hydra | 20f45f1e7206b07876501aa829adae3e54b3620e733e7b8fee04c448078143b6

Analysis

max time kernel
149s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
27-01-2024 01:55

Target

78fa950df8e85e4866fbd9536567d1cd.apk
Size

3.0MB
MD5

78fa950df8e85e4866fbd9536567d1cd
SHA1

b456d8806dbd21342773f73f120e64f7b0f3f8f7
SHA256

20f45f1e7206b07876501aa829adae3e54b3620e733e7b8fee04c448078143b6
SHA512

606821bd1afcaf6e7179881b6198f24619fd84efb9bf5e2e3d68b47b4510832c12af279993bac0c9f33c080767b62dd9742946be1ecb80c5d6802c67298c1658
SSDEEP

49152:GfieXW1WFm4lnNQ/ZQ7TRcBALMcdg6Y4bAQNFZtqUJS8Zwz5f8Qo+pa:GqeX7k47QQRcDcGN8Z6hk+g

Score

10^/10

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.uewmuueh.nxoqdhf
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.uewmuueh.nxoqdhf

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip	4301	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip	4273	com.uewmuueh.nxoqdhf

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	ip-api.com

com.uewmuueh.nxoqdhf
1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
PID:4273
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4301

/data/data/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/tmp-base.apk.classes7718847865366347809.zip

Filesize
378KB

MD5
cdd7e39ed775c03d17b3fec49d243995

SHA1
beb25b50fbb587a74b45c9f95ce65f20ebcae561

SHA256
f5e3bf27c32b644484c90bf98aa2d021fee0db4eb95c3a82328d4131dfa76afd

SHA512
6af3bdd507fc6299b287a992ebb319ff9bfe04aba56fe24f94229bafbc8d1857753488e4d6c58e0eb0d171dde4f871468725c914f3f764fa9f80580fa2d908df

Download Submit
/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
902KB

MD5
72f2039b9d011c02be4127796d640205

SHA1
6b6112d6a1ffaa62e66cad5213125d3c380c3e57

SHA256
8721defb159162d4e5d6150c22ba76ca90430b16f38fcdae29cdc0c4fb535192

SHA512
54abe0e49458377c8bc378aaf5d42e5c3e012628a70cea88c75c588392ea427992ce3dee7342d59b3bea945be1d2dec6f4c08b4bbbbcc7e03d8fa97fbfd69224

Download Submit
/data/user/0/com.uewmuueh.nxoqdhf/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
902KB

MD5
c30f5cf8797591adaa12e33d23b17745

SHA1
52177eb77f30a0bd94658ecf21ae0e92cdd8a76e

SHA256
0294835eb8c9afe8e918fbed035f45bc9d5e4111c943a62af13eafc45e64db0e

SHA512
35054ee3122cb39ec924d5a1acd2411d9429fb51be10f75d37da3a38ce97928501f3ed3ba12fe74bea2a152d1b9071317ff5f9e99f325faedaa120cbaed878a3

Download Submit