Analysis
-
max time kernel
30s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
21-05-2024 05:25
Static task
static1
Behavioral task
behavioral1
Sample
upgrade.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
upgrade.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
upgrade.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
childapp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
childapp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
childapp.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
upgrade.apk
-
Size
8.6MB
-
MD5
879341f5413a5c3b7c2ae9cb1dcfd63a
-
SHA1
09115e34bb0bfe8d649237993f995c5161363c54
-
SHA256
3cff417e481167c5065842c64f44b070538d993381d8cee8313ad1fd211e8999
-
SHA512
05ac12cdc81561107a90029eb83a6fbf249ea67beb4c8a282b71046c0438a37e6dfe34d0e95d49e738eb63812631af0a833c6ddecf489eaf407eab749b2c75c9
-
SSDEEP
196608:/J1eEIs5uMib8n0QKpVHlEmshxNJgYpnnrEjc02:B0Ed5MHmmsZu4nnwI02
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.appd.instll.loadioc pid process /data/user/0/com.appd.instll.load/app_ded/p3OgUH5eyVIYqoVREJtbzfAwfFE4i1qS.dex 4520 com.appd.instll.load /data/user/0/com.appd.instll.load/app_ded/p3OgUH5eyVIYqoVREJtbzfAwfFE4i1qS.dex 4520 com.appd.instll.load -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.appd.instll.loaddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.appd.instll.load
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.6MB
MD5e65bef9966515139314174ea44f7ac8f
SHA1ffc3a9107e89b927a32a87c5ae04c0baecbe89f7
SHA256fa08514b31f976b2459aacfadf6ee390a1cdbf542c3c0d706e0469a134eb7188
SHA512c96f857500e3194335a8e9a89bd91de97415d4f483293f5b972b158f759d53562f6934fb9032045fad6bde82e2525a5fc39c7a4b6006e622b3de16f494a5c0ea