47fd8551845faab87bae897926908a332928535742145ccf218bf2af0ae3439a

Analysis

max time kernel
148s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08/02/2025, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47fd8551845faab87bae897926908a332928535742145ccf218bf2af0ae3439a.apk
Size

13.0MB
MD5

64ced28d55551ae426f2b9b9cce2403c
SHA1

76c63e760e2cfa5c9682f1af5e248019319e4c09
SHA256

47fd8551845faab87bae897926908a332928535742145ccf218bf2af0ae3439a
SHA512

79347a7875144834a071bd848ec3cb3e7e3aa9cc10cfca51ecfea0dfbf00ed8397c435c4b1e49ca28569f2300e04e7f9e000119ef89bd962799c5bd3a358a126
SSDEEP

196608:nZbhoymj7XRscUurBQMSRYpZe87JCUdJ6IEiVAeBn1BOjxNji:nZbhOHrR1pZvCuJPvAI10/2

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hello.world/app_dex/classes.dex	4256	com.hello.world
/data/user/0/com.hello.world/app_dex/classes.dex	4282	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hello.world/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hello.world/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.hello.world/app_dex/classes.dex	4256	com.hello.world

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.hello.world

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hello.world

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.hello.world

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hello.world

com.hello.world
1⤵
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hello.world/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hello.world/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hello.world/app_dex/classes.dex

Filesize
1.6MB

MD5
e1111c4bf80e0d5ecf0d0100064ad7c1

SHA1
23c7fb861328b153e4de34f04f017eff8764798c

SHA256
9077fb747b5c9e76c2393c70533caef25a0eb5f2a2fa7ceb2dd8554653530aa8

SHA512
1e5bab73cc6693637cd2738a1c018ade3770b5511d05b160db94cf3bfc256de9a2d5b67c8217b79ae3e050388e6d2da3f1ff254f3ea5ff81662cb7a6ab28b88b

Download Submit
/data/data/com.hello.world/cache/classes.dex

Filesize
399KB

MD5
18f0241a54947e0b5475c0d676b69c3f

SHA1
590a7d8c7b33073681ac3ad4c261623f1991fa50

SHA256
0163ca070374c2a32bcb0727b44fe8680e073ff98d68f2c8c9c1695e68f4e995

SHA512
9b792ab31ee4605973aeb67909c3ab2f11e8b396d012f97537b952f1a4b5a28ae4a66d4384f5d11b8d99188608219e0b0837891d2a5aed2758e6e60be5e208d1

Download Submit
/data/data/com.hello.world/cache/classes.zip

Filesize
399KB

MD5
c3362d6ff6e49ff0f252eaeb7a7cfb5e

SHA1
ed548e4647294a6739250c62cbd6e88c0bf7d31d

SHA256
8a99bd50b9df9db5e3345f0ad020d3a00980cb6c8743bde3c01409075123b3f6

SHA512
4f67ae208ec60d6210d4348335995c013759b437adfce18f6d7064d5e7694ffa950dd8fc21aa5e2992e5b4bebd75a20e3157d69866c3a5c3bba12312c740a967

Download Submit
/data/user/0/com.hello.world/app_dex/classes.dex

Filesize
1.6MB

MD5
2343292e57fbbaffaba36d81ac84a86b

SHA1
b1998accf4063a6ffe914d09ec0b9e8b89f36eb5

SHA256
f0e309babb777ac8cf6086c433cd0cc724a085392935d6c78809cd6dcb5798ff

SHA512
bfc3028e31b2f6e2a938aab3db83852f09c537d94197e466387caf0f0bdb4540b194bd3f2ed453c11d7c557119a413bd0d10e6d5a092e475f53669c9e699424b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads