Analysis

  • max time kernel
    42s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    30-05-2024 13:10

General

  • Target

    manager.apk

  • Size

    4.3MB

  • MD5

    02a2ff9e69d85de4dad105213f620382

  • SHA1

    690396a68222724daff6622715643cfa48ce5940

  • SHA256

    c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9

  • SHA512

    041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23

  • SSDEEP

    98304:AAU5ofra3s1A/YOkmr8R9OobyFB9Uiwyt7JsXFI:qkCYS+Fbq9Ure6X+

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks the presence of a debugger

Processes

  • com.vanced.manager
    1⤵
    • Checks if the Android device is rooted.
    • Checks memory information
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    PID:4286

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    4bb4e677eadb2bda3214fa7e832ee279

    SHA1

    45c84d6baaee5d6f46a76edbce532745de282a16

    SHA256

    7846444436f3c7904778876cdb46abd4f3e7ec93317032a6a3b2c35a18a9e057

    SHA512

    537b0b10210ca5440b57ddb80b8e3df6d76030100f4472daf6f0b3572f16610cf1240488373036628b74236b4c6a2e764f96447705c7766b789cfda620d176e4

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-wal

    Filesize

    112KB

    MD5

    4818ff9394e145be3a28cb554fcccdc1

    SHA1

    e1affd789a0617fc7426fa26aa1d774f277a55d4

    SHA256

    551cfff13dd36379f72388109ab228739d156dcbac7552deb3c908246ff31f9c

    SHA512

    9317f76fcb9b815c3f75ca0d695b91661e978b5c7608eb1e09c951468df526cd5fd919a4d51ebc83e617ea5f42497b8f012e2f472fee1251dd4daa99d44a3a66

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    a46e84287b4fcf80b430c0e8cdffce84

    SHA1

    a1c2b68b62cae204cd29ed62f04b07e4c49d6c97

    SHA256

    7c3e79d18114a3f3ed14df875ac6881d201468d984fd438f07a500ebc3dd37d0

    SHA512

    139b1c9978724688747a779899883bf0bf159f9a801cfb573dc4f137e6c03a82af1f9ad1d28f7b2bffc710bc9560eb0202f3a9ef1ee03f02528b70ea0e007074

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f7fe5161236d70b49534da87d8441ef0

    SHA1

    7a0fd50cbe3ae2a79ca068070e1b3ba145d8ebaa

    SHA256

    aa35929cae8a586baffa5350038f3cdfd450aca12b72c081ce9fe942a31c647f

    SHA512

    31ff01f12617ca30fdcbd4f425e57a86e1019255608afdb715bdd18f2575f126230f56e5bf5965900485459397e4fc204438725fb37811143c3b096318997ffb

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    bda90585ad76417535569e621c6e4225

    SHA1

    db549852f8ff8b9637e07011ba25e3118afd7b08

    SHA256

    5111ffd635b0f4cab93da66847b91b8a980264673af940fd5ab6fa0c84bc6776

    SHA512

    e840cefbbc8632e96126a4f57ebf70ca18e29f6e1c93cdde178aed1adcac31e0a22970a3057b49928a5221e25945e7a193fb8879cb391d9f7093ebab63955b92

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    d6ba0cbadfcb2e2912c76a1a60ae57c6

    SHA1

    511105898c78b868a18eba5a31be9a3a37e71bb1

    SHA256

    9fdf620a563aadb8b2cf496488d50372ea020ea9d340d1f2171aecb2795d8fe2

    SHA512

    05a33730712e53809b759efcbc39314057ecf862086cc5fc50db56330b75309f436c77e57376d1adad480175cd86ce48e0cc457b4e19a9ca640ec84af06e89d8

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    45b02aa3b9020d721b87fa72e494f823

    SHA1

    1dff3197d9e6c9aaf74b6b266f746058c9c88d8e

    SHA256

    35726d4a82ec197a4e34ec0239eef93b09c6afb5276ad705a0a7f18b41f2bf7d

    SHA512

    1f2f8cfda07e5d9b6c6dab42acc1889f91ac8c4d497ab18676a033ad60536c832d34f3ee3ee281f512925ee725e6879bf81d78562c1a760445d1e011079ec91b

