b134821176202fcc85d57248d12fc8771218d34dc901da2fc454f6de96a25a04

Analysis

max time kernel
4s
max time network
127s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/10/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libvxyCZz.apk
Size

577KB
MD5

1ee576a0e80f76179b09fac216bfa836
SHA1

eb7f52d1795c25574ce3cf282c5188b3e107119c
SHA256

cec780ddc500d28ba4f1d4e2096aed7678493226dd38295ad70aa1fde01d46d9
SHA512

96d643d74095f306ba0fb1ae7cdb3173cfba8b8a220e5135fc6a730f88dec05776ef856e95010beb031998576f70ac45093cd6d4509f740e20f24e903b405ec8
SSDEEP

12288:YiWq0Zpg2Tjp5hT5dqTpfrcYCPUE8yvyjeiHqpgUJ:D8ZNT95R5cVfwYCPOjeiHgPJ

Score

7^/10

evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/SIwj.zip	4282	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/SIwj.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/oat/x86/SIwj.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/SIwj.zip	4253	obhhmgt.jdudykukd.lhqb

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	obhhmgt.jdudykukd.lhqb

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	obhhmgt.jdudykukd.lhqb

obhhmgt.jdudykukd.lhqb
1⤵
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/SIwj.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/com.jwcchbo.eypytfpfy.gclw/oat/x86/SIwj.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact