Malware Analysis Report

2025-01-19 05:36

Sample ID 240320-wcy73sfd8s
Target d96d47ccb83aef29d08c33bd992b4693
SHA256 09da368ac2635269bc5e17224836c4a0d8d987e1b91e817536a49ad1f31a86d2
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

09da368ac2635269bc5e17224836c4a0d8d987e1b91e817536a49ad1f31a86d2

Threat Level: Likely malicious

The file d96d47ccb83aef29d08c33bd992b4693 was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-20 17:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-20 17:47

Reported

2024-03-20 17:49

Platform

android-x86-arm-20240221-en

Max time kernel

148s

Max time network

156s

Command Line

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex N/A N/A
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar N/A N/A

Processes

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 qqq.prostolok.com udp
US 1.1.1.1:53 api.oursupersk.com udp
PL 51.75.52.77:80 qqq.prostolok.com tcp
NL 213.196.46.117:80 api.oursupersk.com tcp
US 1.1.1.1:53 cdn.oursupersk.com udp
NL 51.15.108.42:80 cdn.oursupersk.com tcp
US 1.1.1.1:53 coffeefeedscf.b-cdn.net udp
NL 23.111.83.188:80 23.111.83.188 tcp
US 1.1.1.1:53 coffeefeedscf.b-cdn.net udp
FR 185.93.2.251:80 coffeefeedscf.b-cdn.net tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
NL 23.111.83.188:80 23.111.83.188 tcp
NL 23.111.83.188:80 23.111.83.188 tcp
NL 23.111.83.188:80 23.111.83.188 tcp

Files

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 f9eacee927a9ead20224a8dd54178b4c
SHA1 ed9527a1cef184060eee221fb8d6e499585e3210
SHA256 1b87b24cbb580f2c11f713abff10341371bd58c1b764fd1140d59b8034f58789
SHA512 67a3e424e2127656c04e4324539c8ffae59100a6f7683f7e9672217384461e6527c82e002f108a18f850a9887e03b1d2cb297fc65c7ce9c51c09fa7ac3b9f2f4

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 0c6f15c63dea16fc17f949544665d34d
SHA1 fa18ed4539ea8e0416f74a93774a29d2406d2634
SHA256 41b88da40dc465ebebdbf7e4b56b83539c73c2d10972adce6373e3a688454b01
SHA512 8a572e2bbc2ef902e3b609ac704d5b12d729350f52223109c422097a8d36650a31f77aa069f62d1749645c221a0490d28005ea6d7d5c822eafbe2fc87dda6292

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/a

MD5 349c7c568c93a379e6986707cbf4a0a0
SHA1 aa32955d091bef94143159a6bd28a7d8a6d570b4
SHA256 f172d9c25e6b0edabebaf97594b973dbe95fec1ce4f634f616b18287296cd28f
SHA512 721418e0d1f5ce45b79b7990308a0c22f911e037790a32f186caaebbfc166d1b2abdc57b65717be847d0fef81c2096bb2ed3a2df393dca97be949182afedd9e2

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 510dbf0530c63de071e4c9d9a1ac3552
SHA1 5c5809bfc9b9687c82364d29544d466dc4c9effa
SHA256 9707bf2b6f04eef5a91bcd5bcdd41fc5866d27ef0b0de27b1c3bc61018fd86b0
SHA512 b5121b8afc8d6c358cdba1301d8fc0eb3210a128874c17e17b133146b9dc81e3bc1a1e9e6f35b113b42890be75f8a07782b16a48df284b8a326cb34bb8c83538

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 1ef0c29c4b7a0a03d7507c6d3a621100
SHA1 bfdde2a3f41479d1ef453c2b85f173e8004f9f5e
SHA256 30227e73eb4fbc487954428c1f0ab031757902472796753d53a4809341107bcc
SHA512 67d101ae7b1a50f5637277e97f30cd9b1a149069757dcae836946a28dc6fbcd47e78d57d5fe19f5ec1c85b52fb9aa8735a8e917469794a0ac9c2ca002502e231

