56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5

Analysis

max time kernel
6s
max time network
21s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
21/03/2025, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5.apk
Size

13.6MB
MD5

4ed2da8bc58cd8c0ae53d5d5def307cf
SHA1

54eea6d31336c189f2de9d5e3bee6e4774967bed
SHA256

56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5
SHA512

ec2895aabf546eb5b8986cd4f5ce16671f49916ac37ea304ec1b3063503221549e128f8e932ef3a932335bf68ef3291b798335e5c0bb77d07cacdc44f098bd6d
SSDEEP

393216:Kr0uOZvwcOFrU5skcpBwNeJKNRUQm9OyrP:KrqbUrU5skcpTJXNrP

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json	4511	nezzag.yavzox.ggeuva

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

nezzag.yavzox.ggeuva
1⤵
- Loads dropped Dex/Jar
PID:4511

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
573KB

MD5
52bd433eff56ca40d6dc889119b4bad1

SHA1
78cf3e40f526e4589b2bd9de9540a372a9c96b03

SHA256
9ac4ad34e8f30dcbbdf12bf20b5a62777c2a3e7ae847308102b76c00a7969348

SHA512
356b650a334d2f2dc08d080801c337fd400723418d661ae435e92e5dbbd3eb2af8d42f2707031b653c312385646bf48d1f9caa53b3347fff06fee5857d2b49f6

Download Submit
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
573KB

MD5
4c2cac81eedf0cc4968c14227cc8e9c5

SHA1
997015ff86de8dfc3686e8cf4eb60007a0dc150a

SHA256
53629223644d56f267cc5441c1036d146850a885756493e12098de8820316681

SHA512
9a1f744d6507e58106933667049bb51eb81cce09de6fe286644d20b879417990b02c809fc685ab9b65a7dc3501aa997905b58a91bc0b04fe9028476185208d9a

Download Submit
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
1.2MB

MD5
9aceb6e57e6dd4439b3f68d3be3dff7c

SHA1
8b53878118f5d6062d03cd7d6142263d2d778e91

SHA256
d398dc274ddf3c63e616b31e729b21d31bf937ed87db1bb712f9ee3683466244

SHA512
979b8bff3c69f9cbde9739c69dd9e774707e34d93b8d7820484ec450793a46897512f39a5182919cd103f18f9766610844a5f7838dbc2d558fdb8013f8133e6f

Download Submit
/data/user/0/nezzag.yavzox.ggeuva/app_judge/oat/x86_64/atY.vdex

Filesize
29KB

MD5
13b021986d6d0365d968306739fae69e

SHA1
a55b27f87ef298732f99643d4c5a650f04f15540

SHA256
bb68a96b936b4e2494fe20efb7c58babcd64830c0e77d5ebcadc8095ed16941a

SHA512
f6408614bcab3a06aaf77f7802803d50c9e8e63d956e81522f3645905d27c85c83bb6e2a81282850cdd0b099f84ff364a3d4b7e0264c6b6d0a16c60f4e1c8908

Download Submit