a14313022c88da4cc3458f5f1fe6ade1f230abd6a6ef1ca07a0effc5586f81b3

Analysis

max time kernel
11s
max time network
190s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

remanage.apk
Size

4.4MB
MD5

836d4d4e047e73ca4fedad6c81152eb6
SHA1

43e33a6caa1aeca9ff54f2296bcde3c40ae7b68e
SHA256

a14313022c88da4cc3458f5f1fe6ade1f230abd6a6ef1ca07a0effc5586f81b3
SHA512

2cb46bb005bebc5fccda04b63ae0001b019033fe365e826a4cca6d2d8ceb208744cd4015e506e115d5f6330e6e147582b7d36ee42a806b9fcbde39c1d653d474
SSDEEP

98304:9dBcG8IoRmNFz84LA7vRqFm+bI7pumU0W2a1J/ScOgA/oRVZNzD7:9dSv2z8oA72DIkmbIJ/3OgkoRj17

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.speedsoftware.rootexplorer

ioc process

/sbin/su com.speedsoftware.rootexplorer
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.speedsoftware.rootexplorer
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.speedsoftware.rootexplorer
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.speedsoftware.rootexplorer
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.speedsoftware.rootexplorer
Acquires the wake lock 1 IoCs

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.speedsoftware.rootexplorer
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.speedsoftware.rootexplorer
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.speedsoftware.rootexplorer

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.speedsoftware.rootexplorer

ioc	process
/sbin/su	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.speedsoftware.rootexplorer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.speedsoftware.rootexplorer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.speedsoftware.rootexplorer

com.speedsoftware.rootexplorer
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5153

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.speedsoftware.rootexplorer/databases/explorer.db
Filesize
44KB

MD5
94e46da31576d41c37669d935bc330a6

SHA1
ee902542e6fb2a87abdcbb9420a722e0e34b46ab

SHA256
781c64e0fd5c7aa0b7a632f722a5ca4000a9c3a27080c2fefa5fcf71ea116a5c

SHA512
e4135a98c46716e50ce168de1d936f799740d069228e3deb602606df4d84db836010e74d6586e34c7545b071ef0837621da3f72939e7a53c530f6ca9f3fa231c

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db
Filesize
52KB

MD5
a36cf34dc366739bba69d2b53db6977f

SHA1
4261b80d7b191e5f72ad5a84dd832e3bdc647498

SHA256
2cee603ce5ad6acf26163de986f179b0f8e4abf182260aac29da9f1c65693ec1

SHA512
02665622e0b835ac919b51584239c83e11189d12b6c2365fcb23170aba48c4417601c08f32dce5444dfbea4f29c39540f2c7d0e7c202247fc712af0481090d7f

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db
Filesize
52KB

MD5
4dab0a1c6f7f145beeebc1c6932785ea

SHA1
43f68d5d3553e9b764c23e72a93c77e7a6d04e02

SHA256
b86ceab323451120b929ac387d26d8b7af4fb8e38e1fa26db2e1cec1861e3554

SHA512
44cc58248f4db38662c0b102e6aaa77d07def3a620dda54a18644dcb913b3e9366ea7ace65b32243b4df08a3e5d30608b5003b3e0ab85db8cc0f61aeca2e81e4

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
24KB

MD5
563f7fa5ea08f0240eefdc22d8ae2e4e

SHA1
feb8b38e5e0b79f329c84b4439d9a5da0db59f6e

SHA256
233bf86e15989eea5d185967fc8a89577534276db06ca0342a3f18aff30b21f9

SHA512
edddd9633b41bb6d65ba10138f9c0b5e40ffd2c962c3f98d3dbe183c576aadb62c18deec7eeafb02ab40665ece1131282372bc191eec0b0c79309371a6112644

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
512B

MD5
00e898a0da21c2c70fcadddf75a8457c

SHA1
df6c83d9c07602f71e6503065f9aea8d20b933bf

SHA256
878ad285c9de9d959d32d6ad8ce0f4ea5b082ea764637aa5b4c39a2096a97396

SHA512
94f2ac7606bbfa41d5a78e2a34a406130460ba7e0ce3094e558329186ce12352a9e719156851ee3e9d053e36348345ca998871238a49e78f888197286b580386

