Malware Analysis Report

2024-09-09 16:20

Sample ID 240710-126qnssgjp
Target bf665fb7cbe873441745284aa0dc62b93def14990476ac6a4a50c1aebc74b8ec.bin
SHA256 bf665fb7cbe873441745284aa0dc62b93def14990476ac6a4a50c1aebc74b8ec
Tags
evasion antidot
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf665fb7cbe873441745284aa0dc62b93def14990476ac6a4a50c1aebc74b8ec

Threat Level: Known bad

The file bf665fb7cbe873441745284aa0dc62b93def14990476ac6a4a50c1aebc74b8ec.bin was found to be: Known bad.

Malicious Activity Summary

evasion antidot

Antidot family

Antidot payload

Loads dropped Dex/Jar

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-10 22:09

Signatures

Antidot family

antidot

Antidot payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:35

Platform

android-x86-arm-20240624-en

Max time kernel

3s

Max time network

131s

Command Line

rs.adsregex

Signatures

N/A

Processes

rs.adsregex

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

/data/data/rs.adsregex/dpt-libs/x86/libdpt.so

MD5 122ef29cd1aac46fa82c41cd40ef61e0
SHA1 a659f4793db895dbeb598ef9dfab2f1bb17b3497
SHA256 8bd3133b9b04e1932adc1dbc84b4b4ee75ae26b42aade3cdeca611fa85da109a
SHA512 5ce85f3a7dca8dcabad94e9af789ca1978bc5dfae2a8393f54b264c536c7fae2efce644bc42b848c3bc6d40a25cba75acea14c46dde9e5ad32e8ec4e8d3d8e5a

/data/data/rs.adsregex/code_cache/i11111i111.zip

MD5 58126170af87307181c176fdcdb6499a
SHA1 05def5c224a12a6b64cd250397f7dfab00174f9f
SHA256 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2
SHA512 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:35

Platform

android-x64-20240624-en

Max time kernel

3s

Max time network

135s

Command Line

rs.adsregex

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/rs.adsregex/code_cache/i11111i111.zip N/A N/A
N/A /data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex N/A N/A

Processes

rs.adsregex

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/rs.adsregex/dpt-libs/x86_64/libdpt.so

MD5 14a36e2eea3edcb7a7b9f00668c86dde
SHA1 25b0cf4f6423d29402a533517fc6b1277f10d7b1
SHA256 8f87c1fdcdadeafa04c11bc390675c2e293cddf8df09971854f637e19651070a
SHA512 695ebeb763361f19e1f6a561d88dd3b23e1c8284513e4a01e83a4876f92365c9653039595319f493450c2d75e04e9ff75ba5eeaab50c55363958b1ed279ef8d2

/data/data/rs.adsregex/code_cache/i11111i111.zip

MD5 58126170af87307181c176fdcdb6499a
SHA1 05def5c224a12a6b64cd250397f7dfab00174f9f
SHA256 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2
SHA512 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1

/data/user/0/rs.adsregex/code_cache/i11111i111.zip

MD5 bf8e3906efde15a2584c6f1aef990652
SHA1 48fe4ff301934df9e2fe47e92d6b4b5ad28bfa4b
SHA256 60ef522353a5654305a7709dec341fe643bda55a325f16583a9e25c731cf6b7a
SHA512 8c67bb09b896535807c35359d740012adc412cff920aff3fb80f5db2f7e33a795275d07377e60a5635fbd10322a500d20b93e9140de832c87e4ea01cc4d14c05

/data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex

MD5 c15804d75ad84c1de89596a48950be14
SHA1 571ed1b9dfc541b2b3929bfa5727b408cae2bb8e
SHA256 07072b1c20c4cf6785cba0ea43158365c46dc027e5fb0d43a27826fa1206e5e4
SHA512 0612cc8aa98385477592de07c9c8cb5ad602d423a469c0c9cfc6341ff46aa2d4e84be5217bc087fc82f15dbdd2ccce1d72e37e3ff88a9405f4da21538e39e689

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:35

Platform

android-x64-arm64-20240624-en

Max time kernel

4s

Max time network

132s

Command Line

rs.adsregex

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/rs.adsregex/code_cache/i11111i111.zip N/A N/A
N/A /data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex N/A N/A

Processes

rs.adsregex

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/rs.adsregex/dpt-libs/x86_64/libdpt.so

MD5 14a36e2eea3edcb7a7b9f00668c86dde
SHA1 25b0cf4f6423d29402a533517fc6b1277f10d7b1
SHA256 8f87c1fdcdadeafa04c11bc390675c2e293cddf8df09971854f637e19651070a
SHA512 695ebeb763361f19e1f6a561d88dd3b23e1c8284513e4a01e83a4876f92365c9653039595319f493450c2d75e04e9ff75ba5eeaab50c55363958b1ed279ef8d2

/data/data/rs.adsregex/code_cache/i11111i111.zip

MD5 58126170af87307181c176fdcdb6499a
SHA1 05def5c224a12a6b64cd250397f7dfab00174f9f
SHA256 459d973ff1baf8c8124e9a179cba43d82161745a38c60776d35c9113b440ccf2
SHA512 07cab1f740ca33baf1ffd0000868ea0f4189c3d63d7c15b37d54dfed2d69cb591768f5de5c3115768ea94237c10a1249f95fcbdcafe7600bf9d0b778da8984d1

/data/user/0/rs.adsregex/code_cache/i11111i111.zip

MD5 bf8e3906efde15a2584c6f1aef990652
SHA1 48fe4ff301934df9e2fe47e92d6b4b5ad28bfa4b
SHA256 60ef522353a5654305a7709dec341fe643bda55a325f16583a9e25c731cf6b7a
SHA512 8c67bb09b896535807c35359d740012adc412cff920aff3fb80f5db2f7e33a795275d07377e60a5635fbd10322a500d20b93e9140de832c87e4ea01cc4d14c05

/data/user/0/rs.adsregex/code_cache/i11111i111.zip!classes2.dex

MD5 c15804d75ad84c1de89596a48950be14
SHA1 571ed1b9dfc541b2b3929bfa5727b408cae2bb8e
SHA256 07072b1c20c4cf6785cba0ea43158365c46dc027e5fb0d43a27826fa1206e5e4
SHA512 0612cc8aa98385477592de07c9c8cb5ad602d423a469c0c9cfc6341ff46aa2d4e84be5217bc087fc82f15dbdd2ccce1d72e37e3ff88a9405f4da21538e39e689

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:32

Platform

android-x86-arm-20240624-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:32

Platform

android-x64-20240624-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-10 22:09

Reported

2024-07-10 22:32

Platform

android-x64-arm64-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp

Files

N/A