Analysis
-
max time kernel
170s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
-
Size
5.8MB
-
MD5
34f58aab768709cff64d00a210580800
-
SHA1
ccf32e78d680a1aaa59d9f5715fc9c3ba4271f4f
-
SHA256
e21369cf19bf40ce44b49aac7a80095fa1f94079d3348aa82909f1c421624183
-
SHA512
c822de7a3c49931273d26a5b4be8b8ec62a501743c5f508e76fccbbf123d712b20c1bb1b933308a6e86f5aec661187f01e6c26d761c2d03bbce91024efd71d68
-
SSDEEP
98304:7l4R1sQzYB4Y5SIdhpeNBRlt5Azjy3hG+DgIJXMd2K:7lI131wSIjpeHt2zORGwo
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5097 com.dzbfgdsuwehchiwejhce12jhdsuydh.security /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5097 com.dzbfgdsuwehchiwejhce12jhdsuydh.security /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5167 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5167 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5334 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 5334 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.dzbfgdsuwehchiwejhce12jhdsuydh.security -
Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.dzbfgdsuwehchiwejhce12jhdsuydh.security Framework service call android.app.IActivityManager.setServiceForeground com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dzbfgdsuwehchiwejhce12jhdsuydh.security -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.dzbfgdsuwehchiwejhce12jhdsuydh.security -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.dzbfgdsuwehchiwejhce12jhdsuydh.security
Processes
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5097
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:5167
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
PID:5334
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex
Filesize2.9MB
MD524afd2241d3812986be177829b89e7c3
SHA1ae45bd5b800cd3245219f6943b4d988566365540
SHA256f4192b4aa46b990198667d174280a382bd9f385860c9f35731b6d8e57b51c18c
SHA5120ee60052f4395ef502dfab56430a5648622d9d50ddc13859b70ead1f3205557bc67e9a06c6ca9085d7f8a2c17175e0cb0db2befa3b91bdcee8f055aabdde857a
-
Filesize
32KB
MD55829064e9edffcb9c641dc0157833b29
SHA1d9430aa0fa5239fb2b1a6fab99c75eb84b467a31
SHA2566bc699d3abd67ba56bded2eb337f2d30982a3aea927814edc5e8cff45dfa5a9e
SHA5121c9130c438f3a66cbe2c73f2bf3b4c565d7edf946d91da746f7c38a46b2d22ec503605d66f56715b820c8aa874ee9f84ccb7687307668734d74d778348e3db83
-
Filesize
512B
MD5dee6747e552beb5e57b5b25918224146
SHA1badcacac277fa6101bc70278113cc7bb69c8c883
SHA25613528ebd7a11d93d2133b17ad962f24fac0c1bb54c9313849a5530175cd9b577
SHA51200b39993fd50df85cf6e7436a6427681835d1f65048c48b7afcab55f728b0a39190b01af4a3e3f404eb846212c7edd119799e0c429d62e9da7bcff9ae2d258c7
-
Filesize
8KB
MD5d87b18e9c02c8d625c408147cd2b378d
SHA103d468fdc1bc98088fc8b814b156afdb6b979fb9
SHA256576eb01dfcc8930827b68d3bd046a50ff3649417dc8e2dc36dcfadf47add0b35
SHA512c069d0f335cb3aad79923c465dff0b4b233b716a4b270077f1560d42758662d41c09520aae32fa1f80a17eb485a11aad94c49577648d4d3379d91a5841b29392
-
Filesize
8KB
MD54985a2eaf0dc7b1ea78391a759e9ae18
SHA1d17777bcad82dc3309d8d07f3c84626aec6af2ef
SHA2564e33b61cea6f74a508d5f03cddb3ae722d8a7c1b66cdd180bc6149c850a56963
SHA512e23a837568e9e17b60aa29feb2f3bdc929702c3d9d1aafc2d45ce43194fe6e24b1dd8a36b4d4bef4dc8bbffb4358c16f4e349572f7cedc43487c3be409906316
-
Filesize
12KB
MD51e3b02f5c9d1e5bc79653d827bd15385
SHA1b1b015dd6b2dcc6d14dc7bf9fa92e49f28eb92d5
SHA2561c22707d722570c362d1a0f06bab50f46a3ab65eaead54356504630e780fe7e2
SHA5122ca152e10205175ba1c5559a5b16a9e2e8d4ba478f60e33f932f63470ca9bf48e6d8ec763333821af6bb62d1e0e4e82a721297ddb9a6acd42188f6361eadeafc
-
Filesize
12KB
MD526fdc84598c83f14964b81cbb181c3a3
SHA18d7d8cdeef3dfdc7e70a5c3a4f1428f3ba959083
SHA256d3e236f5c3e924c08a6fb00a3c39823272f11eb8620b600a3d5ec1f8d62ff598
SHA512fa884b812d2724523b690bb7242ddc91d10ab0d1b6df9d512928076c87e9458f46e9872d566404451336bb1b84a291279a85f86d6dcdb903a7ae333ca7300beb