Overview

overview

10

Static

static

6

com.great.calm.apk

android-11-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    141s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    29-01-2024 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.great.calm.apk

  • Size

    2.2MB

  • MD5

    8ce057ff57478e98c0e246355ccd27db

  • SHA1

    1d3cc636883c72d45e8f336344bdea97ec8d91d1

  • SHA256

    9ce2ad40f3998860ca1ab21d97ea7346bf9d26ff867fc69c4d005c477c67a899

  • SHA512

    5fd1345c3d605859bc56cf4cf7088712b63d929a3d576e99a88406eaa3387e4a996361c3bcc78275650609ad967636b7042fa42c244b183da96a0e7cfff78a1f

  • SSDEEP

    49152:grrgUCuMhTKb+/CZFLqtBOU3t95tnUAqkp3IQRRiEKfaFEjI:uTOKb+qXmBOuPUAqkpIQDGsEjI

Score
10/10
xenomorphbankerevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

xenomorph

C2

dedeperesere.xyz

vldeolan.com

cofi.hk

Extracted

Family

xenomorph

AES_key
AES_key

Signatures

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

    bankertrojaninfostealerxenomorph
  • Xenomorph v3 payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.great.calm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.great.calm/app_DynamicOptDex/hDpdaxQ.json
    Filesize

    934KB

    MD5

    637d3020a6e8d9aa114d51e7939fe6a0

    SHA1

    7e172dabca14040635c9118920942805ddfc964a

    SHA256

    cc3c058fd60da1fd0c3c8f0e58fecd355eef4ecc1d138fe8c6b9da8920cf9797

    SHA512

    e426c769af5af742f4b6f2f0f1dce4df0543d55fa8652759417c850943c750e90ea4033a7ce5ebd1063779238c4961a82840f3074b00f7d62e7bcf9978b91e2b

    Download Submit

  • /data/data/com.great.calm/app_DynamicOptDex/hDpdaxQ.json
    Filesize

    934KB

    MD5

    13c26e4a46edc658f323eb5979a67123

    SHA1

    c0f7ee80aa681547772272eab1e0fa2c74b78096

    SHA256

    e70c20e42897de68174d9906dc3baeb73f3849689730735c7bcaa31a2a575847

    SHA512

    1743ad6e0397b948920b663421bc878bc9de26f844cb2ddc823ba6e324a8cbafaf3561b2a1ff870c3382f7a0df4ae1b9af250fa8c8ef7cf8346f2e8f2e49f7b8

    Download Submit

  • /data/data/com.great.calm/app_DynamicOptDex/oat/hDpdaxQ.json.cur.prof
    Filesize

    2KB

    MD5

    6339e0be90770cf567636cc3a7fdb08b

    SHA1

    23f59e7cbb88dee7bcae39ca7c09173052fcfb2f

    SHA256

    8a69731d03d6c69c907ebae3e30ab6ffeddfb92014c4373c27e995e214ba70ab

    SHA512

    47fec329da6a2d85a0d3baec19a9adeb40282d68eb08fa40ead941d4912afc993ec40c2df58ba5263a846a092aa16e5af89085d6cd1606cd08e4efd730273de8

    Download Submit

  • /data/user/0/com.great.calm/app_DynamicOptDex/hDpdaxQ.json
    Filesize

    2.6MB

    MD5

    033e4993902fa453fc96b86248ea7ae7

    SHA1

    efb980435f0b7de14861fef21e4c09434b519c4d

    SHA256

    b28162d529728bf31f7dac4eadf40825a0ea1e5e6039e9b521d5906280c29196

    SHA512

    fe27307d7401dbc3881b3f7aec18b228ea48285d3f8fa8ffab51b29a51a8eba91d677ebf7bdd9b44ece60c9f87a36604272ff98ff8c25102cb162f49f61aaca3

    Download Submit