Analysis

  • max time kernel
    15s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    02-06-2024 01:17

General

  • Target

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2.apk

  • Size

    20.5MB

  • MD5

    95b2280beecef198e0000141611c25f5

  • SHA1

    412f94db6e1472f3157a4ff2c3f73a090474a18c

  • SHA256

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2

  • SHA512

    91609c6b985210db45b578e261e13c5de8f070405b7d81a611fc3375e7603fa8e728bfd19fb9003369488ed4e906c3f10554a13b5c50530df4de86a7e12fff18

  • SSDEEP

    393216:o5pST5h6sJA35z7A79L+icn1mbgafiubcNZjbZT9i/zVN2I+TXt5kKpPbNiRSKcG:btJA35z7c5k1mbBffcrjTi/zVN2IkdCd

Malware Config

Signatures

Processes

  • ultfp.xluluazofns
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5163

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    54d4df8c39af18b02c59156a2186ff3e

    SHA1

    98ee3746a914563a72c0c1af125f9d23fbf65a06

    SHA256

    9d267f3547681251855af9b5d7fdf61d9db456a6541269896e2ae050b2d7d739

    SHA512

    ea5b2b6c9405a7b88701b5ffbfccb18ae2f2fd122d3564fb2c2f9cbd70922d1e5af7f5742fc766dbaaf461aa5c97a88304d1598c092fa118c92fc4e7d9279a63

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    78028ee24dea9501af20923f0a778fe9

    SHA1

    2f7c8d4d3fb0e6a680bd9df08b3df957b3c75517

    SHA256

    cc1c18d35a09c7c89e06ccdf1daf51094c197c006f48d7d67779103cf1387fec

    SHA512

    3b2e581d19cc7cf68bd92d0c71cd3b2768e6805fe3316c3519059a6a49d09b3b69bf937af006901224ea795184cea518e551d14cccc5713833c951678f61f5c7

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    0b2af3a432c8edd16b07c06d2d55f8ea

    SHA1

    956e58b3d5ca981ae8f13088f1f50b9333e2b03c

    SHA256

    afdafa10645ecbb506e24bd18054f3ab91b4b887db0f33652dde15295eb0f142

    SHA512

    a5b62e2ce3cc446c716335d22a2fbe28dddad2589a4caa7321ce200622d3ea9a4d8ee0820373903ac6ccb0393e44c9bb6100c63860e74d977a93ae9e2d342d46

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    4eb4a428748dd98c1998535f4655ef42

    SHA1

    1f54bf6ed210ed8430ec85dd58f9dfa6595cd796

    SHA256

    94e346ea4c404e843ac82c3891fe56fa8e8e5e22b1852b3bc455e24f026bab40

    SHA512

    7ada5acd854dd182468fa0031a7751b73f2c548034186c98bc2e6c65c8e42cacd0bb32ade8a76831c72f5217a1e4cd89f6c9f7a174dc405eb2331530c7c8dd0d

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    ad9e39b0e7fd460452b9910db186f162

    SHA1

    573454a551c456cd4a665fed4652a6a0e825a708

    SHA256

    e516c455568c89d6edd096d8b6e37a21ed56f7480dc0684b1eb0d396a2b3cc54

    SHA512

    86ec2c65d721b998efdc675da2714b99e44ea3d82f552dfa1c316197aa00b980811586dc4a480cc07779bd533154068f4d7207275d9a9da9db0bac6f9649a132

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    65d28e0d9a829bd9def0596de39b8e5b

    SHA1

    67221bbe9aa1f030b6a7d003da1cef2cb5d95578

    SHA256

    a4bbda21cc07a6e10bead100d8395d48d3cc30260b9633adc303574773c33816

    SHA512

    616f04f794d406e21b3c08a0a4d250764d22318d7047b4ccc5b82231984469f41bc3eebca746f54b3b8ce1184fff6c98cb8ae249d4eb345097765bde535c90d9

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    2.6MB

    MD5

    a11095265b09ae16734bc3b64a287e71

    SHA1

    880f31b9f8816a40960b0276447e2252194d5f0e

    SHA256

    886111a93011a48dfb6eb6231c42864b42364bd8a71d0efc229188653dbe0a9f

    SHA512

    81963a169cfbe9dbc6a47a5d5c52d3f25ad3b56e82ad24206b24b257f0118d52393174a4219f6b27b4cb3a2ba8eeb832e61ea5bfb2b2160cee63a895a28cddc0

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    1.2MB

    MD5

    cb16f947895faf71d09cb5ad792b0e35

    SHA1

    c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

    SHA256

    e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

    SHA512

    8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    b6d3a4cf3c50723d4c2b606550f66078

    SHA1

    fe6541e98b3cc04a31d269c3dd51beda11814796

    SHA256

    e10b67c58d2778bbcafa71e34353c26a089eaef19021b8a52274708c6c664a8b

    SHA512

    6b482bec5b3bf9f39f09164b67a416f238973e799a88245422a06caeeda73daf0aa0fa4e319384e6ac6c03c99c5808c9cba990ab5028169e820a2d8694eb7c5e

