Analysis
-
max time kernel
101s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
34f58aab768709cff64d00a210580800_NeikiAnalytics.apk
-
Size
5.8MB
-
MD5
34f58aab768709cff64d00a210580800
-
SHA1
ccf32e78d680a1aaa59d9f5715fc9c3ba4271f4f
-
SHA256
e21369cf19bf40ce44b49aac7a80095fa1f94079d3348aa82909f1c421624183
-
SHA512
c822de7a3c49931273d26a5b4be8b8ec62a501743c5f508e76fccbbf123d712b20c1bb1b933308a6e86f5aec661187f01e6c26d761c2d03bbce91024efd71d68
-
SSDEEP
98304:7l4R1sQzYB4Y5SIdhpeNBRlt5Azjy3hG+DgIJXMd2K:7lI131wSIjpeHt2zORGwo
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4427 com.dzbfgdsuwehchiwejhce12jhdsuydh.security /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4427 com.dzbfgdsuwehchiwejhce12jhdsuydh.security /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4483 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4483 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4586 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex 4586 com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.dzbfgdsuwehchiwejhce12jhdsuydh.security -
Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.dzbfgdsuwehchiwejhce12jhdsuydh.security Framework service call android.app.IActivityManager.setServiceForeground com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dzbfgdsuwehchiwejhce12jhdsuydh.security -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.dzbfgdsuwehchiwejhce12jhdsuydh.security
Processes
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Schedules tasks to execute at a specified time
PID:4427
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4483
-
com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Makes use of the framework's foreground persistence service
PID:4586
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex
Filesize2.9MB
MD524afd2241d3812986be177829b89e7c3
SHA1ae45bd5b800cd3245219f6943b4d988566365540
SHA256f4192b4aa46b990198667d174280a382bd9f385860c9f35731b6d8e57b51c18c
SHA5120ee60052f4395ef502dfab56430a5648622d9d50ddc13859b70ead1f3205557bc67e9a06c6ca9085d7f8a2c17175e0cb0db2befa3b91bdcee8f055aabdde857a
-
Filesize
32KB
MD5f270860bc2b2ae388efdd8307ebb837a
SHA113a083de73f2dc35cbdc83a98e5af0af3e8cf9cc
SHA256d4173bb4194a68ce8842135363822cb0a02a40d82fb9f97faa6afffad04cc68b
SHA512b12499f1618dc02bcc0eade9fb6fc029bcb45b82779c04f85d00910d75173998657699a246d0e316c97021a82f64245d44d1bdb27d34597bced1242da2406529
-
Filesize
512B
MD571cd79a6f91edc85b4f0939cdc118797
SHA184c3f3089034823c7ae343956de3add02cd33dc4
SHA25695939b23ae01f0590147e957952afc66ef0419cc6bb107621ce431a7907a3365
SHA512a462c0721b5de1ed1aeb974d1a703a6978261de79782a39e37740bd3e24ab513a6733966f87e694942646a3b40934357950c74083276a159c264f0d32d2ed2a9
-
Filesize
8KB
MD5e0293cfb75677177fc34488f0d6d39ac
SHA1a6dfde81fb90f698df6b1cbe38b8b1b68308f1a2
SHA256c0a03fc6462429b7776861f80d757b41b7a460441479a7036209851c35a6f30c
SHA51287d99b3fd0609fba42d52c8fa3342dad8e6ddd1efa0f5f4176e5129b562f6ce29b9ab921d5eb731dd17bbf4c903ef65f4591e03248a37531be144a464b5181fa
-
Filesize
8KB
MD559cc876e9663dca82595fc6ca436d42e
SHA13c64f3fd0d4b874fe087a36610344e1d3bf8640a
SHA256bd62caebbb42ef822613d3305641b7b944132a30c296c9a286593131ee7399f3
SHA51200bffd2aaa4c78653344c03a30b38aaf9bbbd746b9f9848087510df4102ba810206e99f12653ca7de064cf3b4fe8abc68d3cd69e3f31465e8280bdd164aedb76
-
Filesize
12KB
MD50d4fed161b1ced65ea7df7fedb86af36
SHA1db6a06ce43003e539a289fc426aba8c587438c0a
SHA256dd50ef352f9402dcedf57346b6db74be728c65a4e34850963c1a8da3e4e9ac95
SHA512cc43f6c6c778c2c313a10061cc3584700e7b7958b50d170199bb4ec9c921bc3577113f3a84319de5892a334868bbe3317d23174441cb7a56df05fcd494c10d91
-
Filesize
12KB
MD535d682cd44e7d35b625986d14176f59e
SHA1b424bc50a6c213a8381a46f09ba53194b81689a1
SHA256b20349b8d430cf1250583402ba0f2c1c7eaa6dd1a338be5a8c60fa4c7856164a
SHA512d7ba9cd106f711748aa0abe88e1ab1f1a5564fe17d9f4a320c6e153a8d88f97981f7cf7d7f34333493fb71137635dc9180369008043adba30ecad38fe88e3bbf