49745800ec7582b9fd833d94a0582d315c563dc768f145844c14872beafda415

Resubmissions

04-02-2023 07:40

230204-jhl4gsgb5z 8

04-02-2023 07:36

230204-jfdpbscg87 8

Analysis

max time kernel
455890s
max time network
928s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
04-02-2023 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ub3-2proxy.apk
Size

25.3MB
MD5

a225291ea1f3e6092ed9f738355a2cf6
SHA1

7e7ea6679eef94b878c700e2bfe01fe9d1c32e99
SHA256

49745800ec7582b9fd833d94a0582d315c563dc768f145844c14872beafda415
SHA512

d4b67750a61bed51fc3c87fb9f26154b3d1cecc2ddd963745181ec490a9302b757b56648f3bc44a3afc9b5a3ced93aa395404968b71c8883fff9327c1ac0517b
SSDEEP

196608:ALSpAg6bwmg+qq4ctkv9ItIjal0SlS2qiAPqYOfsXxiA9M4q4gcDy3Sk3Mwf1/bl:4gK+fqcMIG+Slj6qYOfsXV0cAh9bh3D

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4032	com.activation.onlyproxyapp

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.activation.onlyproxyapp

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.activation.onlyproxyapp

com.activation.onlyproxyapp
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Removes a system notification.
PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.activation.onlyproxyapp/app_webview/Cookies

Filesize
64KB

MD5
cb7543c4df600f2af58097cce0e334ba

SHA1
83cc92f38c27fdb4fa519b1ce2f37912f24af1f0

SHA256
64c022ae708f94ffde986e105d88f708884de325720bfb9925c4160a6d417233

SHA512
ad51cad0472327bd68aa2d791341cfafed58971752352537bb603ed18b15a3f9185e9150983a28ecd09606e8dcaef6d1c9d93213dd246ef7720f39842eb3d980

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/Cookies-journal

Filesize
1KB

MD5
fef1c4f99784a0962f8937cabe310a3b

SHA1
76190a403a2d17815addeb0df1b2ef0ac049406c

SHA256
0c8d891f53ccd18acd01de1dbffd9c53088ce3d282828e0b977affafe8e7ca45

SHA512
4903f25fd317f7bf586f61dd2ba1f18aaca2098c16cb7937255d19d917a86e4bec82eac63e3e4606403dc17973f7128edcf040814f69ac9d9e6bb6cf3486eeb7

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
c0849362116215cec38e91a50a414591

SHA1
1295283338af5204db9bf84df8fb944e4b56a364

SHA256
bc19a6fcda8a0afac01c686a9217e62945e66230ce62fb05f6476e48bed351ad

SHA512
ba3f4ef642856cb95c14801babd9b9f32e2ff5e4c9b79024121387b25a6e3a2e3cbd2fe69070598df0e39af5eea2491d3ee740eaa905e2b8d315acf7b2a5ecbf

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/Web Data-journal

Filesize
1KB

MD5
03dcd41274b4bcb47e2697829c665ff9

SHA1
b9dc91ad229dbc8cfb34daf85e7b16a76f8338ba

SHA256
c9f589765b10b582f2690477e7e432d09ce4add341a8d2d796790f878b6eab04

SHA512
83b65151e6c05405167bb07d1565bab67d98311bdb825d91bccd0c5ac1e228055ecc1ff5d72a844a6c10dca7de4341c94bd4669e2a93d4f69ada06f357f11d93

Download Submit
/data/user/0/com.activation.onlyproxyapp/app_webview/metrics_guid

Filesize
36B

MD5
e7f015f17aa50246ed25a670138274c1

SHA1
f042aa0bcf6779d88003fe40669d42fa709a8b18

SHA256
a0f1f7195b23d0f6c9f0d9e8c6750df4a197c4aad5ec350a3e25c6496541a860

SHA512
5f0bd442d45a7ccbd598f5d42080239de7ae83c4b541c25b957d6cff4801a657b97d6ec9c8a6ee08c8d366be7962c3e2e55a21dafd63d271e74d4c0dffee70b0

Download Submit
/data/user/0/com.activation.onlyproxyapp/cache/org.chromium.android_webview/9bcdaf519d08ab27_0

Filesize
2.0MB

MD5
1b7f48c777be68972cebe28c80949c6f

SHA1
7ebda29c7ce1a40c4dc37793ffd4964edfcca28d

SHA256
316e896e65c70ee03ffd55eeb49cf6377bc9b5c9b381bf249e4e86614f4b513a

SHA512
ae5a6d1689497bc204ecabbbf1ab1f898f88cfd325ced3ebd04ace6203fb2be3d47c1a1d3a1094a46656059e73efd6b704022aabb70135cbf971416b42377757

Download Submit
/data/user/0/com.activation.onlyproxyapp/cache/org.chromium.android_webview/f36b4871f63f84ca_0

Filesize
4KB

MD5
98ca7590010a425dda7db80c97f9ae23

SHA1
e3bd5121fff6450fd265a9e8d37006f0fa4ea44b

SHA256
b46c68ceda45e48390ea732498d8c5e603a2eefc901507d92147f3092c7836f1

SHA512
4e6c9f5657fdf400506ff3b08e6b9044091f000f8aa5af318e0f4cb3285c75520924b0e389a5c26f04663e875ea1698eff42a8e0fa216a50a5429bb67091fb97

Download Submit
/data/user/0/com.activation.onlyproxyapp/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.activation.onlyproxyapp/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
1c1de8b03648957c2fbe4ffc74caa530

SHA1
6cf86999eaa7757aa20948e53b208548332730af

SHA256
8cf0860fd2bdd6a7b3b68a964758ffce12234d241423067cda21ffe0bb8b0d6a

SHA512
fa1297d21f44eb5694f0adb0a84aab510ed264af6acb7ba8502f79380349b05ca018e158cce23391359386b417a6a98369bd0688930e379ca153a5316485d43c

Download Submit
/data/user/0/com.activation.onlyproxyapp/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
a09107cedd93d433f52f3da2124641f1

SHA1
92a731647f3213dfd40c632a4649ce86c44f44e0

SHA256
66b5fc71d7d3f22d53a1b767c655199a144849b11b62830d09d03645fbefb3e4

SHA512
d16bef13fc8788a3b08f6b37edc2be647f41209bdd622e4d3037f4c444f9446f80a7ff0285a315fe23b896f3165d893f19a9056699b686a84c613a8f10ac3c1f

Download Submit
/data/user/0/com.activation.onlyproxyapp/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.activation.onlyproxyapp/databases/com.google.android.datatransport.events-journal

Filesize
524B

MD5
aae8d1237974ed9cc2596bcb13c02035

SHA1
b5c0164d273ac94e03db994b47f746778b8501d3

SHA256
7bfba5cc9f5e1053bd43fa5f9ed63315e82703b799243880eb6271dd80eff3a8

SHA512
b1e1ede5ac0c129f66e048b172de89e371eb7963834004c94429adbd511477e8832ef17b4dd9f7bac67b7a944988779ce19d99ea85867f03215a8e2861f1cc23

Download Submit
/data/user/0/com.activation.onlyproxyapp/databases/com.google.android.datatransport.events-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.activation.onlyproxyapp/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
216605665aa6e1097729ff5c0c062b84

SHA1
c84a535a941b3a41f80ef036f6151d4385201f8a

SHA256
f2e10e6dfdb9f12e1e5de937b71d3ad6ba0fe7f744a4e5e31993ede2c018bbcf

SHA512
e6dc1fabfff8af9fce72406476037428d72ba3d1dcd166f9b8e691e9591f362f13b8b4f75d735faa10d76e70ecce853f155219022b5bf8dd48c30509b8697c9c

Download Submit
/data/user/0/com.activation.onlyproxyapp/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.activation.onlyproxyapp/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
41616e2f4ca532a19f99cd11a8007cae

SHA1
373cadaba10bed899a81a9063161bb1ef45990d2

SHA256
561ef71a14f0aa8b358cc0ccac5afe40daba8ce56d66a1852c4e22f0116e30db

SHA512
0d72d646fee33b8ae1905ff7358a3460bc227a75818dcdd17fa2021c59498d7ee9d7118693e8a88f9285a29ec7fa6bcfb306b068c16672af7284c3b15cf6e5c6

Download Submit
/data/user/0/com.activation.onlyproxyapp/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.activation.onlyproxyapp/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
cb71bc2773ad65b86e9df63c04f08110

SHA1
255de1e8c974bc6b714047781547a790b6aaab80

SHA256
25009affd09add2b8938a94e4d88b984cada5dc7830fd1e93788d74f7b7f0d20

SHA512
eb5b055872069c7b304b53fc9aea8c13d9612c638e152ec796414a009a13f6cc0eb6214a3e29d0006e2e21c6125c2ef28d19ce887ebf243cd2a276b2fa224c1d

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxNzE5MzE0MzY4NzE6YW5kcm9pZDoyMjZkYTg2MGEwZjAwNWUzODdlZTYy.xml

Filesize
533B

MD5
23895a3dbd9fae2d7ee3fcf7544475b4

SHA1
06bd71a9dc1b600b49deec3e89ff83bc6acb7aa4

SHA256
95f5e6dde9b678b10be12c361336df9a44efca728e9d0213b8e1adfea2ed3c98

SHA512
6645e812395f7e094304e4ed6169ac6f39c030eb2a2556107000c9e70d06a8c65ee63fe8b746490ba46f8cc9405eb2a9c78cef4b0b7a47c6186d5e9f2cb582ce

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxNzE5MzE0MzY4NzE6YW5kcm9pZDoyMjZkYTg2MGEwZjAwNWUzODdlZTYy.xml

Filesize
178B

MD5
74fb828de094b0a7ba5162639a306aab

SHA1
51bd4da7f4867717bcafb8a5ae737535f97540e9

SHA256
98eb1cda6932a431d53c52aab05a8db440a5da8fa937e65bdc0a43e818cd2cc4

SHA512
0cb4d80c69e0ade0a6d8f408197a199ee4e216a7f91cb5eeb0656df25279e5c74fddc1acfcc691ec824c0a90d5477aced0bee5c7fa3644f704e4c0d0652d5875

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxNzE5MzE0MzY4NzE6YW5kcm9pZDoyMjZkYTg2MGEwZjAwNWUzODdlZTYy.xml

Filesize
479B

MD5
5912e285227660845531bb6fd6f08935

SHA1
112e27743425132a5fbbd0055f12c1ad8c0bfe65

SHA256
072b3db141fdf39870ec59007c69ea000c1eb1614ab58af8278de969d17528a5

SHA512
7c0e84e4e239ad49c5375a3aa9f70d3d58766cae98d7e8b5ce1be9fe588d7e147ef646c373bf4f79f76d8d8b8fe34f5aa61025be0a738d224ba66f1071f032ae

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/com.activation.onlyproxyapp_preferences.xml

Filesize
138B

MD5
181f098bc8979a82ccedaf137fa1dadc

SHA1
e036dab182e1fdf12879e374ae1974a234a3ed12

SHA256
63329a51b6a1ee6cc86136dfe1f4f294a1065cd67245d3ebaf6d3c1c843e8223

SHA512
a64eab40c0f013aa5b7aca9b4f0fa548de11fcdc870e61a7d3e71364486d42133e3de5693129adc8345e981147d1d4c5dd9f8b8ee25715243987a8261a28188b

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/com.activation.onlyproxyapp_preferences.xml

Filesize
179B

MD5
8da1695351097278c96a70dc218dc704

SHA1
8494a20c3731035152aabf0f2bdbb0814117b269

SHA256
b5bd9844931286ae04a1915968b5271c609b629ddaf8c56c5e4f6d3f3e31dc11

SHA512
3b606e610ff6bd42852fde32ac660889dc504b869041b3ff3600dd224096c6dd44df2aae1cdf67b07c0e2c2ff4367df2b7da2f17bf8b8e54ef71c841943a3ffa

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/com.google.android.gms.appid.xml

Filesize
385B

MD5
cd92305f3fa6d4ca96694211cf9affe2

SHA1
65ef033e6194d456dd7d7fe415dfb7fbd70e0672

SHA256
3503fb807bd8c1191a3b865a20f39f92eb5cd70d29243c4c7d9c3ff3b1e407f7

SHA512
692c7817155fbc05f511bd81e7fb83fc89a25fb4f4d8f27245b66bc8c44016d9ee8d19db63a408c240452e3beb7431874b1c62254db492a47948fa265c8bc52e

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/com.google.android.gms.appid.xml

Filesize
442B

MD5
00bd7716f247cbd3257d8321bf06a901

SHA1
d34ab2a17f1a00d7f01bb0afac85f850c3b87e3e

SHA256
c3c752903865a78cb3c5a81a178f45ce3f3708c867eae691f7645bd7ba812e3b

SHA512
0343f4e4bc192a1740959f10c2f1c974b8fe0a505309ff539bc4e31a6d73410ba3b0d59658c6c0805591749e1a413a2cecd8282b961815b7cd140cc2abba20a3

Download Submit
/data/user/0/com.activation.onlyproxyapp/shared_prefs/com.google.android.gms.appid.xml

Filesize
436B

MD5
64266fb79747556f36b8580e66c84caa

SHA1
2882f2e6707f8ec295212ac80ebb72d39f073397

SHA256
439a7edb89decccdf90f3896b155f2a6420fa6932ebc811b42a9cf2002aae755

SHA512
f3cdea1f075ab61b6e3a770fe19fbbb9911e39506e4ce2a8b27aa35854bfdef749cbcf8aab427cfba0c7499d5cc2ccaad55144345882964a311b8db5995a2c6a

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads