df3550b1d83b98110b69df55a84d2c11b96eda2fdf0d7f477a376cee148e8a82

Analysis

max time kernel
3021701s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df3550b1d83b98110b69df55a84d2c11b96eda2fdf0d7f477a376cee148e8a82.apk
Size

14.0MB
MD5

e87b6247a867a771e699d36f762e8171
SHA1

fbd1d6ff3b0987980ed7045b355d2dadf5e19489
SHA256

df3550b1d83b98110b69df55a84d2c11b96eda2fdf0d7f477a376cee148e8a82
SHA512

3fe961fdcd52faedd41d930189aea2fb261579024342bb7ff8896c5f545068dbf0b77604c0beb93b48a35714dd5970c860f1090b0bf32fc9f8afd042b34a2830
SSDEEP

393216:FLblB7f/R6rOfqxItVzZt4YK3M8S1wd43eAJY5V3V:DBatmnfd+3V

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar	4280	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar	4254	com.littlebzgzdfj.roomedsign
/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar	4254	com.littlebzgzdfj.roomedsign
/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar	4309	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.littlebzgzdfj.roomedsign/files/oat/x86/fqvy.zr.qk.wrlbv.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar	4254	com.littlebzgzdfj.roomedsign

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.littlebzgzdfj.roomedsign

com.littlebzgzdfj.roomedsign
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4280
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/user/0/com.littlebzgzdfj.roomedsign/files/oat/x86/fqvy.zr.qk.wrlbv.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.littlebzgzdfj.roomedsign/app_rod/classes.jar

Filesize
70KB

MD5
f1fbb5186f817de5e35f0b5ce44c3fa9

SHA1
2dd5419d285d23f6c8b1c9281b5ae0ebec58759f

SHA256
e95244037aab3252c2776f94fefca296ca02db0ef5230268e6efd6f2f48bf9f7

SHA512
43f1ee39bd65481e5a726c11a973e7e9cfe33d13291f8804995bff433bb14c5cbd570315f37ac976713c55c1bc8999d3800b027f13371eeb32e999c90c170ba0

Download Submit
/data/data/com.littlebzgzdfj.roomedsign/databases/dbayg

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.littlebzgzdfj.roomedsign/databases/dbayg-journal

Filesize
512B

MD5
4eaf2e0baa79bda397b409cec93caa1f

SHA1
4a861ad309165b9dc2b5af119df03499775085e6

SHA256
d968d6d3bf98a5471230c29a707f33ec36dd3d6bb493abdb15eeecbee1265367

SHA512
99a7fc29ea02656714036d01780aac5bd823d52290e222a9a8b37dde8018aa6ac80e846d819fb292dc650f35f4d34d47ae0c5be5c354c2c4b9cbd6f5a3c0106a

Download Submit
/data/data/com.littlebzgzdfj.roomedsign/databases/dbayg-wal

Filesize
148KB

MD5
0c692081e07d8705e18ace319a4dd447

SHA1
7e9aa2d01d6b9e206f0e6c9f52b5fb96f4b3a332

SHA256
df6cd83c0dc10516d0490af50705c6ad61075a822b1f2ed0cdee5a66491b0a1d

SHA512
38cdb9856b712d15e95eea7a7859c471d54736e8a30e98aa67e10ad4bab55361dd86ae9b2224b91d9f68dabc4ff5727dc6c7c0e5871a6a5aefa8cca16195c593

Download Submit
/data/data/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar

Filesize
213KB

MD5
ccb75d15ab75aa000b795b699eff3223

SHA1
adc906d5bfb4dcb94766ee2d5aacd95403c49296

SHA256
d81903a74fe6fd05d4d4c2bffab463f2f3178056c4a3fb3953ecf5197c667395

SHA512
e13bf496677315ec16bc6d0c47cf0413d943825b37eac5e55d86e530dc59821f5e7579f278602cc40ec950b7975608e698e41343ec977c6f3b55e998e11f498b

Download Submit
/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar

Filesize
167KB

MD5
1d5caa43d00cc965d3237da3bff94c42

SHA1
92cd6e569b4831008669df0b52298f7096a12cb3

SHA256
46257b1619c08c891fe70a243c21c1b78ca1c8e823c6f669e7785644e12b9cd0

SHA512
6b6da3a446d622bc61ef7a65e33396ee05a2b904b0ad9de8be4b4ffb174325e4657e88efdc0f4816be008fbf062b6a44a198b999560ef3ecd08a306323b685ec

Download Submit
/data/user/0/com.littlebzgzdfj.roomedsign/app_rod/classes.jar

Filesize
167KB

MD5
4cd2e21239c941a37faf6c094ea06ab1

SHA1
0a466358a6351eac5c1e486e037fce2035936334

SHA256
f5a85f1e9007474a5e73fe28d7c22ccfdaba5cea25142da6556f861fd9a106dc

SHA512
468499ea843d56dee3e4ef9ad4dee51aa32a1a67d28046aa41e30c535e9a5815928b9ede4cdf7df48dcf62503281d358d703f89c03916e2f03600eea768df83a

Download Submit
/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar

Filesize
413KB

MD5
b45741dc3d80a05bce1f71efe34581d6

SHA1
72460c771ca6af30ce94120e18e0e910da6f026f

SHA256
3fe2edfbd4f98fe6ec7040f42d356127182bc48210b6313e05de35665cada9f1

SHA512
8876570d220e144d1776e8b836019f0e8f3233670c9c571ecda0306d717aca00054cd3e3a190042f092204609f79fbd580e49383da4e9ca7f8edc4e976fc796d

Download Submit
/data/user/0/com.littlebzgzdfj.roomedsign/files/fqvy.zr.qk.wrlbv.jar

Filesize
413KB

MD5
d6543b836544cf6584641a5f5807ae42

SHA1
f75cbd6a3c79646aa656903ea948b266eddf18b1

SHA256
77eb701cd328b3248e3798d026ab18e3fd128010bb9f8b72d7899e764829dd23

SHA512
189480d392439d5cc72207b1a2b6d14a77b023b2ee7135cb850ef8188360d32343a58608e76a4bd75e0a0a83f6fb5ff07f28660b4a104af77a51e95686bebe09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads