Analysis
-
max time kernel
179s -
max time network
179s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 00:01
Static task
static1
Behavioral task
behavioral1
Sample
b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c.apk
-
Size
3.3MB
-
MD5
d88583e82aaf98b9ea674e33adc92a4d
-
SHA1
90e428699dc9c12c2fdcd278028588d6fc24cfcf
-
SHA256
b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c
-
SHA512
5470d8263b531726360fd425b4d01324834575fdbd3e743cede07f2277cbcdcb8f0a57bffcc2870110374641c4868be921f63f873f1a3d623b3a64bff2a5211a
-
SSDEEP
98304:NhHoe3IYoPjQ1Swueyj3V7UIpmX2Q9x+HXn4Cm:NhIuIYoE1ueyzVLS2Q+H34Cm
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
Processes:
fv.denvloppgg.cc/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/fv.denvloppgg.cc/.arm/oat/x86/6E4D52BA.odex --compiler-filter=quicken --class-loader-context=&fv.denvloppgg.cc:remoteioc pid process /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex 4231 fv.denvloppgg.cc /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex 4293 /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/fv.denvloppgg.cc/.arm/oat/x86/6E4D52BA.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex 4231 fv.denvloppgg.cc /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex 4361 fv.denvloppgg.cc:remote /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex 4361 fv.denvloppgg.cc:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
fv.denvloppgg.ccdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock fv.denvloppgg.cc -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
fv.denvloppgg.ccdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo fv.denvloppgg.cc -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
fv.denvloppgg.ccdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS fv.denvloppgg.cc -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
fv.denvloppgg.ccdescription ioc process Framework service call android.app.IActivityManager.registerReceiver fv.denvloppgg.cc -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
fv.denvloppgg.ccfv.denvloppgg.cc:remotedescription ioc process Framework service call android.app.job.IJobScheduler.schedule fv.denvloppgg.cc Framework service call android.app.job.IJobScheduler.schedule fv.denvloppgg.cc:remote
Processes
-
fv.denvloppgg.cc1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
-
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/fv.denvloppgg.cc/.arm/oat/x86/6E4D52BA.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
fv.denvloppgg.cc:remote1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/fv.denvloppgg.cc/.arm/6E4D52BA.dexFilesize
3.8MB
MD5b37221352b736b78b9589dad504ad8ca
SHA19cf019dbc45d6208ddceb3f37a792df1fbb84ea6
SHA256fa3bf4d64e62e622353743d9e421f6094c14d4bb67d86995adea73677f50fc87
SHA5124112dc090fd390b9f65c35c4359ac77eec1893dd2297ef48293464784a9e7e4e42fa606e3d14cb62b65a443944748909edf2fffde51b62ff94e7e6a74350066e
-
/data/data/fv.denvloppgg.cc/files/configFilesize
288B
MD50cb95af7a54976ff4ee2cc2b973ec4a4
SHA151198fe2d6e308147349248635d04459a7f26970
SHA256681bdad8f1f99c6295ba8694316e57ee817ef55310454b1d442a4abdba5ee29a
SHA5124a9a42920e33e91a605994a1bb7d1a9606e5cf98e9b86fdad2a0673df7c3114341a0adc6c2ac27731eab35de6018d25d149ac9323b258db38e9d9960c7bb2518
-
/data/data/fv.denvloppgg.cc/files/configFilesize
288B
MD591ae82dd6d3834333f9c51adc1c81e70
SHA10513d9c3217d0013c4c8915782162bddb633b2ff
SHA2568e2d7ba41c69b2fd42851c51fb16b562dd9c295f61ec6238e5b91435007d61d6
SHA512f1b5a19a8eebc17fa7856704eebe9db8951e417460781731e53840dfcf62409a820f471fdc9422c67ef10fb1955ef7ebc182ccadbb5292236d4d2b50037cff2b