ff3575d76dce8546c743408c8d7600f8ef2ba5830064b90db3b7a178d2be1dbe

Analysis

max time kernel
158s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
24-02-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0bb27b3b4bdcd59cbec40916718a82b.apk
Size

2.6MB
MD5

a0bb27b3b4bdcd59cbec40916718a82b
SHA1

092734c5bf464de2b1be33d6631be2f73146c8da
SHA256

ff3575d76dce8546c743408c8d7600f8ef2ba5830064b90db3b7a178d2be1dbe
SHA512

70d3911ed6ddeb1c62eae652b2b3173e0f64ba7e3668fddeb683482bc9364ec0e234b7ed4c8ed7e0c0fee64dc205e6d0a5dfcfa4a7135534ebc1d4b1a48ed5bb
SSDEEP

49152:VYAhAKzFMoyYCLokMeHrbGXE6VgxrkEBRyugMygtyMxrUhGMJt+p29C0DWAl:gyy0CSeHQG3uMygtzUhGMRUW

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/.push/.app/source.apk	4431	com.zxfh.folvmefx.ilepwej
/storage/emulated/0/.secur/.app/framework.apk	4431	com.zxfh.folvmefx.ilepwej
/storage/emulated/0/.secur/.app/framework.apk	4490	com.zxfh.folvmefx.ilepwej:remote
/storage/emulated/0/.cache/.app/.lib.apk	4431	com.zxfh.folvmefx.ilepwej
/storage/emulated/0/.secur/.app/framework.apk	4490	com.zxfh.folvmefx.ilepwej:remote
/storage/emulated/0/.market/.app/.mini.apk	4431	com.zxfh.folvmefx.ilepwej

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zxfh.folvmefx.ilepwej:remote
Framework API call	javax.crypto.Cipher.doFinal	com.zxfh.folvmefx.ilepwej

com.zxfh.folvmefx.ilepwej
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4431

com.zxfh.folvmefx.ilepwej:remote
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4490

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zxfh.folvmefx.ilepwej/cache/AnalyzeCache/1126940025

Filesize
981B

MD5
73ea77f8f0932f1ad907bfd87423c7a5

SHA1
87c58c3436dfb3cb138517a52111da1ccd7be905

SHA256
f9d5cf86c7d4e54916310cc602144e28368caada456442ec0133eaa8f9e92eff

SHA512
c6a218747ce728e81776963f02a11e455d8d8e143ecb179d6e91b4467bf8f8cde8ec5df8e30cb554efa95e9a8f3fa36f3a81e4f755af2bde9751e80b36e7775d

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/cache/AnalyzeCache/1126940025

Filesize
646B

MD5
7d25bd3ff27e8fd230f41cbc9f98f63a

SHA1
f5727399c36ac51effbb2f5027e5ea18c7bab2c2

SHA256
bce72dc15409eb168c3b02b8a3008210a956140a0d32085c1f610d8700824e7d

SHA512
b0e78aac64d7119cb64e8f391057f1588172b1aad4e7297415caec4ea02f6e76df2ed1b855c788a1837278d93f79106e5b863a079d9317f52ee72b566a4c77c1

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/cache/AnalyzeCache/926934164

Filesize
1KB

MD5
6fd116057f9294a47d22da6461cfa496

SHA1
52c2093a0f9ae900e85b5bc235752f60c18bda92

SHA256
9273a988ee8e66a3073fbf62018c567440a49b48f7e60c8107a346cce977aa88

SHA512
99623c871440544638843f794d0a6db75920397447004d6ec443dadb5308c1b5013150e9af6b84718235505f595edf6eccc44701e6a51b84b055219c5c0a8473

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/cache/AnalyzeCache/926934164

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/cache/CommandCache/a563ea0456a5a99179a6ee0875395ba4

Filesize
981B

MD5
f9092c6f7782a881a8c07cd48cae748f

SHA1
838530ea6ea2b0cfe2db3789d046b5b286c5932f

SHA256
2b13788e2f79df6b9b5d87736bb56525287db484086a58a49e40f1694b6b0c94

SHA512
b68d1a53b7ede05e6255f600563894676f2b5eb00e38280b039f1b38c189b4ec98ef76b863193869d98c9f4134cdb576bf5b4c8fad6d8fbc4694abc809bff28b

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/files/installation

Filesize
1KB

MD5
c30d8c00c657691ad8827e26a9b8f6ff

SHA1
ecf4e02ff570c15aaa697acfa9a974f409f54be2

SHA256
03f69beb006256188d73363c9c3d05edd0e28d46d9f3ecbc26bfdda0824cf55a

SHA512
65a3ce77926e5cbf70dbf4787bfa07c8f6690b420f7c075ca8c49e4ad346aa897c109f217ddf1f80ee47a2bcc333c8aa0d91cdfca39f8b72f6c01c8804ce5b71

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/files/installation

Filesize
1KB

MD5
8ac622f7fd06dfb1477e0352f04f852d

SHA1
c0eab02f9313adc98db1f2d633633972a8fcaa68

SHA256
630073590f09ea8a1178ec45487d756eb89592ef9e78e5bb7939478e9847b254

SHA512
d8cdf76219dfb1c80fe74ff5a67ba70f59b7d4874fafc529500f6879997113b28bdc1182846f3cfd8095602db71286fa0470f9cca39c1c006440d8c22dfaaceb

