Overview

overview

10

Static

static

6

4fcce7c445...9b.apk

android-9-x86

7

4fcce7c445...9b.apk

android-10-x64

7

4fcce7c445...9b.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Resubmissions

18/02/2025, 20:08

250218-ywn8bsxrc1 10

24/01/2025, 04:44

250124-fcwh7azqas 10

24/01/2025, 04:37

250124-e8zp2sznay 10

Analysis

  • max time kernel
    83s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    18/02/2025, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4fcce7c445d89d7de943ec0e0c2fc285d4b25a67950ad7d6bcb50dbcbc4ac29b.apk

  • Size

    10.5MB

  • MD5

    8ebf4bdf9326073fa0577a2e1950e1af

  • SHA1

    7a30345f421c243cbef4dd42d60f5de45b99d580

  • SHA256

    4fcce7c445d89d7de943ec0e0c2fc285d4b25a67950ad7d6bcb50dbcbc4ac29b

  • SHA512

    006dd16eee88a56657bafed02d5585d8a04bc98139249f9fb0553382d284a23546071f3bff9e39881150d0ba802f92ac26b1fbd8fb6c5b20f1a6cd6301e40243

  • SSDEEP

    196608:3wGdnljZ/MLUBwiwOYTR8dhTVKZZRa+6Gz4+bpRdS388yngsaFf/FYd9r:3VRRZvai3YOBkRTz/RdS3886gl/FYdF

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests dangerous framework permissions 22 IoCs

Processes

  • nmrdiw.xhckto.wotzbp
    1⤵
    • Loads dropped Dex/Jar
    PID:4260
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/nmrdiw.xhckto.wotzbp/app_sheriff/ccLObl.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/nmrdiw.xhckto.wotzbp/app_sheriff/oat/x86/ccLObl.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4287

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/nmrdiw.xhckto.wotzbp/app_sheriff/ccLObl.json
    Filesize

    573KB

    MD5

    53eeb221635303b30aa63f98d92018a5

    SHA1

    0bc80cd5795806afeb684c6a05d5d3a7ba968262

    SHA256

    97e086bd422edfb25b19a5c358135bed6f11f201914b9d5f171bb3da4b24eda4

    SHA512

    626d3acf96b30c202559bb169c46126f0629a549cf568e1b318061434e41273fedb6385a1c91676c95cccc9b8e4a1aa0bb91ff12ba0b1b6df7bf66b597e1782e

    Download Submit

  • /data/data/nmrdiw.xhckto.wotzbp/app_sheriff/ccLObl.json
    Filesize

    573KB

    MD5

    04c0f10a3fa92c116a88892b7215cbda

    SHA1

    595a0efbedb351b9881b56dd4fa6f34a830a7906

    SHA256

    7a239f0cc770425914abd361298e39858b80264408ed6574a27af83da3c1ab5c

    SHA512

    49a7ee1b543716ad6340e5845af7ab151af3761c36ccc52c34c61e54b9993cb6b486f416ac18ad2016852bcdf838c835aa2a5de769bf1015ef1c4441d2825198

    Download Submit

  • /data/data/nmrdiw.xhckto.wotzbp/app_sheriff/oat/ccLObl.json.cur.prof
    Filesize

    1KB

    MD5

    5c44041405cbb31a123fd1db81bc7a02

    SHA1

    70fbeb273c5dfce88d1bded88226c8b0c227c519

    SHA256

    c72fda1b26904ed8527784f67eef4a19267491bcc14c0b165019ef3b1a50e586

    SHA512

    da45e885cce6942adf0427035f079041d808d2ab4a55efc60cf5802eb2f4bf8e321a2454af0b63d38be94118849e2bb34b0b86aaaac7fc5ffeeb332f76df1aed

    Download Submit

  • /data/data/nmrdiw.xhckto.wotzbp/cache/deper.apk
    Filesize

    6.8MB

    MD5

    2d34dbb4167ebb371e33f3ce700fdbc8

    SHA1

    4a20849866f90262f9a0b2793f84cc7d5e057656

    SHA256

    c00419b21d10a236b47b43bb1eed3dbc5298e471cf9616848a84da5baae8e611

    SHA512

    20365af814427670ea62987e750657a04d03c509382abe655f87952d6794981e7811c0b7aa9dede998263c2e2a98c5c008848324c4e653eba77517fc6c7c034b

    Download Submit

  • /data/user/0/nmrdiw.xhckto.wotzbp/app_sheriff/ccLObl.json
    Filesize

    1.2MB

    MD5

    f09ebb1f067a981dcf960761e8807117

    SHA1

    a1c74d99e980dbc9d95444b69c040af946f67945

    SHA256

    34822af6a552029f9ea2ddc173704d7e70a8d117ce422f9cd42bb4484889c164

    SHA512

    ce1134031a3dba59cfa1a7dfb76aee3cbed6d473328edc5bd9994a581205f5bb217734f0037fd17f89f6b1969292e216de095294eb367f88b53aee2d344cf27b

    Download Submit

  • /data/user/0/nmrdiw.xhckto.wotzbp/app_sheriff/ccLObl.json
    Filesize

    1.2MB

    MD5

    bbdde0270e2573891dd7872eccfe5a06

    SHA1

    b0ee37a19ab30ae509b1280a217f845d37708743

    SHA256

    01c2dc0c47a460e49a56282e5a3b0becd0b9f260d60139390ed026f83825b570

    SHA512

    41d2ef59b64fb00d4d01218ba84fcafb6ce13532e851d7b8232eaba63e7f18c29f0f5089fc0b22889a6a32c77715fb36ca2b2eb49984d0707b1c28f122a01329

    Download Submit