Analysis

  • max time kernel
    101s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    18-06-2024 09:45

General

  • Target

    34f58aab768709cff64d00a210580800_NeikiAnalytics.apk

  • Size

    5.8MB

  • MD5

    34f58aab768709cff64d00a210580800

  • SHA1

    ccf32e78d680a1aaa59d9f5715fc9c3ba4271f4f

  • SHA256

    e21369cf19bf40ce44b49aac7a80095fa1f94079d3348aa82909f1c421624183

  • SHA512

    c822de7a3c49931273d26a5b4be8b8ec62a501743c5f508e76fccbbf123d712b20c1bb1b933308a6e86f5aec661187f01e6c26d761c2d03bbce91024efd71d68

  • SSDEEP

    98304:7l4R1sQzYB4Y5SIdhpeNBRlt5Azjy3hG+DgIJXMd2K:7lI131wSIjpeHt2zORGwo

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 2 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    PID:4427
  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security:remote
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:4483
  • com.dzbfgdsuwehchiwejhce12jhdsuydh.security:acc
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Makes use of the framework's foreground persistence service
    PID:4586

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/app_com.dzbfgdsuwehchiwejhce12jhdsuydh.security.apps.BaseApplication/obfs/0.obfedex

    Filesize

    2.9MB

    MD5

    24afd2241d3812986be177829b89e7c3

    SHA1

    ae45bd5b800cd3245219f6943b4d988566365540

    SHA256

    f4192b4aa46b990198667d174280a382bd9f385860c9f35731b6d8e57b51c18c

    SHA512

    0ee60052f4395ef502dfab56430a5648622d9d50ddc13859b70ead1f3205557bc67e9a06c6ca9085d7f8a2c17175e0cb0db2befa3b91bdcee8f055aabdde857a

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db

    Filesize

    32KB

    MD5

    f270860bc2b2ae388efdd8307ebb837a

    SHA1

    13a083de73f2dc35cbdc83a98e5af0af3e8cf9cc

    SHA256

    d4173bb4194a68ce8842135363822cb0a02a40d82fb9f97faa6afffad04cc68b

    SHA512

    b12499f1618dc02bcc0eade9fb6fc029bcb45b82779c04f85d00910d75173998657699a246d0e316c97021a82f64245d44d1bdb27d34597bced1242da2406529

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    512B

    MD5

    71cd79a6f91edc85b4f0939cdc118797

    SHA1

    84c3f3089034823c7ae343956de3add02cd33dc4

    SHA256

    95939b23ae01f0590147e957952afc66ef0419cc6bb107621ce431a7907a3365

    SHA512

    a462c0721b5de1ed1aeb974d1a703a6978261de79782a39e37740bd3e24ab513a6733966f87e694942646a3b40934357950c74083276a159c264f0d32d2ed2a9

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    8KB

    MD5

    e0293cfb75677177fc34488f0d6d39ac

    SHA1

    a6dfde81fb90f698df6b1cbe38b8b1b68308f1a2

    SHA256

    c0a03fc6462429b7776861f80d757b41b7a460441479a7036209851c35a6f30c

    SHA512

    87d99b3fd0609fba42d52c8fa3342dad8e6ddd1efa0f5f4176e5129b562f6ce29b9ab921d5eb731dd17bbf4c903ef65f4591e03248a37531be144a464b5181fa

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    8KB

    MD5

    59cc876e9663dca82595fc6ca436d42e

    SHA1

    3c64f3fd0d4b874fe087a36610344e1d3bf8640a

    SHA256

    bd62caebbb42ef822613d3305641b7b944132a30c296c9a286593131ee7399f3

    SHA512

    00bffd2aaa4c78653344c03a30b38aaf9bbbd746b9f9848087510df4102ba810206e99f12653ca7de064cf3b4fe8abc68d3cd69e3f31465e8280bdd164aedb76

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    12KB

    MD5

    0d4fed161b1ced65ea7df7fedb86af36

    SHA1

    db6a06ce43003e539a289fc426aba8c587438c0a

    SHA256

    dd50ef352f9402dcedf57346b6db74be728c65a4e34850963c1a8da3e4e9ac95

    SHA512

    cc43f6c6c778c2c313a10061cc3584700e7b7958b50d170199bb4ec9c921bc3577113f3a84319de5892a334868bbe3317d23174441cb7a56df05fcd494c10d91

  • /data/user/0/com.dzbfgdsuwehchiwejhce12jhdsuydh.security/databases/db.db-journal

    Filesize

    12KB

    MD5

    35d682cd44e7d35b625986d14176f59e

    SHA1

    b424bc50a6c213a8381a46f09ba53194b81689a1

    SHA256

    b20349b8d430cf1250583402ba0f2c1c7eaa6dd1a338be5a8c60fa4c7856164a

    SHA512

    d7ba9cd106f711748aa0abe88e1ab1f1a5564fe17d9f4a320c6e153a8d88f97981f7cf7d7f34333493fb71137635dc9180369008043adba30ecad38fe88e3bbf