535a8f0ca02f5b15b61fb1fc6051d0c8ae1309fbdbaa57d0b48b5d8d3190deda

Analysis

max time kernel
8s
max time network
175s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16/06/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

535a8f0ca02f5b15b61fb1fc6051d0c8ae1309fbdbaa57d0b48b5d8d3190deda.apk
Size

313KB
MD5

2f8aa941c9b87fc6ca21ad079e53dcf6
SHA1

b6b3c6e5b050ffd99fecb19646644e6a65e8ad00
SHA256

535a8f0ca02f5b15b61fb1fc6051d0c8ae1309fbdbaa57d0b48b5d8d3190deda
SHA512

ee18b3e374bdf3a264bb118cdf68e0a2fd95da2d590203ba3800b6834a98915519a0b1e725a88be75bf51b0bc5db7e0be461879e72854b05627b2cc625235eaa
SSDEEP

6144:QFt8ILZxgdMvJ8Q50maRBJh2e0BuLlk+4C4xn/vqS:yLZiavJvanJF0BuLl1e/h

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 22 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.dsbcjksdwhcuiewkj26flkjve.security

com.dsbcjksdwhcuiewkj26flkjve.security
1⤵
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4566

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/0.obfedex

Filesize
52KB

MD5
47c737e21f9e3e767135f7696b3ac81c

SHA1
2b38009a15d4654beb8cf735d5797d1b09b96a19

SHA256
2809acc71ab5a404b0a153a672ddee949561009d8e5ca74d4b55023928b5b7fd

SHA512
817ceafb258d500d0945d7969e966f887b2fe23c571f5dffb89f092e93a55271efdd50b985910a984299a2793ee352661f2e1f545f5c579c3ee1c72e4bcd1c71

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/1.obfedex

Filesize
1KB

MD5
36d159912dcad873c63aef06e294d897

SHA1
1eeb4283c5fd73f3edbbf0f7ba5e2aab596838dd

SHA256
ca12be5f0b51807412164ce4c32dd27c3c1f58d15410a50efc579c25e6531fed

SHA512
6be0e23e8016454f13e927da0372c5dc931ba6ce3cf9d52a6a246c3a4eb4734c82d191535a1cfa771eb53bbfc644f0ac12e3445d395c30c42ba1ab626206f852

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/10.obfedex

Filesize
7KB

MD5
234df4b4b2ce34b8576faae7e7c15279

SHA1
925fab197d2fcc2adfb8e7b4acc872e83ed50b33

SHA256
4508881ede9be700bd32643db06b0766e6ff3f7508c5851691ec647b5df42144

SHA512
a41c7fb72388f356fefbdc7278810d3c9d6de90b6f4ed251163561bf8bde2defd3708c61db9c52c24c79ec8af585623e58609d2d16699658b9b6f4352f2c9392

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/2.obfedex

Filesize
1KB

MD5
f0cf26e3a5cfd363394bb140176a721b

SHA1
0e36cab73ecdeedf3eea99ff6bc7c3cc825afa0b

SHA256
350ae30e88fab1d37505884d3111d3c084303bacda7f6c18107ca26cd21cab17

SHA512
78f93638ffd7dbbdb7cec451f93176f2a7970bf674c2db17f9f551e85820180bad836bbd0d1ea050ac3ed11c0f0589085082774b57ebf449fc0c3932aa23a32b

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/3.obfedex

Filesize
59KB

MD5
f66db7be67cbdc6ae4b3b0587bc193b4

SHA1
0e856fb05a7956ade5f460e46eb000a21438717b

SHA256
ef1fe8106f647c8cca79d69d35c06ad3bc72f13d594f7a0ff6eee674cc2bfd4b

SHA512
776f3e3d576dfe78aeb6db0739b1a2a5b10dba515001917028f9317e411fa553db1a5f5f646e53d050fb2f48c76acbe7006ccc6fd9ff5a63d2a02fa069b362d7

