5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29

Analysis

max time kernel
7s
max time network
174s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12-06-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29.apk
Size

321KB
MD5

b9f89c751bc66f79a9725c18fdc77780
SHA1

e2b50898b0acbc86acaaeffb66b86d199701fa06
SHA256

5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29
SHA512

1b9ee103a2e1d3fc2175e78fce1a8c47f5c81c16a3e6195031040a2837dc899d8d608e150095a090a8c1a8dab5cd7f65be9dad5398b11dea1f9b2e1c6a61ce0b
SSDEEP

6144:AE6F4b6mB6DitCqAEaTlKGZMgSkvnc0rJKcb6h:AW8GtCZfJ9YkvnjKG6h

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 16 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.dsbfewsjkuiewjkfew21jkcuiew.security

com.dsbfewsjkuiewjkfew21jkcuiew.security
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4524

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex

Filesize
51KB

MD5
4cc65fba32e83da3e8ab0f336b425df0

SHA1
bf00e554b5a75f9a833c867d521364064fded8b3

SHA256
a0a2c30619c2c84583e811f022288d6eb3d387e0dad8dc7d28d61d93be734c5f

SHA512
252a9264cca19dc79f4a36db558b5d34396d0d185cf6d58fe5f443bbf920108bf417d6f37d8e7e3b4c854e584103a2c1e9698a9dbdce01968973a381aed0144f

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex

Filesize
59KB

MD5
da6af6aad3011241eafdb3f3eb04d037

SHA1
ba03167591339de2db3611a5dc32f457fdb9f456

SHA256
2d017a2eade7e16464769aac761a134ee1fc954de3ce42ac34f1056a3eb47b2a

SHA512
ec2d5c2af12900957d0701d47251ecd7ef93d3710a9a6e0013459a1e4019c9560c92a7ac15e7056809fef608e86ab7196574e399d3a5a8ff526dc32e2740e896

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex

Filesize
19KB

MD5
f63cb0e957a8ef68e5824f06616ac788

SHA1
7f2c1b06807456156b424d7b64304fa63fa4defd

SHA256
63f798577567fe0864427e6afddd3993957014f05772ec94f875160f5f1a432a

SHA512
45a28d1a46873f9538eb410e2cee2bc9be56fc5568103c35e1dce6dced9c36f71987e39ef4441f05a4d0b73c315e8da0b5d2083b10cb91d27417d75dedb1da4e

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex

Filesize
15KB

MD5
fc1c9100351ea92917a9630bea84dd1d

SHA1
bd8689c24daae4cee834a71caa16a966a7601cbf

SHA256
5baebfd43f7a7a2c722bcf3bb643c149541f8c0836d3100cbe8ba5fdfe08c4ef

SHA512
abf2f47c5f27fc3406de415c2627678214b736c133ff3a35696b72fb3ac8a033f41c7edc9d487214068839464238e1afd4a893cdc300dd9ac0afe09077797b50

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex

Filesize
5KB

MD5
a173921e7f02588fc5a5727312a8aade

SHA1
68556a3b076252a58c772887b57c228becf0de1d

SHA256
61b4da1d56b9e64a3f3713d04ef0dc4675a00a24631e265e279dd37c4783b484

SHA512
2791782df7d7f3c5c842468e1bb7294f1104a68c9e33f697aa86351be9424067adef7af9b6573915b9b48f73203b9799a4e0d837f10105fc5b0847193ff439fa

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex

Filesize
9KB

MD5
25b4dd2f9ee6229bc4dc392b4ac614a8

SHA1
5e4c9139f52cdf3ac47fe959da6f46bdd8d3b760

SHA256
061c0c01e4471523c0e09d2e8a86afb251f30f2a086ac3fa2a04ecd6645fea0a

SHA512
0779ff33b8cc5437ef8849b856af110b2ed7f4d8c411c62e03f2e516fb7f5d6220097e698bb185e0703811af9150ec377bee16bffbdedc664ee84fed3a1b8a05

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex

Filesize
4KB

MD5
d942556b6c563a25a774f1e64f623803

SHA1
fed3170dd5cbfef7317eb0492722629d0ff10c36

SHA256
f156f98a12ed9784508afcb5cde2129caac3d0c57fca059e14d98aff4450eb9b

SHA512
549330d91a585328de10ab4e42a0a2260c59eb913bf2115e055aca3f8630c475b513dc9593d4bf0307b4a6742a18064fbd24fa7c928b8df7c07bb93ccd351644

Download Submit
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex

Filesize
8KB

MD5
8e7637da08b4d48c7ef40ab8be2581b7

SHA1
8f3c64fd9a878fe376e36c97e3ee7a43268334e8

SHA256
bf177521cf2821ee2be2e0c9ec1cff748b6bdf823656a8dc6dd2ae0861d63ab1

SHA512
3edf90391312475e403eb53b616f07c36e6190450488272d0b4a54862820b6eb18ea3016ba87f97d7b556a04625c8e7145bb923ac71b93dcd172c0df0301f275

Download Submit
/storage/emulated/0/dsbfewsjkuiewjkfew21jkcuiew.txt

Filesize
2B

MD5
6512bd43d9caa6e02c990b0a82652dca

SHA1
17ba0791499db908433b80f37c5fbc89b870084b

SHA256
4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

SHA512
74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

Download Submit

ioc	pid	Process
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security
/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex	4524	com.dsbfewsjkuiewjkfew21jkcuiew.security