Analysis

  • max time kernel
    170s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    18-06-2024 09:45

General

  • Target

    34f58aab768709cff64d00a210580800_NeikiAnalytics.apk

  • Size

    5.8MB

  • MD5

    34f58aab768709cff64d00a210580800

  • SHA1

    ccf32e78d680a1aaa59d9f5715fc9c3ba4271f4f

  • SHA256

    e21369cf19bf40ce44b49aac7a80095fa1f94079d3348aa82909f1c421624183

  • SHA512

    c822de7a3c49931273d26a5b4be8b8ec62a501743c5f508e76fccbbf123d712b20c1bb1b933308a6e86f5aec661187f01e6c26d761c2d03bbce91024efd71d68

  • SSDEEP

    98304:7l4R1sQzYB4Y5SIdhpeNBRlt5Azjy3hG+DgIJXMd2K:7lI131wSIjpeHt2zORGwo

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5097
  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:5167
  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Makes use of the framework's foreground persistence service
    PID:5334

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex

    Filesize

    2.9MB

    MD5

    24afd2241d3812986be177829b89e7c3

    SHA1

    ae45bd5b800cd3245219f6943b4d988566365540

    SHA256

    f4192b4aa46b990198667d174280a382bd9f385860c9f35731b6d8e57b51c18c

    SHA512

    0ee60052f4395ef502dfab56430a5648622d9d50ddc13859b70ead1f3205557bc67e9a06c6ca9085d7f8a2c17175e0cb0db2befa3b91bdcee8f055aabdde857a

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db

    Filesize

    32KB

    MD5

    5829064e9edffcb9c641dc0157833b29

    SHA1

    d9430aa0fa5239fb2b1a6fab99c75eb84b467a31

    SHA256

    6bc699d3abd67ba56bded2eb337f2d30982a3aea927814edc5e8cff45dfa5a9e

    SHA512

    1c9130c438f3a66cbe2c73f2bf3b4c565d7edf946d91da746f7c38a46b2d22ec503605d66f56715b820c8aa874ee9f84ccb7687307668734d74d778348e3db83

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    512B

    MD5

    dee6747e552beb5e57b5b25918224146

    SHA1

    badcacac277fa6101bc70278113cc7bb69c8c883

    SHA256

    13528ebd7a11d93d2133b17ad962f24fac0c1bb54c9313849a5530175cd9b577

    SHA512

    00b39993fd50df85cf6e7436a6427681835d1f65048c48b7afcab55f728b0a39190b01af4a3e3f404eb846212c7edd119799e0c429d62e9da7bcff9ae2d258c7

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    8KB

    MD5

    d87b18e9c02c8d625c408147cd2b378d

    SHA1

    03d468fdc1bc98088fc8b814b156afdb6b979fb9

    SHA256

    576eb01dfcc8930827b68d3bd046a50ff3649417dc8e2dc36dcfadf47add0b35

    SHA512

    c069d0f335cb3aad79923c465dff0b4b233b716a4b270077f1560d42758662d41c09520aae32fa1f80a17eb485a11aad94c49577648d4d3379d91a5841b29392

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    8KB

    MD5

    4985a2eaf0dc7b1ea78391a759e9ae18

    SHA1

    d17777bcad82dc3309d8d07f3c84626aec6af2ef

    SHA256

    4e33b61cea6f74a508d5f03cddb3ae722d8a7c1b66cdd180bc6149c850a56963

    SHA512

    e23a837568e9e17b60aa29feb2f3bdc929702c3d9d1aafc2d45ce43194fe6e24b1dd8a36b4d4bef4dc8bbffb4358c16f4e349572f7cedc43487c3be409906316

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    12KB

    MD5

    1e3b02f5c9d1e5bc79653d827bd15385

    SHA1

    b1b015dd6b2dcc6d14dc7bf9fa92e49f28eb92d5

    SHA256

    1c22707d722570c362d1a0f06bab50f46a3ab65eaead54356504630e780fe7e2

    SHA512

    2ca152e10205175ba1c5559a5b16a9e2e8d4ba478f60e33f932f63470ca9bf48e6d8ec763333821af6bb62d1e0e4e82a721297ddb9a6acd42188f6361eadeafc

  • /data/data/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    12KB

    MD5

    26fdc84598c83f14964b81cbb181c3a3

    SHA1

    8d7d8cdeef3dfdc7e70a5c3a4f1428f3ba959083

    SHA256

    d3e236f5c3e924c08a6fb00a3c39823272f11eb8620b600a3d5ec1f8d62ff598

    SHA512

    fa884b812d2724523b690bb7242ddc91d10ab0d1b6df9d512928076c87e9458f46e9872d566404451336bb1b84a291279a85f86d6dcdb903a7ae333ca7300beb