Overview

overview

10

Static

static

6

4df101836e...e6.apk

android-13-x64

7

4df101836e...e6.apk

android-9-x86

7

deper.apk

android-13-x64

10

deper.apk

android-9-x86

10

Analysis

  • max time kernel
    5s
  • max time network
    31s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    22/03/2025, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4df101836ec39711255b56a4fa3d2843b3ab6aab675e510953122e4bf6372fe6.apk

  • Size

    12.6MB

  • MD5

    6151b95d963680e705b7ac9c94976c2f

  • SHA1

    36f8ae11c1a63aa76dfc9d40e07bcb32f47445ea

  • SHA256

    4df101836ec39711255b56a4fa3d2843b3ab6aab675e510953122e4bf6372fe6

  • SHA512

    5a0d50eacd5c4ee14342d9f1086b3737368e2704b0229f976de467ac95b36e8f72821a9305897b9877842adc1747bab844b06d1e9d6f5966ed8652d6b42ce5ab

  • SSDEEP

    393216:jebElJRwdvKMaOe8Fpc71sgaitiFbyHzgVIZK:jRJ2v0wFeJsPi0O0QK

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • tckioe.ekkxcd.oclinz
    1⤵
    • Loads dropped Dex/Jar
    PID:4339
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/tckioe.ekkxcd.oclinz/app_crater/oat/x86/cTbrPK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4365

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json
    Filesize

    573KB

    MD5

    6e013de76ed5029e465ff9d7528247c4

    SHA1

    f6dfcb8a5034b82cfb70549ac4e840a33711ae77

    SHA256

    4ecae5af4e6896c937712bcb71c6f2cedf21bea58053f6446a2bdc1e869d558d

    SHA512

    0bb7b64e9e0c3b2d86d0e60ff62401039b408658750c38ed14793d73be9c62acb1c8dc116219082656bcfee55659acbba1a76aea5f5e6c9922d2f18dec7c5157

    Download Submit

  • /data/data/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json
    Filesize

    573KB

    MD5

    6616eb63f6c9bace566dd48ff9d4c183

    SHA1

    11bf9f21e6470b849662ed48edc7e4f7ff2f5d48

    SHA256

    d512c2c155df01629b06cbe6a6604df4606419b3abe2f843cab13fafd6df147e

    SHA512

    8c6414e73c29233ad35a19eb4d9f6892c257cab5829d7357dab78a5b5faa200895f4e963dd36ce1e1de776e9caff04a039d860d5c4061c49aae91448423f95e2

    Download Submit

  • /data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json
    Filesize

    1.2MB

    MD5

    10671825691cb78a5318a68fc246712d

    SHA1

    8282c3b47e6401f4248c9e4498a11a774fcbb288

    SHA256

    eb82d9e2b38720d6d3a3b6e180a712d8890d2eb274c9580976687d0d4be07a7e

    SHA512

    a230ec87151f57126f43619814098c4aaeb006b269747f7c219db68a1a2a4cde8a7c0e1d368117adc8616b385a0a0240b6c8cd31b2785ab803b347da76457323

    Download Submit

  • /data/user/0/tckioe.ekkxcd.oclinz/app_crater/cTbrPK.json
    Filesize

    1.2MB

    MD5

    5ecc24b487a0de37296d910864674042

    SHA1

    9e7096ecadf17fbee619d718159ad0ef95a3230c

    SHA256

    2b6741f30f15b9ea3a64aaaecfbb8d120b6e37abe1aae11cf38df35804b49b53

    SHA512

    04851775469a48bc2edea4b13b0a3a6934ab2dd8a1612f7705aa5f7ffd9a419a1f23a2914eb2cc81ab29729781a8712cd5419d9e3feed4cf30266cf233cf9107

    Download Submit