Malware Analysis Report

2025-01-19 05:20

Sample ID 240818-fml3hazbmp
Target TIKTOK 18-tiktok18apps.com.apk
SHA256 47228c89912ed8f23d684381f780005e20a12597513eb51bd5c4997a5823eb76
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

47228c89912ed8f23d684381f780005e20a12597513eb51bd5c4997a5823eb76

Threat Level: Likely malicious

The file TIKTOK 18-tiktok18apps.com.apk was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-18 04:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-18 04:59

Reported

2024-08-18 05:05

Platform

android-x86-arm-20240624-en

Max time kernel

2s

Max time network

320s

Command Line

org.chromium.webapk.a0bd754b328f127e7_v2

Signatures

N/A

Processes

org.chromium.webapk.a0bd754b328f127e7_v2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 fikfap.com udp
US 104.26.12.205:443 fikfap.com tcp
US 104.26.12.205:443 fikfap.com tcp
US 1.1.1.1:53 api.fikfap.com udp
US 1.1.1.1:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
GB 142.250.178.14:443 analytics.google.com tcp
GB 64.233.166.155:443 stats.g.doubleclick.net tcp
US 104.26.12.205:443 api.fikfap.com tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 104.26.12.205:443 api.fikfap.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
GB 172.217.16.227:80 tcp
GB 172.217.16.228:443 tcp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.200.2:443 tcp
GB 216.58.213.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.187.227:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.227:443 tcp
GB 216.58.213.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.179.238:443 tcp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-18 04:59

Reported

2024-08-18 05:05

Platform

android-x64-20240624-en

Max time kernel

2s

Max time network

316s

Command Line

org.chromium.webapk.a0bd754b328f127e7_v2

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

org.chromium.webapk.a0bd754b328f127e7_v2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 216.58.213.10:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 fikfap.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 104.26.12.205:443 fikfap.com tcp
US 104.26.12.205:443 fikfap.com tcp
US 1.1.1.1:53 api.fikfap.com udp
US 1.1.1.1:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 216.239.34.181:443 analytics.google.com tcp
GB 173.194.76.155:443 stats.g.doubleclick.net tcp
US 104.26.12.205:443 api.fikfap.com tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.179.226:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
GB 142.250.187.227:443 tcp

Files

N/A