56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5

Analysis

max time kernel
5s
max time network
29s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
21/03/2025, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5.apk
Size

13.6MB
MD5

4ed2da8bc58cd8c0ae53d5d5def307cf
SHA1

54eea6d31336c189f2de9d5e3bee6e4774967bed
SHA256

56a74028bfc73c08da282de29a19d26d0539ea5cee846d6364671fe59e6d99d5
SHA512

ec2895aabf546eb5b8986cd4f5ce16671f49916ac37ea304ec1b3063503221549e128f8e932ef3a932335bf68ef3291b798335e5c0bb77d07cacdc44f098bd6d
SSDEEP

393216:Kr0uOZvwcOFrU5skcpBwNeJKNRUQm9OyrP:KrqbUrU5skcpTJXNrP

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json	4359	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/nezzag.yavzox.ggeuva/app_judge/oat/x86/atY.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json	4333	nezzag.yavzox.ggeuva

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	api.ipify.org
5	api.ipify.org

nezzag.yavzox.ggeuva
1⤵
- Loads dropped Dex/Jar
PID:4333
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/nezzag.yavzox.ggeuva/app_judge/oat/x86/atY.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4359

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
573KB

MD5
52bd433eff56ca40d6dc889119b4bad1

SHA1
78cf3e40f526e4589b2bd9de9540a372a9c96b03

SHA256
9ac4ad34e8f30dcbbdf12bf20b5a62777c2a3e7ae847308102b76c00a7969348

SHA512
356b650a334d2f2dc08d080801c337fd400723418d661ae435e92e5dbbd3eb2af8d42f2707031b653c312385646bf48d1f9caa53b3347fff06fee5857d2b49f6

Download Submit
/data/data/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
573KB

MD5
4c2cac81eedf0cc4968c14227cc8e9c5

SHA1
997015ff86de8dfc3686e8cf4eb60007a0dc150a

SHA256
53629223644d56f267cc5441c1036d146850a885756493e12098de8820316681

SHA512
9a1f744d6507e58106933667049bb51eb81cce09de6fe286644d20b879417990b02c809fc685ab9b65a7dc3501aa997905b58a91bc0b04fe9028476185208d9a

Download Submit
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
1.2MB

MD5
7066050908a8178c9034f99c3ce5f8a6

SHA1
e543f39561d97fe06792c8ba1309539c892e1aca

SHA256
7153f0ee16969dc69df119f597fc38b6f84b0c0d855f133d32e91b5bc4d33d43

SHA512
449cd1db55224ba692695448876cad46bd4c74bb74d42b5b6a765127969da3c3fc64010640947b5d10160797421c7fc7298de11baca3adba50d4bb3f4cc9cf94

Download Submit
/data/user/0/nezzag.yavzox.ggeuva/app_judge/atY.json

Filesize
1.2MB

MD5
9aceb6e57e6dd4439b3f68d3be3dff7c

SHA1
8b53878118f5d6062d03cd7d6142263d2d778e91

SHA256
d398dc274ddf3c63e616b31e729b21d31bf937ed87db1bb712f9ee3683466244

SHA512
979b8bff3c69f9cbde9739c69dd9e774707e34d93b8d7820484ec450793a46897512f39a5182919cd103f18f9766610844a5f7838dbc2d558fdb8013f8133e6f

Download Submit