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/a

MD5 04fd3454c99fff67f380a222fa8eabec
SHA1 7b3c787419de3f53018b8959eee950f2c970c696
SHA256 e58348756e5b80120053cb81adc35908a302cbcbb9e94f3e5c253e67888bff56
SHA512 8e8f3123cba96210ddf673ea1d3530314a08d693542c39d1474edf725b0ac22a1783bb34e13ebe838632793f3a540c111f235e8201c4ad3d57bc8c2d8399c1e1

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 a47ad9ecd017ece04359cd2bbe573601
SHA1 b17a275c11874f5caf5e1a389660a2244fff79e7
SHA256 6ae7c6f5d5f7fc44d7342e729f927eabee4b9b69ac2421d188cf28b7ae40cbc5
SHA512 960359173e38e162dcb3aa055f574e2666da4987f75ebfebad96b9784f47d188be5d3686b81eb2808a2b8322d6c80f72cc3ab8e48b541edf7d999803fa999c2f

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 8272d44e237112601da097cce95e9f13
SHA1 443e926f7e91f4f351efc4f5f928e18e572d8bc2
SHA256 ff6ff668337c1eb6a1e62300a08461e3c780295cb40fe93122fa91ca48ad33da
SHA512 e982bc1e5ec1a02a91f2af9b8929dd1bf790c30316708b00dfb5293cf96bdcfe8ef1f1c560338baec6f32e3b294a636831bcbe9daaab67d5ad98eacf4ebe25ed

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 0f5d87bc0a27114e56a868543b1efb75
SHA1 38740d364598245646441f6f91941b1325b60111
SHA256 a378d222e9dfdee42570e87ccdd8489bb53d25e42584c3c56ccd40438e15b6ab
SHA512 2295d1d47a38a434e56d807098bfe298319fec0bc6567d9b845dcf664e7593720d6e57d7e223fd679353a0db6ca0439ad4934b703c8217769f0db4e1304c8744

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-20 17:47

Reported

2024-03-20 17:50

Platform

android-x64-20240221-en

Max time kernel

155s

Max time network

167s

Command Line

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex N/A N/A
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar N/A N/A

Processes

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 qqq.prostolok.com udp
US 1.1.1.1:53 api.oursupersk.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
NL 213.196.46.117:80 api.oursupersk.com tcp
PL 51.75.52.77:80 qqq.prostolok.com tcp
US 1.1.1.1:53 cdn.oursupersk.com udp
FR 188.165.73.51:80 cdn.oursupersk.com tcp
NL 23.111.83.188:80 23.111.83.188 tcp
US 1.1.1.1:53 cdn.coffeefeedscf.com udp
US 104.21.91.5:80 cdn.coffeefeedscf.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
NL 23.111.83.188:80 23.111.83.188 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
NL 23.111.83.188:80 23.111.83.188 tcp
GB 172.217.169.78:443 tcp
GB 142.250.200.34:443 tcp
NL 23.111.83.188:80 23.111.83.188 tcp
NL 23.111.83.188:80 23.111.83.188 tcp
NL 23.111.83.188:80 23.111.83.188 tcp

Files

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 f9eacee927a9ead20224a8dd54178b4c
SHA1 ed9527a1cef184060eee221fb8d6e499585e3210
SHA256 1b87b24cbb580f2c11f713abff10341371bd58c1b764fd1140d59b8034f58789
SHA512 67a3e424e2127656c04e4324539c8ffae59100a6f7683f7e9672217384461e6527c82e002f108a18f850a9887e03b1d2cb297fc65c7ce9c51c09fa7ac3b9f2f4

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 0c6f15c63dea16fc17f949544665d34d
SHA1 fa18ed4539ea8e0416f74a93774a29d2406d2634
SHA256 41b88da40dc465ebebdbf7e4b56b83539c73c2d10972adce6373e3a688454b01
SHA512 8a572e2bbc2ef902e3b609ac704d5b12d729350f52223109c422097a8d36650a31f77aa069f62d1749645c221a0490d28005ea6d7d5c822eafbe2fc87dda6292

