1796f92a530db8b3beaa43b71898006fc6289001edde

          SHA512

          d92f371d7c4ed749c4e1679ba65c319cec8aeac428073d8d3643c50f077b200d7efbf2724e46281b05fda355f3b31f268998699c10ad279ad29ba8c36439e00e

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/TaskLock.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/TaskLock.db-journal
          Filesize

          512B

          MD5

          87a96e5bc288445731f6e64d8d85f983

          SHA1

          ebac2af3e4aefd7560601e55e12ce9063c4d25a5

          SHA256

          1f7c71fc2c1db3c768fcda4fe683b7278c05ca2d7218f1b6df2c889b85799c73

          SHA512

          604f6a7d962ef92c793a056a1dc6d3f5e69984e80dacd3be7ed32b085ec56aad33b21e44deb8b4b0cbbf28ce9ea65c3c808129809785c66f5efde65d5c3ba708

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/TaskLock.db-shm
          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/TaskLock.db-wal
          Filesize

          32KB

          MD5

          dde99e8cd3977ec75c562e84d684a922

          SHA1

          a8468781cae511e74c982bec0e214edd093b3192

          SHA256

          b6855adf23c12e5cf22b6a21e33064800a3ade8a26fcef759670ed415800367f

          SHA512

          2752f351db13401a2edbdb044056574aed18cca1350208aa818cc8302dd80051b14b097b9647c30d4cdcc2ced4b4c3c72819d053433bdc848a816d40064800c9

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/postposition.db-journal
          Filesize

          512B

          MD5

          8a4787891f3e060fdcc8bc7be3e5d224

          SHA1

          861314e1c6405e2bd6aadc1e85d53754a28d84ad

          SHA256

          929e4f414c4e57fb9b574d267dd06f1b7cc1a043b5ff73e7d07e01ac50ad4fff

          SHA512

          263aed5d50dae0e75b158f5579f3ebaefa07d71222734895594919964ccd8e7736fcb028dfe224e089702286d254cef1d6fc4f660c026805e8577bf0e10278f3

          Download Submit

        • /data/data/com.sec.android.app.launches/databases/postposition.db-wal
          Filesize

          32KB

          MD5

          32c297c6d5bae3a1bdcb3f8375086724

          SHA1

          30a5d1e8173942f47ec11cb7740503ed121e0e2c

          SHA256

          5fd5c82b90ffdc52436647af764d4356c9878ff87aa97683c07727e5901468a6

          SHA512

          ed1bfb2660ebe0c2a7bc68a557e0b802fef3a4c0d7da790a1b9185be95dc2f7e9a500cc0ad9aa72e2cb9adb123b67203e70145c9eccc3bd2f929e5c9852b7634

          Download Submit

        • /data/data/com.sec.android.app.launches/files/cloneSettings.json
          Filesize

          13KB

          MD5

          5b59e884fcda6c129fec305d28a41960

          SHA1

          db2142e645dbabb6cd8eae1cc5aac99b40bd2a95

          SHA256

          578840b016fe76b98928b506c29be77a4ca3efcfab0a76cc3f71713801e1cb94

          SHA512

          5bc586612584b2828bbe9387d2ebee45e26ee9294d37d1b2d8ccff5a61fdcf472456c8bcf5a8225dabd45c5fcb4984820c82acd0c93e9d81f0df83b5fc38f9b7

          Download Submit

        • /data/user/0/com.sec.android.app.launches/cache/natives_sec_blob8939632801135575800.dex
          Filesize

          550KB

          MD5

          4ecdf266a248c661a60e78b21cac0857

          SHA1

          5cf08634f40c63bf2b48d51e13935168e465a4cf

          SHA256

          fc42736ea857ccbcca8f65cfb9fb4d32f643be781724020026a386233b304546

          SHA512

          b7edb37b3df48ecd7cfffc60b32d5e800e4de5ad321e91e2ac441daa2377ff5f9fc4bc37bd47c0156926556dfea35ef00e4e1ace86fe646cfeeeed957be65c92

          Download Submit