d63a834a3187fae69e34c5a85fe147046a1252624b339591fea12f96b4d8d60f

Analysis

max time kernel
149s
max time network
145s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
11/03/2024, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c09bc12ca7b36f922f0e5c5af136a78c.apk
Size

276KB
MD5

c09bc12ca7b36f922f0e5c5af136a78c
SHA1

54751fdbd0da8f2ed1b72d42a22cec84f6815331
SHA256

d63a834a3187fae69e34c5a85fe147046a1252624b339591fea12f96b4d8d60f
SHA512

4bd5a418dbc603c434c12abb49335067210f1628a155833678d40c5aeebfd0e6334fa9853f67d6144cf060aacd8007d3ad77480cbc0424d1c886c9b3677eb34b
SSDEEP

6144:6guKlMUzrxVBLc1YAlaXUI/igAdgzey7FDNaw4IzEsS/ZXBc2UA5fNk:6guYMs7ucdigAdgRlNa/IvcRgEk

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4605	com.lima.bjmfd.wsmfmedwuya

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lima.bjmfd.wsmfmedwuya/app_tfile/fields.jar	4605	com.lima.bjmfd.wsmfmedwuya

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lima.bjmfd.wsmfmedwuya

com.lima.bjmfd.wsmfmedwuya
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4605

com.lima.bjmfd.wsmfmedwuya:RemoteProcess
1⤵
PID:4649

com.lima.bjmfd.wsmfmedwuya:guard
1⤵
PID:4986

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lima.bjmfd.wsmfmedwuya/app_tfile/fields.jar

Filesize
151KB

MD5
07f164db880c1b6691b5c54862e9a3c4

SHA1
6dd9102eff0b0134fb9bbafd0122bfae719565fd

SHA256
2e6db810857d45da5ea6f084812401401f0f7a2bd6e7c3a7a96c7d46995551fe

SHA512
46bec2510d5ed27d54248f32556d2b7969d0e2557f17fe2f1f6f18177e2dbfc42598cfe555d44b38a2bc2480212aec036f4a4df392ca39dafe09a830b03f93f9

Download Submit
/data/user/0/com.lima.bjmfd.wsmfmedwuya/app_tfile/fields.jar

Filesize
306KB

MD5
35926f0158766813027fbfe1ab5b1125

SHA1
8f166af95ff940dc45b933462ee7ffdf30dd5d06

SHA256
47a1ed442aa97ce2a6c313cbd64547cd506b809593745707d3fc9585f6a6c3f4

SHA512
b0fb1d19eedb27b3efda5354ac947db9ec89901d0f5c5b9a64325f2d74f4e11f5330f984bb9a9e5ad1c2d3abcd62e1516d94e7778d273ed5df51993dc9573ba3

Download Submit
/data/user/0/com.lima.bjmfd.wsmfmedwuya/databases/tbcom.lima.bjmfd.wsmfmedwuya

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/com.lima.bjmfd.wsmfmedwuya/databases/tbcom.lima.bjmfd.wsmfmedwuya-journal

Filesize
512B

MD5
50bb6eb6d7ff818049c7d9535e6524ca

SHA1
99e918ef106bdb50373d98e7f3ee002cf1865506

SHA256
c48025d42ca028520c8becffc6e5d4700ba1a706f9861a3113b20bcea0c58e53

SHA512
8917c866ce85b4f603b3978e9c6396794cb6e3ea90e60cc412aa9d18f16b1aa7661d6160f774a607d02743a102157bbbf67e1518d9314a25f81477de27883d71

Download Submit
/data/user/0/com.lima.bjmfd.wsmfmedwuya/databases/tbcom.lima.bjmfd.wsmfmedwuya-journal

Filesize
8KB

MD5
a036b665b3ed155ff1e9446cadf483ec

SHA1
f00cf88b84ab3aa7eeca80ee558db47aea4f2a18

SHA256
3c78da761ae75a2d725803b9b08fcc606ec7da8d68e5c5e797d1f599e2d6c1e1

SHA512
725d025beae798e9d64a9092b3977ffd44ee9e0f04720fe08b2052193bf51b5d7c2ced6f57424da6c3603dae3e2fcba82f6109b31f35a9efe4bf358ea55d06da

Download Submit
/data/user/0/com.lima.bjmfd.wsmfmedwuya/databases/tbcom.lima.bjmfd.wsmfmedwuya-journal

Filesize
8KB

MD5
337490f91f7289ff503230a52aa64a30

SHA1
e6ebd753bde248bfe52aca812baa44874cb53044

SHA256
c7fbaa18a9685d16e0c8680ebfd24bd70f9c45b68973c99c6b7db72a3495b820

SHA512
54fd2772053c1bca81a00aef5e780cc94a82af1adc5b94691a15ac9bf09f84f3ff9b92ee2328905c351166fd2b9d60aebe6e627c2e1e886bcf286a16b2320f3f

Download Submit
/storage/emulated/0/Download/sdsid

Filesize
4B

MD5
b8c37e33defde51cf91e1e03e51657da

SHA1
dd01903921ea24941c26a48f2cec24e0bb0e8cc7

SHA256
fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

SHA512
e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

Download Submit