Overview

overview

10

Static

static

6

26b7c0b09b...bb.apk

android-9-x86

7

26b7c0b09b...bb.apk

android-10-x64

7

26b7c0b09b...bb.apk

android-11-x64

7

base.apk

android-9-x86

10

base.apk

android-10-x64

10

base.apk

android-11-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26b7c0b09bf02742ce0a07d7584a20c3bf78382d696e5e76f0dcc4b5da9425bb.apk

  • Size

    13.5MB

  • MD5

    daeef69481050078388141a95cf5aa6d

  • SHA1

    c0cbfefd361a15bf8ec180f7da35bcfba3ea4593

  • SHA256

    26b7c0b09bf02742ce0a07d7584a20c3bf78382d696e5e76f0dcc4b5da9425bb

  • SHA512

    96e711b122504c0489019e366869b622d1c26f766c2adb05c8c4d431b74c8e35376c7c9180293326b17b58379629ab65e371f2180416e1602cb60fde321b3800

  • SSDEEP

    196608:ZqHM1pMza6/6a4OAY8kl4gCnLyZvP84RnI39qpIsEsptCZGSfbgVLbNfEtv5bHf:ZhpMORh3kl4Z+6II3Owspt0MVBwBb/

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.hammer.leaf
    1⤵
    • Loads dropped Dex/Jar
    PID:4215
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hammer.leaf/app_sell/mDHXyp.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hammer.leaf/app_sell/oat/x86/mDHXyp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4242

Network

  • flag-au
    DNS
    global-stream.org
    Remote address:
    1.1.1.1:53
    Request
    global-stream.org
    IN A
    Response
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • 216.58.201.110:443
    tls, https
    689 B
     40 B
     1
    1
  • 216.58.201.110:443
    tls, https
    689 B
     40 B
     1
    1
  • 216.58.201.110:443
    tls, https
    689 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    3.7kB
     7.8kB
     16
    19
  • 142.250.187.196:443
    tls
    135 B
     40 B
     2
    1
  • 172.217.169.10:443
    tls, https
    2.3kB
     40 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    global-stream.org
    dns
    63 B
     145 B
     1
    1

    DNS Request

    global-stream.org

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hammer.leaf/app_sell/mDHXyp.json
    Filesize

    2.6MB

    MD5

    f9f5965a28897eddfa36f8c7edcf8244

    SHA1

    aeccf514e8508850df14846e5538dcf9459ec4bb

    SHA256

    359cba0e58a4f4a940054289c34d67d8e493c33581044cf74aac9021807df958

    SHA512

    08bb852c01282c32ec3bde118c4b63a471ea3c4fffa4cd122fba13f6085ee2b66055546dd2c60c1d9f73272e26f861d9faef5ebafde7b0351109546e485a4a78

    Download Submit

  • /data/data/com.hammer.leaf/app_sell/mDHXyp.json
    Filesize

    2.6MB

    MD5

    bb36548597be5349af05bf0cc034af96

    SHA1

    0a2b33db705c01ac087d22b89429c96bd28d3a69

    SHA256

    4226d0a6a031eb838505b07ab88a5bbfcc2c5b030c44dff3605a2fa6b876b37c

    SHA512

    2c86a72a34f191b73440cec01ad4b9a40a980174e440269d26bd09e04d122f14fe99a48a5617ff4ccb1c971d988a1d1acece7810b6c196dcba89f52be46395a1

    Download Submit

  • /data/user/0/com.hammer.leaf/app_sell/mDHXyp.json
    Filesize

    6.7MB

    MD5

    e20f7d07ac5b5dca93d8fa653494e459

    SHA1

    f199d4ef4b8708704a40162525072c2216527743

    SHA256

    737aea7d4421513e31a3e874bc1c7973b2b47d2e61f9f6beb5ff95d8c1a2c0a5

    SHA512

    3fd318a7e5eb0a57a5bc357609e6d96a77c15a269742625bded03c38a271d4d345bcd20a73a0fe3abe0f52a006545b40cfe1fc53b6f3888d866df64beb7af46b

    Download Submit

  • /data/user/0/com.hammer.leaf/app_sell/mDHXyp.json
    Filesize

    6.7MB

    MD5

    03469eb3aa4bf58ef3649c63aa20bf57

    SHA1

    6c9992116957392dc7c9bf274e2c29636491cd76

    SHA256

    dd5f57504f6427503449dd9d4903864db47a7b904695a4def70b8b1495c5d49a

    SHA512

    d81b914d73fe7e5b8387123445981457504fcaff9613eaba126238ae4559ae69884dcfe511b79aa3674ed44391b2277a5d817ebc232b6c3ed6275c845d9c8c4b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.