d9b76e67cc1d53dc996f8ab172874ddfb01d12fe11c54ab50c054029e36093fa

Analysis

max time kernel
48s
max time network
129s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-03-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9b76e67cc1d53dc996f8ab172874ddfb01d12fe11c54ab50c054029e36093fa.apk
Size

15.3MB
MD5

7eaf1e5192c5b196cecd210b9dd12be6
SHA1

548432e56885d653e046a202aea28f6f512ab7c2
SHA256

d9b76e67cc1d53dc996f8ab172874ddfb01d12fe11c54ab50c054029e36093fa
SHA512

150182b1e5540c97a466ad302547610275a7f94b9f6b64cc442a7f6bf3f727fda606c25bc7dc03173ba7bc2e54fb5664450c23eb7a36301000af3a36fe239f4e
SSDEEP

393216:++9ud1jzcNPCyQBIeDof4FNo3psCu9NXnCUnDtpps:++BJ6IBf8EG1MUXps

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

System Checks
T1633.001

Processes:

com.vklnpandey.myclass

description ioc process

Accessed system property key: ro.hardware com.vklnpandey.myclass

description	ioc	process
Accessed system property	key: ro.hardware	com.vklnpandey.myclass

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.ext.odex --compiler-filter=quicken --class-loader-context=&com.vklnpandey.myclass/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.dat.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/QUfyDJlaA.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar	4365	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.ext.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar	4321	com.vklnpandey.myclass
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar	4399	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar	4321	com.vklnpandey.myclass
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex	4423	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/QUfyDJlaA.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex	4321	com.vklnpandey.myclass
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar	4321	com.vklnpandey.myclass
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar	4321	com.vklnpandey.myclass
Anonymous-DexFile@0xc80d3000-0xc83eb5bc	4321	com.vklnpandey.myclass

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.vklnpandey.myclass

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.vklnpandey.myclass

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.vklnpandey.myclass

com.vklnpandey.myclass
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4321
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.ext.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4365
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/myclass.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4399
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/x86/QUfyDJlaA.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4423

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar

Filesize
2KB

MD5
4d4ea309da01183bae797c8f28c10c08

SHA1
24316298f9018da10ffbff8591a12f850437d4eb

SHA256
3af2ca74f9171438a0b2387e6afb9589569637455a0553f7d08e40f122f867e4

SHA512
eb000c9c8544d532bf7b7a82bf7687f1ef4e77acd186222f962e0794c46ed6d181b5cdf226f2b010f04b623e5dd78f26262ef05e7edf9d2b49056dd371471745

Download Submit
/data/data/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar

Filesize
2.5MB

MD5
7272c7331328e7e8a785392a3f344145

SHA1
248c269990fea31904cf1fedf8cd43f41e8a1ec2

SHA256
67a6a8b4672845a4d2829a2ef03faafb785b28d6aa661f98d33dfc9e6a0da048

SHA512
06e0c1f73633ce6186321e47e7ca4c9123c42745b34c8b42426d04706a65fdc745b4692d8aac4b44ef4933405a3a5c1e11a5671396b6fe67776d4833ad999eca

Download Submit
/data/data/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/myclass.dat.jar.cur.prof

Filesize
81B

MD5
f22ad04316a955903bea64266c4e2d58

SHA1
318242da811068c93e6c70c3e5d642cb7dddebfe

SHA256
6d4ac4f2046f30d1f3485433ae565330b7bc74d968e2eb7b49020fdbb4bd1588

SHA512
439dad35259f30eb94781a4830573469244e3d4e946fcf41502769f5c3a80796860a846d0efbfabdbf8b2b0c81a725baccd75a41596a49f5f2d9c6815b490be7

Download Submit
/data/data/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/oat/myclass.ext.jar.cur.prof

Filesize
797B

MD5
c97e8f36c13996cc42b9106547a8497a

SHA1
522a7e846d1912ee756d66d9fdfa56593a46a899

SHA256
2f7877ae1a6071f8c2373409f478226c0f048b024b383c86a5f2c67781cd41ed

SHA512
aa81a42aed9da3a63abe2f2ed4c072f655fda08b135535e2facafc2d33bc49d59f9ab72f89d9fe476f0e8d8800187738ba3b2d5d97a2e79f34d7327ed4040a89

Download Submit
/data/data/com.vklnpandey.myclass/databases/a

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.vklnpandey.myclass/databases/a-journal

Filesize
512B

MD5
47d0aec13c1e9377f539a9ec126e87c3

SHA1
901a2afc0e591e6b23821025c37f700173ea7b49

SHA256
9b9096f6ceb4025816628bdb80995f34ccebb75cc5ca2f09d207477c34b3f705

SHA512
664ac4207f4909ee53eebd0e63315485f2c57744a89c3923553a0f49a4d81b2c754ccb0aa01021921f54b856bf250788bb1835f23579bd4b2be0adb1732b3d04

Download Submit
/data/data/com.vklnpandey.myclass/databases/a-wal

Filesize
16KB

MD5
c0fe928544ee10f29744108c96575aeb

SHA1
abd658b1577f9e974f61fe93c0ecbda7a9054f28

SHA256
a9cf5e4648080bc1610f802022e43d032c42361053b70fce73aed1ab86bf1b74

SHA512
d42d6540495f0d6e5566c8d597ce7ea2ff065a6439f8565d5d24306c38412fb76f185c406ed52c7f05ae246fcf565de172220e1059a8645f0bcaabf3c6d9c28b

Download Submit
/data/data/com.vklnpandey.myclass/databases/myclass.db

Filesize
2.6MB

MD5
4a19a1fa388ee700e445e7f80ccc25d8

SHA1
4942fc0e1b1726e5e253b82af007474b2dde05fb

SHA256
2a8020ccb4f847d8fcb9c6451bbf8d238ace61bdcd5d5f59634f9910fcc4651c

SHA512
0cf0af67f838c291ec8ebb368bc504666bd9446d319d07bdfd04d6ef9e6dbb89e5245cdd1516c392901040dc5f782748637d112e02f9c377e20f025563321407

Download Submit
/data/data/com.vklnpandey.myclass/databases/myclass.db-journal

Filesize
1KB

MD5
50dbfd8999ff0fd97ec56885d8c2afe9

SHA1
1c0e4dda3ff62493a0f5ca2974546a694b13efd8

SHA256
86c93d62e0c3e154fcd2b12b67cfa8a5eaab7666344ef8de4506ca89f4fb720e

SHA512
febee626fd9bf02763d47b0eb8a8e8d910fd81e27f2517a91f909ba006733af723ed1715570d205a8971fb400c0a86d98b00760a3e4bb4fb5be872120c2f14b5

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex

Filesize
4KB

MD5
2329ef3ea127b447da6a519740ce1166

SHA1
95287b1a5577242bb9311b89a4d372d6ec3e7a98

SHA256
96a45b42c0d84afdfdef44e4f9b2d180f870b9237ba48253c23fa14f58bcfd6c

SHA512
d52f8554d76a98d73d3ca77d0a45bac5eaa539a7d9739b8f1301f265577c8f872c3e85ba4178d268e548acd29b36d85abe6082669ecfcacfa7d506d8cc93a230

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/QUfyDJlaA.dex

Filesize
4KB

MD5
a9d8c6745b473ac8367d24a3a5f72303

SHA1
0dfcdba848af7939d514e031991f5d1c3392981e

SHA256
8b7958cbf0047ec752f5989d5b436957553df326557e7b7e7dd91382a4f653ae

SHA512
650c3e32d0b63ad7addbfc87e04aadc3c65511fe1a147bc882003916ff24e7f6c74f7f13d4c666d8211e9348ea447c226e9ff2b4cd2cd60e42cabcfee9aafb99

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar

Filesize
6KB

MD5
f7cb24d0811967dc2ca8ed0ef4fb5348

SHA1
8c4ddf0accb72e9e41ada5a8f65fcd42a89a17e8

SHA256
c35fbdf2313108c19d6eb58911ba0b5f13dfb629ef1e1ecbf0f1fbaf865f4970

SHA512
943e5f8c30936675481d8e79b7c486cc0457231c03a5d0126347d1ee07152a0f5523ec779414ecdfcd6c099c9317678b78548ac60b3e1ae40e8aa2b24593cfae

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.dat.jar

Filesize
6KB

MD5
6e505e7299453a446daf11f92351caf2

SHA1
aef1f671fb9d9e21b77b0eb3a8c83125fca99155

SHA256
1b7bd34d2afa188c01295c30fbb1c9d75d44e6594620188d52bd7665b1fe861e

SHA512
854787fa6ce059cccb24ef92e670c9b822bdf61d81c40aad0a47734a7b384edc150be9356f0d0532485bca01d3ad5f388209738759bb24d89ae5851784b84e7e

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar

Filesize
5.4MB

MD5
d1622dcf9df531e66265d961bb6e4b88

SHA1
596eb22a04d81fcabaff14577da6628b111943ec

SHA256
888fcbbd3e2d904a006fd1b86fef1006671653588c322c5d6cea6e3e12e1da90

SHA512
97235f1621fe82190f8f4bab3e0ebb061242ab9b35c17c74381616ae553ee6ed550b454e01f8e93e976d330d3d8347a1504471c98a0ac41e1ecf4ffaf576c345

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar

Filesize
6.3MB

MD5
96b9f9efc15256bbf5a2602c4ef0b80c

SHA1
959136da7369a76dc1d38e2bd6a147f39d43287e

SHA256
8af7b16089160f4d1921fd96d6e032b95001ebff2476d89b55b84f5b31730d3b

SHA512
7341728cc6024781e8133f7c34c0d3c82e59c7edb04c85d8b7ddfc256514cff3444e801c75bad5600d67af37876da7e63c54942d591f4a3bf45afa69dcf67f8e

Download Submit
/data/user/0/com.vklnpandey.myclass/app_nn2ru4c7cpkg38rhvkj4i/myclass.ext.jar

Filesize
6.3MB

MD5
274c567fc28cc4b19f22dad632e6ef2b

SHA1
cadd5d2df98161d0ca13f01d628cd784c9ba9542

SHA256
cbf15515e6bb030cb054ddfb44b55fcd4243fa504c41927a11089db54a3cae1e

SHA512
5358befd36e614b01c3e596bd2daf6841becdac33fbd4a21a0b1016cb3ede92be30ea10a5713e4cd0305a05980c1f3cbc543b0544e59bd628caba4568b43d519

Download Submit
Anonymous-DexFile@0xc80d3000-0xc83eb5bc

Filesize
2.3MB

MD5
10e4026fa94b335478d04f6fa16c897f

SHA1
5d4ee4fb7ac1f1c2982577bc72bc9b384fc840b8

SHA256
f3107533a5809f33de8ede6149f3778d7457ec5d2a9ee7a0d37baaf631536dff

SHA512
0aeb0a5c071d8ddf3cec31aa794d9ab866e6174322f642835df1b0c2f93f260af6661bc376f528e9fc2f02c2401ae32d2d0972bf55b5312c0c077ca8540cd856

Download Submit