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/files/installation

Filesize
1KB

MD5
00b22e16d2ad2aa47f87b18b19dbea5b

SHA1
14a5826db689db728157d980597c72ebab57f6f0

SHA256
fb13cf6576297dd3f3e558f61f1584545ccef132b05f82604ca333c93f34a7b4

SHA512
76acc83b7848287634e888c7233f548e5acfb221834666e51dec1ba7dd566faba6487511ab2707c423ce9973d9dbde3e85e21d17d636c6a0d911e585c8865a57

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/files/installation

Filesize
1KB

MD5
eca2579d272d44625d69b11ae12bafc2

SHA1
3769fd410e1b7aff13b0740ee9d35f880b608f04

SHA256
21cf0fc5e2bd668d0bcd49810502f02cf3aa106981afde14e43921e91724dd36

SHA512
aeb27288d3149299d7601af18ed3c24a7a0f867ea0b9cf9afc4ef7f77e4f43b9cde1cc4bdb260143bd79f1ccb132ef7e68e25023d700d6333966652c75c8c3cd

Download Submit
/data/user/0/com.zxfh.folvmefx.ilepwej/files/installation

Filesize
1KB

MD5
f60503a12a2346b9234b4e25f46d8a85

SHA1
742711c4624169092b4da8720f011817ee4ed2fa

SHA256
8febd2a7dbf51582395e6f6d2584ab72ba9e49a06717753b88fd92b23c076b36

SHA512
cc88e5fedfbda286ad106b0eafc9d1857c389ed6421f42d3ec05a7d39a5ce280f678e20be74712843c31e263deacbb58834aca8b4a83e6a4281b1177a9472f67

Download Submit
/storage/emulated/0/.cache/.app/.lib.apk

Filesize
211KB

MD5
867fdaf5ce097313d6ba1a6660de9f4e

SHA1
53abe67c29b3fe092fbd9bcbdc2fcb8455f6844e

SHA256
7cb6212340168a608cb0c0519148aa176e071202642bea14079c6889a1d347ad

SHA512
70bf57e11e42fdd7ee277e51f1a5962ab64aa6c196ffb12118f74f16ea34908f38d48ea52c61c7cdcdcd78724007fd37db7cd90382c418604c46c754dc922482

Download Submit
/storage/emulated/0/.cache/.app/.lib.apk

Filesize
97KB

MD5
e712e854cd4824b463eb1fd05cc497e1

SHA1
0b7d050bfc2341f9e6a14a5aab325efc16525875

SHA256
376c780d87fd786530fe4a44e01c24e968a6998c2f178da6dfea894772311916

SHA512
0cd135614c5a4996d59862441b21ef3b1673047e85576289fc2473156648379cb505f01dc1a4aca12feeb8f784e53c10b26c720f3eefce9869234379e3162713

Download Submit
/storage/emulated/0/.market/.app/.mini.apk

Filesize
78KB

MD5
fe701b18e66d038a5f8f026bae81dc8e

SHA1
0cf005d580fed923c442a7baf6f5022fa5c936fc

SHA256
ea7a779fc423f70ed5159bba447af8a7c335faf1b0c1c071c4f015dfab814d04

SHA512
0f9eb011b8c99e89b4739c52ae26bc0d9b53ba0a032213e73db62f8121143732cc1ffdf1dc2fecb547e60b3c8ac98b3a72771cbc81e133dc05200b2e0dec8bae

Download Submit
/storage/emulated/0/.push/.app/source.apk

Filesize
197KB

MD5
bcdda60dc329384687cb98f76118cb27

SHA1
ba99b996524c7bc690e86bbb859b535c1555bc57

SHA256
39abf9aad0f60d122c02835c9c1377c0e340a98c59651465f5fbffab665de0e2

SHA512
0b9ac4ef14021aba05e476771257ff5c6dbad1a210c2376f6143f58c2507b5ceaade91f18725ff5db03d06c47cdcc375d014d358d67193b47599d5d224e2cd62

Download Submit
/storage/emulated/0/.push/.app/source.apk

Filesize
91KB

MD5
90745bc24c7702fb15c78901c44a617c

SHA1
00404a163a4577902b5ff43397205f3810da9a81

SHA256
b12f74fda48c46cac0d09dd7bc85d8440066d4a384161b7cdd1ab5be741304ef

SHA512
c421ba8beb93b0780776686709eb756525a217c11252237627161a298464994c205920633ed3eff8bb46bccfa47850b942792fb92eb8e8ddb7fe6ea1ac5618e9

Download Submit
/storage/emulated/0/.secur/.app/framework.apk

Filesize
84KB

MD5
323bf238ed72115007fdfa8a5646dbb7

SHA1
5bdbe1040f01cc1438d53d70f910e65f7ab233dd

SHA256
9144bb31461cddb8888f09c2b641530c9a80da3f7aa9a0c088cac953aa429d46

SHA512
906154185f73e2e560e4fba1d20a1fba1347335f3a269479b3ef84a5dfdc0b4feed343f015f7cc89678b46c76d3d30c55ca6dc7929857090c5efb70d3f7d580d

Download Submit
/storage/emulated/0/.secur/.app/framework.apk

Filesize
92KB

MD5
9f7e2565b4e7205c6aba3adb542ea389

SHA1
898ccde7a4c941046a005c5b6dd3584209bf9922

SHA256
31aff9c0470317f333a3dc2a6effe4bef1453ff47b28cbc4c10dd2ec8a29d1fd

SHA512
9fdc7e48c96eaff2f4ed629cd04a500d3e5ec9451b332e3d1a96cf8c3a6df2f30965035fc260fc725bf90caaca71935e30662ac9a0394e0c5f7ddd9a10979546

Download Submit