Analysis

  • max time kernel
    170s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    01-06-2024 02:06

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    95b2280beecef198e0000141611c25f5

  • SHA1

    412f94db6e1472f3157a4ff2c3f73a090474a18c

  • SHA256

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2

  • SHA512

    91609c6b985210db45b578e261e13c5de8f070405b7d81a611fc3375e7603fa8e728bfd19fb9003369488ed4e906c3f10554a13b5c50530df4de86a7e12fff18

  • SSDEEP

    393216:o5pST5h6sJA35z7A79L+icn1mbgafiubcNZjbZT9i/zVN2I+TXt5kKpPbNiRSKcG:btJA35z7c5k1mbBffcrjTi/zVN2IkdCd

Malware Config

Signatures

Processes

  • ultfp.xluluazofns
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries account information for other applications stored on the device
    • Queries information about the current Wi-Fi connection
    • Acquires the wake lock
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4510

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    2.6MB

    MD5

    a11095265b09ae16734bc3b64a287e71

    SHA1

    880f31b9f8816a40960b0276447e2252194d5f0e

    SHA256

    886111a93011a48dfb6eb6231c42864b42364bd8a71d0efc229188653dbe0a9f

    SHA512

    81963a169cfbe9dbc6a47a5d5c52d3f25ad3b56e82ad24206b24b257f0118d52393174a4219f6b27b4cb3a2ba8eeb832e61ea5bfb2b2160cee63a895a28cddc0

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    1.2MB

    MD5

    cb16f947895faf71d09cb5ad792b0e35

    SHA1

    c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

    SHA256

    e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

    SHA512

    8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    124KB

    MD5

    f15335a640f24813c9b345c99da7e16d

    SHA1

    a0e7fdc85b3c1420bf342676be577f146f5dce49

    SHA256

    6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

    SHA512

    5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    8926ede590a51d106e230dd7fc7c2047

    SHA1

    e579365beefd712f6ee549064767b3bd9539f6c2

    SHA256

    c864ccd519c15949a860c4cb8b4e7eae5e2da068457d16b5894ac1520f357407

    SHA512

    3f9f236b667cff0122b0f351271c91a2e8def04346069c7a6c175e06545d40b7deedc83502ab8a1340f7bd488d6692f0acb8c063a558b83e58105ad762b08085

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    2f5f114d58e0df082b48da2a1b7e02d4

    SHA1

    489e420e38bdae4c5adc734ed5dfd178f4cac68e

    SHA256

    9ccb4b4edb6c09317fd586ad8508d16bd870f1e656d1f89e639ce6db11888c4f

    SHA512

    bca3215d89339b384b8371708a9c1636b572d022e33dcf8815f877f7b30b024209e4338c252c685389a3424dd988222164bd7d3a42ffeeb23f891ea6ac71108f

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    0d2333a204fc28ed6ec739a2f3dcd13e

    SHA1

    a8ad276d7b1395fb402c283f823a7049c77e7730

    SHA256

    cf33a6e75095f220fd66e0c885ed6ce85b4a53a89ff6709ac642053c3e2baf37

    SHA512

    6335a8c863fa37481d747cb49f6c790847cfb0b3370b17f8b76d64b48503e0623265a1cefc82001782362adf9dbf18314604fab015b9e308fc1684c0d402cada

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    a765d9c4daa314315364b4f9f671335f

    SHA1

    f73004d5aedc3616bb58f49d19d562d1303d942c

    SHA256

    a11823cec17d8af3058b30a454f77a384ae5640d870d515e15f62a01d4389a1a

    SHA512

    5c6efb3601fd25013fcc7263a4f36323aeb37c45b00a41a5d44b75345e6a91130e4267eb105973bd92cec0ffdc3d591deb2bb55ac6b6e245912d1c2d8cc5f7c2

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    172KB

    MD5

    593e073e9fbeabf2ec8df41084a2fa69

    SHA1

    7ebb43722824bd83dba57c27bb020cbf08449ce5

    SHA256

    72092b984a04e14b4c65a9e73642ee31d9bd2d9e46b9a1502af4cd73ca5a4d48

    SHA512

    64a448939746f56749ff9301f9e7eece71f699c7bc7d2a958ca02192654f573a2d3f68ec34f6e4048a13f50a7e9864226a5862b1cd5279dda9d9ed992b3c443a

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    ddf55e99db70cdeb39757943ce807a88

    SHA1

    f6e974fcd65b9591e88b782741a34d2812622386

    SHA256

    f9d7e591388cf180c0507ca82933fb46d65645093847c2a93c927f5c5e39a28e

    SHA512

    2e09566b047abd5cf72bf9e8e50e7237ee7ef0cb70b9e97a1df7035503ffa0dd0c8da7d731df7fbe109064367180c32691f57a99db9d81481404c6dbdaaf48c2

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    88e7100bfced8e35f997f05b2bbc5381

