Overview

overview

10

Static

static

10

19e74d9f56...5a.apk

android-9-x86

8

19e74d9f56...5a.apk

android-10-x64

8

19e74d9f56...5a.apk

android-11-x64

8

2242164a5d...22.apk

android-9-x86

7

2242164a5d...22.apk

android-10-x64

7

2242164a5d...22.apk

android-11-x64

7

51e4cb5f7a...be.apk

android-9-x86

7

Analysis

  • max time kernel
    98s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    27-03-2024 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51e4cb5f7ae8defcb429de7a3476de7f4aa60deccd76a17f8aa03d3fddf1a0be.apk

  • Size

    3.8MB

  • MD5

    d340ac0147b45dbdc5b9788637c45cd3

  • SHA1

    46ec355e8e732b54f47524551134a6533a862b86

  • SHA256

    51e4cb5f7ae8defcb429de7a3476de7f4aa60deccd76a17f8aa03d3fddf1a0be

  • SHA512

    6492687b803392669c9e2f480dbc5d5eeeb5f80cfb26d9aded170b6ed9c9538f588732780247b97db1dbe34895d7b26b539e030c5fd6d3cb03544e4ed231af5c

  • SSDEEP

    98304:zxtG2orAN5w/nWsdtfKqYRvtL0KwZ2bmYaDUUmiXY2aBX:zxtG2o0N5aWsdBbY9tYf2ifvXYZBX

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • app.grekshirts.firewall
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4234
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/app.grekshirts.firewall/app_ded/1DV4DkGth4yvh96cwDgVvEfQ06AVyMOl.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/app.grekshirts.firewall/app_ded/oat/x86/1DV4DkGth4yvh96cwDgVvEfQ06AVyMOl.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4263
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/app.grekshirts.firewall/app_ded/lgFiyv1oofB0ju58TLDyMYclIZ94Rq0H.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/app.grekshirts.firewall/app_ded/oat/x86/lgFiyv1oofB0ju58TLDyMYclIZ94Rq0H.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/app.grekshirts.firewall/app_ded/1DV4DkGth4yvh96cwDgVvEfQ06AVyMOl.dex
    Filesize

    2.1MB

    MD5

    07c5be07695ea99c31c76ba780af16ac

    SHA1

    3e8b39d0eb40233952a71f4e6ca2de6a2ab5def9

    SHA256

    2d37532d266590a0d585bb9620d36e6d99a2dfb6ec550ae1951d56fec8fe7d5b

    SHA512

    d502eb24e9199eb1b24a3bb3f5266ff767c1a641d72c31862b763e08129d9892878f67f0f19ec25062ffa65f65563411c54e088feda0a4d2ddaba0c76e3a7527

    Download Submit

  • /data/data/app.grekshirts.firewall/app_ded/lgFiyv1oofB0ju58TLDyMYclIZ94Rq0H.dex
    Filesize

    80KB

    MD5

    65cb3744fa525cada8ed0034d16c7281

    SHA1

    7f11bd90f987fdd44642efe666ebece811f23bad

    SHA256

    bd901c28143a4e025bdbfaabe81458d2f88f4dbca5f7f6b8b83600aceaa96f98

    SHA512

    831a27268ab036ee51d6f6d4c496d748dc2bba40d818d3b0cc07898c0b0fee2228abd9322292270f57178ccb0cb951a4af26a540f0f940c2494b2238007129bc

    Download Submit

  • /data/data/app.grekshirts.firewall/databases/db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/app.grekshirts.firewall/databases/db-journal
    Filesize

    512B

    MD5

    1eb1a400b33d28c62f61cb9e5e039f12

    SHA1

    461b9f12f624d1fbd625d0c6255298ceae078709

    SHA256

    5495f23b4db58fe1892b69729e00c628b630ae9cbcdd02e9d2ab3ac07a78bae0

    SHA512

    22953ee96cacf141c2e42d20bc12a077af2e0c987adf08322b5ce6089c87c9d47f5971b7c23f9847d8325fb9d30b6bf6bd7a5217657eea7c2687eb49d4b5b8c8

    Download Submit

  • /data/data/app.grekshirts.firewall/databases/db-wal
    Filesize

    16KB

    MD5

    cf5757a5e14035ae4ba29166f0c71854

    SHA1

    af7048a8afad08cf60ea82804b6fcab7a5fba109

    SHA256

    aeccef808dabf786d9fad7d3a8fce56ef0e92fa504b883c769bf86f1618d6daf

    SHA512

    5d2edb19e7c71ae84a2907411ef7dcd8c48638b61635d921d7e0d58a502a362bfcff76b3c216d868c33a7edb30950d3b83d6290b09ae0df64a5e8ed59ce95505

    Download Submit

  • /data/data/app.grekshirts.firewall/files/persistentlog.txt
    Filesize

    39B

    MD5

    222957cc7dc566f4c3688d1748cfe9fa

    SHA1

    a6370decada3c939effddf60031f79ffaf8d662e

    SHA256

    8b5590675e82633dfc92c6ff2a41a214ed2958f2126ca0ed62f3a46b4b883ce8

    SHA512

    b8e808c67e544f32ad2071d8e0e1c5dd77bd288ef7253c2edfa2460b8d3a95f002a3cc57788f7584be573d04425b1c3f675be5cba695970d389dd899309473ae

    Download Submit

  • /data/data/app.grekshirts.firewall/files/persistentlog.txt
    Filesize

    73B

    MD5

    9ab116f7c45c70d84c2ab5d253646daf

    SHA1

    75623239b8119c3ae96cffadafbb9f612dadeee0

    SHA256

    8038719c7f7044557c3faaded15cc6074d1d29b706197c2621a81684c4f7a8ab

    SHA512

    4864b37253cc1c0c3ea0a16a9c21e495c546cdf973bd00c4b7acfb9cac8dd81f03a7745e889a72271ae19364707c20d2f425747c2bb59d1bca21e4d90c1c10ec

    Download Submit

  • /data/user/0/app.grekshirts.firewall/app_ded/1DV4DkGth4yvh96cwDgVvEfQ06AVyMOl.dex
    Filesize

    2.1MB

    MD5

    711e7bb13da296a7817ee617614434c6

    SHA1

    d35821e0c069ef67abd2e1cc01b8ad64c1892c56

    SHA256

    bf0204b616e0f9d5abaa1c023d05b96a0fdd2ebb3d2b4d906778802507559207

    SHA512

    72094de990495ab9adf08c280fffce247edfc8296b356b1162dda917e66cd535b0aa911fcd62537372faeb18c03ec69a1b945284b53dc7aa2ca9cfc45800821b

    Download Submit

  • /data/user/0/app.grekshirts.firewall/app_ded/lgFiyv1oofB0ju58TLDyMYclIZ94Rq0H.dex
    Filesize

    80KB

    MD5

    1d7ed91f460f8fdbca8f293b258893e9

    SHA1

    4295990f01fb66f7daa3ccb9d4ff9cbbabd7811e

    SHA256

    6a8491bafbdce943ce3b33aa9e88c6cb3e028f866591878aa6445402b4911af7

    SHA512

    63385f0028676483f0a31cf91008033205431e0e1495ace68b44f987f12786de45f0d8f2d9b630c7ba125e45938cf8268819c67c3eadc759caf206139b9078fc

    Download Submit