Analysis

  • max time kernel
    179s
  • max time network
    179s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 00:01

General

  • Target

    b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c.apk

  • Size

    3.3MB

  • MD5

    d88583e82aaf98b9ea674e33adc92a4d

  • SHA1

    90e428699dc9c12c2fdcd278028588d6fc24cfcf

  • SHA256

    b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c

  • SHA512

    5470d8263b531726360fd425b4d01324834575fdbd3e743cede07f2277cbcdcb8f0a57bffcc2870110374641c4868be921f63f873f1a3d623b3a64bff2a5211a

  • SSDEEP

    98304:NhHoe3IYoPjQ1Swueyj3V7UIpmX2Q9x+HXn4Cm:NhIuIYoE1ueyzVLS2Q+H34Cm

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • fv.denvloppgg.cc
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4231
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/fv.denvloppgg.cc/.arm/oat/x86/6E4D52BA.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4293
  • fv.denvloppgg.cc:remote
    1⤵
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    PID:4361

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fv.denvloppgg.cc/.arm/6E4D52BA.dex
    Filesize

    3.8MB

    MD5

    b37221352b736b78b9589dad504ad8ca

    SHA1

    9cf019dbc45d6208ddceb3f37a792df1fbb84ea6

    SHA256

    fa3bf4d64e62e622353743d9e421f6094c14d4bb67d86995adea73677f50fc87

    SHA512

    4112dc090fd390b9f65c35c4359ac77eec1893dd2297ef48293464784a9e7e4e42fa606e3d14cb62b65a443944748909edf2fffde51b62ff94e7e6a74350066e

  • /data/data/fv.denvloppgg.cc/files/config
    Filesize

    288B

    MD5

    0cb95af7a54976ff4ee2cc2b973ec4a4

    SHA1

    51198fe2d6e308147349248635d04459a7f26970

    SHA256

    681bdad8f1f99c6295ba8694316e57ee817ef55310454b1d442a4abdba5ee29a

    SHA512

    4a9a42920e33e91a605994a1bb7d1a9606e5cf98e9b86fdad2a0673df7c3114341a0adc6c2ac27731eab35de6018d25d149ac9323b258db38e9d9960c7bb2518

  • /data/data/fv.denvloppgg.cc/files/config
    Filesize

    288B

    MD5

    91ae82dd6d3834333f9c51adc1c81e70

    SHA1

    0513d9c3217d0013c4c8915782162bddb633b2ff

    SHA256

    8e2d7ba41c69b2fd42851c51fb16b562dd9c295f61ec6238e5b91435007d61d6

    SHA512

    f1b5a19a8eebc17fa7856704eebe9db8951e417460781731e53840dfcf62409a820f471fdc9422c67ef10fb1955ef7ebc182ccadbb5292236d4d2b50037cff2b