48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf

Analysis

max time kernel
354445s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
03-02-2023 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prog.apk
Size

20.5MB
MD5

030a9c431d5e727fa64ec62594c2294c
SHA1

504d31a225a796538ffc5957d2145610ceaca570
SHA256

48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf
SHA512

a8ed7cc27b0c1d3a778d136744f3c2b3b9d7f628112c1f35918c11dc0caaacff21e4765b426a91eefa2dd7dc0679044f75ad9bbcdd26f90b02343cba52c68ee5
SSDEEP

393216:7YvsJA35z7A79L+n+T1mbgafiubcwZ3bzT9i/zVN2I+TXQBiKpPbNiRSKcsGJP:k0JA35z7c5v5mbBffcK3pi/zVN2IkAIs

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

rwmlcjx.krvquqgpg

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications rwmlcjx.krvquqgpg
Acquires the wake lock. 1 IoCs

Processes:

rwmlcjx.krvquqgpg

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock rwmlcjx.krvquqgpg

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	rwmlcjx.krvquqgpg

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	rwmlcjx.krvquqgpg

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

rwmlcjx.krvquqgpg

ioc	pid	process
/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@2052389868.jar	4630	rwmlcjx.krvquqgpg
/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@1116873623.jar	4630	rwmlcjx.krvquqgpg

Queries the unique device ID (IMEI, MEID, IMSI).
Requests cell location 1 IoCs
Uses Android APIs to to get current cell information.

Processes:

rwmlcjx.krvquqgpg

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo rwmlcjx.krvquqgpg

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	rwmlcjx.krvquqgpg

Requests dangerous framework permissions 8 IoCs

Processes:

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Reads information about phone network operator.

rwmlcjx.krvquqgpg
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests cell location
PID:4630

su
2⤵
PID:4729

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@1116873623.jar
Filesize
1.1MB

MD5
78b8d2ec7be3407d5e17841bd15d2be2

SHA1
358c2c9bf054d6e5dd9afec4ff34b80f60cf686b

SHA256
099d349010b34a484c9217f6118ac814c55a7f8ce98a1738b28a927c1195a2df

SHA512
8e58fc1a7c9f03ab8013717bc32d3b995d1dfd329fb89763c5a1982adfbb2ab56c03f6657c4c6bb832eefa27084cdcfb67ecaa0d41561df8a11d9bd3dba0ef58

Download Submit
/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@2052389868.jar
Filesize
2.6MB

MD5
f46d0fef4acebcffe470d2ba3dee3b14

SHA1
c37ee527dfd9b71d697f6b0654642a3e557f321b

SHA256
bad72b46807b7b4f70ab72ece341a4a5ffecf9a16156cb702e01b5fbe757d23f

SHA512
ecc6094c16f4dc2b1291fc1e620490290d05c0e88bd3891c364738346d3e5b59fd46ea3e2b926be9b7d415cda2c3c14080543b56d5ff58b8daa92a155b60cae4

Download Submit
/data/user/0/rwmlcjx.krvquqgpg/databases/SettingsDB
Filesize
920KB

MD5
c40b870e7e989a65fd7379378ec45423

SHA1
b583882e4e6ea29935d35d91785c04646a0c756b

SHA256
5604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17

SHA512
45929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2

Download Submit
/data/user/0/rwmlcjx.krvquqgpg/databases/SettingsDB-journal
Filesize
1KB

MD5
166448ac8d277a0981986103f3431de0

SHA1
400e61709db2fdf794db7fbad7cb69173c313a0a

SHA256
93b0b993d5b153405f9e9b01c52a89604c59b2b30cabc9fb95b9b106a32f70d1

SHA512
c3020f91794aa07fd543ccfaa9ec3616b86e7f4b9cf7a6e3859535d9f65aeb59986d0ddfc598c03f5fcbdb0e98422e64db9570926de7c023594b721d659f4139