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    1e05a2d987a9b8ace6ec423e1de9ae2b

    SHA1

    8ba9fad037667f9a091541ac11cf4e27965d5288

    SHA256

    743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6

    SHA512

    1744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c

  • /storage/emulated/0/.am/log.txt

    Filesize

    171B

    MD5

    f821514f1753a590473cb1f2fb6d9801

    SHA1

    2887d56bcdc488e95a190917959a6ea002623fa5

    SHA256

    b8dc1d9a60a9c4154559d7d277ac41302993ffeefbb072da93f4cb5a4add2019

    SHA512

    f5f58b79e8b93b67fabdc75e46f381499a031e36ba60fb49916d981801506be95fdedeaf56ee01f2de31bd157c50d0816aefaa9e19e3fbb5e66bd410834830b4

  • /storage/emulated/0/.am/log.txt

    Filesize

    150B

    MD5

    bb8d5e7fa600df262d37baa13f4107d9

    SHA1

    c5e7c4ded2f25cc124ddbf67e88b3fb5feb567f8

    SHA256

    42e9594f6e65af0b186d56f84a8fb7dddd998c2c6e1af1aa6a54860d67e037bd

    SHA512

    e5149d66dc48590939c9aa410f3adcff317b09326b26dd6ef9ef5cf2f3ddf11b252d6231a09afbbf0f0649219c3e4a8437c46655215c78b895d58fe33e7804fd

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    044f80462b08071c704bfe08c6654e41

    SHA1

    4a7439f2a762d764da25dbfa4df25554b4fef309

    SHA256

    762c8b44733660bc17af07733cc11d0558c24dfe7806f4ee277d8b77cccaf0aa

    SHA512

    5a7985161a5a80096f1f245f08b1cdebedb7c98869f63dc7f8fe6961ad1fc431a08ad5817b022013240b96729dc748f6a93252c0b7345c0690b87caa1f092991

  • /storage/emulated/0/.am/log.txt

    Filesize

    62B

    MD5

    d99a06e16324344bb254b16127d89de1

    SHA1

    36cf58f08bac2bd84f57d90b4a86dfa8859a879c

    SHA256

    9e1ac5f1425f9825e368ffccbec15f2c84c030c93e2d5da0632c118a5137aafc

    SHA512

    1e2e96134654049f76b6cd374df2f5c2f2f59cab284cbce385732888e19ee5d25682f6d769df9fec064317b444ae88b3cac6530a31fcbee664f0f6593d0a4b96

  • /storage/emulated/0/.am/log.txt

    Filesize

    70B

    MD5

    39a2ece8daea06e2504728eb2db7faef

    SHA1

    b292aa4d8fdfbd7f1a16ffb9f09c00c1b0ca59bc

    SHA256

    5e484759fb6aa674552e8175006230e47ec8403114011694cd552fc15706119f

    SHA512

    57fec476d6d6039e8ecd40f06c6b6e009d85cf8180e1860071203eb64ed0e348b330b2e898dea637265745138e188a8d18c817063941ddd57bb57b9c8104ecdf

  • /storage/emulated/0/.am/log.txt

    Filesize

    164B

    MD5

    c714777ab26e06775ee6b38cb21ecc8c

    SHA1

    1b87a03072229cd8f8ca5aa27102e893a7bef4e0

    SHA256

    be8a132ef4977524de4da44b8f5ca4a2b7477696a95485ee5fbc6ec59f5e465b

    SHA512

    a345a3176bbaca2260fd051b5cd21e0cb0d74c914b9b4d97ce7f8cf388b8aa3a8061312850041816ef5888e7a0374f3fe5d72d3d2f85401b2110d42bbadacea9

  • /storage/emulated/0/.am/log.txt

    Filesize

    132B

    MD5

    35714ac62582908448995599b8bf8cf1

    SHA1

    63334a68ab6f92e888e86ea5de5a2d2850364669

    SHA256

    cdc0221b065db0d7fa90f6b2e7ccea997fe75ed9cdd374452a7366d54b44ab48

    SHA512

    a42e5a86302111a4096cc6bcdaf46825826d8499e796239f621f411bebf767dd816ec8a325f34793f7ce1ffca2b8b85a6db349e0cdd6598faba7c5aa918e775f

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    81B

    MD5

    b8b5f3bfc09d894b59b046a334c95afb

    SHA1

    63553f7add999d1f9279baae996086f6da7e5c63

    SHA256

    724cec8037ad196328560e2dee682aff4e295682d738789468d8123e9d447871

    SHA512

    30d8ca6f0c05b027d1fe1504a5c95efb8b48ab61a8da85fbe49fe5c24cd23266450e95e48cc735244e764019c6065e5b8420d615baaa39d3abc6489479f66b67