Analysis
-
max time kernel
84s -
max time network
92s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 09:08
Static task
static1
Behavioral task
behavioral1
Sample
281b54ec38077b4702eddd1c3b0ef468f920d6c1a8ce6b2ef7857e0dba031673.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
281b54ec38077b4702eddd1c3b0ef468f920d6c1a8ce6b2ef7857e0dba031673.apk
Resource
android-x64-20240514-en
General
-
Target
281b54ec38077b4702eddd1c3b0ef468f920d6c1a8ce6b2ef7857e0dba031673.apk
-
Size
6.0MB
-
MD5
d1bf01126b1d5a86c04382ed55bfecc9
-
SHA1
1c53690da52d40dcfe356c25501b0bcfdba4b62c
-
SHA256
281b54ec38077b4702eddd1c3b0ef468f920d6c1a8ce6b2ef7857e0dba031673
-
SHA512
2525e886bcc19fcf4c6d9e364972708b67e345616096f5b7e01e18715dadb4d0ab90ae66a963579b6d17e937189ad7ca0dedcc54d0a8d65f009f5df8b41c0a17
-
SSDEEP
98304:9ykf6foKgMSeQuhM1deG+8dCzyxkXi11P+9bhXQ9i6cksJWg7nn1aNxt8GtheB2N:Ikifh0x1k211mDiio2W0n1+xTiY
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.geradorsantandes/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.geradorsantandes/cache/oat/x86/natives_sec_blob6434904990587934422.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex 4201 com.geradorsantandes /data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex 4231 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.geradorsantandes/cache/oat/x86/natives_sec_blob6434904990587934422.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex 4201 com.geradorsantandes -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.geradorsantandesdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.geradorsantandes
Processes
-
com.geradorsantandes1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.geradorsantandes/cache/oat/x86/natives_sec_blob6434904990587934422.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
logcat -c2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.geradorsantandes/app_sslcache/geralamp-5f3c0-default-rtdb.firebaseio.com.443Filesize
8KB
MD580be11f105b86d0fdc4a6b66205c287b
SHA14937bbf87450647828ebe1efddac9ece517c44c6
SHA256b37a3ff07f5d481f3026e5298cdb9aa337a2c7f34ba5b4b0a5477526118121c7
SHA512b9900b76fa0d0ee08936c256b5e388dc8e3ef862e694df49494c644b96dd257112d2291fb58ce5fe08afee02e1bb6a587206eef9a4cf72638f447d2059cae033
-
/data/data/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dexFilesize
820KB
MD5b577acbdabacebb71baf54ab37cbd538
SHA15cb72d862636c11ee9ee415c1a1cae47d42f257f
SHA2567068f5a812b33eeb9c2b200730c8632d2d10f7df2d6a836ad31d286b6a7e04e6
SHA512076f09382c485bbee2aff75eebcb0951e60929fe0e1c5cd971f6fc69cd60e3c6510e5759e300bccbdf4fe857245ec737a5bb2c33e58513d8fa3132d85dfbe4e8
-
/data/data/com.geradorsantandes/cache/oat/natives_sec_blob6434904990587934422.dex.cur.profFilesize
503B
MD567c72a258fb2a57014fabfa84c59f185
SHA157639913cc457568df3051ac6e16368a7e47a453
SHA2567cd6f6c5d71e3ebe2042a51e77ba646968cbcd229b77f88e5f74a01d52e63166
SHA5121008deecd61450aa602f0de8808061301d8d533cda41dbdb65a299fe8b0c795a8e0c026d596e2f93fc2d60aebb6e56b8521e15da519632590b97ed2174683a7e
-
/data/data/com.geradorsantandes/files/cloneSettings.jsonFilesize
18KB
MD59ccaec6c3593c27aa79796041fc2f61a
SHA1144f6df57b625f3df5bc6fefba7c03f6ec775691
SHA256eaa8d445e191c7565c9cf8dc79a64572dc76050e6f6da08abb0f41487d8e9194
SHA512a7566f6f8248cd78fed201df5c69092c5602515bbf15b6c1e720dfa63d2dd8162a321dd9193344f7203746205fbc3196ba2eba5dea43428e5747675b1c18be9c
-
/data/user/0/com.geradorsantandes/cache/natives_sec_blob6434904990587934422.dexFilesize
820KB
MD59dafd8511e30c2da7b16075d82f96a4c
SHA1cf9c7703f303ea21ae78b71d4c099cbc2da6188e
SHA256d55ed35dd3b7cf6ee8a21153b5a66170924891fadc3c7e90c8b9a1d1a5585a2e
SHA51252c95738de05d99ead78f869a804c25e3e4ba6bf8941493b21f91750f0a296098b5ea94e9adc8d4d719551beee59c69118cffc03b5fcba44f75dff2fb6a122ad