Overview

overview

10

Static

static

6

47c1a61130...4d.apk

android-9-x86

7

47c1a61130...4d.apk

android-10-x64

7

47c1a61130...4d.apk

android-11-x64

7

deper.apk

android-9-x86

10

deper.apk

android-10-x64

10

deper.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47c1a611304c0be57625c0590e06760096ad50ddde3608d77bf78bc82ec80a4d.apk

  • Size

    12.6MB

  • MD5

    b4274768d4b92e28c76989250f4f3850

  • SHA1

    b904fcfba0d78879183c558cf8f3929b254fbc29

  • SHA256

    47c1a611304c0be57625c0590e06760096ad50ddde3608d77bf78bc82ec80a4d

  • SHA512

    c6d06d3ee47498ca850fc0f726b2558787582d8bafbda3dbab804204219a22ad46cc8ae3e47639a19bf6885e059da78d065e6a5db80e46519d688d755fe30fe6

  • SSDEEP

    196608:NGjjVnjqOZoP1qUBOQ5P0ch+bGJpkBT+hK7VHjkf25VCYzMuNrST3pA:NCteOsqwOQqchbYDtk2vYupST3pA

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • zppqwo.rbljak.ufviut
    1⤵
    • Loads dropped Dex/Jar
    PID:4338
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/zppqwo.rbljak.ufviut/app_autumn/oat/x86/IakAqw.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4364

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json
    Filesize

    573KB

    MD5

    84cd763c9c3bdc5cfb4c9ac0c470cd5a

    SHA1

    e74e202794671675957ed40e1bedc2ac99fd23ca

    SHA256

    73ff46a676ff7b57dcb40082c5931d3775d8b54ffdf8dbb8240c152044f8d223

    SHA512

    3df941294e54bdb30cda94bb421f98a453677aa953e853b431bcafb1b293280a87c69389309fb6b8ab77c616c1cf7d1b48a6fec57c8ddd5a1276073eb67b6d30

    Download Submit

  • /data/data/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json
    Filesize

    573KB

    MD5

    0df3d77235294ccd4d489d203b4dd4bf

    SHA1

    0f6d0e43f91c7f2c69006af1ec5914eff6ebdb47

    SHA256

    ad79d44a808f4037b4b4a1173e75592d6f402997fccb60001c0d6176d3f4c38e

    SHA512

    5e5b4f01d003efa3b743bbd41c9a9d947e3001e9d6e7c7edcfa407690e5b398e02fdc3e1fb134d49a183ebb85e20c7a7446b4e482badb0c5e0a54b7f23ae57b5

    Download Submit

  • /data/user/0/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json
    Filesize

    1.2MB

    MD5

    c7186b51bd2565dbe297ab646610848e

    SHA1

    6d4d70169b57812a2633f5d2201090a25cd04194

    SHA256

    59eec7283c395e83d920f3298df168b22b5c1c378899287cc3c67765c551028f

    SHA512

    df8144de42e865692ad20b5e26e3a52f4cdda52f01881081f884396a00524f7a3ab1cb5afd40f74f34244918608f9968e1198d251d355ec841c9ce395b1d4599

    Download Submit

  • /data/user/0/zppqwo.rbljak.ufviut/app_autumn/IakAqw.json
    Filesize

    1.2MB

    MD5

    c7bbab33460a4a3b2714fc4ccb8e6f64

    SHA1

    3db87ddc09f8580020ba2eeab2539917d3bbef69

    SHA256

    e34be102351a169eefa3581b564c403223ad549a4ee4ca6e60805751156495e3

    SHA512

    d3739b1cc4ebeef6383a878c522f8aa08ce56500c3b8e34a8ebb05b0beaabd0edb31e5ad0b1f8179b97483a455186a5051156cc7e27fc3d1746401badb5ff33c

    Download Submit