Overview

overview

10

Static

static

6

353e47a046...72.apk

android-9-x86

7

353e47a046...72.apk

android-10-x64

7

353e47a046...72.apk

android-11-x64

1

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    154s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372.apk

  • Size

    11.9MB

  • MD5

    c100cda619b394ecf318e3d80556888b

  • SHA1

    9bf027d77c6f45d3c2584328632904305954b168

  • SHA256

    353e47a046b3af6212f98844b18a2ae79963cb8d2b98eb6bd5184296299ec372

  • SHA512

    20fcd9cabf26ed23ade2a8484f05ba8e74c80dce05aeb7e0d0671084c19e4d3e19bbf6e36efdc60248f34aee33c95960ad214d82c926cdb78485c89fd235eb7a

  • SSDEEP

    196608:bGEVF4vuZsY95KB7cpKlpCROxCadC4eLdG/CSsz61IPXNS5MNVPgoba4843C:bxL4mZXWcpKWV4YdoCleIvNSqNVPbe4y

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • nmlicf.khiosz.jlfmtt
    1⤵
    • Loads dropped Dex/Jar
    PID:4274
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/nmlicf.khiosz.jlfmtt/app_feature/oat/x86/thm.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4301

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/nmlicf.khiosz.jlfmtt/app_feature/thm.json
    Filesize

    573KB

    MD5

    ab5f14594d02feb0f069064059962de9

    SHA1

    3f78862974bc4c7bd80722c52001618cc3e8497b

    SHA256

    a201258581474b49b39810dd0ba85e3a9a8d3989ab0b2f7f2a9ff365c3138df2

    SHA512

    53bcc2e4350c475a6d7c6fe3fb0b8629d88273049e88bc0e8e1b46372a42250ffb308899e1041e143f4a8665314d52ec90ca6813ce8e74aeec48d217b36956b6

    Download Submit

  • /data/data/nmlicf.khiosz.jlfmtt/app_feature/thm.json
    Filesize

    573KB

    MD5

    d00ae5fc5a5e4a7a4f2a43afdefe2f92

    SHA1

    3a085c85659ec72aff5235fa9a20dcc5f4d25d95

    SHA256

    7610aa5168aa84194daa5b67fd38d3d9b37dccc54bf67cc752514a4a52de7446

    SHA512

    ed0b1afe9b3d372956342188f9dac7811aefb1f5dea313a19d6ebe23e7119feb14ea758ce6a2aebda344a955407e445f36d4cbc0887c02e6c73a5930dcf9e348

    Download Submit

  • /data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json
    Filesize

    1.2MB

    MD5

    e562a8435f7236d4ee21711f796a044d

    SHA1

    9ef583eb6feae8082d366edced0d2274cb028bbf

    SHA256

    728067e3c265f7ab0959e447726627aab3800463e9ac05d1d78dfbb83bbec045

    SHA512

    367986c206b931b6a8e0df6d191c56b069e68b22420885c83c4403b57bc3f9e62e4c0d4a77588ab07fdad2c85a1483b8ef60baee67a3e80eaec8606926df89c4

    Download Submit

  • /data/user/0/nmlicf.khiosz.jlfmtt/app_feature/thm.json
    Filesize

    1.2MB

    MD5

    5d2a4e8653661f17866042e11700db40

    SHA1

    0bc97f8056fa21d9f160e736f2b20bd9ecda0a6a

    SHA256

    ae02a45217f514121e01fdc5214969b089875c4ea9d213a8b1de408ffef80a7b

    SHA512

    f862b62d82e2c23fe1963988a6a89f70a61b9f968ebb80b2249aff9faed0cda0e260798161266ee4ff5a8fa1909e8ca03abf0d0933ca5ccbcc98b8efa0981c2c

    Download Submit