    SHA1

    744829f18b7e574448cce1c2a3eea73bd4d84ed9

    SHA256

    f79a81ca3a1095683f8156b2e172eeb7c4c2b7febe8d98c3541eca667dc470bc

    SHA512

    6a4977b6a99f99bf179c5e2cf67f69ee017cf7a513e5ed2bd1807629e396a8d13ec23ffb5040298b8d3c9067eff7785231077884faad9d0492a250e3c6d0b892

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    8abfe9f8b71fadc8f0c00ad8b0abf972

    SHA1

    674885b47a8252d0bbe38a7913a758782fdea724

    SHA256

    84eab30033d5556b5742f261dd96cb4d336600aaf2409704e1cc9a0831c64dc0

    SHA512

    d4b17e5a4f65f726c734ffdd621051fd31891417f6fe1665241a27df06688c14232031ef8703de8b9a707e165a1bc7ccd61c262eb6f047b176476c85c25aa0fb

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    a4fd7e40a2dcff5a2ebd3cd61aa43dd4

    SHA1

    29f9a39cc067816ade2011d4f8179e07c453a9b1

    SHA256

    f6ea90d62c21e9d8ebdfd0a40f1200589c8ac6fb031f2fca1ca72984c9a9bad0

    SHA512

    d598ef91ada43ad895c9211c2a1e0985373a417fa977b3b85bd3ec4af5d07e66831b770519d297b3d6141ff0f9a4ce75e31fac723c6e0af00d45246508d504d6

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    8e74769b564d043a6376743fdd460d81

    SHA1

    fd19e6ad613bc1c8fba1ef02416d397967d13191

    SHA256

    1ffc49eb9be460d6765c3c1ae2074ed4c6f6629f148d04722a599aff6d37c279

    SHA512

    7406221d2fef6b656c44d7d22cc80f7c6e7609c0c3c01c378c221576f77ec1965124c9e272970627b65a69d67f0be2ab67a2fc3f15664a819efbe813ec703a7a

  • /data/user/0/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    24KB

    MD5

    e1add71d6e1ae6e34ff6770d7d1aa390

    SHA1

    62b0d88adaa6e0182b22b3bd400101379a317218

    SHA256

    12a4fedf6d544f5c2e23e036c0906c50137ea0249b34ef0f47613416895e82b6

    SHA512

    42b3b3b2e48c480edf1af5937413245a2bb42b9da7c7a8f8cea6bc92a921bf43ce1c3d9255d900c35ae24361e75a9dcc13716192d688dc1092f71f89be05990d

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    b6d3a4cf3c50723d4c2b606550f66078

    SHA1

    fe6541e98b3cc04a31d269c3dd51beda11814796

    SHA256

    e10b67c58d2778bbcafa71e34353c26a089eaef19021b8a52274708c6c664a8b

    SHA512

    6b482bec5b3bf9f39f09164b67a416f238973e799a88245422a06caeeda73daf0aa0fa4e319384e6ac6c03c99c5808c9cba990ab5028169e820a2d8694eb7c5e

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    1e05a2d987a9b8ace6ec423e1de9ae2b

    SHA1

    8ba9fad037667f9a091541ac11cf4e27965d5288

    SHA256

    743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6

    SHA512

    1744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c

  • /storage/emulated/0/.am/log.txt

    Filesize

    171B

    MD5

    cddd8f0a017edce02b114e774849ca49

    SHA1

    4d6e305da24e28bb94bb1d872156f43f38e16f26

    SHA256

    4be76dbc5607ad770639df46eddee62f81a3c5bc224b56d41eef89e45601f67f

    SHA512

    891814d8b18af00375ff73c9bcaa8ff7b7377e1b9006512a1f981ec4a21c4c6132c1dc2532b2a60acbb03bef515e6279de3c3731f03be6c0bcb1a1a42911b7a4

  • /storage/emulated/0/.am/log.txt

    Filesize

    150B

    MD5

    d34c37a5f15e41464ac4aebabd307462

    SHA1

    518e825a075304ffd75dd54de8832dda9a6898e4

    SHA256

    7b6f11c534d63cf5c57bc633e76561a3ff5cd204d78aa654503f22d099c68694

    SHA512

    d645673d1f88ca2401068511517866cd8642e20e6a29ce41d406b08cdf508b677bac4b2a4dda7450e0936aeaa4da78ef2f7fe6245de91b2962aa48cd2942a7d8

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    d80e67c0a723caf64fbd1038934ec525

    SHA1

    62bcb20902f832b45259fd5a2caeb06874a8ba90

    SHA256

    7cd601b6252dc7f704752458b1164da6408633ac55d3d159dee7c55adf54289f

    SHA512

    af7c4afdfed63885f36f9a9be30de905ee466896756fbc5323028f0cbd7e6aa88a6c686d4f959d83cf6582809ffd9b49e28b126b58e8e8b2218044c5d1b7c77f