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
8KB

MD5
a40215afd87eecbcc4fccd2a9b9f69ab

SHA1
d379797126f43229eaa4409e82ee5d65d7d73948

SHA256
f5c99336f79bbb96f0add98e02e0c3f78b457dd73676b4c35aa6cdf415130a2d

SHA512
d3ac8540ead6f1ed94991affd8a33adfc183c97f8512551f867ae8bf7831fdfd2ba2d4fbc75c86e5413a439427c113861af73671404723adb10a4494d1ea1c31

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
8KB

MD5
e515a9f181c993b1de85f63b5823db48

SHA1
671a64506178aad10134edf767866de5d192943c

SHA256
df1124428c7b3807b4f294c576510a2f4326280b642de929b955e2dab706fe52

SHA512
b3ddc22a2b26c3985678f3b13cb06e0f8804a52b84647cbd19960e2d623610fdeaaa9264c593126c39eac5fb1fa14343f02e76c30181b6b2b09dd047bdae388e

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
12KB

MD5
c3764f7cc3ce8f33df1a93287b597f58

SHA1
6b8961512057ad831a6ed03e860a04a0e1c210eb

SHA256
350263ca962b1be5f4274c83b25e32f2a13f367225b8eaf7a9a838b105c8c839

SHA512
14122ee8d5318fcecd318a74bfe74babe916fbfc69f130af77c25c767349cba806586b1c395759e83dfcf17398d21fdafca768d861329fff667d92b3a9ef8ffb

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/explorer.db-journal
Filesize
12KB

MD5
4179d4eac43b5799fe4aa02b5a40ffba

SHA1
a4b3f5b32efb19ea459dbe1551b62df426b60ad2

SHA256
1391f183374fc0fc57a6884c32d1729cfb12600422cba68156546f5c8678c362

SHA512
ae54b5fcbfab3053d978a1c97f6833b34b9faf05fdf8762aea044db654897444a204e508b9f60b79926eaf39b7edfd0c88fd84020c89d37dde5f614e42ddb49b

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c77b42be4361006b42d029d1ac05b6b0

SHA1
5c740894feb5f06a129cf735a9277dbf8faca61a

SHA256
464deefc28aef2a86e96474c2dc801bf43a9a9d41cd39e9d21d9fbeba04a0b6c

SHA512
7c84e57f83ca04d9517f309fe902a670ceda571022e1ec9d44fd28bf815849d5a2d1f3fb66b6fa511ee21fcd9378de419a9fdaaaf2e68c72ad1e31a4534d3564

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
2a94d5df32703e2efe72d20c40c5a426

SHA1
5ce29724bbbc9316332daf666af50404af002e0f

SHA256
e37ce04d688b29bd35a27699fcf927dc50125113e8da132f19b5c2ad80a84283

SHA512
9c5b39762d794575e46975852960b325c48478b5475099cbe102e9efd4bcf5143900e0165fd6f76ea835bf5e7bf3e490d3b3c45cc20d32d2aa78b9ab8d1373bd

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
2e39297f33cb20f19ec4df7ec01e9410

SHA1
1b6eb1e281f084b40f608b7c893a6780c997c639

SHA256
0ba6783950dbc1736ec39715c51b06fb51e12cf6070ff8cd4a2842624f886b08

SHA512
6d787083d67b38a1a23cbefa9f7ee7d45c6140093b3312fe53f768f8595a6e343bc48bcb990904c918366fcd285cb699f74cad45418d5a18723054adf2f07919

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
b3a11b63e95a7ca16262cb9c04465077

SHA1
ef71f3ac2002df234c4ea4b7ee105d00ec17415e

SHA256
8559b662c0a1cc3f2d48fe1566659aec8aad216f1a3bbbfa514b3f1b3ba0f947

SHA512
a157bafacafe7dbe403486deb83ecef3888c774538bfc719afebdfe1a7cffe17dc77c05bc165e2cb5415d680880e9ad088ba5f13cb21d3bd72dfb4eab67b411e

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
3abf2ec9935e60761bb48b76d3358a60

SHA1
a85cf76c77767369b6c6e12e1d640bec2dc3f7a4

SHA256
da0b76fc1d03111af79ef46a7ac813afd2fe242d975d90ee36d23710d28f54f1

SHA512
ea7c995f2e2b57874b12d89ed3bebcf66600d532f4bbc372b33641536494bbcad324de03a255e39fef6d4419df89ad12f58aa4a50b67ee76ea09d8b44cf30ac6

Download Submit
/data/data/com.speedsoftware.rootexplorer/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1e3f364dadd6b61f7b2cbe50209a412d

SHA1
79a994e55dd286511718245457ce7a6a40d56a34

SHA256
ab0a9f82c8c44d80029b17b8ad0d4c440b298dbdffdb8d07e41a5d2c57ea495b

SHA512
afb101a4c2019d723ce2cba3d94adddc5c08ca9cbd80de26b7c0de121087d2294faf79365042a888fba3a456b1fe98c1aaf6cf3699a68efba7a634d805f331df

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/__local_ap_info_cache.json
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/__local_stat_cache.json
Filesize
553B

MD5
aeb13c586752f8e3c4d21b1ed416e313

SHA1
b463d91468b9ead893cd0260294f1810b8239e78

SHA256
6016ad761b71a7847ad39af98656917dc6799ffd55248d02a8559beedf416f83

SHA512
ed62992780c7d477238876c6ec953904bc1e414b8e96e64778060e2c4ecae92b1a113d265fde2c2b61f1cd3047cd7043fbd67a2e141e6dcd872485f5256e1546

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/__send_data_1716384279965
Filesize
729B

MD5
3e6f6841884cf499990d635b91f8326f

SHA1
d7f2416c16ab9adb580088a2ebe35cdf7930fe6e

SHA256
bc685d9b9a9fec125637c4452eb7d15a11d95e1e74d7bece1ef0c0610e9fbee5

SHA512
a9e785eb8313024c558ca1ec9341b810d035b896b58a2e5eba3754c1a9df66f7b21a71be96e6ece1025d064baaba42b551b2e174563806d4dd51edf655c44d07

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/dummy1
Filesize
11B

MD5
3e25960a79dbc69b674cd4ec67a72c62

SHA1
7b502c3a1f48c8609ae212cdfb639dee39673f5e

SHA256
64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c

SHA512
b7f783baed8297f0db917462184ff4f08e69c2d5e5f79a942600f9725f58ce1f29c18139bf80b06c0fff2bdd34738452ecf40c488c22a7e3d80cdf6f9c1c0d47

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/libcuid.so
Filesize
109B

MD5
aaacc31b4acb0d48f15001bb59b9a3e1

SHA1
05672b7708ad750db3a590b968f9664740f92747

SHA256
2559195fadf48d9fa301de8d5c0e6bc624dafacadfeda763fd34f3a65d1ed1dc

SHA512
da8d6aac7a1445c877538ea273a35d79fab0979b2daa2f625c2fbfae1d6bc58de79bd7a713d8767b183940bc6456c9d9176a9d52e2d351fd6175d06abc948b3c

Download Submit
/data/data/com.speedsoftware.rootexplorer/files/persisted_config
Filesize
152B

MD5
3b347f7e6e895f77b8626eec4dced0a5

SHA1
1140e92af2f8a69a72c0ff4bcbb12fe5f893d233

SHA256
c4caeb2e72a1b98f4ff3f38b80392eb4eb7988470bf9d7741cca1d126890c4a3

SHA512
c65bdcd82fdd3daec109f857d9e1761f9d6505260ec4f3820978175c7a9be45c23c656fb4ded5426a2c53740255ff065378142b88ce2b6e7e7106919747819a4

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
20KB

MD5
e31fe5c5207a9abb116e8b90aabf8b66

SHA1
10d6ad191ff9d46a65f264899f104f475a3b1469

SHA256
b3e5232237c4988c6874a205cb9fd093de022fc03df2a7bfae0893e466775581

SHA512
a378fa240b23f566a4809f621a03481a66942fb275431c87e58733a78c23eb5c7273c7b5b496ce06fb0ad14b7621e0b79efc888b401810ce08eaed8b22a24033

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
8f198adc65fd27fa2aab4678c72e8ca6

SHA1
cde2e2d31747def52da4a9fe9020db12d0befcdc

SHA256
e7c3d408ac16c3d4a6fba14a65eb2514671ba4c22b0b8948f6d7217468e7cbce

SHA512
e71e2da7632ad2e2214e5a868840ce37f52e9f8cec6093b19b422dd947311e511a6611c60f1740655d0491d54287364a363e57f55e39bb38b8b6e5da270e1a19

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
512B

MD5
5105423e3936bd08cc8062afd7ca3661

SHA1
6140c79814342f60015ce7e460b5aa58fa6c6036

SHA256
8419fa8e82650e566b30dbb2dfc72d356ec3b9cbc5a1ba046d111d22b36fd83a

SHA512
0712c17801a92f5c7a0a5a2ef614b82815fb4cece37fc6b8e707a5650ea2d3089fe3827620519cbdbe748bfe900d3af2703f7ff9836651888ac83c8a5c987e5c

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
d83bc46a92d4b7636e3ee4c4a2a82c5d

SHA1
36bd0392ce6ec84cad5a3d2a3ffda9c965e6b92b

SHA256
61d66e3ac4a88e49665702490e30729d407041d3443ff5bed62250e24669286b

SHA512
3f669d95d8c9ea06106bc2f2b65ca9ef18b1d67b5201f6549ddaa6c6b8bfeaceb2e63a85eda56f1669719a19f2dbf4bacce9547a6890e98fe950388c47d12973

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
4KB

MD5
6ad216dc931bff5d77e28d7fa92b701a

SHA1
b2e8819556e145b542c583cc40263c8cc20f174c

SHA256
d03e6513c193480b791a98a59db389e706189ad60bc08142918fb369f846ab1d

SHA512
6d61bdecd7f4ae084b09d0ebd54dc8cc21108068e97c32cd5859fcdcc90ab931771388f5a125c9b4a08d46a544b08c0a710df489b4b4bd61efadf2d33000f5bb

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
fb1a704840dc5468581badd768753e0b

SHA1
5a74399b20032084ab52994595dc4be3578a8f46

SHA256
f55e1c5ac3cd7082b96bc2c75fcee67737e4218df56c1b806421126e332e0a44

SHA512
c6e491c2f515acc7ca10a8b5b0e0761d6a08bbd72ab2babc6f260d63eb49c21bc084bc5bf97ff9d49c177d8a88d704ddde027b34eda21a3a5e462546fc067be9

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
3dc88ed510724b582e02e60da7862734

SHA1
be10004a76ad92b3e69c308c94ce91f6f1e0ea6c

SHA256
6db0ecffc5ba8909e312ae61775d19a924d95059e226da26029f5513e91754da

SHA512
3ae9ef4529e55cc5b83de0eafaad60f169e2c6e8b5094cfe00c54048b1966a1cfe14a71e3608f3be038af1cb7d36c93016fee665e8d382334dd0cf0d3f7906fd

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
b779641a22d821d6cb245429ea828931

SHA1
16bf9576e7c3f767f88cead2fa201ed75d0a50ca

SHA256
d8ae2451661e420d5f69db8324dcc5d57467e97781b5152fc14cf08abd3f92f4

SHA512
2da099a84b1ed1121c14eb15af7a2a1af89808701da1f558f5a7d661744f366509d3a96d186fd1ee082d8f4eb45553718b210db9c5fe2b0cb491c0c088970c31

Download Submit