0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934

Analysis

max time kernel
32s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05-10-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk
Size

78KB
MD5

53285ac39a5024b36c7ef68aa7bdb7a9
SHA1

9393f366a2b5f3e6449331085001f24e6790d303
SHA256

0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934
SHA512

7338d55a3212782ecc04f961398c469270a939f5031cf715daa661bbc32ab82e49fa417e48db91f58ecc2e0037ca22cf30f8e01946c8f8af156f0a816b4b9dbe
SSDEEP

1536:WbP9qmWHDW8Etc4WEFr9LsCweHdpf7KJ1AjQEKwi1UI8FNwyTtkMe+YYpL+oXN:MP90jWtcR8rZs5Kdpfi1AkEc1UTJkHB2

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
Anonymous-DexFile@0xd3894000-0xd38b2bec	4240	com.spy.note.ecy
/data/user/0/com.spy.note/files/Factory/Plugins/classes.dex	4240	com.spy.note.ecy
/data/user/0/com.spy.note/files/Factory/Plugins/classes.dex	4276	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.spy.note/files/Factory/Plugins/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.spy.note/files/Factory/Plugins/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&

com.spy.note.ecy
1⤵
- Loads dropped Dex/Jar
PID:4240
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.spy.note/files/Factory/Plugins/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.spy.note/files/Factory/Plugins/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4276

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

Anonymous-DexFile@0xd3894000-0xd38b2bec

Filesize
122KB

MD5
7d9ce10875dd6ab60e62e7433ccf5897

SHA1
fbb9ad1b47879bd6578634eb3d411e065acf4281

SHA256
e44d0f11a476f8c2a50c051e7804edf646cf016afd725bccbbdc133b452bae38

SHA512
7d79f1ad57a1ed890a3d6e79e8b313e9aa6a1b4bc9eec5242a6ca0205da14959f9f1793afe1ebc86e039d2946f1a7917123c001ed31f233229cf225698aec53e

Download Submit