Analysis
-
max time kernel
46s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
24/02/2025, 10:24
Static task
static1
Behavioral task
behavioral1
Sample
TikTok18.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
TikTok18.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
TikTok18.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
deper.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
deper.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
deper.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
TikTok18.apk
-
Size
11.2MB
-
MD5
f20e95261bf244f7b7c8df748fd7885d
-
SHA1
2a5ceeaba1825ccc1c8cdaf86cd0fb6827c3f4f5
-
SHA256
81c8136a260fff29b8e46a620cd1e8d6e88bd8b9f55e0cf8ee0ec952f5292804
-
SHA512
e739a635a19efb641deb6645134084b3dea2ca8d665cd6c2103a10ed1b85b4a7e990aff6c60d76487ed4a23c3cdeb4db1da92d9b0e42987d674b1077bfd20f40
-
SSDEEP
196608:veGPrPXn8o57/mOCq3LoFfret42buc+qiwh+siRjugUU55zmjeQM5QPYCy2LcD:ve2b8oN/tR3Lkry42bYqii+syjbUUvsM
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/jueshv.ogktoc.afeufh/app_legal/EM.json 4967 jueshv.ogktoc.afeufh -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener jueshv.ogktoc.afeufh -
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 api.ipify.org 9 api.ipify.org 10 api.ipify.org -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone jueshv.ogktoc.afeufh -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver jueshv.ogktoc.afeufh -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo jueshv.ogktoc.afeufh -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo jueshv.ogktoc.afeufh
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
573KB
MD585a997cbba7f8670f33e90bf983bfe0f
SHA18e724f0173dfc092642f63ad3a5c6ed844062349
SHA256fbc6f5f898f1fd19efc08a1411d89c9d597beefd1784b58512fa57293926eb4d
SHA5128b0a1d2d13fe5e2cfaf78237da6277bf52a726d171f0a009a5ea30951458de474b25eee1b65efbbe345bff8927878917fb96d14b828019304bdf340554fa4dc4
-
Filesize
573KB
MD50579ae8db6252dce42ac067c0cf85407
SHA199acd4a47b6742cc9d039e22b9658cf58e9f1e6c
SHA256de8c712243e4ce7a9ca1f014275896aab7ae8459b390fd712c48adec5f90cf05
SHA512b717db5f0d8734b9a0c08851c0861f54449df3b9e8b038e7b62d9546d5a030ad12b9a0de3411736b57d7edb081f4c881bab4b561eb6785d14c5637793621c942
-
Filesize
1KB
MD59248a6d0dc7cf822bc58043e0ca49b79
SHA168ca630497a49ffca2c43f1c0a7ee67436f6b2da
SHA256e3867b5f91cec8e302dac84a373600fafe9e92b37cac1783ee84efcbbe4ef52b
SHA5125c39b4d099636b4576040ccff4c345b926263b712566a425ba0a941ca465629431af726d2e50829e368f03bc98d72d64f2e020777658d8c037a06fe49706bce9
-
Filesize
1.2MB
MD52df15293fa209edd8316911bbee2b6b0
SHA10adb97c4989f1e1933ef6687282c98fa1d7fe132
SHA256eb2bc582b89cf3cc66db3ccf3226d800ea6440c2227fe7a522d4ffff88676875
SHA51210c87cac3deed5cdde24ee46d1a75c911d08e4e24e3e7789a83902e069e5aab0ec9ab9cea58c69f8cf2fd8208f72ee860fa4a97ea30e1135d9591e51c8262118