Overview

overview

10

Static

static

6

9cafebdd39...6c.apk

android-9-x86

10

9cafebdd39...6c.apk

android-10-x64

10

9cafebdd39...6c.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    12-12-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cafebdd395400758440f021b0241d27627f946fa00f9ca0f5fee519c606116c.apk

  • Size

    2.4MB

  • MD5

    9bd879ae461870a875caa63a27e3313c

  • SHA1

    a2ee09854f145fc08163d3bd61d1782231be1a8b

  • SHA256

    9cafebdd395400758440f021b0241d27627f946fa00f9ca0f5fee519c606116c

  • SHA512

    c36f7e496bc0e947687ce63beaf5559e5081537d7492600d79a731659438d8eba9a38bb632d22827878da33972e9fccc6674ffe6b3c019f983dd807104919188

  • SSDEEP

    49152:cUqJsv4Kje2NPgQ91l4d4kzVLmrylbQlDaf5rMyAKGEjs:LqJsv4v2591kfVLmK6OfeKGEjs

Score
10/10
xenomorphbankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

AES_key
AES_key

Signatures

Processes

  • com.spike.old
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Reads the content of SMS inbox messages.
    • Reads the content of outgoing SMS messages.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4987

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

SMS Messages

2
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    2690b5434d844fcaa4527744faff8700

    SHA1

    2ec4338390f8bf65c7340257a149da66cb792593

    SHA256

    7cbcebcccb83e5dccd98a5ffef0aa16201e30f684cfa743bd91d459e5a1286e2

    SHA512

    87cc00acf8271f454dc756dd6247a207d793a4bb3e593850efac906e976bfc023ba6a9b27d2ca3f9a3d6a22ed94e8ca20db7bd4cf24180f73f2f6e075c032b86

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    889aae346b72fa3bf1293888074da26a

    SHA1

    0626aa9b6ef6a3e695c92221a21ee323ebcc97a1

    SHA256

    40c6b36a316b596fca2b84cd4d65d745bd15d1c90c1428050b3e71917c1ee360

    SHA512

    5c06b9dc60abe38688b8b600557b1ebacbe51955f85776d18a010451774b529212f67f20ee5b05137fec76cb5975c33768e9ccc2c936aebe94b45f95cb11f3e4

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/oat/hq.json.cur.prof
    Filesize

    2KB

    MD5

    bf2f32ac3a643d37978479ab8468efff

    SHA1

    45550bb06a42bf3027b24667f05fb9e89953a044

    SHA256

    26939a5de9748735cd3c6783ca5072082184826dda3fcfd75845008691c69d36

    SHA512

    00028304f12735b07247e2d1c6bdef90ce1de12b705e6ca91e60c85a02b53b3a26bce25a5016d2239651ca9421f05aca68031c9731afff9e1ccad66e56f01d81

    Download Submit

  • /data/user/0/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    2.4MB

    MD5

    fde08886038bffc5923fa098cd55d0cd

    SHA1

    d6f8dbbdd2ded86081cb81e690f5402552ee5345

    SHA256

    dae52bbee7f709fae9d91e06229c35b46d4559677f26152d4327fc1601d181be

    SHA512

    93b05624b145e56e081e0771b1ec635df4cf6109087abc67dabe7055ef745003109047370fd42bab83424b7ee396fc6116419f4c255bbd1a794ec558fa7a9091

    Download Submit