  • /storage/emulated/0/.am/log.txt

    Filesize

    62B

    MD5

    2bcf54cfeae04b67443f7908b276cefe

    SHA1

    a6da032bf46c1f8f1c20590ea875ce6fb9848e77

    SHA256

    760ba474634d1d3c786736b28182e06f25a654f6b8016135e02e41f9d3c6e7be

    SHA512

    7859d1d7a384115a3c510018abb74cad1c97a85bc2f1fb43f1afaadc1956e98388a52fcde2a8398fa86699fea6bd0a55690beb2c88d7fec8f04bd98758f12b1c

  • /storage/emulated/0/.am/log.txt

    Filesize

    70B

    MD5

    222651158bbe84bfd00a51dd5ce6bcb1

    SHA1

    a2861d2c92182c121287c27f022d4a56d769dfdc

    SHA256

    a6fb3ffb23acc59c3edc6a803745822ae2878cc2aa246030ba9234b00d7d9e92

    SHA512

    821800e37914137f8dbf86999b08c1766e627409f189bec12439b4bed1370d0d33b3f3d963faa0184d2869b73b01cc6c67e3bb3d58df61730c70c64714de27b0

  • /storage/emulated/0/.am/log.txt

    Filesize

    191B

    MD5

    fcc79f79567a2c17604ca62f8cb44fc9

    SHA1

    a64fe9501b5f6cce8d841de8fe29eddabe2a51ba

    SHA256

    d6636c0894db58142d0935a35401c8565fb5d1093db35bf6fbdfde6c7bbd520c

    SHA512

    6532b69767d772eef7c6833d5538031eb34a98d5ea10d9265b3d796e9a03cddd4c802a0b719fdd6c7abaa5e96fa73f531e0e5c3688d592b22a28063f69c29054

  • /storage/emulated/0/.am/log.txt

    Filesize

    132B

    MD5

    8ab72905d36f938fb0a1bda22700d158

    SHA1

    1fea193be512a0dff37e55aea1f4cb643520034a

    SHA256

    31bfe30b271a98dc6157fee1f4c6e639c86a4e41a654243afc58fa9a9a49d717

    SHA512

    6a78540a82b679febf5c59fadc6eb2ba40408979f4410a139db62b7c87d164e7f5c0221ded04d81a8c1d2697c60f6efaca8538450ea28dccb9ec14e3bea27ffd

  • /storage/emulated/0/.am/log_.txt

    Filesize

    27KB

    MD5

    93988e3dc5bf0d21621cb8db0e959f99

    SHA1

    4f002a9fbe6a6ddab472a9bdffe6bb82e6fb9c95

    SHA256

    043ab5d77cfddee26d178ad41cd0d377be8d9559795ae990143810c20ada2248

    SHA512

    00cd3e2d2c10aabae94316e4e30932d8d4083cfe9fc13a3ad7dc931920a52ed47ff588dc371f24f0e732a12ffa5ac78954e2f42d34a731722f9102200a08ab60

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    0a51bbf204e528bd241dc8dbf20726dc

    SHA1

    dd8d4bcf30bdcb6f9173f6c4bde67c0335955e49

    SHA256

    11323c23193a95ff631211b211fb8814a7eb7afa267179c8d38f206fc08d709d

    SHA512

    02e49c0af396a0cf9832c6842383e33078bbfb3e395852282d4f0ad8b82b71d09246839bba3c578dbdb502cb2c322f59754f0ab8dea327ac3f7cba3640db165f

  • /storage/emulated/0/.am/log_1717207590322.txt.zip

    Filesize

    217B

    MD5

    8d51f026936898c3a9acb1c3b75280e7

    SHA1

    21a5d9d914e52495929bcb065cd4b5db53e946c2

    SHA256

    5b1fa3efdfd4609a5cf69cdfce9e6fcc836a644f6e60092ff0fb7fccd46c8f32

    SHA512

    9395f0950cc9bbf3cd982d4ee6515e3922663671d6061ddaec266d900b15273a3e074347660fe86783b69a2e915740d5c143f4b9ac164bbfd1a05a8a214356ce

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    81B

    MD5

    b8b5f3bfc09d894b59b046a334c95afb

    SHA1

    63553f7add999d1f9279baae996086f6da7e5c63

    SHA256

    724cec8037ad196328560e2dee682aff4e295682d738789468d8123e9d447871

    SHA512

    30d8ca6f0c05b027d1fe1504a5c95efb8b48ab61a8da85fbe49fe5c24cd23266450e95e48cc735244e764019c6065e5b8420d615baaa39d3abc6489479f66b67

  • /storage/emulated/0/Android/data/ultfp.xluluazofns/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

  • /storage/emulated/0/Android/data/ultfp.xluluazofns/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    38cb0f23ea4266e5835734f8191718dd

    SHA1

    1bca9bd7bcee0dc5e04a55bf608de31618c57405

    SHA256

    3e7fe59f181e7e3bfb37276d8ebc707227218871aa0e59179f8f26625deb7d9c

    SHA512

    8a73d18efb8dc9235f9bb7ebed91e9d6efb9e53ed9b8a63b18262dac286145dccf8406bea75fef60ce0a0e6650be61cdd2170cd6a1518e9187ed1277cb722f4d