Overview

overview

10

Static

static

6

8e771c7415...94.apk

android-13-x64

7

8e771c7415...94.apk

android-9-x86

7

deper.apk

android-13-x64

10

deper.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    26s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 17:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e771c741524079af630c15a6737745192540c3cd34d50ab0e97ebf2714acb94.apk

  • Size

    13.1MB

  • MD5

    d77fce38af51cc2803931269ab49aa65

  • SHA1

    1da160722ce2f4d8b247369425f9e64912f7c7ec

  • SHA256

    8e771c741524079af630c15a6737745192540c3cd34d50ab0e97ebf2714acb94

  • SHA512

    1b0eb9cedd0cd4e16df69d1aeee0b70e0cb83fee9b303ce39086b76052d286e87bf25424dae4725d1664ff713790ffbb7173b757285255cc1ca1b6c27c1a5fe2

  • SSDEEP

    393216:R9ZU8eZEkeqYIIE6cOfZA7/Ghm6GvigTOo:R9ZU/+uD0ZAwmhvi4j

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • xomrxa.typber.kdqevz
    1⤵
    • Loads dropped Dex/Jar
    PID:4333
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/xomrxa.typber.kdqevz/app_buffalo/oat/x86/ED.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4359

Network

  • flag-au
    DNS
    api.ipify.org
    Remote address:
    1.1.1.1:53
    Request
    api.ipify.org
    IN A
    Response
  • flag-au
    DNS
    api.ipify.org
    Remote address:
    1.1.1.1:53
    Request
    api.ipify.org
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • 142.250.187.234:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 142.250.200.46:443
    tls, https
    915 B
     40 B
     1
    1
  • 142.250.200.46:443
    tls, https
    915 B
     40 B
     1
    1
  • 142.250.200.10:443
    tls, https
    2.3kB
     40 B
     1
    1
  • 224.0.0.251:5353
    2.5kB
     8
  • 1.1.1.1:53
    api.ipify.org
    dns
    59 B
     59 B
     1
    1

    DNS Request

    api.ipify.org

  • 1.1.1.1:53
    api.ipify.org
    dns
    59 B
     59 B
     1
    1

    DNS Request

    api.ipify.org

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/xomrxa.typber.kdqevz/app_buffalo/ED.json
    Filesize

    573KB

    MD5

    58948c4cf9d8f99cdc77b16327bdcbd2

    SHA1

    60cc61fb75a2d4d83403dc8efccd21d5a8d59997

    SHA256

    9742c691233f5c11e0b9af555f4440c6a2b4a0a1123910f17eb0d61b2fa7f080

    SHA512

    ea1e655b62c2e9c8cb353f55fcf2017e7d96dbce62771edcfccd87a52e188d9c968ce5b3ebd75f410d88253aab25cf7183215904eaf04aa8d73cb42ab4812979

    Download Submit

  • /data/data/xomrxa.typber.kdqevz/app_buffalo/ED.json
    Filesize

    573KB

    MD5

    e877bafdb80877295e3baffcada77d1b

    SHA1

    1d2cd420dde534ccb6c526d0a0dc5385d47159c4

    SHA256

    7ae12cb90b23e060ec83e54bcb1a7979c4fd23b047d94b16c86ceeca8641082d

    SHA512

    5f5c2b6d09f2f83c07d8c9361ff0673524e68d628219898cd2885655ef36558ed3df5e59f5b2f743ec7231d39266972597790fa39aa40c2725715e3e2502f592

    Download Submit

  • /data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json
    Filesize

    1.2MB

    MD5

    71aac2766f3734d08746df5535cb277b

    SHA1

    17e936e08aac7eb9a644959e0cbe92cb5b7ec81a

    SHA256

    0df49d1bb99470af4ddd6f83dfb2c02e406d17b928370bbc20a081e0df92e04f

    SHA512

    26be060d922d7142ffcac934be0fda7e1ca952f87beea5595c126462c12260082a6bf96ab268e434ed815dbbafe189a483e23ea59ebc787786124f518b6e9fdc

    Download Submit

  • /data/user/0/xomrxa.typber.kdqevz/app_buffalo/ED.json
    Filesize

    1.2MB

    MD5

    85ed0e1172ead9d92f9abdb2b6efe84e

    SHA1

    fcaa4acb4ab8d0595d0fa8d29957a78e5b29eb81

    SHA256

    3e60c855a317ec0e4bae0643afa52f46762a1266a5cebdc62f63d2648c0b9656

    SHA512

    713de7766631a99def32244c0945eeeeb8318ece36595a5ca059c514ddf1c1559fe35daaa3c5fb9f126ed91a8134a8756d90bd4d728e9a633763356c6f82e9bd

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.