Analysis
-
max time kernel
38s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
30-05-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
manager.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
manager.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
manager.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
manager.apk
-
Size
4.3MB
-
MD5
02a2ff9e69d85de4dad105213f620382
-
SHA1
690396a68222724daff6622715643cfa48ce5940
-
SHA256
c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9
-
SHA512
041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23
-
SSDEEP
98304:AAU5ofra3s1A/YOkmr8R9OobyFB9Uiwyt7JsXFI:qkCYS+Fbq9Ure6X+
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/xbin/su com.vanced.manager /system/app/Superuser.apk com.vanced.manager -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.vanced.manager -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vanced.manager -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.vanced.manager -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vanced.manager -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.vanced.manager -
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD51d81bb3e2966e3517cdf9299f85e2247
SHA1bdf2e42446eaf92a55cc20e912341aa96e7f9ec2
SHA256e21fb9293a350dc8d7d2fdebb938e3d2f997c446d29316f49f02f778d0ee075c
SHA51223796abdb86812b19300d376b50a81e7747733384eaaa0eff69f9103a072fc016dde94e6b400da0f89e44920143772a26b6a0649d6d319faf32ab1e3d0e990d7
-
Filesize
24KB
MD5599e78db7df5b03f6abacef90306aaaa
SHA12f74bf3efd3a50022fd95fb4dbcdacc5c0da55c3
SHA25649ec4ce66e1695db7bafb739fb17e17d7a815668a9ade171c00cc94c53d17f7c
SHA512df765405586348cd5f13f9a679580179be23335466485101fbb7dba6e9bf3ae797ec2c9385d5ad569a74349a5da1a1fb8c3a1a28173052b141357b08018d8791
-
Filesize
16KB
MD56d5554c520f4e5bf0165e57916826e7e
SHA196c6898ed36605e60450d7b9eca25fc9bc4797b0
SHA256b7c1abe13e26ec7a8d0aa50226e1a80e832c376a6b73434385b63676b481664d
SHA5128cd57d0853ad952a4873b6e8e57b955f111fe9be3c44968666a2a034a2d2931636ae05ac2be180225455ec23e8bea3a764a0d09fc8c3bb0229e312e470630568
-
Filesize
16KB
MD56f73f168e8048f0d96addcbe9d7093d7
SHA1a51e8497facc377868572ac97f418c581c06ebbf
SHA25640f7fc9a7bc4debfc1416260ceb42579f1c64374b42c796437a1421bcdf84777
SHA512d3ef2ca3f6739dbea5970eb8720ca9d56acf72421a826d3c680856d6848815c42fbef86ccd740e9543cb84ea34cbd108b534a4af15f7b4eba0cd9ee53ee8d59f
-
Filesize
512B
MD51ef5f3016a3bf55a47c7cdef4124dda3
SHA12b73255500fc1247bb8c684877daee1b29774172
SHA256692c934a90986e814c5546af2d050d18f019568d86cff5ed4d084fcd0763e372
SHA512c202cd289770d5a18506e25531a1083ee008bed12f036da352ba45ef905c9379c4256ddbc352e317455e00ebdf4499781420836125ee75bffc5c298ed003c1d0
-
Filesize
8KB
MD5b2e9d8a27e2de70fc69be3b27b221fc7
SHA1f6db87df943c25fd0c21aef807d0c04c6d0b5b09
SHA256604576c1b48ff1bd7294bc66928e6e29760f9c8b8ba0497ffc1280064acc8e2a
SHA512ec86ca7805b4c2e04a2a3a4f2a207f134ba2d705a44ff2943a1eb7077f3f2373fa8be91bc9a9e09cbce1955cc2ef5a2901194156b3fdd61d174a18db741a20eb
-
Filesize
8KB
MD54f35d11fa7a42469f5a95bff20241ddd
SHA1745df60fa812aab9cebd7b6ecb9adccb1740c6a6
SHA2561144c7f7efc15c590db189b9717be81dca10fac6ee15d143339bd89e1a4c5f8a
