81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804

Analysis

max time kernel
46s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24/02/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TikTok18.apk
Size

11.2MB
MD5

f20e95261bf244f7b7c8df748fd7885d
SHA1

2a5ceeaba1825ccc1c8cdaf86cd0fb6827c3f4f5
SHA256

81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804
SHA512

e739a635a19efb641deb6645134084b3dea2ca8d665cd6c2103a10ed1b85b4a7e990aff6c60d76487ed4a23c3cdeb4db1da92d9b0e42987d674b1077bfd20f40
SSDEEP

196608:veGPrPXn8o57/mOCq3LoFfret42buc+qiwh+siRjugUU55zmjeQM5QPYCy2LcD:ve2b8oN/tR3Lkry42bYqii+syjbUUvsM

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json	4967	jueshv.ogktoc.afeufh

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	jueshv.ogktoc.afeufh

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	api.ipify.org
9	api.ipify.org
10	api.ipify.org

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	jueshv.ogktoc.afeufh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	jueshv.ogktoc.afeufh

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	jueshv.ogktoc.afeufh

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	jueshv.ogktoc.afeufh

jueshv.ogktoc.afeufh
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4967

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jueshv.ogktoc.afeufh/app_legal/EM.json

Filesize
573KB

MD5
85a997cbba7f8670f33e90bf983bfe0f

SHA1
8e724f0173dfc092642f63ad3a5c6ed844062349

SHA256
fbc6f5f898f1fd19efc08a1411d89c9d597beefd1784b58512fa57293926eb4d

SHA512
8b0a1d2d13fe5e2cfaf78237da6277bf52a726d171f0a009a5ea30951458de474b25eee1b65efbbe345bff8927878917fb96d14b828019304bdf340554fa4dc4

Download Submit
/data/data/jueshv.ogktoc.afeufh/app_legal/EM.json

Filesize
573KB

MD5
0579ae8db6252dce42ac067c0cf85407

SHA1
99acd4a47b6742cc9d039e22b9658cf58e9f1e6c

SHA256
de8c712243e4ce7a9ca1f014275896aab7ae8459b390fd712c48adec5f90cf05

SHA512
b717db5f0d8734b9a0c08851c0861f54449df3b9e8b038e7b62d9546d5a030ad12b9a0de3411736b57d7edb081f4c881bab4b561eb6785d14c5637793621c942

Download Submit
/data/data/jueshv.ogktoc.afeufh/app_legal/oat/EM.json.cur.prof

Filesize
1KB

MD5
9248a6d0dc7cf822bc58043e0ca49b79

SHA1
68ca630497a49ffca2c43f1c0a7ee67436f6b2da

SHA256
e3867b5f91cec8e302dac84a373600fafe9e92b37cac1783ee84efcbbe4ef52b

SHA512
5c39b4d099636b4576040ccff4c345b926263b712566a425ba0a941ca465629431af726d2e50829e368f03bc98d72d64f2e020777658d8c037a06fe49706bce9

Download Submit
/data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json

Filesize
1.2MB

MD5
2df15293fa209edd8316911bbee2b6b0

SHA1
0adb97c4989f1e1933ef6687282c98fa1d7fe132

SHA256
eb2bc582b89cf3cc66db3ccf3226d800ea6440c2227fe7a522d4ffff88676875

SHA512
10c87cac3deed5cdde24ee46d1a75c911d08e4e24e3e7789a83902e069e5aab0ec9ab9cea58c69f8cf2fd8208f72ee860fa4a97ea30e1135d9591e51c8262118

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads