828534e95063b5870c84c930411a23ce712799afd364975af824c969cb054488

Analysis

max time kernel
7s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15-06-2024 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

828534e95063b5870c84c930411a23ce712799afd364975af824c969cb054488.apk
Size

296KB
MD5

4a0807750b66b13094aad5b14b60fa9b
SHA1

14d508646ccfcc6e21126fb23371d8f619e05aaa
SHA256

828534e95063b5870c84c930411a23ce712799afd364975af824c969cb054488
SHA512

3ce58cca78928a009ae04c04782175c45fbafa77e2a07e6822c3a62fbe8d3a9cbc92be3998ec2902654393e302f96563d859f9510eca33512a196480eba808e8
SSDEEP

6144:18OmzGrmmKBO3BPN76oUxL/Gpyz18A+M1Viz/QCne:1Uq6mkGBnw0y7l1mE

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.dsbhfjcbewucjkew1hjcuefd.security/app_qwzo.p1i.e02k.dd9/obfs/0.obfedex	4504	com.dsbhfjcbewucjkew1hjcuefd.security
/data/user/0/com.dsbhfjcbewucjkew1hjcuefd.security/app_qwzo.p1i.e02k.dd9/obfs/0.obfedex	4504	com.dsbhfjcbewucjkew1hjcuefd.security

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.dsbhfjcbewucjkew1hjcuefd.security

com.dsbhfjcbewucjkew1hjcuefd.security
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4504

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dsbhfjcbewucjkew1hjcuefd.security/app_qwzo.p1i.e02k.dd9/obfs/0.obfedex

Filesize
156KB

MD5
79ff8b753903a2541c13c6ccb9e93109

SHA1
49ed84eaf2dd9ca8d48bf8612f6bef52e4b0bf56

SHA256
f7863153862d525b07b7f00d8602170827437340fea24c90b95bad8c22fffc2d

SHA512
2373b8b9d0049251cb4f6734b5aff3c81decebf4c3f2c2a8a6b877e0da48892532cf13f2eb1bda6b6dca1765506805d87322b048e43ac6afe30dfcd00e82bfbd

Download Submit
/storage/emulated/0/dsbhfjcbewucjkew1hjcuefd.txt

Filesize
2B

MD5
6512bd43d9caa6e02c990b0a82652dca

SHA1
17ba0791499db908433b80f37c5fbc89b870084b

SHA256
4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

SHA512
74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

Download Submit