1a1c44eb08ae0009d56c03349578d2bed5249fecfa4034268e2903d26f5e05b6

Analysis

max time kernel
26s
max time network
30s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08/02/2025, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a1c44eb08ae0009d56c03349578d2bed5249fecfa4034268e2903d26f5e05b6.apk
Size

12.9MB
MD5

fb53b828d8e37a4731ea1eac502ad293
SHA1

9b7f2687a78c2a1e61ff10429f41c0bbd4585189
SHA256

1a1c44eb08ae0009d56c03349578d2bed5249fecfa4034268e2903d26f5e05b6
SHA512

444b97a0b9a3e99ede5ae969c582fcea2f75965a1228887ae04c1a33adfbc0e87b01a6e05d9de4e8a24b7837a36c6e743afdc395f6c665cadeba9f7a18a6d766
SSDEEP

196608:Gql43raRilMWt3XPUJGZodMHzmfOUBWvYZbEP9dWS7NzDjombmUprZJgB:Gg43rP98GZHzmmUBWcEPjWSZNprZJA

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hello.world/app_dex/classes.dex	4241	com.hello.world
/data/user/0/com.hello.world/app_dex/classes.dex	4267	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hello.world/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hello.world/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.hello.world/app_dex/classes.dex	4241	com.hello.world

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hello.world

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hello.world

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hello.world

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hello.world

com.hello.world
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4241
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hello.world/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hello.world/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4267

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hello.world/app_dex/classes.dex

Filesize
1.6MB

MD5
8c757a1a470f77b408df860b118fa5ec

SHA1
77a4876ed13bc93a7442257946d132b6fbd60b40

SHA256
d17b22b37d728ceb511cd31be8f415c0badf6c7a13ee64f2fc438533443a018a

SHA512
66b1791b186089c266cbf562eae9b859b45609bc0c94f1738d440b4d9ce35f1604e3091cd169214e725368102579607ca91dd23eced5a99894688cea313e5a6d

Download Submit
/data/data/com.hello.world/cache/classes.dex

Filesize
399KB

MD5
2212bf520fcf12978e33dd251a4df867

SHA1
687a4516b01ab9cf08aab4bb7fd8c738d5f4d9ff

SHA256
2c61b7172e7f4fdce3229f4959d0f8b0e20a670b889868f44fc9c4a812ec90bf

SHA512
a67480f976a0be2e77135eb684c60544d44c477725f05c61a9cfb13cfdc26668230a5bc8567b394a906c7eea54d936f227ee8f881d9f3fe7fe2b44248e0fbc8f

Download Submit
/data/data/com.hello.world/cache/classes.zip

Filesize
399KB

MD5
beff6f1c0437c4aa1e558924719e484c

SHA1
486d0c717a09cffc5222b2fa6f4e49bf76d478e4

SHA256
569880fa2de6a82244b2afb4416c185bfd085d60e0e95d59eea3d1185d45fce1

SHA512
0047facced6de7fe339c6625443c89fadeebedd0300a9ba48e15d791d197b2a4ba5494623d04abb9a537392db55b74b0b1b75d9e8941249b0fb42f241632163c

Download Submit
/data/user/0/com.hello.world/app_dex/classes.dex

Filesize
1.6MB

MD5
17818a1d3ffac4d30df5047f8483d4b8

SHA1
de5c19ac84c5558a7c68abf60f6d76a86dca8211

SHA256
8005b869154b90633490271b61428d3b2a484d93fb5f38fdf32c8349e9d8f171

SHA512
840828050b5282d00e21b1f1292d126b55d5dd938ac0d406d52569cac56cdab07497131220ac37c161fb971c45de06f4dfff6ab244c2845ae5013ff28dbedd38

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads