Analysis
-
max time kernel
42s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
30-05-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
manager.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
manager.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
manager.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
manager.apk
-
Size
4.3MB
-
MD5
02a2ff9e69d85de4dad105213f620382
-
SHA1
690396a68222724daff6622715643cfa48ce5940
-
SHA256
c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9
-
SHA512
041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23
-
SSDEEP
98304:AAU5ofra3s1A/YOkmr8R9OobyFB9Uiwyt7JsXFI:qkCYS+Fbq9Ure6X+
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.vanced.manager /system/xbin/su com.vanced.manager -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.vanced.manager -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vanced.manager -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.vanced.manager -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vanced.manager -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.vanced.manager -
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54bb4e677eadb2bda3214fa7e832ee279
SHA145c84d6baaee5d6f46a76edbce532745de282a16
SHA2567846444436f3c7904778876cdb46abd4f3e7ec93317032a6a3b2c35a18a9e057
SHA512537b0b10210ca5440b57ddb80b8e3df6d76030100f4472daf6f0b3572f16610cf1240488373036628b74236b4c6a2e764f96447705c7766b789cfda620d176e4
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
112KB
MD54818ff9394e145be3a28cb554fcccdc1
SHA1e1affd789a0617fc7426fa26aa1d774f277a55d4
SHA256551cfff13dd36379f72388109ab228739d156dcbac7552deb3c908246ff31f9c
SHA5129317f76fcb9b815c3f75ca0d695b91661e978b5c7608eb1e09c951468df526cd5fd919a4d51ebc83e617ea5f42497b8f012e2f472fee1251dd4daa99d44a3a66
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5a46e84287b4fcf80b430c0e8cdffce84
SHA1a1c2b68b62cae204cd29ed62f04b07e4c49d6c97
SHA2567c3e79d18114a3f3ed14df875ac6881d201468d984fd438f07a500ebc3dd37d0
SHA512139b1c9978724688747a779899883bf0bf159f9a801cfb573dc4f137e6c03a82af1f9ad1d28f7b2bffc710bc9560eb0202f3a9ef1ee03f02528b70ea0e007074
-
Filesize
16KB
MD5f7fe5161236d70b49534da87d8441ef0
SHA17a0fd50cbe3ae2a79ca068070e1b3ba145d8ebaa
SHA256aa35929cae8a586baffa5350038f3cdfd450aca12b72c081ce9fe942a31c647f
SHA51231ff01f12617ca30fdcbd4f425e57a86e1019255608afdb715bdd18f2575f126230f56e5bf5965900485459397e4fc204438725fb37811143c3b096318997ffb
-
Filesize
16KB
MD5bda90585ad76417535569e621c6e4225
SHA1db549852f8ff8b9637e07011ba25e3118afd7b08
SHA2565111ffd635b0f4cab93da66847b91b8a980264673af940fd5ab6fa0c84bc6776
SHA512e840cefbbc8632e96126a4f57ebf70ca18e29f6e1c93cdde178aed1adcac31e0a22970a3057b49928a5221e25945e7a193fb8879cb391d9f7093ebab63955b92
-
Filesize
16KB
MD5d6ba0cbadfcb2e2912c76a1a60ae57c6
SHA1511105898c78b868a18eba5a31be9a3a37e71bb1
SHA2569fdf620a563aadb8b2cf496488d50372ea020ea9d340d1f2171aecb2795d8fe2
SHA51205a33730712e53809b759efcbc39314057ecf862086cc5fc50db56330b75309f436c77e57376d1adad480175cd86ce48e0cc457b4e19a9ca640ec84af06e89d8
-
Filesize
16KB
MD545b02aa3b9020d721b87fa72e494f823
SHA11dff3197d9e6c9aaf74b6b266f746058c9c88d8e
SHA25635726d4a82ec197a4e34ec0239eef93b09c6afb5276ad705a0a7f18b41f2bf7d
SHA5121f2f8cfda07e5d9b6c6dab42acc1889f91ac8c4d497ab18676a033ad60536c832d34f3ee3ee281f512925ee725e6879bf81d78562c1a760445d1e011079ec91b
-
Filesize
512B
MD571f59f3d78214957a78b2d6faf1d501d
SHA13c138e3d235bf36b55b7fc1ccf95113c71bd8e17
SHA256d91b5ac673e6c2b4131c38061eddffd96b2a090844b00a6a53e7ad4f557e794b
SHA512720b143797beaef45139478944e3e1dfb0a6f2bd18a06de17dafb74c8a071e325f602d7659b4da647d4484669a2b60773f7c5a5af44b3459d75a3615112b7ff9
-
Filesize
36KB
MD584b5a88414433d225d7814a6b3d07c9c
SHA175ee512a808be89a6cafd5833a974c32047429d1
SHA256f11a06e85d476fc1c8d318f06c7c657e52dc97cfa86259c8224307a2f76455f2
SHA51244b434b12936feff2771e8f0eb9a8e1154c9d14d062559090811d3118a34e7ac9d8566aacdd0a0af2048509ad9291e6965676a53a0dc36fb7cc17c6b9ceba8cd
-
Filesize
4KB
MD55e39b0b17fe0fd49a9ab5412971a76ce
SHA1cc201b4a5748c1633027eab83761675095a5a1d1
SHA2565f5a4445244511996daac89d615fbb33e8fd2d1d0a03bdf12e2049c45d3a9d68
SHA512da7199f36a38ea99546e3efc345a79d16befd61912cf25a339f52d7fe4067a1e094232979cce85df745ae689bdc44c0e84d8b78076acf5c2722bb390fe3e0a91
-
Filesize
4KB
MD5488892bca23b4d2386e58932b1f4eb25
SHA1cc2b375aad8f3546c45e5696b05c99d746902247
SHA256a358152239ebf22a5d5a737ae7a0e99ed0cb2175a8fcda6a393e3fa5f9709406
SHA51247c70de9f75acb6fe0d25d56e48b73e3c12190ce09d28da7408362a2b5035995c00134616c337979f12ca4ed67459fbd9872a07cb98bcb06d3f1774c3e65c9b2
-
Filesize
4KB
MD57c982a1e0e4851642ba298db66f0f685
SHA12b53df37e1bc17bdf5cf06826f0b7a21e41c83a2
SHA256571c466bc73a4882b0eaf184c6d32ab1d1397c0c3d2101bb56f71509ddcbe4b5
SHA5127574e543b0b8944fce464dbb04cd161462ac1b0356105a63d41248b1a34af8c961e837ee948b9e4d370f9044cf51a7686d987fb09d6ab565dd147c13671ce318
-
Filesize
4KB
MD53a499dd94f1680704671874a8df54c29
SHA1c642431bc042c773e563d2cb43ff38c1527f368f
SHA2566f37b05aad80235110e67723ef89b942288930c80d2b0b9aa84b5392c793339d
SHA512246ee17a9f20859b95318fb5619e2c86ac3ed805adf48b389220078f18e1489945a229734af29bf11374b96ffb7a84469eefffdf39563363a9d0feef33781f54
-
Filesize
4KB
MD55d1efb3ec11f849d507397ef95554424
SHA1dd69e5f132a6e3f51ca2270da8e97c1a669f7959
SHA256aff9c652adfcbb4ae1ab2d5d1ec8ce9ed830063909b1467195f7a603451da6c3
SHA512ab7ec9ca5edb9d457af4bec83232739ebb41bb196f70370f05f78979ecb2ea473aa3248460697f2abca3dc8ce2cc4df89024c71993d37ba210ec8ce20254aabc
-
Filesize
716B
MD5d9fb8e4ed4216bdb6a4174d2d3d36c06
SHA1a5aac2c610ce0f0e72ffd68a27a7956aa125649f
SHA2568a23846f1e6a0a32b3dc86853bd82608ab200e48e26536b955f8cc05813d833e
SHA512c7616d78ca5afae9e01999f3fa3b16bbbb459ddb3d02fa14be46253e7635838b803f62c45f92b06d7b2e3ab6d5c3c90f622748c8b857e0a1278747bfec65bb91
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD00280000110BE705000E947FD.temp
Filesize198B
MD51e1a9c509a16c7478690e1f227d61e19
SHA1bde1a6be9e3b3a22451d2ebfd40635bf549ae6c4
SHA256eb60c0a2d7e82fcbfa88fd43676716401746fc15f72cf0c2516973c6ec9d3735
SHA51207a8302b1b50ad6de4e9194a22f133c0a741cc6c104e772d3a0ed2bc17bf3a07c7959c5e47fd7e8e28cc94dce156984c147370100f944eee2be7cf9030f72f7d
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD00280000110BE705000E947FD.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/report-persistence/sessions/66587AD00280000110BE705000E947FD/report
Filesize763B
MD5983e933846f0af8bf55dd7e4f86b13d2
SHA12b7aba0bc513dc1dfff22c529a81c186d7dc1bff
SHA256856fe5a21956cbc5c2979e9808f0c5b81721b5eaf0be66cfa3d2f782f292e205
SHA512f18351d41f5a107aec9209a370ed12eb56a54f2ea80dbf0bbb6b99f2110d0d09d06e508c3515be6d59f6e1b20144cfa782e8b51498e07139baea3e4ab521455d
-
Filesize
90B
MD5bf129c3c65d6c737f586f7c52ad78ac0
SHA19331ba1e516f8211efea2aa7aca969213991876d
SHA2565ac8d69622228aa86de047d0c68d07c5430c1275e057a34b951a31e028ac722b
SHA512a240a6f415907a3b78d73a6c8b9ecc2f1a9ec63ab956ea743dee8b0cdfb0ca7c33b84b02a1c039ebbddfb4b940ee54b16cbe05be4afcf81e95f3fce69a06d155
-
Filesize
568B
MD5b949aca9ba1a3175ea0b4a9621361277
SHA13517ea10c3c25218209d7a4886cddc4da2507d6e
SHA256598bf5bd3fc16d5a76c709231d810e59335e444cd3952d0ff8b0847a63ae4dfd
SHA51249d0e71ddcee883529a53fe33c1a538f457a38426da3282cf31ba11cb16ce2eb8b5041ea00ca172eb12e04d914d499a9804a3abafebcecb6056aaf6341d7027c
-
Filesize
512B
MD5d89a1a1ea04ff3e7e0eaa8e369354eae
SHA18ed03d09f556f20085862acad171ff2638d91c8b
SHA256ecf245ea1823ba676cf9a8962fd0f9c62d3609291cafaf03564e37caea24f320
SHA512a7788dd8e43af1b8d4fcee7840b70e3fb832644164fec4d13d1948db7b6caafb8f4e70bf582357af3cb79e2cfa3b3df83004eb0a7fb8464299621e78e6aab93c
-
Filesize
16KB
MD5b7002ad68f2f0519118ad8140a946216
SHA1b2fde43d225ebb99cc4cdab0990306f54748ad39
SHA256602c68092210d7e849f287c71bd47bbb28b3959f754c5b453b4ca477caad5d74
SHA51266d0a7bffc95dd2bdfa2273dffce80ace5108ff1488bc4b8ba65e6fa357aac858c4ef334451795d5e379ee6d08a8070a14b37e861240f2af763f9cc56d33b7c8
-
Filesize
108KB
MD5479221b03165c15fc0dc4c92979a742a
SHA15c29ad7098078d7438fb11c43f289a4943066b87
SHA25649f1fe504698b179bb1a476642cf365b9337f7fdfbdebd7d85066a25f6498454
SHA512eb80b8cbf05b10167ac8fd7d0de1a0a2fde2ceb9634bf520b40d2034df7b28d26b49b0d9c9011a7230f2e81c2c1936833a44450a535990b4d802b34675ab0db5