8e771c741524079af630c15a6737745192540c3cd34d50ab0e97ebf2714acb94

Analysis

max time kernel
6s
max time network
30s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e771c741524079af630c15a6737745192540c3cd34d50ab0e97ebf2714acb94.apk
Size

13.1MB
MD5

d77fce38af51cc2803931269ab49aa65
SHA1

1da160722ce2f4d8b247369425f9e64912f7c7ec
SHA256

8e771c741524079af630c15a6737745192540c3cd34d50ab0e97ebf2714acb94
SHA512

1b0eb9cedd0cd4e16df69d1aeee0b70e0cb83fee9b303ce39086b76052d286e87bf25424dae4725d1664ff713790ffbb7173b757285255cc1ca1b6c27c1a5fe2
SSDEEP

393216:R9ZU8eZEkeqYIIE6cOfZA7/Ghm6GvigTOo:R9ZU/+uD0ZAwmhvi4j

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json	4465	xomrxa.typber.kdqevz

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

xomrxa.typber.kdqevz
1⤵
- Loads dropped Dex/Jar
PID:4465

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json

Filesize
573KB

MD5
58948c4cf9d8f99cdc77b16327bdcbd2

SHA1
60cc61fb75a2d4d83403dc8efccd21d5a8d59997

SHA256
9742c691233f5c11e0b9af555f4440c6a2b4a0a1123910f17eb0d61b2fa7f080

SHA512
ea1e655b62c2e9c8cb353f55fcf2017e7d96dbce62771edcfccd87a52e188d9c968ce5b3ebd75f410d88253aab25cf7183215904eaf04aa8d73cb42ab4812979

Download Submit
/data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json

Filesize
573KB

MD5
e877bafdb80877295e3baffcada77d1b

SHA1
1d2cd420dde534ccb6c526d0a0dc5385d47159c4

SHA256
7ae12cb90b23e060ec83e54bcb1a7979c4fd23b047d94b16c86ceeca8641082d

SHA512
5f5c2b6d09f2f83c07d8c9361ff0673524e68d628219898cd2885655ef36558ed3df5e59f5b2f743ec7231d39266972597790fa39aa40c2725715e3e2502f592

Download Submit
/data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json

Filesize
1.2MB

MD5
85ed0e1172ead9d92f9abdb2b6efe84e

SHA1
fcaa4acb4ab8d0595d0fa8d29957a78e5b29eb81

SHA256
3e60c855a317ec0e4bae0643afa52f46762a1266a5cebdc62f63d2648c0b9656

SHA512
713de7766631a99def32244c0945eeeeb8318ece36595a5ca059c514ddf1c1559fe35daaa3c5fb9f126ed91a8134a8756d90bd4d728e9a633763356c6f82e9bd

Download Submit
/data/user/0/xomrxa.typber.kdqevz/app_buffalo/oat/x86_64/ED.vdex

Filesize
29KB

MD5
ba0bb320bdcb7f75720cb6a81c08c2c3

SHA1
1564c2d245c92c65dc628a0f0a26abc8f4730554

SHA256
02b96772bc3f25163f516442062b6a072ab42e72f1a1243bb009c6597d87539a

SHA512
689ea28ffe789717a2648ab6a5bf4857f75ead5ed9f629530917eff81940645e44a073113cc6801d5b27787c828b7479d64e70b91e55d603846301dbb52af21b

Download Submit