Overview

overview

10

Static

static

6

d4f5730188...35.apk

android-13-x64

7

d4f5730188...35.apk

android-9-x86

7

deper.apk

android-13-x64

10

deper.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    27s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21/03/2025, 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4f5730188d3e9bb6ccd428ca36c934e6a83fffb45afd717d9f1d7a2aa866235.apk

  • Size

    11.6MB

  • MD5

    429076ed77ff71d34def00f2a8f8e59d

  • SHA1

    3dc9b3095d33ee27f3abb7883ee061d86f941a94

  • SHA256

    d4f5730188d3e9bb6ccd428ca36c934e6a83fffb45afd717d9f1d7a2aa866235

  • SHA512

    421368282569d882b152b8b70263deaa12ba8f302dbbf040a7350eb0cc35ce405003070ee485de375443dbf917e8a3d8ca82f69214f54c93913914d0c0ad1d46

  • SSDEEP

    196608:gG//dDvCiDORp/LnSZlFAU/dL4QW7nVXx9L2RfoRRgkkwABYYZDkO8xbo0QPbs13:gK9qiDOP/LKlmU1LKBx+fongkkVYwsoG

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • xefiyh.tvlnyc.cucgdg
    1⤵
    • Loads dropped Dex/Jar
    PID:4406
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/xefiyh.tvlnyc.cucgdg/app_noise/ky.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/xefiyh.tvlnyc.cucgdg/app_noise/oat/x86/ky.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4433

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/xefiyh.tvlnyc.cucgdg/app_noise/ky.json
    Filesize

    573KB

    MD5

    b5fba21308a783dd0608e1025a1ba233

    SHA1

    e8ebd21e8fd7740b3f8692da8d4b84ddb1901cab

    SHA256

    b764b94294114b8ac4dd8fff47b56a9320f7bb932ec47bdd1fa0e7e0d9ad86d5

    SHA512

    bb9215f46bd5e0f61416adb60c1588bd3dce09f7a1385405928723f507e195d60bc946090a4ca4b96d2d087634817bce0e4cfd7e37dae4d0ea05317e7ea3ba9d

    Download Submit

  • /data/data/xefiyh.tvlnyc.cucgdg/app_noise/ky.json
    Filesize

    573KB

    MD5

    b591716e348bc5415dcc65d1926afd58

    SHA1

    18fdedfb55c77b84b875c3c03f4a03cb73a50aad

    SHA256

    444d691635624d31a3670d9f7ccf97dd87a28088a249706e05adc028551490d3

    SHA512

    5328ab985be02dba3a68e3a1b9e95e1b57a02bfe5d3c98dfc4cb9b39e1a3f93b848d0592efb7cbb4722832aad165f5d8e2bb4335ce14b934295e23d2a99aa4fd

    Download Submit

  • /data/user/0/xefiyh.tvlnyc.cucgdg/app_noise/ky.json
    Filesize

    1.2MB

    MD5

    c2438819929f24bd470b7f38782a6e49

    SHA1

    bcff07158a048f62ba5c664bcad2968184edd911

    SHA256

    2b93488e70c572bc58a4717838e4f624574f044c4c164c727772a6bddffe642a

    SHA512

    f85f4b5172113b504c111e303589e1c7d94e90c9aa2d6c819b737097e17fc71a219d74ef23e480e3be12cbe174796a5615efa3e34db4a9261553e9b5544ce889

    Download Submit

  • /data/user/0/xefiyh.tvlnyc.cucgdg/app_noise/ky.json
    Filesize

    1.2MB

    MD5

    0969012e802ac22f424c436a89bda67b

    SHA1

    2bbd1699e8697a3f89180faacc2e8fef9ef46e80

    SHA256

    571d2d1e539e7339a75d172e9e500cb30c944112f762826adafc401af2096cfa

    SHA512

    521b064ce87579117d7b4eae1df5e233a8268ff71010a9cb01887446b6cfad6af853ceb9601e9fdcf1e9172952e976954b7349cc58175e19878ca5eb1ab1e9d8

    Download Submit