4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4

Resubmissions

29/08/2024, 15:33

240829-szp15syflh 10

29/08/2024, 02:14

240829-cnzs7szhqm 10

Analysis

max time kernel
27s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29/08/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

k.apk
Size

3.5MB
MD5

fc91f5ec788858dd0bf446840404b54f
SHA1

bc137d65ca80518a8142dc13e6aebfcccc52170f
SHA256

4bcb6951c5f78c646c19771ff58c2ea749e734ae3fa916f130aeee8e083ca2e4
SHA512

3edcf82701d7efd9000403c30f4511a485e979a81d96175a3e63a40886c6d5f6541e70b8de0ee10ca21399c1f1c872562c8bc9b7d335608395ffada3006ffd0c
SSDEEP

49152:tmqmsPEvtj1o2POM73aZkSPzBpKjGCZdDV19CLVtr2ps8aA9wq+ID9+G1WV7d6lz:tmqmLlj/PH3PcDOB3Cnaq859RIIR

Score

7^/10

collection discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip	4605	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip	4605	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip	4605	com.juzyuwqt.thxxnjvf
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip	4605	com.juzyuwqt.thxxnjvf

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.juzyuwqt.thxxnjvf

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.juzyuwqt.thxxnjvf

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juzyuwqt.thxxnjvf

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.juzyuwqt.thxxnjvf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.juzyuwqt.thxxnjvf
1⤵
- Loads dropped Dex/Jar
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4605

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db

Filesize
16KB

MD5
df5c8186fb22a98af5f11e32940b718d

SHA1
a17b812629f622f016a305b55254d79155f95c33

SHA256
efd974132e07d0feac04432b4136ba9f7e170470b2b1bfdc8587a32aef52d2b8

SHA512
1183208100d47bd2291da53d642274574fc0bf2cddcda9fdca307db624c681b1bfd1877cc83c557e9a031a5f9f500ef4f312312c7c86d53be43421ca196fd45e

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
512B

MD5
90c4d95f23f8d9306b95c0a8fa2b7722

SHA1
ad5b87fbaf90b55d1ac2559935d854f6dcde9f7e

SHA256
d978188d4d61145cfccbf38c5b1bb98f9c29598a32a9239257f328eefe9e0f10

SHA512
1d68fecf7d3f0416c6d8fdb59bea9f33a50464531dcb805145b7920f228c1f813116c99dc6f58e988c1578529e694a829223c607796abd099035a9caae0eb2bd

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
8KB

MD5
9bb8cc2f668805f60dcf4d2603d1c9b5

SHA1
1b9f43fc14b81a4e074b1eb5f4695e63c686ca97

SHA256
ef17030985e7630bb0fbcce2070c95ebacb6dafd611396be34c68d02c047f65a

SHA512
11a57102d67503d07ffd6cdeebe41b4a068e91ed4040bba151dc5ddba7d6e6c67f441ba32733c7d6f2e55e8e8c491f38919bfb343d9a9f84a5c09a893fdefa5a

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/databases/privatesms.db-journal

Filesize
8KB

MD5
fd5daf2d302231aeb3b41b529233a083

SHA1
ca93fdede805407d645377d56cd5b3a4b38013b4

SHA256
185ebafac7ff0d2833750f81c8193472a5c234446b1e0079c4ad320492c2da90

SHA512
45d1e03eaa597c3e5402b53891a5933c40cae3b9448fd249f86172b6b8c0949041c7e86f0552292f7cee60c450052a7f0d6cfc7e535950e2ff2cf438ab3e2af8

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/479114.so

Filesize
145KB

MD5
9f7955db7f30191ce65c0dfc8c0ce4fb

SHA1
1174c22e03275dc289b6827222aa41e66650a295

SHA256
85fbadaa8a7e3fcb05a161cc44f8a99e6b52c1106e11ec898ebd1f5c86afb58c

SHA512
5a8ee4fc42933b725082d96fe09dc5f8ae1484eeac27c2e2adb8dde4e6eb3a559cf7edb199617b6455bc44f7c4d18beebce6c3ee3c22a59840655457cf2f4380

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/479115.so

Filesize
270KB

MD5
50f9ec90c3673e659dc94343566dc4ec

SHA1
23c44eb8dca80f5b83ccb1c19dc6821ce834bc72

SHA256
ff9b12bdf3c193c6908a149f363ade859fb1471ecc509c0163607e4a4d2a9285

SHA512
73f5b22878799424bd34016013d3c9026a6379d60503d3ec9befcfe1437c9f28db3546ef4e7d240fc2f725e3ae59bda2d6d166d4d62e5f5d6da1c34bbfe07102

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip

Filesize
548KB

MD5
8a56d10123d8fb7f7672261c609c7343

SHA1
0f9046d02f050ef0949fc4c12346b4b64c04a36c

SHA256
5c67a00a92b3aadc52e21b20bc2a337412253850487056b965fff478c0be7869

SHA512
876c101e5de4c61b7233b580a151b0845e688a563b7deab28076cb2420c50a93c28b2eeb11ddb13e3396df45aaa926d97692e34fa4ab785bfef252806ed0ca78

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/95adbfe2f455c0ae.zip

Filesize
1.3MB

MD5
7ab2793451a957186ac073041c1ea72f

SHA1
2584cdb12c209f9a7f9c024e702d49a30fe11d62

SHA256
964f248542766ddba915f7ebafa9972117d46e4f28f654513ed69d7d7a1b5ff4

SHA512
3228bc50db8bb04ae5a05d210548e4020c567c8d394a5f9f8ed38718635f1535111e9ec068b2398ada172ce65e740f6ce0f8c9235c7131d953540dd894dae44e

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip

Filesize
649KB

MD5
660e9ccebedb399da7b3d9fedc6ab638

SHA1
12e4da8b1b09746b52053265c69a8964d291408c

SHA256
81f5d456f86af0289e35e217798e370fd94f903cfb6673d6ee49ac3ab7c7512f

SHA512
ad59915b41b3419274b841dcdf58352271ea077dd73e729528f4ba440fe55b1a2cbd6969ba42472ee7ea1aaa6de3c87beb503c4c95d9b8a5d9602ba79daa5b69

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/UTIwzInMxrMbXrXkJ.zip

Filesize
1.7MB

MD5
861388812b3e120b91cb99a8954dfe03

SHA1
d41a729936d8dc5cb35be39b2c37a7613ef7054d

SHA256
775a809d640cefc0aa7e8fd1d5c3e1ebe969d3da6668739a443a6baac9e6bf0a

SHA512
fdea32dda24cb6d540cab89049db697c3f79a57e2b3bc477995f78f1276c9a2de4d767722c4592da93e9a55aa73554f089420d7ba69d7ddf455b40085c05a906

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/files/dex/pro_btn_bg_animation_img_0.jpg.zip

Filesize
8KB

MD5
7c20a2b01bf3f9df1f0abb72ebbe82be

SHA1
e601b2e41434623edbeece32867517a3cdec5449

SHA256
1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

SHA512
3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

Download Submit
/data/user/0/com.juzyuwqt.thxxnjvf/logs/Sistema1724945876476.log

Filesize
16KB

MD5
2804db635655fe90932dffa053aedb29

SHA1
b1efa9eceaebfd9fa05cb075c770e8e730e8e9b5

SHA256
8fb9e0310e2e5853e7810782e3aa30a0d357324d8ec55e75338387e9aac04e94

SHA512
254b1748efe0dee2b2aaf3e483b5fc284ccfeba59f715ec3899ca5b4ae222141d03c18e3c56d0e2228250fbcba10304194df3802652cd3c914b90758645cf1d0

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads