Analysis
-
max time kernel
34s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
07-11-2024 17:30
Static task
static1
Behavioral task
behavioral1
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
jyoecfoe22.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
jyoecfoe22.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
jyoecfoe22.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
jyoecfoe29.apk
Resource
android-x86-arm-20240910-en
General
-
Target
jyoecfoe22.apk
-
Size
8.1MB
-
MD5
03c49a3572d13053d3c564b2b3c97506
-
SHA1
1ded708d53c143cffb6942422866dd135278450f
-
SHA256
e71a32170c93f257acc7276a4b0cdca025568599eba2ef9a62e141e4327f551e
-
SHA512
5ee920ef7006cb35435c2705557d564df5b6dc2ea0566cc386260cfb9e98ff9eb381ee63a77cc8e61b273101dd0ba1466dec9f2a127155e7411e9a69b9c9673b
-
SSDEEP
196608:k9ViaBDdlkEAz/PcfQFwvYAmn8dcPoSidDFAtvcZDl4Rn8zTI3gQIBA:+vYR8gwvBxWPudDFAdSDl08CgVA
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 14 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.sthpphbui.skbheonr/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=&com.sthpphbui.skbheonr:remoteioc pid Process /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4375 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4397 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4331 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4422 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4422 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 4422 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4422 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4422 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 4422 com.sthpphbui.skbheonr:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sthpphbui.skbheonrcom.sthpphbui.skbheonr:remotedescription ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sthpphbui.skbheonr Framework service call android.app.IActivityManager.getRunningAppProcesses com.sthpphbui.skbheonr:remote -
Acquires the wake lock 1 IoCs
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.sthpphbui.skbheonr -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.sthpphbui.skbheonr -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.app.job.IJobScheduler.schedule com.sthpphbui.skbheonr
Processes
-
com.sthpphbui.skbheonr1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4331 -
chmod 755 /data/user/0/com.sthpphbui.skbheonr/files/.ss/l5aeca345.so2⤵PID:4356
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4375
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.sthpphbui.skbheonr/files/.ss/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4397
-
-
com.sthpphbui.skbheonr:remote1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4422
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316B
MD54dd8db19a5cd0a2c00e41f757ca9bf40
SHA1aa5bbbbc09b9511c0d6e318e235bd10132d3346a
SHA25663c53f08f8c885b50c83b81aa9effe2cd574f812bf29022a738d949de0213283
SHA51289715673b52321a34f3315ed5fdaa2a59bd197f0e443f7ef18452e6c32277f44949da1999114406e356e20f5991a57e3157ea04f8ab651ba113bfce93905aa2c
-
Filesize
1.4MB
MD56eebc87c33ccbad69dea6f85420ad8a2
SHA1b06d500699360c312a3c3da8ada8216cb4fdc6af
SHA2562a57f84141082e9f22cb500b4953471cb6ded55fe8e55711583761b0b5061338
SHA51268cced9cdd28dd795a8a0bdc5dff3327cc7efd365e34a33dfc44f1d3958a90ad23cc627d56a065c66b875ae525ea2bfa7ec66b82366bdf4e0940a754d10345ac
-
Filesize
8.1MB
MD5b1b4e92b867715a23496d5c299d6aab9
SHA17ab69d213f5a8c083cc290067bc8b762312f1b93
SHA256ed022b38a39cbda23ce73f77ad03fce2b5b097f40075e7458dbd413f5991b069
SHA51287c1f8e5268923018f24cb7b8c80c672627060b8bc2fe531442fae3d6e9aa113f5907ddde265a225734702039b631908f3947cbdb8c2f1e4e8c8ccc312fc98ae
-
Filesize
1.3MB
MD55f992ec85c6081de6ab2da8bcd8ac664
SHA179b3aa2f5de59f3e9b36f5b7861668b53e6175b3
SHA2560afcb04334f8e55bca5d325adeaa519a32a3a1d9946346134aadc4a986a1d8ee
SHA5121dd5efe88d59122c27d3d15920a1110da8cb7565b5722271a51d423d88b4c0e41ad6a734c157c23ffacbf11f643c916079b8703953576b33f6bac18392641f82