Analysis
-
max time kernel
35s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
07-11-2024 17:30
Static task
static1
Behavioral task
behavioral1
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
jyoecfoe22.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
jyoecfoe22.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
jyoecfoe22.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
jyoecfoe29.apk
Resource
android-x86-arm-20240910-en
General
-
Target
jyoecfoe22.apk
-
Size
8.1MB
-
MD5
03c49a3572d13053d3c564b2b3c97506
-
SHA1
1ded708d53c143cffb6942422866dd135278450f
-
SHA256
e71a32170c93f257acc7276a4b0cdca025568599eba2ef9a62e141e4327f551e
-
SHA512
5ee920ef7006cb35435c2705557d564df5b6dc2ea0566cc386260cfb9e98ff9eb381ee63a77cc8e61b273101dd0ba1466dec9f2a127155e7411e9a69b9c9673b
-
SSDEEP
196608:k9ViaBDdlkEAz/PcfQFwvYAmn8dcPoSidDFAtvcZDl4Rn8zTI3gQIBA:+vYR8gwvBxWPudDFAdSDl08CgVA
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 12 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.sthpphbui.skbheonrcom.sthpphbui.skbheonr:remoteioc pid Process /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5151 com.sthpphbui.skbheonr /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5207 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5207 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes.dex 5207 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5207 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5207 com.sthpphbui.skbheonr:remote /data/user/0/com.sthpphbui.skbheonr/files/.ss/classes2.dex 5207 com.sthpphbui.skbheonr:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sthpphbui.skbheonrcom.sthpphbui.skbheonr:remotedescription ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sthpphbui.skbheonr Framework service call android.app.IActivityManager.getRunningAppProcesses com.sthpphbui.skbheonr:remote -
Acquires the wake lock 1 IoCs
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.sthpphbui.skbheonr -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.sthpphbui.skbheonr -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.sthpphbui.skbheonrdescription ioc Process Framework service call android.app.job.IJobScheduler.schedule com.sthpphbui.skbheonr
Processes
-
com.sthpphbui.skbheonr1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:5151
-
com.sthpphbui.skbheonr:remote1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:5207
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316B
MD54dd8db19a5cd0a2c00e41f757ca9bf40
SHA1aa5bbbbc09b9511c0d6e318e235bd10132d3346a
SHA25663c53f08f8c885b50c83b81aa9effe2cd574f812bf29022a738d949de0213283
SHA51289715673b52321a34f3315ed5fdaa2a59bd197f0e443f7ef18452e6c32277f44949da1999114406e356e20f5991a57e3157ea04f8ab651ba113bfce93905aa2c
-
Filesize
1.4MB
MD5eb5d37ec0d149d2fa30c7d90511e80c5
SHA11519e47b0e7e550608f859ab5f6833d953c01b99
SHA2561515b1deca848a8eaa9b1178623563a7bc2ec3ee7351d34761aaaed8850800a9
SHA5121ea3d9a9c27bf89a5187a5fdbedcba986a40998121e3755002d9f743a9d01477a3e05d58c515376e81221a97810ffd0b698acfc754e150e70f07668b0a6a10c8
-
Filesize
8.1MB
MD5b1b4e92b867715a23496d5c299d6aab9
SHA17ab69d213f5a8c083cc290067bc8b762312f1b93
SHA256ed022b38a39cbda23ce73f77ad03fce2b5b097f40075e7458dbd413f5991b069
SHA51287c1f8e5268923018f24cb7b8c80c672627060b8bc2fe531442fae3d6e9aa113f5907ddde265a225734702039b631908f3947cbdb8c2f1e4e8c8ccc312fc98ae
-
Filesize
1.3MB
MD55f992ec85c6081de6ab2da8bcd8ac664
SHA179b3aa2f5de59f3e9b36f5b7861668b53e6175b3
SHA2560afcb04334f8e55bca5d325adeaa519a32a3a1d9946346134aadc4a986a1d8ee
SHA5121dd5efe88d59122c27d3d15920a1110da8cb7565b5722271a51d423d88b4c0e41ad6a734c157c23ffacbf11f643c916079b8703953576b33f6bac18392641f82