Overview

overview

7

Static

static

6

5e31d798bb...29.apk

android-9-x86

7

5e31d798bb...29.apk

android-10-x64

7

5e31d798bb...29.apk

android-11-x64

7

Analysis

  • max time kernel
    10s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12/06/2024, 23:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29.apk

  • Size

    321KB

  • MD5

    b9f89c751bc66f79a9725c18fdc77780

  • SHA1

    e2b50898b0acbc86acaaeffb66b86d199701fa06

  • SHA256

    5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29

  • SHA512

    1b9ee103a2e1d3fc2175e78fce1a8c47f5c81c16a3e6195031040a2837dc899d8d608e150095a090a8c1a8dab5cd7f65be9dad5398b11dea1f9b2e1c6a61ce0b

  • SSDEEP

    6144:AE6F4b6mB6DitCqAEaTlKGZMgSkvnc0rJKcb6h:AW8GtCZfJ9YkvnjKG6h

Score
7/10
discoveryevasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 24 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.dsbfewsjkuiewjkfew21jkcuiew.security
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4270
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4296
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4319
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/2.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4343
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/3.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4368
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/4.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4390
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4413
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/6.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4441
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/7.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4475

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex
          Filesize

          51KB

          MD5

          4cc65fba32e83da3e8ab0f336b425df0

          SHA1

          bf00e554b5a75f9a833c867d521364064fded8b3

          SHA256

          a0a2c30619c2c84583e811f022288d6eb3d387e0dad8dc7d28d61d93be734c5f

          SHA512

          252a9264cca19dc79f4a36db558b5d34396d0d185cf6d58fe5f443bbf920108bf417d6f37d8e7e3b4c854e584103a2c1e9698a9dbdce01968973a381aed0144f

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex
          Filesize

          59KB

          MD5

          da6af6aad3011241eafdb3f3eb04d037

          SHA1

          ba03167591339de2db3611a5dc32f457fdb9f456

          SHA256

          2d017a2eade7e16464769aac761a134ee1fc954de3ce42ac34f1056a3eb47b2a

          SHA512

          ec2d5c2af12900957d0701d47251ecd7ef93d3710a9a6e0013459a1e4019c9560c92a7ac15e7056809fef608e86ab7196574e399d3a5a8ff526dc32e2740e896

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex
          Filesize

          19KB

          MD5

          f63cb0e957a8ef68e5824f06616ac788

          SHA1

          7f2c1b06807456156b424d7b64304fa63fa4defd

          SHA256

          63f798577567fe0864427e6afddd3993957014f05772ec94f875160f5f1a432a

          SHA512

          45a28d1a46873f9538eb410e2cee2bc9be56fc5568103c35e1dce6dced9c36f71987e39ef4441f05a4d0b73c315e8da0b5d2083b10cb91d27417d75dedb1da4e

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex
          Filesize

          15KB

          MD5

          fc1c9100351ea92917a9630bea84dd1d

          SHA1

          bd8689c24daae4cee834a71caa16a966a7601cbf

          SHA256

          5baebfd43f7a7a2c722bcf3bb643c149541f8c0836d3100cbe8ba5fdfe08c4ef

          SHA512

          abf2f47c5f27fc3406de415c2627678214b736c133ff3a35696b72fb3ac8a033f41c7edc9d487214068839464238e1afd4a893cdc300dd9ac0afe09077797b50

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex
          Filesize

          5KB

          MD5

          a173921e7f02588fc5a5727312a8aade

          SHA1

          68556a3b076252a58c772887b57c228becf0de1d

          SHA256

          61b4da1d56b9e64a3f3713d04ef0dc4675a00a24631e265e279dd37c4783b484

          SHA512

          2791782df7d7f3c5c842468e1bb7294f1104a68c9e33f697aa86351be9424067adef7af9b6573915b9b48f73203b9799a4e0d837f10105fc5b0847193ff439fa

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex
          Filesize

          9KB

          MD5

          25b4dd2f9ee6229bc4dc392b4ac614a8

          SHA1

          5e4c9139f52cdf3ac47fe959da6f46bdd8d3b760

          SHA256

          061c0c01e4471523c0e09d2e8a86afb251f30f2a086ac3fa2a04ecd6645fea0a

          SHA512

          0779ff33b8cc5437ef8849b856af110b2ed7f4d8c411c62e03f2e516fb7f5d6220097e698bb185e0703811af9150ec377bee16bffbdedc664ee84fed3a1b8a05

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex
          Filesize

          4KB

          MD5

          d942556b6c563a25a774f1e64f623803

          SHA1

          fed3170dd5cbfef7317eb0492722629d0ff10c36

          SHA256

          f156f98a12ed9784508afcb5cde2129caac3d0c57fca059e14d98aff4450eb9b

          SHA512

          549330d91a585328de10ab4e42a0a2260c59eb913bf2115e055aca3f8630c475b513dc9593d4bf0307b4a6742a18064fbd24fa7c928b8df7c07bb93ccd351644

