f3dd273617f38e8a74fce47855b6d17f8ede3030bbc8c8a75bd857d1a865b12b

Analysis

max time kernel
49s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18/03/2024, 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3dd273617f38e8a74fce47855b6d17f8ede3030bbc8c8a75bd857d1a865b12b.apk
Size

10.0MB
MD5

0963df85eede4c791982f9141b6c7a0a
SHA1

0b7dd359ea2461f7d476a863963309988283c037
SHA256

f3dd273617f38e8a74fce47855b6d17f8ede3030bbc8c8a75bd857d1a865b12b
SHA512

c0edcef7157149427eb4781041f6d1d6759ff7f77523cd0aa2afbe35c013de47b00c8aa7b6e82e6e2c3cf90cd1b71c1e8e31013de4b4b078e171e3fcf54f7b8b
SSDEEP

196608:zjzBW8efRNh9CnEKbY3HYNMpeRjO3s+DsC+V0BDQq0xY9lQafusPkTA:zjNWFfRNhcpboYNo3jsC+fi9X2rTA

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar	4494	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/epicpcmonitor.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar	4461	com.jecsham.epicpcmonitor
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar	4524	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/epicpcmonitor.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar	4461	com.jecsham.epicpcmonitor
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex	4548	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/NzZNUBnSG.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex	4461	com.jecsham.epicpcmonitor
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar	4461	com.jecsham.epicpcmonitor
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar	4461	com.jecsham.epicpcmonitor
/data/user/0/com.jecsham.epicpcmonitor/cache/1616432909849.jar	4461	com.jecsham.epicpcmonitor

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jecsham.epicpcmonitor

com.jecsham.epicpcmonitor
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4461
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/epicpcmonitor.ext.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4494
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/epicpcmonitor.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4524
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/x86/NzZNUBnSG.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4548

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex

Filesize
2KB

MD5
a071951ad15d8906c3bc0560fd5a7595

SHA1
285e553262eb694af882700ae899b2f1f61ffe67

SHA256
e9553eef6ad4eceebbd1072de6b69828d3a06c7f72fda6189c95b9082d5914c6

SHA512
dd9e30387d0aee45ca93aebbd8e053724768a23a1d02494268fc4615f6f6f09be9f90a10c61ed617df20e0f9108b548cdcdda4608485113e6a4ecacc9b3e97c5

Download Submit
/data/data/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar

Filesize
3KB

MD5
aa108b16d006c855f85f16630f4aea3d

SHA1
5473c712cb95592b63a0ebf9ab71b27005269102

SHA256
f53e7894eb10eae8bf7d1382d9282fb575babd8983428c37bbdff1aff5fedff3

SHA512
f247319a615cdb118810ce6818debc13d7beb99a43c5974a5409e0d8eaf921a573e426bc7e0e2af4334a561ebc034dcf6d652418359f88148d51a0bf92640a30

Download Submit
/data/data/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar

Filesize
1.2MB

MD5
768cdd34a97462d9522c1f7ed220f671

SHA1
a90533174a5df0f642e3aeb57c61365ba884d4bd

SHA256
1c291b0265e9d0f0966f9189a94c6314b959a026f9edbfa1f012c4a2ba50db88

SHA512
72cabcdbfdd1b49e81d11740f89b7598fbbb2baeaa39b3f43dbfc8d680f3bcf3760c8305d73e652b89e4688c425b33fe58970331aa770cf17928d503f8714f2b

Download Submit
/data/data/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/epicpcmonitor.dat.jar.cur.prof

Filesize
86B

MD5
8eb6ea6f4571c1fdb9918a1f250b2beb

SHA1
66ba796f8c7e703bf2315fe48993dbd36184b4e7

SHA256
eb213e73bd3138c3118436d8999b46c8aeb15294d6cb8bf8007c39b3c03a9bd0

SHA512
d84705da9090f1cc1562411df6b1a066891f2e5f048047daeb9075850b202de35efbc417bb57e29a3f24198aa0328e9249264a085a647943450453990e42e018

Download Submit
/data/data/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/oat/epicpcmonitor.ext.jar.cur.prof

Filesize
869B

MD5
dc2d9915d55bfbe22b3aae94b650e608

SHA1
0e3d54f03429018f81d9d1b5f3125ad115e004b0

SHA256
1a0d96ebfdee44a2702a96d888d1ea819d34eb0bf9370c6d81c96951da140f9c

SHA512
9585b997638cade9d5cce74ebde8abb1f8e31b0d9323c4262437a99c576a3b4ac95132563971fd05bb11c8eddd456b25bc12478a4fc7e92e0ec5a38db3414c84

Download Submit
/data/data/com.jecsham.epicpcmonitor/cache/1616432909849.jar

Filesize
9KB

MD5
2c84bc0c28d4ac333d267f7a152b4039

SHA1
49e67f04004587ae351d5aba4da5f18644746864

SHA256
1eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00

SHA512
44ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/a-journal

Filesize
512B

MD5
3e25e1b5c2155bd70ec494ab5c6ac354

SHA1
167c30ebfc8394ebf1f74fd86a2b039c55141203

SHA256
919adb979a54649c8a20aedba485b84aaa17c698f5583684c8cfec95893f6320

SHA512
8e9164f8091697c022a1f0698fcac34564231ba4b54f1c106d993791291600eb3a8e7283fb45e4eddbcceb8f21185c06028d6607c45df503364c540042444c6f

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/a-wal

Filesize
16KB

MD5
89024a11bff3f39f8ca678d8307c791a

SHA1
95dfe123c58db7ea003747129623c6a040ed794e

SHA256
bba0404f6fce8d4ae375afccf95d0211b54653f68f45a67c928e55d6f09d01d5

SHA512
f197bb4681e496153ceb052eab1ce1f317cce242a07a099aeef96319dac3c5095e5e7d91b73b0602ece606fe67d52bd80a5b52a979d9233671177ed18434979f

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/androidx.work.workdb-journal

Filesize
512B

MD5
32c98eebdd03446227aa0932314e93e9

SHA1
c3ffeb52e40d2cd8f8a1e7b46c4578e1444f3de9

SHA256
e6435ff819d9b13ca7b172ecbfb00b22c7809d9866a7ad2cb586e7901dfa900d

SHA512
e4df9380d91d1107f004d76a047981f3d38ad38daff376bd6a66e85aa4dc35b210ff889c0bb2983d4080cfd5f8073b649c2cef95f8f3e864266491e4d4fe5ee9

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
4e1a5aa670c4519c4b95a6e43393f162

SHA1
e27103e72c6f24b2e647ef559cf17935cc633ed0

SHA256
a24bf2d5daa94b5e74dca98b8b3ba9790be16c7bfc5066abf4cf1bc1b067acd5

SHA512
df237f3463a8c70e091475a12cd83777bfd70c17dc22edfa397c80c337fad46c4eaa8ced1c6d8f2dcc3ab0a237b82b9d49a8729b9da25efa7678ad61cd176746

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
2f2b09fb9dd1bda58623ff1a342aabc3

SHA1
86728ac6cbf9a4bb1981d2d9c912bc8e64b81497

SHA256
cb770c6c42e5219c1c3a0247bcb4ea7d5f0b07422575f64ff6fb434c3fd54a7f

SHA512
8cf573e2130a50ea9d6f7f3548d46fcdb1284bbf5fddc66d899c5f9bb92a55d95d7f9a5143cbaf2f8977e789b3154fc5d5e4e5532804b03e4c0edc22c3a368d8

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/epicpcmonitor.db

Filesize
2.7MB

MD5
cedcccdc95a6a5de0d799587b7945dd9

SHA1
4b06ba9205b02269e6eb2e2843c3b5f68b56bce8

SHA256
21812d286fa59270cf61af0dcb54a60d8a41b34b4664b02389ee3587bac42698

SHA512
9d5b5731ff11f018932aed4d2ca11d9c2c25945a6c144749e2a3b487383081831239b3243afe1346d5828606efc86e2bd7ea0bc9ca49312745bda13c65bffbef

Download Submit
/data/data/com.jecsham.epicpcmonitor/databases/epicpcmonitor.db-journal

