Overview

overview

10

Static

static

6

TikTok18.apk

android-9-x86

7

TikTok18.apk

android-10-x64

7

TikTok18.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    56s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    24/02/2025, 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TikTok18.apk

  • Size

    11.2MB

  • MD5

    f20e95261bf244f7b7c8df748fd7885d

  • SHA1

    2a5ceeaba1825ccc1c8cdaf86cd0fb6827c3f4f5

  • SHA256

    81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

  • SHA512

    e739a635a19efb641deb6645134084b3dea2ca8d665cd6c2103a10ed1b85b4a7e990aff6c60d76487ed4a23c3cdeb4db1da92d9b0e42987d674b1077bfd20f40

  • SSDEEP

    196608:veGPrPXn8o57/mOCq3LoFfret42buc+qiwh+siRjugUU55zmjeQM5QPYCy2LcD:ve2b8oN/tR3Lkry42bYqii+syjbUUvsM

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 4 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests dangerous framework permissions 22 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • jueshv.ogktoc.afeufh
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4262
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/jueshv.ogktoc.afeufh/app_legal/oat/x86/EM.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4287

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    573KB

    MD5

    85a997cbba7f8670f33e90bf983bfe0f

    SHA1

    8e724f0173dfc092642f63ad3a5c6ed844062349

    SHA256

    fbc6f5f898f1fd19efc08a1411d89c9d597beefd1784b58512fa57293926eb4d

    SHA512

    8b0a1d2d13fe5e2cfaf78237da6277bf52a726d171f0a009a5ea30951458de474b25eee1b65efbbe345bff8927878917fb96d14b828019304bdf340554fa4dc4

    Download Submit

  • /data/data/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    573KB

    MD5

    0579ae8db6252dce42ac067c0cf85407

    SHA1

    99acd4a47b6742cc9d039e22b9658cf58e9f1e6c

    SHA256

    de8c712243e4ce7a9ca1f014275896aab7ae8459b390fd712c48adec5f90cf05

    SHA512

    b717db5f0d8734b9a0c08851c0861f54449df3b9e8b038e7b62d9546d5a030ad12b9a0de3411736b57d7edb081f4c881bab4b561eb6785d14c5637793621c942

    Download Submit

  • /data/data/jueshv.ogktoc.afeufh/cache/deper.apk
    Filesize

    7.0MB

    MD5

    29759b117a6ecbb109eb13b61eacc875

    SHA1

    e43ca6077982d51cac30cd400c667e9f49265945

    SHA256

    b35d3b94968603813ae26c35442b7d254c4d670aa299cb7439f083d46ff50bc9

    SHA512

    a21c4265b91fecc60886c3ebe48c47dd15890b6f451e4450e3ba2cc8ba595b3d2f4d8ef4864883d41cef65217f44e2d6a5d34df4bba69832ff77e0413673c0be

    Download Submit

  • /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    1.2MB

    MD5

    d5f0079169b3339bffde5b7563a6b041

    SHA1

    6144077fae08938fca4b03101faade3f21ba71c2

    SHA256

    20fb3d82092c3e3f65511183b486facdb83e1aa3c66523ee7ab6a92b67cc8942

    SHA512

    23143f8d1adb5adc5f30bae5b52e0c7efae8c20c18472b4723225bef96133b64fd5592e3e128286459555fed5ff1fd35863c44d771f72833f20a9c1ef649cc2c

    Download Submit

  • /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json
    Filesize

    1.2MB

    MD5

    2df15293fa209edd8316911bbee2b6b0

    SHA1

    0adb97c4989f1e1933ef6687282c98fa1d7fe132

    SHA256

    eb2bc582b89cf3cc66db3ccf3226d800ea6440c2227fe7a522d4ffff88676875

    SHA512

    10c87cac3deed5cdde24ee46d1a75c911d08e4e24e3e7789a83902e069e5aab0ec9ab9cea58c69f8cf2fd8208f72ee860fa4a97ea30e1135d9591e51c8262118

    Download Submit