785bb9cb02ee53f6fa3cafa24a6f88d93fd7022d2380507682f6d4e79bbb257b

General

Target

bp.apk
Size

517KB
MD5

c0ee5c1fe9b230c13d87f815cd345af3
SHA1

588f43ece609b5b766932ec5c8b1ad2c94d0bbd8
SHA256

b4c4b0350ed1bf520ef1bfb3520cb0ffd0ebc36f8e82ce2eff63d7a5bb58a395
SHA512

0944c720cc66983a126d2f870fe63529e88e308458bb47ccdc26be4dd87b73f4845a629fadba4f3e5aa61c52c5a45c3029260cdec121d079e7ce647048cac6c6
SSDEEP

12288:ysb20Z/JhJYmW6eLUwf8zHI2GV45+a5hL/s8BocGJVp7:vpZ/Jkf87I2u+7hocUz7

Score

7^/10

evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.bmob.app.sport/zwr_bef/m.dex	4247	com.bmob.app.sport
/data/data/com.bmob.app.sport/zwr_bef/m.dex	4274	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.bmob.app.sport/zwr_bef/m.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.bmob.app.sport/zwr_bef/oat/x86/m.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.bmob.app.sport/zwr_bef/m.dex	4247	com.bmob.app.sport
/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex	4247	com.bmob.app.sport
/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex	4297	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bmob.app.sport/app_zwr_dd/oat/x86/m.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex	4247	com.bmob.app.sport

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bmob.app.sport

com.bmob.app.sport
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.bmob.app.sport/zwr_bef/m.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.bmob.app.sport/zwr_bef/oat/x86/m.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4274
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bmob.app.sport/app_zwr_dd/oat/x86/m.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4297

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bmob.app.sport/app_zwr_dd/m.dex

Filesize
894KB

MD5
475e8f2989ddedfa7f032bd7f54fe905

SHA1
b2ca82e2ad757656267ebfdf0011482e7d1c78ce

SHA256
4fbe584789d562b9430437c4fcc29451ebee1974d0acbb95e1a6f46b482b62f7

SHA512
97a79fc69c49e69f50f7830f1fdb0e06f9fbacb289179c0b5c094eed96adb894d420974403405256aa7bc571cae278fa20429db4a71e145d0cc79721aadbd990

Download Submit
/data/data/com.bmob.app.sport/app_zwr_ed2/m1726377726134.zde

Filesize
268KB

MD5
f3ceb9d05fab3ca71c459e3a05fcf9cc

SHA1
44734bcedc5c05475ecda0542ff8683ea7e6c55c

SHA256
68142d8c5a455f1aba056cffd2fcbc796679a8f22f1e5e87d4bd6c9d945bb2d7

SHA512
f746d629f36a60f2c38d6a8f6a6953b095f4ed7368ff80540c25c0f5d7ec1eb49e897ecd820db7edb93dfa31982291232f8f54daf4dea3e8d0b189e59ee438a9

Download Submit
/data/data/com.bmob.app.sport/zwr_bef/m.dex

Filesize
14KB

MD5
f80bfd984f7a387e47d42f4747f79f6d

SHA1
645c00494a53faa8ec03de0027e1771777ec3285

SHA256
5da3b561b0134668961e669c4521c6d5b3b256b3bdb2673c7eea606c9357acec

SHA512
fee34865a48af7a744ef391ac8c7eb4c19a7e657d467057f5422e9eb5f21f741b9529b6a7702502314104243bbffc17a890d9601f66b35add4ceff651eac6e4b

Download Submit
/data/data/com.bmob.app.sport/zwr_bef/m.dex

Filesize
14KB

MD5
9255322f253fd7f58813f5f844e16deb

SHA1
5e9e747a3e6e76f3239c96cb5060e20c89906c6e

SHA256
413800090523aa200505b12bfdd0fe1db8c88c8fbeff1b2c4d7819fda3b4bc6c

SHA512
e85b50b44984af19a59ec9d4a0fcb79b807a5b084aad7ce8fce4068de45e02df8f5dd60c9cc9614ccd59835af1b67db6fee5a33c387a0f26ccf7f42c92c20bad

Download Submit
/data/user/0/com.bmob.app.sport/app_zwr_dd/m.dex

Filesize
894KB

MD5
b1ac6eb41aa6f43d043cd19fa5afc12e

SHA1
ec901f3747a9ea08d146ac92981393338020aea3

SHA256
7c2020aba2ad6f3a8a396dea75d9af529262ffee30f4816ca28e464e12e73e80

SHA512
9b5b622dfb0ff05393830ca8408c599cf2771c27fbf7f0ae2d2edbc1009e1525b37504c2cefedbfa2d450444fb4bd9f614db281a5cc0f77e1647d028812e5b64

Download Submit

Analysis

Sharing