Analysis

  • max time kernel
    164s
  • max time network
    178s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240611.1-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
  • submitted
    14-06-2024 00:01

General

  • Target

    b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c.apk

  • Size

    3.3MB

  • MD5

    d88583e82aaf98b9ea674e33adc92a4d

  • SHA1

    90e428699dc9c12c2fdcd278028588d6fc24cfcf

  • SHA256

    b3fa250fe0511d0493b9275dc98c8f03ea050ad1fd0437dcdb4f090d2fa8973c

  • SHA512

    5470d8263b531726360fd425b4d01324834575fdbd3e743cede07f2277cbcdcb8f0a57bffcc2870110374641c4868be921f63f873f1a3d623b3a64bff2a5211a

  • SSDEEP

    98304:NhHoe3IYoPjQ1Swueyj3V7UIpmX2Q9x+HXn4Cm:NhIuIYoE1ueyzVLS2Q+H34Cm

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • fv.denvloppgg.cc
    1⤵
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4247
  • fv.denvloppgg.cc:remote
    1⤵
    • Loads dropped Dex/Jar
    • Schedules tasks to execute at a specified time
    PID:4417

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/fv.denvloppgg.cc/.arm/6E4D52BA.dex
    Filesize

    3.8MB

    MD5

    b37221352b736b78b9589dad504ad8ca

    SHA1

    9cf019dbc45d6208ddceb3f37a792df1fbb84ea6

    SHA256

    fa3bf4d64e62e622353743d9e421f6094c14d4bb67d86995adea73677f50fc87

    SHA512

    4112dc090fd390b9f65c35c4359ac77eec1893dd2297ef48293464784a9e7e4e42fa606e3d14cb62b65a443944748909edf2fffde51b62ff94e7e6a74350066e

  • /data/user/0/fv.denvloppgg.cc/files/config
    Filesize

    288B

    MD5

    0cb95af7a54976ff4ee2cc2b973ec4a4

    SHA1

    51198fe2d6e308147349248635d04459a7f26970

    SHA256

    681bdad8f1f99c6295ba8694316e57ee817ef55310454b1d442a4abdba5ee29a

    SHA512

    4a9a42920e33e91a605994a1bb7d1a9606e5cf98e9b86fdad2a0673df7c3114341a0adc6c2ac27731eab35de6018d25d149ac9323b258db38e9d9960c7bb2518

  • /data/user/0/fv.denvloppgg.cc/files/config
    Filesize

    288B

    MD5

    91ae82dd6d3834333f9c51adc1c81e70

    SHA1

    0513d9c3217d0013c4c8915782162bddb633b2ff

    SHA256

    8e2d7ba41c69b2fd42851c51fb16b562dd9c295f61ec6238e5b91435007d61d6

    SHA512

    f1b5a19a8eebc17fa7856704eebe9db8951e417460781731e53840dfcf62409a820f471fdc9422c67ef10fb1955ef7ebc182ccadbb5292236d4d2b50037cff2b