a74506146b9c968783d314e60524997abcb1c76e347c58915017e866174a5dc3

Analysis

max time kernel
8s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12/06/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a74506146b9c968783d314e60524997abcb1c76e347c58915017e866174a5dc3.apk
Size

313KB
MD5

e7cde44adda03033355e643e49c96a4e
SHA1

cdefd6f93ba066b9502f2e9da93df2920a591d98
SHA256

a74506146b9c968783d314e60524997abcb1c76e347c58915017e866174a5dc3
SHA512

2b342fe971cb6a3993442d75c228690ec94fb1d5d21e43f15d1485c70469e3ed1092b57f6740ea1590989d1041fe3aac8f93fa9bafd3b694500f10da3bb8e414
SSDEEP

6144:UK9Od3h9BmKM+g59kAVScHIQN6bvpnpIWWC+222Jbm+DMkG7Q7qqdylVW5sFGc1D:UKsB2+i95MnJpRzbmIG7QX2H/x8B2

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 16 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.dsbchhtzgejfuiw21hjcgnv.security

com.dsbchhtzgejfuiw21hjcgnv.security
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4431

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/0.obfedex

Filesize
51KB

MD5
37ed8fe121d758c8bfa03117e39070c1

SHA1
147555d7ec636aa64db62f06a85073250ad15e38

SHA256
30824ef717f1164a1efaff728b78ddc9d762248431f2a416b5279cd1926c83a3

SHA512
00d71b482c9fc18790e721d82343f6f3b4be6ba1747370cf1792de1fca3e480326dca8a34fa08071753bc2bc773c3aa024905913bdbdc297e3eceed9ab9a8832

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/1.obfedex

Filesize
59KB

MD5
489286850c87593aad4ef891ec96c6f3

SHA1
8fa2b34018eb015fb5dd7ae34b26d00d74dc0eba

SHA256
b75c668bf5453d3c3ea5944672e9a24ae4634a04c0a3a2dcbc16c77ab36bc1b6

SHA512
25f22eff4ba1aa4e64d7fc0d94f1e9d456ec78c8f52cd286d9fa080f291db44563abcf09f5eadf2f32cb844ec462f2afff63b2708dc61b9c90eeb6a44f410273

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/2.obfedex

Filesize
19KB

MD5
e635a738ebd639cede5c0412078ad117

SHA1
1fe6b8ea06c7db6797127d9b65dd80548dc436b2

SHA256
2b31e9ba14ac9b8eb87c99ae2a55820df6c3a73e9986fd18cdec1208a5144c20

SHA512
a4dbdfe338bfc759861837d0fc09728ce71feb8050e7e5c7416d7585f5195099547056750bed465b07c724b34201d3572f76e7c6c57cb4c3f79c78f38fb00f15

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/3.obfedex

Filesize
16KB

MD5
75efbdea154bff2b6d11b9c9a93f6b5a

SHA1
2d01f780b859d91d6507e567aa03bec599e33bef

SHA256
5f6bf9aa513ef12fa7e96a98a5a2591b16c57559e61f3ad98c52d1647f842287

SHA512
28596ef946c873072b1ab8d0836b7c6cc81d952e8fe5aa94cd543d95d8c966649cfff5f58181a97c727269bdebf722311e8202cdaca5861305cc4d7736063461

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/4.obfedex

Filesize
5KB

MD5
f5721f94e4e30971ced04f3f5f2cdeab

SHA1
07d927f59476eef2980b497476bc52b22af3afb7

SHA256
00f87b8000da1eb61905ede7fc1fcedb93f35bd4d72779da2272fc98617d1e13

SHA512
b283681f17088f7463f0255f394b2172ab08cfb25a6fbf492b9bd299523d4a0341b2d28a9b1d1495a2ee818bc1a3e26c30958400ca73447bc93c9b6014388a44

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/5.obfedex

Filesize
9KB

MD5
3c265e17c023df16c250f75b0605fc01

SHA1
5ca200531673520d9e30c2bcd93d87720eaf12d0

SHA256
377a022838e9b46b661d3caa7f39d105081be6d47605e976b0050a19460d4341

SHA512
c38c411dd0f48055b8aadfc2db47792f6f29c854286169563019147c02723d19dc42f6b7bfbf41ab63179ce629198da1f956f2e78af95c980aaaab930812df0b

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/6.obfedex

Filesize
4KB

MD5
d942556b6c563a25a774f1e64f623803

SHA1
fed3170dd5cbfef7317eb0492722629d0ff10c36

SHA256
f156f98a12ed9784508afcb5cde2129caac3d0c57fca059e14d98aff4450eb9b

SHA512
549330d91a585328de10ab4e42a0a2260c59eb913bf2115e055aca3f8630c475b513dc9593d4bf0307b4a6742a18064fbd24fa7c928b8df7c07bb93ccd351644

Download Submit
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/7.obfedex

Filesize
8KB

MD5
a6985bd8f9bee57d72449b59bd33e48b

SHA1
3fa892c358287c105f8a39e08498bc2b15ca2b0c

SHA256
1345d847c546fe0c257a2c6c3a964ef6dbd1d369be77ee91aeb1db1082e98d9a

SHA512
48fc1c08dadcd66abb43995a1c2b3ff808c833e18cc3c7706e58aac9552cfd9951331f5cb6c8b646ad6627291175530d887c04d5994dc4fcdc6199096a90ac6a

Download Submit
/storage/emulated/0/dsbchhtzgejfuiw21hjcgnv.txt

Filesize
2B

MD5
6512bd43d9caa6e02c990b0a82652dca

SHA1
17ba0791499db908433b80f37c5fbc89b870084b

SHA256
4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

SHA512
74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

Download Submit

ioc	pid	Process
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/0.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/0.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/1.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/1.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/2.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/2.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/3.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/3.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/4.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/4.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/5.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/5.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/6.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/6.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/7.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security
/data/user/0/com.dsbchhtzgejfuiw21hjcgnv.security/app_n8df.jug.e50x.ohy/obfs/7.obfedex	4431	com.dsbchhtzgejfuiw21hjcgnv.security