Overview
overview
8Static
static
63b5558487a...13.apk
windows10-1703-x64
33b5558487a...13.apk
windows7-x64
33b5558487a...13.apk
windows10-1703-x64
33b5558487a...13.apk
windows10-2004-x64
33b5558487a...13.apk
windows11-21h2-x64
33b5558487a...13.apk
android-13-x64
73b5558487a...13.apk
android-10-x64
13b5558487a...13.apk
android-11-x64
83b5558487a...13.apk
android-13-x64
73b5558487a...13.apk
android-9-x86
83b5558487a...13.apk
macos-10.15-amd64
43b5558487a...13.apk
macos-10.15-amd64
3b5558487a...13.apk
ubuntu-22.04-amd64
3b5558487a...13.apk
debian-12-armhf
3b5558487a...13.apk
debian-12-mipsel
3b5558487a...13.apk
debian-9-armhf
3b5558487a...13.apk
debian-9-mips
3b5558487a...13.apk
debian-9-mipsel
3b5558487a...13.apk
ubuntu-18.04-amd64
3b5558487a...13.apk
ubuntu-20.04-amd64
3b5558487a...13.apk
ubuntu-22.04-amd64
3b5558487a...13.apk
ubuntu-24.04-amd64
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 10:30
Static task
static1
Behavioral task
behavioral1
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral8
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral9
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral10
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral11
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
macos-20240611-en
Behavioral task
behavioral12
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
macos-20240611-en
Behavioral task
behavioral13
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral14
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral15
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral16
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral17
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral18
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral19
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral21
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral22
Sample
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
-
Size
531KB
-
MD5
3d62760cc1b53064b7cabb6ba5809aa8
-
SHA1
87f23e331ed8ffcc5e26d43e38cda7723ca67f3c
-
SHA256
3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913
-
SHA512
a18f05ef5aa1c2c08c47f18f0040e2f1c9c11395097bfc56fccc4e44c06d94d0e1fffdc4a9de4c175bf59d1115b99a268b18e873598e58aee7d478d8dfd604d4
-
SSDEEP
12288:J1vJnNQoG6nIA0uqMa9nWUjojagxLo+ghB5KrnjSw:JVJnCoG630rnWFjHoNhBIHSw
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\.apk rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\.apk\ = "apk_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2820 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 2820 AcroRd32.exe 2820 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 352 wrote to memory of 2632 352 cmd.exe rundll32.exe PID 352 wrote to memory of 2632 352 cmd.exe rundll32.exe PID 352 wrote to memory of 2632 352 cmd.exe rundll32.exe PID 2632 wrote to memory of 2820 2632 rundll32.exe AcroRd32.exe PID 2632 wrote to memory of 2820 2632 rundll32.exe AcroRd32.exe PID 2632 wrote to memory of 2820 2632 rundll32.exe AcroRd32.exe PID 2632 wrote to memory of 2820 2632 rundll32.exe AcroRd32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5701116fb8c8af56962175250f4eb7b43
SHA153127dfed3415c40e1b6bb5b43024b060d77deda
SHA256b1fcfd9adaaa92ae1558bebd4f0c1bf2aa739e22a7c06f45ae87c99d70c45b4e
SHA512bb4914b861ee6d3ede8d85041cd563f9d75a95274bdfbbb5d01cfdcd38a334d34a69b4fe57ff0af221cd0892e064a3e05862a6ea2280d862f048813157202dd7