Overview

overview

10

Static

static

6

0fe3c7f51c...e5.apk

android-9-x86

10

0fe3c7f51c...e5.apk

android-10-x64

10

0fe3c7f51c...e5.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    04/03/2025, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fe3c7f51cab609170268a50284603515369769c0023cc9d493859406d56f9e5.apk

  • Size

    2.4MB

  • MD5

    1c313891a89889a9afe9743fc5c80b10

  • SHA1

    e544b7c518ceb796f7a4570fb17b118f4fccb5f7

  • SHA256

    0fe3c7f51cab609170268a50284603515369769c0023cc9d493859406d56f9e5

  • SHA512

    769633f442182a714d1d290251843a06b0841b2c37e7a705b0a673fcf4ce949b4f45faf993cead676f70e882f6ddfdf5e1b857b66254b71225c431876b40a228

  • SSDEEP

    49152:c05cft+H8jZQO8UuQRZpdlq26HtHkrylbQlDaf5rMRCIVEjU:OAcjZ84q/tHkK6Ofe5VEjU

Score
10/10
xenomorphbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

AES_key
AES_key

Signatures

Processes

  • com.spike.old
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Reads the content of SMS inbox messages.
    • Reads the content of outgoing SMS messages.
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5240

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

2
T1636

SMS Messages

2
T1636.004

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    2690b5434d844fcaa4527744faff8700

    SHA1

    2ec4338390f8bf65c7340257a149da66cb792593

    SHA256

    7cbcebcccb83e5dccd98a5ffef0aa16201e30f684cfa743bd91d459e5a1286e2

    SHA512

    87cc00acf8271f454dc756dd6247a207d793a4bb3e593850efac906e976bfc023ba6a9b27d2ca3f9a3d6a22ed94e8ca20db7bd4cf24180f73f2f6e075c032b86

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    893KB

    MD5

    889aae346b72fa3bf1293888074da26a

    SHA1

    0626aa9b6ef6a3e695c92221a21ee323ebcc97a1

    SHA256

    40c6b36a316b596fca2b84cd4d65d745bd15d1c90c1428050b3e71917c1ee360

    SHA512

    5c06b9dc60abe38688b8b600557b1ebacbe51955f85776d18a010451774b529212f67f20ee5b05137fec76cb5975c33768e9ccc2c936aebe94b45f95cb11f3e4

    Download Submit

  • /data/data/com.spike.old/app_DynamicOptDex/oat/hq.json.cur.prof
    Filesize

    2KB

    MD5

    d8ace660017c3f5e68004a54ccf0bbea

    SHA1

    b58743d4c913305a3dfc659c31b16a33fb9d6b0e

    SHA256

    969bc48c589201d8aca51b90afb5b8cf5d40963b66ec45cd9150abe2dac19e04

    SHA512

    0a07d0b50e5023acf0dcb293df601bba94d46c0f9ddcae47caeca3b3914df66c60934d08bcc1f48663311fd4fd08b3513bc3b8b9e9fa4b45590643e18bb35a0f

    Download Submit

  • /data/user/0/com.spike.old/app_DynamicOptDex/hq.json
    Filesize

    2.4MB

    MD5

    fde08886038bffc5923fa098cd55d0cd

    SHA1

    d6f8dbbdd2ded86081cb81e690f5402552ee5345

    SHA256

    dae52bbee7f709fae9d91e06229c35b46d4559677f26152d4327fc1601d181be

    SHA512

    93b05624b145e56e081e0771b1ec635df4cf6109087abc67dabe7055ef745003109047370fd42bab83424b7ee396fc6116419f4c255bbd1a794ec558fa7a9091

    Download Submit