Overview

overview

7

Static

static

6

3e4c784764...18.apk

android-9-x86

7

932.apk

android-9-x86

7

932.apk

android-10-x64

1

932.apk

android-11-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    13/10/2024, 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    932.apk

  • Size

    146KB

  • MD5

    6f2cbd63ab58e1b19df25b2fa53bfa50

  • SHA1

    7a3f0381a68ce5ce0f79a781d197488304521917

  • SHA256

    d06a6b816db1572b8e1d4d9f0b688f4dcc0daac721dd7ad777cd5d5f2b8b4476

  • SHA512

    b627b592d6ce09ed7fc6c7343394d277bb9cc50aa75d14f331c070a503f8bbf447298396cff767ad93a8398f50b079388c72a814ed53ec0c5f80d52405c2c736

  • SSDEEP

    3072:ch9FXmi3Efq59bp2ETOn/xElXK39XEa9pZBSnSJ3+4kgVlyG75bX:cRWi3Gq59tdOZeX49XEOpHUKhlNNL

Score
7/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.ZGeMo8Df6u.OvlwtSRMmn
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4243
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/ro.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/oat/x86/ro.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4281
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ZGeMo8Df6u.OvlwtSRMmn/files/eBM3NvbLaRAYTu.jar --output-vdex-fd=40 --oat-fd=45 --oat-location=/data/user/0/com.ZGeMo8Df6u.OvlwtSRMmn/files/oat/x86/eBM3NvbLaRAYTu.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4317

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/eBM3NvbLaRAYTu.jar
    Filesize

    81KB

    MD5

    cab4e0a0a5cc614da25699e485ccbd79

    SHA1

    bf8a8e5429f4672bdb0ca5a2e0b3068fcf35fe86

    SHA256

    45b1a68f6e5be9f006c79810f68ed481edb7be954215a50caf438eaf52da9e62

    SHA512

    58b7c91382d6b755f245804f5f76c7b4e9ec4ae5a7b715351ca4979d404d6ceb93041cbbbd7948578baba3f41bb64296b59b0e897a4ac5e27ff9b1bf5305c437

    Download Submit

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/libencryptsyscore.so
    Filesize

    17KB

    MD5

    f265e4634a2edde16d61cace9c449ece

    SHA1

    c6488b37ae766919c7cc0c9516b87ec3af8a254b

    SHA256

    72aca02f2006426b664c9b435da0b3af7e5e47b2624f7c945135c28329b29421

    SHA512

    65c74a2e6d4a52c444af624da19b09efb8e7bd9b41459494cb62bf3e36d74365ccd98dbb3d65056d927a60a7acb434901ee57b62235cde143fb6e44fdbd4effe

    Download Submit

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/ro.jar
    Filesize

    7KB

    MD5

    1538c98a98cd21a3f435f9a272171e2b

    SHA1

    4ede351ea4fd7b996c65b3a6f9e431cc35e56e95

    SHA256

    f75dfb865da27a438b6fa6fc0016705f70c94ca67cd10bda2c804af398509394

    SHA512

    f35576849485177cf13d726e6106aaa819bb005b672bc54a8b6dc546f266d8a3bed5cedbe66dc91737475f5f9ab06a036ca583186353cb0cba23f61253d81a52

    Download Submit

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/ro.jar
    Filesize

    16KB

    MD5

    28fe35eb5e26a6d54979b476e4914899

    SHA1

    f3f6b9ba7e8fcf94408e58227f003d738751392f

    SHA256

    5f4a169d0f2b41a3855ad4c669e2d2efbe53b94a2e4c18eff77ce2af17bcc42d

    SHA512

    456564051008b581ab300a17fe886f2de3348b50bc472f21f796a7466fcbe3a2617bbfbee3c650448ffc1790aa83774c8a4cdab22a6c3ef1fb875e96039f1722

    Download Submit

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/ro.jar
    Filesize

    16KB

    MD5

    4ab63428ad9e264680bd4a39c32aa367

    SHA1

    06fde61ff5df7fa02767b1b3d8ae3fe32dcc684f

    SHA256

    4455b1fa9c6e68e18279f61323c895a941fb14ed6c67823ffdf3ef42446faf4a

    SHA512

    7ad9f40774d14f1aed58d3ea4e2a4539aa7f5915f713c4b7c0ede18a6b7c93bb40dd3d826bd481d053ac7f61a881b23503d1854492c436d1b2bf741dfb4a56f1

    Download Submit

  • /data/data/com.ZGeMo8Df6u.OvlwtSRMmn/files/ros
    Filesize

    81KB

    MD5

    077c3d5c87a25ff40b42e5860e2d29ae

    SHA1

    882063ff92ef2aabc24167030f9f86fa049a8d9b

    SHA256

    e858c035f5f001ca8c3ece8dfe99ace0aa68b2de77df4485613f732225023d47

    SHA512

    527d1c9689dc92f2103e55d2592c7df34533b49d4125f4e8a089dfba8740130c0ba2da69ad7b83d7eded573e5eb51093873d79a86bb5e66d08ce4865b5d975fb

    Download Submit

  • /data/user/0/com.ZGeMo8Df6u.OvlwtSRMmn/files/eBM3NvbLaRAYTu.jar
    Filesize

    192KB

    MD5

    801b601a574192963e693021df69a87c

    SHA1

    1a2d6e1dafa18ec919ef697c01755d3c60fd8770

    SHA256

    639e90309f6c6f410409cfdc400ede17c9e6b3bd08ec48d8784ab96ae4f55051

    SHA512

    53a136c9516de1044d1c59b5a42f04de0746ae624ddb3785cd4723f65344916adcebcca8bc375f470af35c61b945f74f92c83d551d8540d365c5a509a96eef30

    Download Submit

  • /data/user/0/com.ZGeMo8Df6u.OvlwtSRMmn/files/eBM3NvbLaRAYTu.jar
    Filesize

    192KB

    MD5

    5c4c5e2c3f9836ee7ffa87b123386266

    SHA1

    6905506f7022ba0b4414ea74e28a4445d6051bd1

    SHA256

    ac9ad2d6940bf30c6405c36a3857dd129f6bcd34afe9067ddb48b7a5dac6add0

    SHA512

    775ef70fb1894ae05010af89536b64d345aea282fe4b51611087b2cf8742d96cdb275ad8079410454ef1ca231993824c908f587387156463b9dd7f38ba190e92

    Download Submit