Download Submit
/storage/emulated/0/.am/dm/md/main.md
Filesize
2.6MB

MD5
93cedc2e067b919b3417265d18559dec

SHA1
0bf1e755f0343ea2a040c672a727692ee73dbff3

SHA256
0ce0a9df114a989f3521590773ff444075329573846d8e0aeeb67b0ce64624cc

SHA512
4d922985df411cb59a0522997705aefb2bd5ee7032d711220882d59fc1c53dd8e822bdef3d11ab56548ed5732701787a96af4345cfa64737b7c556329b2e7443

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md
Filesize
1.1MB

MD5
c32e01dcd20dd70e261d56c73448ebbb

SHA1
1276ee4fe877a89e7dbcefe2afba20cb066499b2

SHA256
990bd5dfa4fb1c1bfde05e25d81f8544d115f2cdf371db7b0ca89bb5ac47983b

SHA512
27cbe06fd5c9e5d4c9f81e211837aa9fba7f7c84cb6655d3ff9e0563dbce147485789757aeb8bd7f0e8ed64828cc6d44e0e87e51c45ba81d0ee71025de80b430

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/.am/log_.txt
Filesize
53KB

MD5
e45106e02565ee2caf386d4687db0f1a

SHA1
37090e42db76f860c31e3db4f9409a76b9e8bd47

SHA256
c6abcadc53c3e227c021e4b9dd92e984ca1c90ba9d5a9fa7389568b2215d6e76

SHA512
46ad716d1968d0a2650549956acb728825f93856d9faeef52ba17def81ddfdfef72cc3a3b0fbd003cc971bd45ebaffdeeefb9f79b2e62131f26ad04b58deb1a8

Download Submit
/storage/emulated/0/.am/log_.txt.zip
Filesize
6KB

MD5
c4b60c23ecac6fb4e8fd062dc3326446

SHA1
2eb42964f5209cdc51de58537c5f41e4c1e280f3

SHA256
95907f535959a3e45b8f130c64a357297c459613932a7952789ed57971bfeb0f

SHA512
897dab44a37512a995f3cc0fb33a7b030e4bfd6cc33a73e9541fc7da95c750838b67268cbb2643de0ec22db41fc2d696be9c33c73f47b6fa94117a122c96b88b

Download Submit
/storage/emulated/0/.am/log_1675391544949.txt.zip
Filesize
217B

MD5
642d3dba364f52be39649c70231e07d4

SHA1
8dd7df44801e9ce8a8070dde2ff391136769d971

SHA256
795c9c9d81a0ebdee224296e2fb211da4ce239add6d90bfaae975a6851ddbebc

SHA512
95ce11c0cecb6536ebcb4e3fd1d7c56d06a5bde5a2a5ec15c6a10dab3f8cf19cf98ba81b3243c18c7c54a5e04113198bd3187ab5f75845b5f8c2877757f98ed5

Download Submit
/storage/emulated/0/.am/mch.apk
Filesize
126KB

MD5
9259a4e28d55bb8373986fea7ca01d33

SHA1
08045ae80e4016f719a3a930777a8a2c336e0cfa

SHA256
ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137

SHA512
2818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8

Download Submit
/storage/emulated/0/.am/mch.apk
Filesize
126KB

MD5
9259a4e28d55bb8373986fea7ca01d33

SHA1
08045ae80e4016f719a3a930777a8a2c336e0cfa

SHA256
ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137

SHA512
2818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8

Download Submit
/storage/emulated/0/.am/prog_class.name
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/rwmlcjx.krvquqgpg/files/Download/mch.apk
Filesize
63KB

MD5
8accd9a542a0274ae4cff9d007d5b375

SHA1
9d743ef6332b815b42fa136e1f7379961f31b995

SHA256
e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855

SHA512
0c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b

Download Submit
/storage/emulated/0/Android/data/rwmlcjx.krvquqgpg/files/Download/mch.apk
Filesize
63KB

MD5
8accd9a542a0274ae4cff9d007d5b375

SHA1
9d743ef6332b815b42fa136e1f7379961f31b995

SHA256
e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855

SHA512
0c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b

Download Submit