Overview

overview

8

Static

static

6

19278db554...b0.apk

android-9-x86

8

19278db554...b0.apk

android-10-x64

8

19278db554...b0.apk

android-11-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    26/03/2025, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0.apk

  • Size

    3.9MB

  • MD5

    9d6c50c4103251cd45f93b380bb48bd6

  • SHA1

    1990d07867ec04fd0fb791bd347e2b410da5d114

  • SHA256

    19278db5549027a224f9436c45ffdf0a0dc5ac630335fb2d9ff9d44da0f267b0

  • SHA512

    35cad8d62c1d12bdfd499aa5720474df34d6ebf4bb577c5f5205c2e13012fb401c33605ae63119b5fff1bf86ce30e22faa9e038d06913a345831365b7bfc4c03

  • SSDEEP

    98304:CVyFi2cpk0uuKmiiaiAOFO4O4sbrrLOrGvIej4OAizcP9mtz:syqH/apOFO4C2r1extcP9mtz

Score
8/10
defense_evasiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    defense_evasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Acquires the wake lock 1 IoCs
  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.xsyhwp
    1⤵
    • Removes its main activity from the application launcher
    • Checks known Qemu pipes.
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4375
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xsyhwp/cache/payload.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.xsyhwp/cache/oat/x86/payload.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4400

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xsyhwp/cache/oat/payload.jar.cur.prof
    Filesize

    4KB

    MD5

    abf8b1bd3424809b49604c0a04d7ba5f

    SHA1

    99d4265ce73d18176839fccf00d9a353f9543aa5

    SHA256

    84813f4a345d5b552eadf4508ce22bf9440226e59351d7158771dbca30eb9eda

    SHA512

    f4a52cf875133a5f81c45abd1da380a8a7de1dd80593152f5a998a0f67a1c57e720167c2c28e40755fcd3357313e8c39bcace430941a30331624a74293e9fcca

    Download Submit

  • /data/data/com.xsyhwp/cache/payload.jar
    Filesize

    472KB

    MD5

    9f093ab21f4efa18069addd51279bd06

    SHA1

    591062cbc092b10742e16f3451bae479679f27fe

    SHA256

    a8b4c1ceb5f1a3de7c998c12b8bc26f9cbe2ee8bcac522b7c54e9d49505774d1

    SHA512

    3da3ec9b7d5d00373894a198170fcdec9e80d25615677c24b6e57f79bda1a603db44ac875c59aa87aab67017d6da4c273bd65f62d3ee559d54b33bf4a8edbf74

    Download Submit

  • /data/user/0/com.xsyhwp/cache/payload.jar
    Filesize

    1.1MB

    MD5

    06721937887c0fbc9516fe483c58da10

    SHA1

    d31bbbf7e7f08684b6cb286751a0b1aa656a2fc4

    SHA256

    3bc6b39624ac9ecdd024903b4a0e20cd39d6ea4df6de176f7b679a1b132c4dba

    SHA512

    a438f33ff75522506f3de0cccaa7b0525d9b733a74d5587902d45dbfff0245080bd3825bf9b2324045e52152c547d80dfb54344d5b6d20b4e41e6820eb484068

    Download Submit

  • /data/user/0/com.xsyhwp/cache/payload.jar
    Filesize

    1.1MB

    MD5

    42bd2141a746ab06dcddcbc993b8a1c9

    SHA1

    1583c437e5aa6eb628f6afca10bddee38a501451

    SHA256

    5e10c8dcba719cab710ec6d9c0626569af7664527247d50e29e1f758b745d1a8

    SHA512

    2d946e368b008ed309481c78d802ba2c04b87e38c9b0506144e1b6212036617007d1adb180c590df178c91fdd74e4d3c1d713b3119ddd7f921352a81d44d4c56

    Download Submit

  • /storage/emulated/0/Android/data/com.xsyhwp/files/uu.dd
    Filesize

    36B

    MD5

    a299852f66b84483f4118a999ebed5e8

    SHA1

    c3020ad520ef5d4d62c86410fa94a93578f2b076

    SHA256

    9f21dd0f2b172e617b9ae6753d950e86bd6d20b0936fc9fe7de0b01df0cebb2c

    SHA512

    b646953bfa93aa26b18223b0943a5d8b4d818e12d91aa2630fc6883205ce73150be613d00c7c433a010f88f2d4a6b03a061e11e8d70b4c899526c0bb3d925cbd

    Download Submit