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    71f59f3d78214957a78b2d6faf1d501d

    SHA1

    3c138e3d235bf36b55b7fc1ccf95113c71bd8e17

    SHA256

    d91b5ac673e6c2b4131c38061eddffd96b2a090844b00a6a53e7ad4f557e794b

    SHA512

    720b143797beaef45139478944e3e1dfb0a6f2bd18a06de17dafb74c8a071e325f602d7659b4da647d4484669a2b60773f7c5a5af44b3459d75a3615112b7ff9

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    36KB

    MD5

    84b5a88414433d225d7814a6b3d07c9c

    SHA1

    75ee512a808be89a6cafd5833a974c32047429d1

    SHA256

    f11a06e85d476fc1c8d318f06c7c657e52dc97cfa86259c8224307a2f76455f2

    SHA512

    44b434b12936feff2771e8f0eb9a8e1154c9d14d062559090811d3118a34e7ac9d8566aacdd0a0af2048509ad9291e6965676a53a0dc36fb7cc17c6b9ceba8cd

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5e39b0b17fe0fd49a9ab5412971a76ce

    SHA1

    cc201b4a5748c1633027eab83761675095a5a1d1

    SHA256

    5f5a4445244511996daac89d615fbb33e8fd2d1d0a03bdf12e2049c45d3a9d68

    SHA512

    da7199f36a38ea99546e3efc345a79d16befd61912cf25a339f52d7fe4067a1e094232979cce85df745ae689bdc44c0e84d8b78076acf5c2722bb390fe3e0a91

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    488892bca23b4d2386e58932b1f4eb25

    SHA1

    cc2b375aad8f3546c45e5696b05c99d746902247

    SHA256

    a358152239ebf22a5d5a737ae7a0e99ed0cb2175a8fcda6a393e3fa5f9709406

    SHA512

    47c70de9f75acb6fe0d25d56e48b73e3c12190ce09d28da7408362a2b5035995c00134616c337979f12ca4ed67459fbd9872a07cb98bcb06d3f1774c3e65c9b2

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    7c982a1e0e4851642ba298db66f0f685

    SHA1

    2b53df37e1bc17bdf5cf06826f0b7a21e41c83a2

    SHA256

    571c466bc73a4882b0eaf184c6d32ab1d1397c0c3d2101bb56f71509ddcbe4b5

    SHA512

    7574e543b0b8944fce464dbb04cd161462ac1b0356105a63d41248b1a34af8c961e837ee948b9e4d370f9044cf51a7686d987fb09d6ab565dd147c13671ce318

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    3a499dd94f1680704671874a8df54c29

    SHA1

    c642431bc042c773e563d2cb43ff38c1527f368f

    SHA256

    6f37b05aad80235110e67723ef89b942288930c80d2b0b9aa84b5392c793339d

    SHA512

    246ee17a9f20859b95318fb5619e2c86ac3ed805adf48b389220078f18e1489945a229734af29bf11374b96ffb7a84469eefffdf39563363a9d0feef33781f54

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-wal

    Filesize

    4KB

    MD5

    5d1efb3ec11f849d507397ef95554424

    SHA1

    dd69e5f132a6e3f51ca2270da8e97c1a669f7959

    SHA256

    aff9c652adfcbb4ae1ab2d5d1ec8ce9ed830063909b1467195f7a603451da6c3

    SHA512

    ab7ec9ca5edb9d457af4bec83232739ebb41bb196f70370f05f78979ecb2ea473aa3248460697f2abca3dc8ce2cc4df89024c71993d37ba210ec8ce20254aabc

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

    Filesize

    716B

    MD5

    d9fb8e4ed4216bdb6a4174d2d3d36c06

    SHA1

    a5aac2c610ce0f0e72ffd68a27a7956aa125649f

    SHA256

    8a23846f1e6a0a32b3dc86853bd82608ab200e48e26536b955f8cc05813d833e

    SHA512

    c7616d78ca5afae9e01999f3fa3b16bbbb459ddb3d02fa14be46253e7635838b803f62c45f92b06d7b2e3ab6d5c3c90f622748c8b857e0a1278747bfec65bb91

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD00280000110BE705000E947FD.temp

    Filesize

    198B

    MD5

    1e1a9c509a16c7478690e1f227d61e19

    SHA1

    bde1a6be9e3b3a22451d2ebfd40635bf549ae6c4

    SHA256

    eb60c0a2d7e82fcbfa88fd43676716401746fc15f72cf0c2516973c6ec9d3735

    SHA512

    07a8302b1b50ad6de4e9194a22f133c0a741cc6c104e772d3a0ed2bc17bf3a07c7959c5e47fd7e8e28cc94dce156984c147370100f944eee2be7cf9030f72f7d

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD00280000110BE705000E947FD.temp.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/report-persistence/sessions/66587AD00280000110BE705000E947FD/report

    Filesize

    763B

    MD5

    983e933846f0af8bf55dd7e4f86b13d2

    SHA1

    2b7aba0bc513dc1dfff22c529a81c186d7dc1bff

    SHA256

    856fe5a21956cbc5c2979e9808f0c5b81721b5eaf0be66cfa3d2f782f292e205

    SHA512

    f18351d41f5a107aec9209a370ed12eb56a54f2ea80dbf0bbb6b99f2110d0d09d06e508c3515be6d59f6e1b20144cfa782e8b51498e07139baea3e4ab521455d

  • /data/data/com.vanced.manager/files/PersistedInstallation1006059675629958158tmp

    Filesize

    90B

    MD5

    bf129c3c65d6c737f586f7c52ad78ac0

    SHA1

    9331ba1e516f8211efea2aa7aca969213991876d

    SHA256

    5ac8d69622228aa86de047d0c68d07c5430c1275e057a34b951a31e028ac722b

    SHA512

    a240a6f415907a3b78d73a6c8b9ecc2f1a9ec63ab956ea743dee8b0cdfb0ca7c33b84b02a1c039ebbddfb4b940ee54b16cbe05be4afcf81e95f3fce69a06d155

  • /data/data/com.vanced.manager/files/PersistedInstallation4879336460694053266tmp

    Filesize

    568B

    MD5

    b949aca9ba1a3175ea0b4a9621361277

    SHA1

    3517ea10c3c25218209d7a4886cddc4da2507d6e

    SHA256

    598bf5bd3fc16d5a76c709231d810e59335e444cd3952d0ff8b0847a63ae4dfd

    SHA512

    49d0e71ddcee883529a53fe33c1a538f457a38426da3282cf31ba11cb16ce2eb8b5041ea00ca172eb12e04d914d499a9804a3abafebcecb6056aaf6341d7027c

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    d89a1a1ea04ff3e7e0eaa8e369354eae

    SHA1

    8ed03d09f556f20085862acad171ff2638d91c8b

    SHA256

    ecf245ea1823ba676cf9a8962fd0f9c62d3609291cafaf03564e37caea24f320

    SHA512

    a7788dd8e43af1b8d4fcee7840b70e3fb832644164fec4d13d1948db7b6caafb8f4e70bf582357af3cb79e2cfa3b3df83004eb0a7fb8464299621e78e6aab93c

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    b7002ad68f2f0519118ad8140a946216

    SHA1

    b2fde43d225ebb99cc4cdab0990306f54748ad39

    SHA256

    602c68092210d7e849f287c71bd47bbb28b3959f754c5b453b4ca477caad5d74

    SHA512

    66d0a7bffc95dd2bdfa2273dffce80ace5108ff1488bc4b8ba65e6fa357aac858c4ef334451795d5e379ee6d08a8070a14b37e861240f2af763f9cc56d33b7c8

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    479221b03165c15fc0dc4c92979a742a

    SHA1

    5c29ad7098078d7438fb11c43f289a4943066b87

    SHA256

    49f1fe504698b179bb1a476642cf365b9337f7fdfbdebd7d85066a25f6498454

    SHA512

    eb80b8cbf05b10167ac8fd7d0de1a0a2fde2ceb9634bf520b40d2034df7b28d26b49b0d9c9011a7230f2e81c2c1936833a44450a535990b4d802b34675ab0db5