4df101836ec39711255b56a4fa3d2843b3ab6aab675e510953122e4bf6372fe6

Analysis

max time kernel
5s
max time network
21s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
22/03/2025, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4df101836ec39711255b56a4fa3d2843b3ab6aab675e510953122e4bf6372fe6.apk
Size

12.6MB
MD5

6151b95d963680e705b7ac9c94976c2f
SHA1

36f8ae11c1a63aa76dfc9d40e07bcb32f47445ea
SHA256

4df101836ec39711255b56a4fa3d2843b3ab6aab675e510953122e4bf6372fe6
SHA512

5a0d50eacd5c4ee14342d9f1086b3737368e2704b0229f976de467ac95b36e8f72821a9305897b9877842adc1747bab844b06d1e9d6f5966ed8652d6b42ce5ab
SSDEEP

393216:jebElJRwdvKMaOe8Fpc71sgaitiFbyHzgVIZK:jRJ2v0wFeJsPi0O0QK

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json	4514	tckioe.ekkxcd.oclinz

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

tckioe.ekkxcd.oclinz
1⤵
- Loads dropped Dex/Jar
PID:4514

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json

Filesize
573KB

MD5
6e013de76ed5029e465ff9d7528247c4

SHA1
f6dfcb8a5034b82cfb70549ac4e840a33711ae77

SHA256
4ecae5af4e6896c937712bcb71c6f2cedf21bea58053f6446a2bdc1e869d558d

SHA512
0bb7b64e9e0c3b2d86d0e60ff62401039b408658750c38ed14793d73be9c62acb1c8dc116219082656bcfee55659acbba1a76aea5f5e6c9922d2f18dec7c5157

Download Submit
/data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json

Filesize
573KB

MD5
6616eb63f6c9bace566dd48ff9d4c183

SHA1
11bf9f21e6470b849662ed48edc7e4f7ff2f5d48

SHA256
d512c2c155df01629b06cbe6a6604df4606419b3abe2f843cab13fafd6df147e

SHA512
8c6414e73c29233ad35a19eb4d9f6892c257cab5829d7357dab78a5b5faa200895f4e963dd36ce1e1de776e9caff04a039d860d5c4061c49aae91448423f95e2

Download Submit
/data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json

Filesize
1.2MB

MD5
5ecc24b487a0de37296d910864674042

SHA1
9e7096ecadf17fbee619d718159ad0ef95a3230c

SHA256
2b6741f30f15b9ea3a64aaaecfbb8d120b6e37abe1aae11cf38df35804b49b53

SHA512
04851775469a48bc2edea4b13b0a3a6934ab2dd8a1612f7705aa5f7ffd9a419a1f23a2914eb2cc81ab29729781a8712cd5419d9e3feed4cf30266cf233cf9107

Download Submit
/data/user/0/tckioe.ekkxcd.oclinz/app_crater/oat/x86_64/cTbrPK.vdex

Filesize
29KB

MD5
0d2153ad326dd9ee75a4d374ca9219b0

SHA1
c83f1817ec90636e6aea206db4a308f9f84b40d2

SHA256
046914112796a7d00aaf38528f0e4a9ad1475696c562cf97591eb3cb62c94998

SHA512
3e0a2daea1d0696a41e5ca073d137f26a71723c9b89722dfcc68bb4c031515ccbc7e5055474e3d6b3ce62cde50f28c838079a1c307ee7f014dfb081b71bc740c

Download Submit