SHA512c3e23fe2bbf575ff426ed0164adce37c2d7debe4d53dcb145f46fb2e4d6a046ee20c68901460640a7509a34c69c67d1332048889fb7d0cf0c5f846bbc61b1364
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
16KB
MD549bf5ec196154ee96a7485e755009910
SHA1c87b0afba32e43bb70a8701aa7993515c1f793b0
SHA256d4d38d7319af9a955bac84f7ee4a3030803575b205bdc24a35715d5bf7cc321d
SHA51205a1c91ae51216f822c2f29dbbd6454c4bc427bc021dad637b2fc03a5868a09f079f7bdf56fde4cbf7364c7e59bd47c2c38266aea53138da24c07a7b96153584
-
Filesize
16KB
MD5994d6a357c929fa00724de3787e1c13b
SHA1df59d0c0f2392a0d6b3c233f69479aa15a248a1b
SHA25679b3829a973fd743516bcd5969016c655c8b63ba14fd1f7be6440c9e57dbe99d
SHA5123741d8491c8fd96baa6f5a6ee9ceab7a2eed665ff52018c7fb3f70fab6bc9aaa863222f4f20416aa9d40300d9afb3278ccb928d45ed1828405b71ce0728d2e7c
-
Filesize
16KB
MD59f33e88661c1e0a5f8dcb987175bcf4d
SHA174cccb9224cb9c984ef980fd4f501d551fd52743
SHA256e45fee1843b3fa185feed8255aef111617cc8807d608413716647acf7358104b
SHA512b8ad527156aafabc443f062f72fe919814b3c871093915bd9c10c360d010c1d7f6a9e5dc5d28187acc533e67fc2b39450749f0f8bf25a26dc0f618fcebb444cc
-
Filesize
16KB
MD50a8d44713463d3979f2ed7b63ff3fde6
SHA1e612fc867d882d3352a97bb30beb541d5e65a484
SHA2564ac2ff1d70cd0126f2e9726c2d026605b3dd09b51bc799ee51c5c9efcd928980
SHA512174b6f470b9dff7082ce861a850e7f6819fc9e3131b030f25e7f84344de2e5e69c446425cdda1b6df88ab3189b2cfe5ebe4ace83a584e66cfe84cc740f29d6b5
-
Filesize
16KB
MD5bb4bb9007ab7e9463b2a4474e22eb5da
SHA170b19344ab36414c50e5638d2f2e1c6409b93ebf
SHA256819c28064dd81fcbe76a08c692eac1912d453a17945f2ee717079d9fcda47994
SHA5120ef1ab9627c522843e077ca56ddf45a722f1c5856e8965b5aff6bcf7300092ce0b230b6a3a803c7e465ddda04be33002a324dcc21368f0f3157ed33dc8b8f371
-
Filesize
512B
MD5461312456d6dfcb2511c0a35f72da07b
SHA17386a8807cd7704594c44f2d7165d57486b09216
SHA256cc7415b35380bf6a59673e7e3f448fa5a6f90f67a1896f4a5a1784720abff239
SHA512227cd7ae66943fb57c63cf0c9b36d68656f0a2746a37399ce9b52896e414e5c0df21c0c66eacc73abdef9ebab35070d80112f8b7c19ce608498f28d33f885e9e
-
Filesize
8KB
MD5616bf7e6dda63c288d1977963da22670
SHA14a566d3b5d0522b33410f47f2837a27ff6f1ee06
SHA2565aee48fbf3172d8a00a46498dc968233ad63e3a3e2d0f8373a6db58267b5c493
SHA51255ba4a367ba7ce3f17b3c82235b96f955cb3241e1f85af50289f2c25f5aeac03cdf7cb3ba663652fd170e035b05b3b5f2e0ea573e450b4ca33072acafe0da708
-
Filesize
4KB
MD51a9f223c96fa728146fe60fe2a74300a
SHA13f221989b32b16d49d22cbc6e657fdac317b5d6f
SHA2560d7ed09ee388743a003ed55452558a3c511ef2798c3309e1edb62a756b099446
SHA5123111873af733daceb1ac574e4b14082d97cad1db954a4cba904648b0c255a505491107d3f8d51a1b1592fecd4251238f3ca5a9c60ff632426e082e6987064d36
-
Filesize
8KB
MD58154fe7e19934fc17d676f5c88b93c9f
SHA14e9f8c740b7adeec59b3bc6e01a135441adfec9d
SHA256f1c6352340c22c700f22cdbbe75e369439437802099eb3cf3c97bd3358d0b06f
SHA5128d95f10c00afed18b25144a7b7aec2ed9c864af647f2cd7cd042918681ba8b99daa64d1929e406c91da039303dff875afdf9b8bb570a5feddfe7dcc47d116a4b
-
Filesize
8KB
MD51538d7b2374238fbb860f41c9cd83d89
SHA11e88984121f9b488452107977fb7486c238fb879
SHA2564e355be406ae5a38bd9b87dcc316052f1c7187bde3b7ccd0e671dc5d030c066b
SHA512fc70a1d966486c7b986950565507577ccdf022bb7e9f668721bade60685176ff537155ba23ed4d3c7d39f820bbaa8b286e20e730b57e08fb0de99cf3248d7594
-
Filesize
8KB
MD574e8f4f75d7e308a20e5897651da890e
SHA14474dfc468778bfa056035dfd8ae1477d9fe0513
SHA256b7894f18ff8e0b7c30c993b2f56d640e359e5466cb978c6d59212e4112f9a43e
SHA512415f267441dc4b26e1f20bc1ad827630b246afbaa14072689506302907e6980fe5630d36e70525d14c25fe151263a8b38427acc14c11fcef2cc1de16ef8619c0
-
Filesize
716B
MD57ab16072cc1a439ed481f75bf4c162c5
SHA125ecedc126abb49fd0bf02b395a684ae178a6f14
SHA2564fc2dcd9ca92c0249d0e925bedf85b32dde3614259020ab0fa612121fd1b254e
SHA51256ee937c0c19dfe3a3591519875472eb17c8691655a91b63fa5448ca6f1fa1eed53829fe2392efee4f305fa4694b4932bf73eb0999303322665b29349939993f
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD0013A00011217AA7BA853C208.temp
Filesize198B
MD50ec890dd5deaf5ff2ec70e171c846b95
SHA146f452046e60409e21b3e8c08621030eca5ea849
SHA25641110f1fb41b8a712f60fa1ddae686fc5ac15e1d4cae391470a604ce1176e9ae
SHA5120c4edaaf659276803cfd2ca1602a53e579b52afda90d41de8d23746caa0f0cf5b255017d206bf69b3af74cf1016779179b3bce9c583b53263f9d43cd0f459437
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD0013A00011217AA7BA853C208.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/report-persistence/sessions/66587AD0013A00011217AA7BA853C208/report
Filesize764B
MD58370e5ae4fe0a9e7d303450ac7fab891
SHA1e1ebf747dab5807283d0867a9c0d52a3a9ef6368
SHA256978e9507b61970ff49fbb48227ac871a32881b180aa3d23791ff6d55f9dadd9f
SHA512956ef810ccf45354e59dbd7642848cd28d9074a5ca1343b4ff3e43c2c3aa324aea6c49bfc310768723867db2d36d3154b07e7db9ae20fcb78b712b3b30d783a1
-
Filesize
568B
MD5d720eb439ecc8ad45d9178f1d3940cb2
SHA15edcc506e10d72c3dff2aa6978e11e9392ecae09
SHA256601244c140afb3c43b1fa4bcbbec0f62032eddf5043983733026e452b11be5e3
SHA512b731128f1484fa59ef7525ef4c620082bef0ca0eadade2b67e23c79553f29d9a3694b217cb15ae8fb218e39822eed8f0d08a4703bf3db405012cf91ea8501eeb
-
Filesize
90B
MD55fdf9b2b90a688421113f81915f6f6ce
SHA18063fd8a895ff85ae84fc77f1d00244eda4b1235
SHA2566b488aca51d9e113ed19b2ac1e4244b9e99cf59b5c7998e82c18839094d0a0a5
SHA512a8f1da5f56cff651289578c9f045a85ac7ea797bff51abdd6d96da6640de7855f926b0066ca8080e750fbdd5a874c89e0dab711cbed3db34f66e1bf6da742cf4
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5f4b53595e598390d7d653031d02cdf9e
SHA188a3de75b7edc6931d066b84dacc9cd67e5ac5e7
SHA256c961019b7c9533053959b1e15e00a6b8e073713b001861fef4f01ad48787db2f
SHA51243bd8c01700f78dfd488902ce2078e7834afdb1de8b3adfaabd74f8c8bc747678d84e4d79799938a2bfbe5492ec5e1efd5ad27c7803785220f51ceb9082cdd2c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD51570f57bcc15ade32b45104532684508
SHA166651a6662839b515be14aa5c3a022e50e0526ef
SHA25623c3e2f340ecb8ce84eb200f28062adb389151700b094e33a31c399cd80c37a3
SHA512c628fc11ad01aad966c5e38f44c25620cc2d11f91a8d3bc794004221a4a93a95df956af6870c0fe148383313a9819d32888aa8a0a1be6418ad65d512d3bfc2b5
-
Filesize
108KB
MD57028596e55a7b31ceb1b846cc865ede9
SHA181826abc27557b7d83a8d73be5a614976475cb4c
SHA256a02cf5380c1d28854b53122510e1bccd86a1becbebf565308e88576a1f2a505f
SHA512969b91383fd7fe704ae5b373816f7c1749d39726cc568d66193c8deac0cbea5ac78493311dca436d7f02f4644a7a0b29b3e0e6477d1239077f30bc2f9668e799