353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372

Analysis

max time kernel
5s
max time network
28s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372.apk
Size

11.9MB
MD5

c100cda619b394ecf318e3d80556888b
SHA1

9bf027d77c6f45d3c2584328632904305954b168
SHA256

353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372
SHA512

20fcd9cabf26ed23ade2a8484f05ba8e74c80dce05aeb7e0d0671084c19e4d3e19bbf6e36efdc60248f34aee33c95960ad214d82c926cdb78485c89fd235eb7a
SSDEEP

196608:bGEVF4vuZsY95KB7cpKlpCROxCadC4eLdG/CSsz61IPXNS5MNVPgoba4843C:bxL4mZXWcpKWV4YdoCleIvNSqNVPbe4y

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json	4515	nmlicf.khiosz.jlfmtt

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

nmlicf.khiosz.jlfmtt
1⤵
- Loads dropped Dex/Jar
PID:4515

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/oat/x86_64/thm.vdex

Filesize
29KB

MD5
cb0686be42b427dc7a0fda5521d7bbcd

SHA1
c209d12ef01d7b813b1352fc5208d8a0586362fd

SHA256
789bd6bd5eff859da3566b228ca0345d71a14ec1eca44767ebfdee3721fd9bf1

SHA512
a0dc672c87bb118a4ec64aa9bfa2dd27646b631bc164cd0d513ac528be92166728d7a22b56fc1b01ef6c33677e78928779d805303154d5e33827ca7038a2de0c

Download Submit
/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json

Filesize
573KB

MD5
ab5f14594d02feb0f069064059962de9

SHA1
3f78862974bc4c7bd80722c52001618cc3e8497b

SHA256
a201258581474b49b39810dd0ba85e3a9a8d3989ab0b2f7f2a9ff365c3138df2

SHA512
53bcc2e4350c475a6d7c6fe3fb0b8629d88273049e88bc0e8e1b46372a42250ffb308899e1041e143f4a8665314d52ec90ca6813ce8e74aeec48d217b36956b6

Download Submit
/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json

Filesize
573KB

MD5
d00ae5fc5a5e4a7a4f2a43afdefe2f92

SHA1
3a085c85659ec72aff5235fa9a20dcc5f4d25d95

SHA256
7610aa5168aa84194daa5b67fd38d3d9b37dccc54bf67cc752514a4a52de7446

SHA512
ed0b1afe9b3d372956342188f9dac7811aefb1f5dea313a19d6ebe23e7119feb14ea758ce6a2aebda344a955407e445f36d4cbc0887c02e6c73a5930dcf9e348

Download Submit
/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json

Filesize
1.2MB

MD5
5d2a4e8653661f17866042e11700db40

SHA1
0bc97f8056fa21d9f160e736f2b20bd9ecda0a6a

SHA256
ae02a45217f514121e01fdc5214969b089875c4ea9d213a8b1de408ffef80a7b

SHA512
f862b62d82e2c23fe1963988a6a89f70a61b9f968ebb80b2249aff9faed0cda0e260798161266ee4ff5a8fa1909e8ca03abf0d0933ca5ccbcc98b8efa0981c2c

Download Submit