Overview

overview

10

Static

static

6

CapCut_Premium.apk

android-9-x86

7

CapCut_Premium.apk

android-10-x64

7

CapCut_Premium.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    127s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    23/02/2025, 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CapCut_Premium.apk

  • Size

    10.9MB

  • MD5

    548ede0959d30a22484ae452f535a0db

  • SHA1

    7b34fc3a7d4f2d6ce38f3f0de08df80ed4859e27

  • SHA256

    aba8466f8162846c8adc7be242bb78a346775804de2c14a978d69649b0639c6d

  • SHA512

    564feb15f3ff884fee96e3a54793379d969c49d97163d9214707e6c77e50dfe6c61be04dcdb8a444f86ed96844f82a4691093d51f05654ad28ac9c1ad9b618d7

  • SSDEEP

    196608:3XeOWRtCAvekoDLWGxXfyzTn9P3m5AC+FX6JagEQVZxkpUSlPJn:3OX/3xYLpxXfyzjtd3FX61PVZx8USlPp

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Requests dangerous framework permissions 22 IoCs

Processes

  • tfskbi.ztdwnc.yfprwh
    1⤵
    • Loads dropped Dex/Jar
    PID:4251
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/tfskbi.ztdwnc.yfprwh/app_veteran/iox.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/tfskbi.ztdwnc.yfprwh/app_veteran/oat/x86/iox.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4278

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/tfskbi.ztdwnc.yfprwh/app_veteran/iox.json
    Filesize

    573KB

    MD5

    66733db48d9cba8a319e7e1451336263

    SHA1

    f74be1920661841d7eee576f4be0b8ae2ba028f3

    SHA256

    dfb28b0b140228245af52b34aa9d09cff2925fff9d3d342a741580b75698e091

    SHA512

    4b5f0d8b1421fd8934dcd154ecdaa46f86b157c9973dac5f0808b591195d3a7f061e4ccf0d90942d43921e7178a2161fb07bbb73b4e2b535a5fcaf9472c795a0

    Download Submit

  • /data/data/tfskbi.ztdwnc.yfprwh/app_veteran/iox.json
    Filesize

    573KB

    MD5

    c491f888e98327a6a43588598dabd1b6

    SHA1

    4afdb7524284f7195ddf37ba5e8d1daf0c0b2801

    SHA256

    d0569859013122e742a96e170860862eb814ae93c9aa689db0e0afe4c4084848

    SHA512

    2a1436a153ba0532ea5fab3506fa3c4da30e256b9627bdbaf9d63b6f8298865b6d850e3d990ceb47046b44440bf3b8997937c9f5bc8c4e9ed65f2322a8607a3d

    Download Submit

  • /data/data/tfskbi.ztdwnc.yfprwh/app_veteran/oat/iox.json.cur.prof
    Filesize

    1KB

    MD5

    ff55971d2cc6ad18985684a2171d18d3

    SHA1

    f41d830e7e79797de5284d8145c426a3b8555950

    SHA256

    01838f95b1d9ad00307ddc83fac31950b757f7fba446fa6b9d8d9ab6b0db5328

    SHA512

    5fc80b1252f3cc107edecfbbcfb1e16bbbca21afa1e00186a7c9038e160e62e8938d7dbb7ef2b1c6767721fe52460dd8d568ffdb89a830f2bd48d164baceed13

    Download Submit

  • /data/data/tfskbi.ztdwnc.yfprwh/cache/deper.apk
    Filesize

    7.3MB

    MD5

    c59b52822aa4d008e2b29372ca143179

    SHA1

    9adc650d28dd99e8413c3546de9195fa42aefcd5

    SHA256

    fb6a726e3888842c21f274ccbd64a30962e1cd12d2472aa8c088fb052819b503

    SHA512

    f93c04b9ac5dbf45ef7f4dc1dfd588d45d1a0d5b5959647ab0995d83dbff433d798f84cf9d17e0336a8132a2c5b29b290c5024db2bd641a491c981c9d923a4e2

    Download Submit

  • /data/user/0/tfskbi.ztdwnc.yfprwh/app_veteran/iox.json
    Filesize

    1.2MB

    MD5

    686bc5e0a5321eef3e910c95bdb4d06c

    SHA1

    7db19a9b3001d82e247c1b21d3bfb500c27e9782

    SHA256

    dac86926a8bd886a8b9451eee45b39927b24395afabfde84f6cd42d5b8d24f91

    SHA512

    bb59a9b8d0e007c7f05570e1ae7f640871b2049ea9e35edb3c967a4f67c6bdc58a7842d8fe3cbc2d99f8b169c3ea69e27a673663bfd2f323ae23b735ca135131

    Download Submit

  • /data/user/0/tfskbi.ztdwnc.yfprwh/app_veteran/iox.json
    Filesize

    1.2MB

    MD5

    d83f3b2e9163dbfcf3f0b85d4c8ffda7

    SHA1

    43bd3678f168a0f0da2413d4f0de6788c88d34c3

    SHA256

    4b81c2ee643d0f68b2b47733c310b24f47827e01f41aedd8153f449900c4ded3

    SHA512

    a4e8b017d92b827f6ec27b7d13325b353322712b55c925fefdb3869a4558c921c5016c9f87601f544c1a89c4b2137c8aef8be5eebab7277a1f07724efa39dacc

    Download Submit