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/a

MD5 f850e72e8d4039dff52dda9b0e5bcbdb
SHA1 7ba2b640f7ae82fae375716fd2d25fafe292b746
SHA256 aaab2487f78f85308ec5451e6438cf7234dbec847702a7d5dcf14c73325ce179
SHA512 583aa413b65e31c974341f483601e21cd2a99c7d8dc1ebea407362cf26c8be60dfa7752c126469dfe2cd7fe14b0dcd9840d97140e261603547c539258b3782be

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 747b4bc59241983b442c5ce06e47dc80
SHA1 62d3a1e26266ad24a3a29d0bf36a2d65ca33f6c0
SHA256 6858b22676e58008bb1f1ffc81599f1c4e47dbb217bfef2b40297584a29f47bb
SHA512 92454b5c67c8527d01975c2a14c26bf7de112b2868a2eddeaf8636f719b2c3275fe037cacebc3e3506787ce20591fe33ff8ac93bc7db4ec9abb8f94d5b91ad26

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 3199cd50c5c6987acc508b3495517dbc
SHA1 919e78ec4fe132e82953bef4f680c0f855031465
SHA256 a99d7b3d2c3f04956116efb955739ecb80e8499c2bff227629bde6b4b6357cd4
SHA512 9e9b3cf4a56407ca754aafbb2fef7d5a9603d78288e0439df632b1383c51c922035e8823830af8713ce4c986c2e1427e551a0809a29b823f061fd6406d2bc09f

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/a

MD5 6e79cced5aaf7d6a823170fc63e21773
SHA1 9633672de5540b98167c9558407fcaeb2e37a593
SHA256 1366d88fb2149e3a45da447af7e964d624108e0eff287ad7638c5fd32e69f01e
SHA512 470441bb7c8c68c9f36301dff50459e4e72c9aed686d34343695b0fcb1bf9532f9bbe29be8d10a3ead9038bb5e3d9d09c57b05c52de8371c162fcd31c17a6f40

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 a587346ff7f724aa1ca8c0bfee8c0179
SHA1 78e1a5a263175419c846acf5d93b435e10fdfb87
SHA256 6eeec193225a235f764d7b8680bb0ba1b15f0a020ee9727f2c5e88b942ef471a
SHA512 3abc03ea5ed09b1f1571dcf5d0d867cb3defd20d3ace77dac34ab7dbb8a73b3b73e748757619fda86a506077d4168503eb2a8843a5f29147dcb0712311e1d79b

/data/data/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 870f1da1b3cd3a4559bf2c2099a278f7
SHA1 2ea6d3a082bd28d88627de817642dbf55e46f854
SHA256 d0a03ecd7adf89beab8e771bf8357e1666abb2ef176c49623c42dea00a3bd3f1
SHA512 f7b8cf48dacdca74037198c994c35955a0e11345930323b33470684eaef92be4208d16c9ac1dd78916956deeb2a784cd13927275bd385cf4238f09142e5271cd

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 0f5d87bc0a27114e56a868543b1efb75
SHA1 38740d364598245646441f6f91941b1325b60111
SHA256 a378d222e9dfdee42570e87ccdd8489bb53d25e42584c3c56ccd40438e15b6ab
SHA512 2295d1d47a38a434e56d807098bfe298319fec0bc6567d9b845dcf664e7593720d6e57d7e223fd679353a0db6ca0439ad4934b703c8217769f0db4e1304c8744

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-20 17:47

Reported

2024-03-20 17:50

Platform

android-x64-arm64-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex N/A N/A
N/A /data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar N/A N/A

Processes

lakshmidevi.lakshmimata.laxmidoorlockscreen6

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 udp
GB 142.250.200.46:443 udp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp
US 1.1.1.1:53 api.oursupersk.com udp
US 1.1.1.1:53 qqq.prostolok.com udp
NL 213.196.46.116:80 api.oursupersk.com tcp
DE 89.163.144.80:80 qqq.prostolok.com tcp
US 1.1.1.1:53 cdn.oursupersk.com udp
NL 51.15.108.42:80 cdn.oursupersk.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 coffeefeedscf.b-cdn.net udp
FR 185.93.2.246:80 coffeefeedscf.b-cdn.net tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 d66e3d890d009f5aaeabfee1b9b132df
SHA1 75dfddb3dee77082b34968624151a9a10da9d41c
SHA256 86a5467d729778e417f0878869589f9612e912072c71a687e2df0610e6cbcd89
SHA512 9a2f82f1a7cd1fe38b68226a03e8b65a10615a422db5c42dad260f410cf8477b8b9537a7bbadfb21027295ab8444c1b0964cd2693ea01890e336220e6ebf2cf0

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/ses.dex

MD5 0c6f15c63dea16fc17f949544665d34d
SHA1 fa18ed4539ea8e0416f74a93774a29d2406d2634
SHA256 41b88da40dc465ebebdbf7e4b56b83539c73c2d10972adce6373e3a688454b01
SHA512 8a572e2bbc2ef902e3b609ac704d5b12d729350f52223109c422097a8d36650a31f77aa069f62d1749645c221a0490d28005ea6d7d5c822eafbe2fc87dda6292

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/a

MD5 1b410565fc73c12e42bf4af62c6ac492
SHA1 d553569ec1345f94e75af4edf5671b03067cadb3
SHA256 f32fedb9cf3c19f14117d2d8563111d209f2a2c481aefb9bf1566080794aefad
SHA512 1820c38d0112b294b3658ce6d6f6e4efe41518a4cfa451255f52ce3efcac9f2f54e8b0e5324e6d7b0ac60d871f2169c75b37dc10e7e2c0ebc1a784dc9430155b

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 c2703be289b1b24f65df9b4c7362c7d1
SHA1 4b43e098ac2b472d8d5f9d05ace33455ae03cc1e
SHA256 112de3bf7ca296bd7a0f2b65fbb7c359729956e688f96eec541deb50866a37e0
SHA512 bfaf1e7041e66348482fc271b84aa08d8df3c4e49fd555ddf95751716fb9079f6384634724ae491fa5822a5ece4eef305d34cba982cdefe457a797a6ecdd2ff9

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 33084e973eae4ee89a96f154feee33f2
SHA1 05a0c70ec3e6fc93ba0cb839a2eb0fc4a819748a
SHA256 f15e4910b8cd82f8d2772eec3fe5eddfe5e3255fa27141e84d31cdc87b655f17
SHA512 c261a98a235db679b42d2a30af2e7db9cf551a1596d8e2b117319baaaf286f9560329d649195f1a72df6e6bd3f0fc1defff1b00a3a58170859cbbb7f7060a4bc

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 8272d44e237112601da097cce95e9f13
SHA1 443e926f7e91f4f351efc4f5f928e18e572d8bc2
SHA256 ff6ff668337c1eb6a1e62300a08461e3c780295cb40fe93122fa91ca48ad33da
SHA512 e982bc1e5ec1a02a91f2af9b8929dd1bf790c30316708b00dfb5293cf96bdcfe8ef1f1c560338baec6f32e3b294a636831bcbe9daaab67d5ad98eacf4ebe25ed

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/app_extra/kickasshawking41.jar

MD5 0f5d87bc0a27114e56a868543b1efb75
SHA1 38740d364598245646441f6f91941b1325b60111
SHA256 a378d222e9dfdee42570e87ccdd8489bb53d25e42584c3c56ccd40438e15b6ab
SHA512 2295d1d47a38a434e56d807098bfe298319fec0bc6567d9b845dcf664e7593720d6e57d7e223fd679353a0db6ca0439ad4934b703c8217769f0db4e1304c8744

/data/user/0/lakshmidevi.lakshmimata.laxmidoorlockscreen6/files/b

MD5 e72f73ee41dbf5684aa14834901345fb
SHA1 f1a1cff9ffeeae6e94ea5d9321af0e05a9b2764c
SHA256 6d953f61445ade782dd00349b5125b211c2870d9a390df6a444fe297f29f07a2
SHA512 e6f4f5c4fcf317ad5fd79e8997696d813c018ad5cc3b4d32f392c073f6a05bd58d47a66d9e4fb310cd0521ea1f47c9736153a2e678815c813658d39a84126f03