45eea3cfbb5f6bea998b0bdc14f52eb9f7f61223032db3945272819da63f88ab

Analysis

max time kernel
3242343s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
29-11-2022 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

4b70ebe9fe428eb84fcfda70a38b7ceb
SHA1

e3b9fa374b5fb04f1f2a8d5e363ada1724bad3a6
SHA256

45eea3cfbb5f6bea998b0bdc14f52eb9f7f61223032db3945272819da63f88ab
SHA512

b5073062d258f08c8077c190585bbfbd2e46f644818f8eaf4b669b23a4a12118caf35c820d627a665c50d1671b924074280a85fd0adcf5fbd2a93115d2c13a3b
SSDEEP

393216:nj4W87nOn5VsJA35z7A79L+1yp1mbgafiubcEZbbvT9i/zVN2I+TX61CKpPbNiRP:jxynuYJA35z7c5lfmbBffcGbNi/zVN2B

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

yalscrg.zbkyth

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications yalscrg.zbkyth
Acquires the wake lock. 1 IoCs

Processes:

yalscrg.zbkyth

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock yalscrg.zbkyth

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	yalscrg.zbkyth

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	yalscrg.zbkyth

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

yalscrg.zbkyth

ioc	pid	process
/data/user/0/yalscrg.zbkyth/Anonymous-DexFile@2750948722.jar	4591	yalscrg.zbkyth
/data/user/0/yalscrg.zbkyth/Anonymous-DexFile@2074016038.jar	4591	yalscrg.zbkyth

Queries the unique device ID (IMEI, MEID, IMSI).
Requests cell location 1 IoCs
Uses Android APIs to to get current cell information.

Processes:

yalscrg.zbkyth

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo yalscrg.zbkyth

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	yalscrg.zbkyth

Requests dangerous framework permissions 4 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Reads information about phone network operator.

yalscrg.zbkyth
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4591

su
2⤵
PID:4686

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/yalscrg.zbkyth/Anonymous-DexFile@2074016038.jar
Filesize
1.1MB

MD5
ad5ae33d62fa2ad03600f3f967c3c700

SHA1
a870d474111f7b75ce8296bd0e9b99b88e5043d5

SHA256
9da1b581c166901960789c59e4256666e3b57ebe7d813ac4cdf4ab43fd9d7d2a

SHA512
7ca1f0afccd88cbe2c46c1900b6014e08837ca57cce9ad0d42760a04c5766a22ba7c571ac7f3e046b26c2809af0b272c3d545480f7550179d6074c83f139a554

Download Submit
/data/user/0/yalscrg.zbkyth/Anonymous-DexFile@2750948722.jar
Filesize
2.6MB

MD5
32310304dff1e25776eafa567a11f98b

SHA1
01549f077ab8fba1354fddb216742d06cc17593f

SHA256
44cc3b3f62d955e690f1ed082e0528c1026293da3452fe56fe306c7fd1ad497e

SHA512
34e8b7c9762991f481a85b270f8478df5d9f61d1d813a4ed7a86fe38af822158d9ef853a6aad43df29dfa33838a13bdf782fedbb72612f8227df4f99222ed093

Download Submit
/data/user/0/yalscrg.zbkyth/databases/SettingsDB
Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/yalscrg.zbkyth/databases/SettingsDB-journal
Filesize
1KB

MD5
8ecdeb1ef7629a45a8b1bfd0f397d3e8

SHA1
c410f278b3dd7caebb9ed7b6bd85b1b1c1605c1b

SHA256
cc607789fbba6198314c7814a6c19493c6a2da29cf761a010b3e6fbbad524a9d

SHA512
2a0164ea24b35385e3cd94d44bbfcc8d749c0fe8fed0626884490cc86876f5a3791598150130fb3e911e294a6a73fc677a68e014ad27bbabd5ae45043c88cc2a

Download Submit
/storage/emulated/0/.am/dm/md/main.md
Filesize
2.6MB

MD5
f2f0e500f02b923ac155e9b1bfdc27b9

SHA1
568ea34dbe96aa3732b52af840c447bd56a2b15a

SHA256
4c78af429e42dc3b977e842d83ea0bae4242f54a1f33c573d8a7c10110e747a4

SHA512
9827f0f1a139081327c15252aa755635658cbae548ad0249582f9e55c5ca16ccfe5bd5fdb1544bf3fdd36d98ee788aca5a53d596999490077a07c1c31d7ac2f7

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md
Filesize
1.1MB

MD5
1fe00742fa33e342b615aed5f9aca8e8

SHA1
ff0fa37046a3550ed7c29c1434224eae620d7bbd

SHA256
a4eeb9a0d5b4244debe042bb9208748c36855659ce53b89092e6f1d7a86ed137

SHA512
dacb5feb55dac2fbb1cab6d1bcae6205e04fc70123f2dd3adda1ecc75fd29a5967bf2a982cd255ddcded4d6ca890b1a5e70f3c1d91432cba3b7e0acc65c12467

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log_.txt
Filesize
45KB

MD5
e861b16e28de9bb78ce646bf1659a587

SHA1
fb1e8504d774d02ac9e1abc6d1479c4ded7f4e09

SHA256
0280896da9c53f22950475104e03989acdfd978a59bf5da25d2565b14944da43

SHA512
625d47b69ddd8438fe9ce7f030472f6c8b416535e284394d510d926486504b66577e953ed9465cfbd90e58859daaa82ebb27e94fad947332850ba9c1e77d9a5d

Download Submit
/storage/emulated/0/.am/log_.txt.zip
Filesize
6KB

MD5
2a4e03d82bc3cc0da154ffe53da2721d

SHA1
06ccb1c53477e2447094bca83766826765e56f4f

SHA256
73d856c5e1dd2731a96223f26e46df435c208274dc2b3ab8099d881a68dcd287

SHA512
8350e787568a0521eb5b53466d04222a5ad5d2bf9e544cb698aefc845f59004d6541bbf2fe7b33366a9e7ab22d8536c30f412bb9b350bd48a591b6efac7b1eae

Download Submit
/storage/emulated/0/.am/log_1669689518523.txt.zip
Filesize
215B

MD5
701c4b37150d397fa851e93d19cee836

SHA1
2b967e9c660fef35ad4e6213780b1c3dd8a20b02

SHA256
648bbdc99c7081a8e3b505215c01785283eec1a382c566a1eeeefb504a50bc37

SHA512
ae9f2b9c7e5fb66080b6c5c3105f8e8f93dba0b8e4167454adb7d508351b7b23dcef8eef064a230fb34ad57a26f6bd47ff0b1e1ffd3e49864b55a4a25aa5f153

Download Submit
/storage/emulated/0/.am/mch.apk
Filesize
126KB

MD5
9259a4e28d55bb8373986fea7ca01d33

SHA1
08045ae80e4016f719a3a930777a8a2c336e0cfa

SHA256
ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137

SHA512
2818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8

Download Submit
/storage/emulated/0/.am/prog_class.name
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/yalscrg.zbkyth/files/Download/mch.apk
Filesize
63KB

MD5
8accd9a542a0274ae4cff9d007d5b375

SHA1
9d743ef6332b815b42fa136e1f7379961f31b995

SHA256
e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855

SHA512
0c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b

Download Submit