797392e38acfa5655e6f6364ad4d883f4ac299bda29d96fdacabfb734c2ae0af

Analysis

max time kernel
2824029s
max time network
132s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
24/11/2022, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

797392e38acfa5655e6f6364ad4d883f4ac299bda29d96fdacabfb734c2ae0af.apk
Size

322KB
MD5

88320a67be5d387d36e611b761affb74
SHA1

a3898bdcafef3d932326c4c89ab2d919379c877f
SHA256

797392e38acfa5655e6f6364ad4d883f4ac299bda29d96fdacabfb734c2ae0af
SHA512

8ead0508ee3ae678188dc39868f26c06f9f820bf5609673705b3788951419cbfd431fdd157f1d962c4537369f49febbeee4697c84f486dffca8ef44e8db48c8f
SSDEEP

6144:MLk+kDwXhEl2zV1zfISgEhAm47vcsCz0TRPmmf3IBh9ZpVaNQvNWduNPa:ckfDUaloV91gtks0iRPrABh9LgGvIus

Score

7^/10

infostealer

Malware Config

Signatures

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	vyaga.kdufad.kyakev

Reads the content of SMS inbox messages. 1 IoCs

infostealer

description	ioc	Process
URI accessed for read	content://sms/inbox	vyaga.kdufad.kyakev

Tries to add a device administrator. 1 IoCs

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	vyaga.kdufad.kyakev

Unexpected DNS network traffic destination 14 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	220.170.79.229
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.220.220
Destination IP	202.12.27.33
Destination IP	183.136.132.176
Destination IP	205.171.2.65
Destination IP	165.87.201.244
Destination IP	165.87.13.129
Destination IP	165.87.13.129
Destination IP	205.171.3.65
Destination IP	208.67.220.220
Destination IP	115.238.186.55
Destination IP	183.136.132.170

vyaga.kdufad.kyakev
1⤵
- Acquires the wake lock.
- Reads the content of SMS inbox messages.
- Tries to add a device administrator.
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/vyaga.kdufad.kyakev/databases/adv_db

Filesize
36KB

MD5
d5645a575f1a6224e95cc24cc763df27

SHA1
45d953cd89bf4ac3103808c56e8ff765a0f63720

SHA256
2ae274b8eaaebb71f1deec32d1c767aeea2d5b1d3800037991834d9333a20f89

SHA512
1415fa545d3772ad1c8ae990756625325351a8ddb4d8ae0651486dd0af430b064e8d5042263816580a56a0aaa60941cc8b6c41346be54c833238f4c98b17f0ad

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-journal

Filesize
524B

MD5
e5b01af9ba8674ff327d6de9a3f1d943

SHA1
3c4ff7a176bf42418efa3301246db81ac889e792

SHA256
f9ba7b91c5f0bf106f38c277fe80801a7bf9ecd56407b9616bf8b92785f12bba

SHA512
f1072356a4432925d7741dcdc0f710aeeb59c2dd7c7a28e991e9038c124ba8d43650d4f14a1e5567c179625445312f3937b272faac517fe0f51a6d38ef3a86c9

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/vyaga.kdufad.kyakev/databases/adv_db-wal

Filesize
48KB

MD5
46ab68c8f768129a23400113a75b2d80

SHA1
6f2ba4d84706187a9c0f51d4f2615b05be96f408

SHA256
8ec07e4d212e463586199ba5d21a199290a07c6ec3f91c657f09004911d7306b

SHA512
0bc7deb934bb3c82c3a36b50200e5ee69378f4e318b44d8e68227e6669c551ce32530232b0a9da2112a83f592351325ec0f9824f08da35000450cafd7ff4c4f8

Download Submit