Filesize
1KB

MD5
731a7a4cc0ad7a75d6f9fb4136810048

SHA1
0ab86cdc2ed1906225326c51817bb801e6ef1198

SHA256
38f23e1ca202a0b87606b85e023676f79ee7cf1b226c5a91a310019c53cbce47

SHA512
9ac46b4f4571e9fd8d345e0cc959761a62c728dbcaae3fefeb355897c2d4f8d297f5f6567decee5878dc3bf9099a9cf9b9aaf7a54973d2b9516708bd8299df89

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex

Filesize
4KB

MD5
2177f4936cc20111e3ac9774c8cdb476

SHA1
5a84fe23a0a5bea756e69534f5bfc0d6dcb04b02

SHA256
0bc78ea66809890584fd0c46655dbbb1ce22deda441be9cac938d9d00286a985

SHA512
b101f93673e86643f593321a779c5dad1dc338f4777fa1d25d6fc2a10637482fc3c185ef4e841ce89bf4852fc2e2fd9c56218a032f42cc7a70248820b98d6488

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/NzZNUBnSG.dex

Filesize
4KB

MD5
edfe8c3021ee5cda11e4b9444538a95d

SHA1
823901d14634ff1126f20f045114b2e65885a4f9

SHA256
9eb196a5fae8d19c414fe525975a6356925607a25daa6f3d3c9e101399caaa9c

SHA512
f3bd9fc782f608706a161b8c0bd4b33233c1f2903026ba8a9115d9e5a11ea01b41024bf7431d735905e01937ccd80b0f5db0472f9237c411768b64824b43b1ef

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar

Filesize
7KB

MD5
f264b38cd5247d5b14b41125498fb87c

SHA1
943ef62bf36c8afeb5810ee9f4b76a1521a1325f

SHA256
ae27c190b8171e975b8995cfa927fc4d4cc5d3e5b3fa70a53204715cf01281b5

SHA512
21d93347365d3b9a6aca28bd04d89900ba9deeeba7d5c03cd43eef4ec23cf35f15d74e03acdbe692121aa2f469dbc53c8ba3c96bab3a5b69cf682ec7e3459d0e

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.dat.jar

Filesize
7KB

MD5
2fb71d167479e4d835f26b7688575f75

SHA1
f80989f3f9e4b1f7f7c37d3a3aa37f86c6493b9c

SHA256
c84be8ef2e879ddb332bfbc17dd4c18115050744fa3ececb0e24bf16f18295f0

SHA512
4186f16d953101affcf9ef73e3e79db446781924264fb0a3f7fd7c446db2a37c2f40cd81532835338add73fd21c1d724960b1b9934a4c17397ee2e351543b2e5

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar

Filesize
6.3MB

MD5
218b803dd878fe917f8f5cd5844fd7d8

SHA1
5a6b14f0f2cbd6879734c3e1ed12f33c034cdc9c

SHA256
65fad3c2c0ba79bd822b4da1355c7d10714f85416ee50dbc05e4c4e627ba9287

SHA512
688cae8c244755ff51ea06c1b6a0c10684c686cd2df2d1243f6e627e11ea72f094013a8d2a569b50aa1821a6195c346a0d2ffc0837d89b4e070287ae00f8bcd5

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/app_g5h4dzy48vclswxqd7vi/epicpcmonitor.ext.jar

Filesize
6.3MB

MD5
4700dc65aa73f88047f215b0b758aba7

SHA1
838c34eb163aa637af115ad36c20f1d0be51144b

SHA256
366b16f601ca551f6ba2923e666524543a70046499042de9004f8ff2437cc292

SHA512
602c094f90fdb9d927392b350dca7615d032ef9cf76cd03c6b91a509a441acba42032a5fc90f3fadb54693328e71c2137d7ca2318dbf2c5464f0acf1492f688e

Download Submit
/data/user/0/com.jecsham.epicpcmonitor/cache/1616432909849.jar

Filesize
21KB

MD5
86ce3683020b3f28f4110aac9c769ff7

SHA1
876e0686440524927639a4797b2f13b12a26ce4a

SHA256
be852340e03b169a28811d1ff41582d19638d9fc0540f237ecb960c45bd07071

SHA512
04d03a9963ba49adf5d0d26a21b57e85e21416fcc3d479ce7522149d45f5ab630ff78e590e724695fe29850b08b4dccfa5051daf5d4e4afd9384f7183f887ddc

Download Submit