          Download Submit

        • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex
          Filesize

          8KB

          MD5

          8e7637da08b4d48c7ef40ab8be2581b7

          SHA1

          8f3c64fd9a878fe376e36c97e3ee7a43268334e8

          SHA256

          bf177521cf2821ee2be2e0c9ec1cff748b6bdf823656a8dc6dd2ae0861d63ab1

          SHA512

          3edf90391312475e403eb53b616f07c36e6190450488272d0b4a54862820b6eb18ea3016ba87f97d7b556a04625c8e7145bb923ac71b93dcd172c0df0301f275

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex
          Filesize

          51KB

          MD5

          b5ebbf0b8718b35d7ba0929a470ada93

          SHA1

          f7725bc9dbc466839f2209faa89f7e1d6cefff47

          SHA256

          99e98534853731722cbe4763410ef65f90001e9cc21cb07957ce86d0a684e653

          SHA512

          89156d37b03eb51d2ecd68c5da31aac0e941aaf9e552df799b5d4766e6b9198fffc5d48cfd7a92045f039b1ee7abedda808335bb5f391b8243b0c53e3002c6b3

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex
          Filesize

          59KB

          MD5

          2205473057cc98bb79ae4b6b84790ac3

          SHA1

          caef04d1af34f333f117c1d8d47fffd17513d820

          SHA256

          e0b4456abd1bc2ff372fb1d1d3cf8a840d699288895eedbca88997d87702c1b7

          SHA512

          544259ed93b16f98c14cc839a158a5c90dd57193012899dad1b18894a4f902679998e9069e991b1a82733413082a12daef8af41fa2da56f381a5fbde00aad82a

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex
          Filesize

          19KB

          MD5

          95944f5e949d490bb7827c43fa194b8f

          SHA1

          19869111fbafa4256e6c71e0b9c5b67ebb02c41c

          SHA256

          3766d03e5c28882e737f871a3f32659759a876a42a6d041ad2fdc41e5e8d2880

          SHA512

          9260a23c97a78707502b95ca7b7d1c4fa889c398cdea08ecc9f2fe40dc4f39baba5c878da9fc867f53aa3e378b90ab4d4a3475a616081aca6a045490294ddd83

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex
          Filesize

          15KB

          MD5

          cb3162deed3b455fae1aff56bbc71e8a

          SHA1

          52e98ec50174b3cc687f029803a055a0adbaf063

          SHA256

          5c76c2bd1e08ad6ecff31eba50916c9c6ae1a7c1164a45e2374b5be725ce236e

          SHA512

          302197601868b3a0586e8e996382764d08f8b4d65a1432eb0f1d584aa274fafa769fdf3fcd0a45deeac7c791e0cd649cb98b5123c33f9056db30bd13ceb010b1

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex
          Filesize

          5KB

          MD5

          27c18e8bc2f992d6d57b427dfdbd3664

          SHA1

          9d5f5ba013a6bb6c173586d2de0c66c59f9106ca

          SHA256

          ee1c61e88c843a99f7ed5dfe81cf1d0097ef9f092b692f3cb0ddf7e069ebb475

          SHA512

          d54833a8f67b43f4d6523be251478565193d40979d65e5b4fd30e4e69f9172f225d677c918476a1f4cf902251f245b67276764950958582be764b587bb66e182

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex
          Filesize

          9KB

          MD5

          fbd45c33c17c2b89c65b65ef55fde6be

          SHA1

          dc135c416128b3ae332da5bd70ce5124e3cb86bc

          SHA256

          1b4703f1190b4eeede6be3f2008e2579b75f6a7641d2bb29cd4b04344413e361

          SHA512

          cca7af474bbd8c0a09728d7c91e44bd94bb3dece85d693fd443bed647ea0eaeeee07f4e3869de709f57ccef626e017f707716063b2e500fdaa442b0309337099

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex
          Filesize

          4KB

          MD5

          fb403e4a89138fef63fbf1145b257a8f

          SHA1

          ac2684b11d384bf53bef0db16665e79a70cccb5f

          SHA256

          21721048cf274b6b2e18ce2e01b2bdbde4c1dc49605da38b7f68c30ed6ce61ea

          SHA512

          79951c80e69627b834232621933aa1e0d938313f9c8dc3b5e057f76fef69a0dd98f489fa5e94462cacac3a3092943aa511a6b4856a22216d53320b86b4ca6d0d

          Download Submit

        • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex
          Filesize

          8KB

          MD5

          465b539a4ebfd07d43c41ab0ba794eb7

          SHA1

          66b093879885a7be0fdbe20709813d5e5ae02469

          SHA256

          a722bfcc6ff76ea9a63a3da1297c4c3214bc6ec318b773ad299f9e968c015204

          SHA512

          edab191c1730ae286acdab2a94cb072bd77d91df4b1b423197cdaa5b90f5d8af3038a9cca4be0d006cd1f850ec339f88bc71b2bb377ff6af18688305999cf0bb

          Download Submit

        • /storage/emulated/0/dsbfewsjkuiewjkfew21jkcuiew.txt
          Filesize

          2B

          MD5

          6512bd43d9caa6e02c990b0a82652dca

          SHA1

          17ba0791499db908433b80f37c5fbc89b870084b

          SHA256

          4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

          SHA512

          74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

          Download Submit