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/4.obfedex

Filesize
19KB

MD5
781a518caf3895f0212d93f86085a07a

SHA1
8eef80b2d7d21180eef90bc06a9cfddbb1b07d45

SHA256
b9b22fa16623d2f83153be1ab94ae275b874b28a4148e5e4e0e17dd5f15e67b2

SHA512
621e8505c03cbf88f19cb9b4199f6d5dfef4ba252233332e455c7e4741ec73b9e1cb1f576a0b7634f5d281b701e5590a67ce863cb70c0c86a5fb22580e672c74

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/5.obfedex

Filesize
16KB

MD5
5ab4cfc0ade2699e8c95e03841339096

SHA1
b25f4e0bd46961fa322e7faba4ccf8bfdf568e55

SHA256
953b091d8633a93b6f9f1b6330b4e8f494828233a2c0f795352811687576ad67

SHA512
06a05b5d63b0bf14eceb726f0a0ff885cfadce800c0b99f7742a75af0d2a6497fc1325bba993cc4fa468fee46745e7cdc4e9037739654d78e6518d22c3868b52

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/6.obfedex

Filesize
5KB

MD5
9bb95395a52eacce8c2f515bc45b1149

SHA1
071279f71f1fa3ec5fcb613dc2bb35cc419287c4

SHA256
7110dc06fc4f5207001aeefb4e6a279edcd82fd7a7d8d20c05ee22e0496d1637

SHA512
092c9987c1c9f5e03e20a928cb7072447a26032066b4387854c0ad304681c9b39ac390d8d16486b2aedc807563858462e38b696d67f532d321086622dd83f8a2

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/7.obfedex

Filesize
7KB

MD5
477c106318dc6fe168634cec5cffbd64

SHA1
28003daf2ac885fd6375e39540c9264bbc39f279

SHA256
94a46f3eb2fba6b6420b976ac0c5b9e42260bf4b7790abc6ee46e12bd916463d

SHA512
37ffad0fe3551fc16378205f5ac52fcb7ae9dd6c0d59e7ad00e8da32eed24710408a359457b376c19a33fc274efb3aac8d0a8a3d8f4ef1942eba274c337d6ec6

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/8.obfedex

Filesize
4KB

MD5
b3597d369cf86dee48ce8f7d4f2f5206

SHA1
0f925790e5bf34734deacd2a4d14a892122952eb

SHA256
f26e8627c19105e71cf6ac6009cf422a3cf23473c4fd5ce61f0b5e1086c6f7d5

SHA512
25f4056bb55df31e984a0573c103518f4bba90ee7e36c201c0cd9fd1bbedf329f0c3a2bd9d3ed238ae146d7d24a361a11688dbc72c8e803f0891ee6f9340d51d

Download Submit
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/9.obfedex

Filesize
984B

MD5
36eb679975e0a60fd74cf38d23a65414

SHA1
00842f9e2a596cb6f1dce078829e6386ba6a7217

SHA256
a9a61fa175ab8cfcd32f9ec0f26625aca1f16ab3b4ed4a0110556246384c7972

SHA512
e75a4a806c6f68dbd3b7285c17aaf84384586c7496ea34ae9e3697c7d5ae9656fe61fab99bfda980182bf3f60bdf500e1ded680dcdfd08ef2c910935ba6e01f7

Download Submit
/storage/emulated/0/dsbcjksdwhcuiewkj26flkjve.txt

Filesize
2B

MD5
6512bd43d9caa6e02c990b0a82652dca

SHA1
17ba0791499db908433b80f37c5fbc89b870084b

SHA256
4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

SHA512
74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

Download Submit

ioc	pid	Process
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/0.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/0.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/1.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/1.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/2.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/2.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/3.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/3.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/4.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/4.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/5.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/5.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/6.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/6.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/7.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/7.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/8.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/8.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/9.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/9.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/10.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security
/data/user/0/com.dsbcjksdwhcuiewkj26flkjve.security/app_ca67.stx.qksa.t4f/obfs/10.obfedex	4566	com.dsbcjksdwhcuiewkj26flkjve.security