07b114daff3e1edd5e7f1a2f813cd7dda6f3902cda03f1a8f4ecf230efa52ef9

Analysis

max time kernel
6s
max time network
25s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07b114daff3e1edd5e7f1a2f813cd7dda6f3902cda03f1a8f4ecf230efa52ef9.apk
Size

10.4MB
MD5

f69bc6289179b4ce9f85e736cdc59a24
SHA1

a35a253dcde3b6489a7558af9ebb57e89add7fea
SHA256

07b114daff3e1edd5e7f1a2f813cd7dda6f3902cda03f1a8f4ecf230efa52ef9
SHA512

05f9ec614651e85ea83d0375287efa0fcdebcdd9b8f021120391dcfe3dbb0e87b7cd6fa89370395395d27139cb1f667752f57c89ee662d36b2a379cae8680fd2
SSDEEP

196608:fzwwJTKJYA18D7TqdyX3qJsupHdDFy/B+sI3tWjJ4ro6eZhn:fUWe0nNqSitFy5+sI3q2ro6eZJ

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json	4337	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/oat/x86/bRYKxG.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json	4312	ugoxqk.drmwah.iamvvs

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	api.ipify.org
5	api.ipify.org

ugoxqk.drmwah.iamvvs
1⤵
- Loads dropped Dex/Jar
PID:4312
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/oat/x86/bRYKxG.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4337

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json

Filesize
573KB

MD5
e781cdc207dffcfa4af2a8fb1f03494e

SHA1
99b0f5b4badbbc9fe34920ad10425c14e81b0157

SHA256
6ed524bcba6f49c7c2d1e43b3a97dc2f249153df9f05708e135195458e3fb6bd

SHA512
64037687bc224835a1afa2d25edc410cdc3dd14b363820912f80a45a02967e927752b6a279358e2edee066656fa14c7b0888a2dda6c7d8a353217a0285936bdd

Download Submit
/data/data/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json

Filesize
573KB

MD5
eda202925347dcdb203a6eb17b2ace2b

SHA1
ebda38a837165a73a40e5c17860ecf9f5783c913

SHA256
6e0025a94858061b51696d604a9e6f473b39bb975a8132b51bac16355ac76384

SHA512
7d052536204863ad15cb9979628a77209cc3ed9cedb71ceea24aff87ae184b77ca6de9ab8fb29f47a695fda1528668f862b519c0d575a82e3edfc461ecc6896c

Download Submit
/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json

Filesize
1.2MB

MD5
f23c3aeea3727839e32892f5217dd9c6

SHA1
3d104024db76a1190fb5e4d8caacd7c2f4038672

SHA256
938ed06f3d1c1dbf72d5e773668de26510ec2810468a3f49b2bc3944447018c6

SHA512
ac7f362123e73ea5dfd4ceb3312d863795046c5609624eaad46ea06f9f9b68e5002aaf40a9e375a54ee76af97fd09e44533fc6914cec34a87d5a4f9fce4ae764

Download Submit
/data/user/0/ugoxqk.drmwah.iamvvs/app_casual/bRYKxG.json

Filesize
1.2MB

MD5
fb3d2e0382e456e9074801c4c44213f0

SHA1
634808e48135c0b28fc2b02d4f0e946e8478352f

SHA256
aec20e3c6cae39a622b921221342b3675b125f11562446e5bc58737124944782

SHA512
32ef54a6fc1253b5a7d66bc19bb8c4df8b071cc91f06c011a8f71321b3745d21ede18b2d7e629c7923c89189bb9f502e2d6f501503e6c4a9813eaa12d852d2b3

Download Submit