Overview

overview

10

Static

static

6

bc9b02606f...fe.apk

android-9-x86

10

bc9b02606f...fe.apk

android-10-x64

10

bc9b02606f...fe.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    12-12-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc9b02606f525fd9508030249e061ae9dedb4145e82bc123641cdc968bc4c6fe.apk

  • Size

    2.4MB

  • MD5

    e16c4299f4cfcd429725f772656bd93c

  • SHA1

    306e4ccf26269b741682d8d87238db8bcdd148d1

  • SHA256

    bc9b02606f525fd9508030249e061ae9dedb4145e82bc123641cdc968bc4c6fe

  • SHA512

    497753e58d63a320829e6474b189b2262e1b4714b7570cfe416b7cbf7cdd45c03d04d75c48ba20d721a067de732d9512edea0b33849b570ca872c4a7a5261386

  • SSDEEP

    49152:l91RYw2n0BUfNzevO25TYQm7RxAuJxrylbQlDaf5rM08scEjS:l91RY/0BV75TY978uJxK6Ofe6cEjS

Score
10/10
xenomorphbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

AES_key
AES_key

Signatures

Processes

  • com.spike.old
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Reads the content of SMS inbox messages.
    • Reads the content of outgoing SMS messages.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5140

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

SMS Messages

2
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    2690b5434d844fcaa4527744faff8700

    SHA1

    2ec4338390f8bf65c7340257a149da66cb792593

    SHA256

    7cbcebcccb83e5dccd98a5ffef0aa16201e30f684cfa743bd91d459e5a1286e2

    SHA512

    87cc00acf8271f454dc756dd6247a207d793a4bb3e593850efac906e976bfc023ba6a9b27d2ca3f9a3d6a22ed94e8ca20db7bd4cf24180f73f2f6e075c032b86

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    889aae346b72fa3bf1293888074da26a

    SHA1

    0626aa9b6ef6a3e695c92221a21ee323ebcc97a1

    SHA256

    40c6b36a316b596fca2b84cd4d65d745bd15d1c90c1428050b3e71917c1ee360

    SHA512

    5c06b9dc60abe38688b8b600557b1ebacbe51955f85776d18a010451774b529212f67f20ee5b05137fec76cb5975c33768e9ccc2c936aebe94b45f95cb11f3e4

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/oat/hq.json.cur.prof
    Filesize

    2KB

    MD5

    d823de88194265725654f998d5e00f41

    SHA1

    ff73f2da85b41f309f9bd495a980f98ecd0c8811

    SHA256

    39fb36811bfae96eabb47cce44d9ae953186e6bf483306483501a14051e7f1dc

    SHA512

    5766243133fa95f2da2c76262677fa33f362d7f168cec21195156c13d9f280029154ef9b4def39359e24953a696ee7f21892fa6b01aeac7eb9d482d9d34daebb

    Download Submit

  • /data/user/0/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    2.4MB

    MD5

    fde08886038bffc5923fa098cd55d0cd

    SHA1

    d6f8dbbdd2ded86081cb81e690f5402552ee5345

    SHA256

    dae52bbee7f709fae9d91e06229c35b46d4559677f26152d4327fc1601d181be

    SHA512

    93b05624b145e56e081e0771b1ec635df4cf6109087abc67dabe7055ef745003109047370fd42bab83424b7ee396fc6116419f4c255bbd1a794ec558fa7a9091

    Download Submit