Overview

overview

8

Static

static

6

hxzb_133976.apk

android-9-x86

8

epg.apk

android-9-x86

epg.apk

android-10-x64

epg.apk

android-11-x64

plugin.apk

android-9-x86

plugin.apk

android-10-x64

plugin.apk

android-11-x64

pp.apk

android-9-x86

pp.apk

android-10-x64

pp.apk

android-11-x64

promote.apk

android-9-x86

promote.apk

android-10-x64

promote.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hxzb_133976.apk

  • Size

    8.2MB

  • Sample

    240522-phacksac37

  • MD5

    c25c90f49d50b0c2bb01c8da0a1e736a

  • SHA1

    9f9059ae01145c3fb3f114b0680777b36b26ce62

  • SHA256

    e11bb0e73e760c393b9e5fdb3c17233ee6ec9f67e0cc08cca12d59fa7a68cdbd

  • SHA512

    e307090e4b1669c3a4a8cb5575724853044a4ea186fb19ad5f36236c9ffd12088c299e995a7331c7a2bd48a3b40445e361b8889104e698f40fa3612c410c2f6b

  • SSDEEP

    196608:4d0hRFvazDuIPMXNzoQMGnunXEp48ohzFpoQ7qs4wDeYqs31VONTD:4d0h41tQBKF2ARDeL81VONTD

Score
8/10
androiddiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      hxzb_133976.apk

    • Size

      8.2MB

    • MD5

      c25c90f49d50b0c2bb01c8da0a1e736a

    • SHA1

      9f9059ae01145c3fb3f114b0680777b36b26ce62

    • SHA256

      e11bb0e73e760c393b9e5fdb3c17233ee6ec9f67e0cc08cca12d59fa7a68cdbd

    • SHA512

      e307090e4b1669c3a4a8cb5575724853044a4ea186fb19ad5f36236c9ffd12088c299e995a7331c7a2bd48a3b40445e361b8889104e698f40fa3612c410c2f6b

    • SSDEEP

      196608:4d0hRFvazDuIPMXNzoQMGnunXEp48ohzFpoQ7qs4wDeYqs31VONTD:4d0h41tQBKF2ARDeL81VONTD

    Score
    8/10
    discoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Acquires the wake lock

    • Checks if the internet connection is available

      discovery

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery
    behavioral1

    • Target

      epg.jar

    • Size

      28KB

    • MD5

      dff4857b5447478bce35d355f99eade9

    • SHA1

      6fd6e3ff8aff1d9961d629e86f60582a2b196c45

    • SHA256

      0ee2f0432e4c768fdcd83824139459f7d16623a448848784d4fdc9986e37686f

    • SHA512

      36df4e656d88165ceef336eeb8539860f9be967325f44e0b5b1d7e0e255478b11d5613c4c7f16d6014395229618186284dc2b6038dd32f6748343c76e1f7e25d

    • SSDEEP

      384:eokFiBdn19ynx3Vku+MWOqHKhKaqttw/1ubCR91Z/vTCqxYowjSVThJDFKBE5aWM:si/vynQbfKstG/1uWPjCqt+ihJFEElib

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      plugin.jar

    • Size

      181KB

    • MD5

      ecca2e484174c8fb37df78fa7793ff45

    • SHA1

      65a8690dcff2678edf4b4dd14468e70395b6b592

    • SHA256

      40f9f42b7337c2d44bac46d8a4318601432c1d5d50056da8a6b5e83122b93834

    • SHA512

      b8f93f727df8a755409ef02498b209337bf9a90f5edd88a101cf8a8f5d21050b3030f0e2e793f07cc170a7ee572e4081a14a1972d1c87ea87e6260a7612956a0

    • SSDEEP

      3072:45yKRgpddUcxJGn9nsoPx0y6jwh3hR9a2+X2PEaWxWo1GevFH26+XewzwBJscLW:4JapddpKnFsoJ20hr9l68EaW8BYAewzH

    Score
    1/10
    behavioral5behavioral6behavioral7

    • Target

      pp.jar

    • Size

      9KB

    • MD5

      62bb6b9ee24dad311de769c868bf89f5

    • SHA1

      20856d241765e0fdb9266b5c0d4be282e56c891a

    • SHA256

      d8bee750e17dda39bcfcc46dd5d1fb5e11cc4b79e889f9c30ef736363dc5f69a

    • SHA512

      bad412484411d5ca9420400653133035c9f4bb58ad2de494a9c8ac998bfc69b294741f98f00398fed2ae5844ced421515a3f2e596ed43f7323dd22f1eac51834

    • SSDEEP

      192:+cUthCEn5TjgtW6o6IpKETgH6+TkqbCMmu3ow:uCE+tW63IpKETG62kqb/

    Score
    1/10
    behavioral10behavioral8behavioral9

    • Target

      promote.jar

    • Size

      1KB

    • MD5

      77dfbe7e0a706a17b3e35b4cd868a52e

    • SHA1

      d865d9d704c17f8e1d5c5cff0fb31ea5475d17ad

    • SHA256

      e4131f970aa989e9b9355759e2dd4d589935c587f1b4066805a08f67175ef97a

    • SHA512

      d279d9b2cb4b30e0e5383c0ddacc45ab9384df8f53195f6a05473e238fc3490afeae983c5b2201bba94933bf70029db88b6628059eb4877739bd95307f520647

    Score
    1/10
    behavioral11behavioral12behavioral13

MITRE ATT&CK Matrix

Tasks