Analysis
-
max time kernel
354394s -
max time network
151s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
03-02-2023 02:31
Static task
static1
Behavioral task
behavioral1
Sample
48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf.apk
-
Size
20.5MB
-
MD5
030a9c431d5e727fa64ec62594c2294c
-
SHA1
504d31a225a796538ffc5957d2145610ceaca570
-
SHA256
48778d60d4c68b219a1697868e93444c29a6d5293cdc68910cad6d3711a682cf
-
SHA512
a8ed7cc27b0c1d3a778d136744f3c2b3b9d7f628112c1f35918c11dc0caaacff21e4765b426a91eefa2dd7dc0679044f75ad9bbcdd26f90b02343cba52c68ee5
-
SSDEEP
393216:7YvsJA35z7A79L+n+T1mbgafiubcwZ3bzT9i/zVN2I+TXQBiKpPbNiRSKcsGJP:k0JA35z7c5v5mbBffcK3pi/zVN2IkAIs
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
Processes:
rwmlcjx.krvquqgpgdescription ioc process Framework service call android.content.pm.IPackageManager.getInstalledApplications rwmlcjx.krvquqgpg -
Acquires the wake lock. 1 IoCs
Processes:
rwmlcjx.krvquqgpgdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock rwmlcjx.krvquqgpg -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
rwmlcjx.krvquqgpgioc pid process /data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@2052389868.jar 4550 rwmlcjx.krvquqgpg /data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@1116873623.jar 4550 rwmlcjx.krvquqgpg -
Queries the unique device ID (IMEI, MEID, IMSI).
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell information.
Processes:
rwmlcjx.krvquqgpgdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo rwmlcjx.krvquqgpg -
Requests dangerous framework permissions 4 IoCs
Processes:
description ioc Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@1116873623.jarFilesize
1.1MB
MD578b8d2ec7be3407d5e17841bd15d2be2
SHA1358c2c9bf054d6e5dd9afec4ff34b80f60cf686b
SHA256099d349010b34a484c9217f6118ac814c55a7f8ce98a1738b28a927c1195a2df
SHA5128e58fc1a7c9f03ab8013717bc32d3b995d1dfd329fb89763c5a1982adfbb2ab56c03f6657c4c6bb832eefa27084cdcfb67ecaa0d41561df8a11d9bd3dba0ef58
-
/data/user/0/rwmlcjx.krvquqgpg/Anonymous-DexFile@2052389868.jarFilesize
2.6MB
MD5f46d0fef4acebcffe470d2ba3dee3b14
SHA1c37ee527dfd9b71d697f6b0654642a3e557f321b
SHA256bad72b46807b7b4f70ab72ece341a4a5ffecf9a16156cb702e01b5fbe757d23f
SHA512ecc6094c16f4dc2b1291fc1e620490290d05c0e88bd3891c364738346d3e5b59fd46ea3e2b926be9b7d415cda2c3c14080543b56d5ff58b8daa92a155b60cae4
-
/data/user/0/rwmlcjx.krvquqgpg/databases/SettingsDBFilesize
920KB
MD5c40b870e7e989a65fd7379378ec45423
SHA1b583882e4e6ea29935d35d91785c04646a0c756b
SHA2565604665bdc058b9bd60fdec722d85b314b35a1d642e8f81df063a1a69773fa17
SHA51245929243a657049e96bd747c17680563187795f58b9777e3ec3debb5c4498911360249d84aba810f33966007afd6dc4f391bf4b360b9c428a60570e0ecda9ce2
-
/data/user/0/rwmlcjx.krvquqgpg/databases/SettingsDB-journalFilesize
1KB
MD53fa87287025ef7c37ce9778c41f90111
SHA15593077a1dd33c4223e88b714578b4c77c6e8ce5
SHA256554758c35e0c3b98f7cb6eda13f4a8a73135d421a3e37edd3b6abb077dc8e335
SHA512f21b3f9b5ea984cd259bb6b766eae221bc131d0114012ed8c29ea56e76568ea2d0a3fcc647763f1f9c4b93fbff11180542349267294daba69b1188764576aa21
-
/storage/emulated/0/.am/dm/md/main.mdFilesize
2.6MB
MD593cedc2e067b919b3417265d18559dec
SHA10bf1e755f0343ea2a040c672a727692ee73dbff3
SHA2560ce0a9df114a989f3521590773ff444075329573846d8e0aeeb67b0ce64624cc
SHA5124d922985df411cb59a0522997705aefb2bd5ee7032d711220882d59fc1c53dd8e822bdef3d11ab56548ed5732701787a96af4345cfa64737b7c556329b2e7443
-
/storage/emulated/0/.am/dm/md/main_tools.mdFilesize
1.1MB
MD5c32e01dcd20dd70e261d56c73448ebbb
SHA11276ee4fe877a89e7dbcefe2afba20cb066499b2
SHA256990bd5dfa4fb1c1bfde05e25d81f8544d115f2cdf371db7b0ca89bb5ac47983b
SHA51227cbe06fd5c9e5d4c9f81e211837aa9fba7f7c84cb6655d3ff9e0563dbce147485789757aeb8bd7f0e8ed64828cc6d44e0e87e51c45ba81d0ee71025de80b430
-
/storage/emulated/0/.am/log.txtMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/.am/log.txtMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/.am/log_.txtFilesize
50KB
MD551cc6af436b0a7e485b76ee6c2f39406
SHA1e0a3f43de5e4882ddb63c1a0ffa7b3e4570620c9
SHA25646f5dfd88c4e1e98719f79887e06722bc5a807652665dbfa66fdd85a33740fe0
SHA512c00a110972bac45715eb6eefe762970636af781b40984576fb026e0315bac778e4bfd2a3fc95397317470f2630b5d8de9d2532805274bba02df11e7050d5c1e4
-
/storage/emulated/0/.am/log_.txt.zipFilesize
6KB
MD5036cf480ca9ee3c8d62bb76f5c3553c7
SHA14b26835661f583baeb966991a6d09ff52a546ecb
SHA256f2bad42cac609fcd71e1871e1d51530672e7a92cf702cd968691c7b60044921b
SHA5123382a71655d89960f349fc0880c39975497a2dcabc6db129870095baeb268e46817e74f8845e235af2f5f4c77d488449a58db8b31b3c7152739d93700553db8e
-
/storage/emulated/0/.am/log_1675391504341.txt.zipFilesize
217B
MD55c5c3d884aa9e58392d331345a468bd9
SHA10c570bf7dead3516464628ae23e10f2d54cccee9
SHA256ac891085476149a3b9226e5a6457bac478a588dadba786d12682021772b1f6fe
SHA512777bbb09ff3326d720c8f7ae41eddb488292283fceab0fa1759aa14520b09ddf9ec2398a72de6693073d649f352fe74ec163b3099505173991743cf39d64260a
-
/storage/emulated/0/.am/mch.apkFilesize
126KB
MD59259a4e28d55bb8373986fea7ca01d33
SHA108045ae80e4016f719a3a930777a8a2c336e0cfa
SHA256ed971c307e880b648ce9f816827430f5aa7ad7b105ed04ca879c71765f73c137
SHA5122818d7fd376865ba1e383e847ba8547cb0ef0c1d7911913062f1a736bf5fc42c03f513e9da8e7731a2714a9c979653c2e6873bf2569e97be49e6cb825f8d21e8
-
/storage/emulated/0/.am/prog_class.nameMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/Android/data/rwmlcjx.krvquqgpg/files/Download/mch.apkFilesize
63KB
MD58accd9a542a0274ae4cff9d007d5b375
SHA19d743ef6332b815b42fa136e1f7379961f31b995
SHA256e06ec0f874cdbbf85e1c762f0559a514948d5a71636e020c58f53d750e93a855
SHA5120c10dd9ba0b062df3b71514edcbbf16f65f265874230188fe80a63eafee416cefcaa847646386125141f4d20c50c035073b6c83a5afdceb708753f697e358b7b