Analysis

  • max time kernel
    26s
  • max time network
    188s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    02-06-2024 08:52

General

  • Target

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2.apk

  • Size

    20.5MB

  • MD5

    95b2280beecef198e0000141611c25f5

  • SHA1

    412f94db6e1472f3157a4ff2c3f73a090474a18c

  • SHA256

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2

  • SHA512

    91609c6b985210db45b578e261e13c5de8f070405b7d81a611fc3375e7603fa8e728bfd19fb9003369488ed4e906c3f10554a13b5c50530df4de86a7e12fff18

  • SSDEEP

    393216:o5pST5h6sJA35z7A79L+icn1mbgafiubcNZjbZT9i/zVN2I+TXt5kKpPbNiRSKcG:btJA35z7c5k1mbBffcrjTi/zVN2IkdCd

Malware Config

Signatures

Processes

  • ultfp.xluluazofns
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries account information for other applications stored on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Schedules tasks to execute at a specified time
    PID:5153

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    9dabbd4a4ed2fcd75245f9b27527c03f

    SHA1

    3e0998cbc52b49ca740c7aef0b61a1de5db7cbf6

    SHA256

    c226f4d45475de27e5fb753f0f93fbb36b28dd6e71c6d93260c130bb8862a53a

    SHA512

    881c0b77829616d097107e3e91cbec80455f16708c434c7419ce989bc7a261a44366755a2f5d5c6f04815c0c3a530dadcae6050d76f58b114f973080af621c98

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    7127cb606ddb293619854ff438dd3b6f

    SHA1

    7528c4195b4f66cfbad4ef5ae297a1c016be749b

    SHA256

    1fd56703e0cbe7401e74a9eda5fd99e365c9771471c9ba47ab7c6217eb22ce88

    SHA512

    acdb327aa88217ffdac66e36ceaffa6665012d44e30f58c6c23b444e2506aacdffd71be6593c3351e9fb0a3c9ed00292d5bcd52ca586a6f10365b21d0d50217d

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    d3dd91b6960ca71e9d21adf4fce909bf

    SHA1

    51617f03481959064f38fe158f42fc0c4fdf6160

    SHA256

    54de929d67c10998c67d54a6ea08ce5b03976ade1a22c18815222304cb6c84c3

    SHA512

    ef30e744521b159fc444e927248dcacbef372cff6925002e429d4d064aa0f27659862ac7810deac34a7dc20e4b15a841749b2dc1ef53ea3d40c17daeeadd6d15

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    53250cf383cc159672318a8add133c12

    SHA1

    f54a93cde7280b940d12173154e7cf42fb9b9759

    SHA256

    29ec07fd519bd9267e6eef907ebd298767c18804459c4f0c28e8e7b405c1b05b

    SHA512

    3f5cc7ee1f9ef7879a4446a9aa84dce9f21a7ebc1488322a1489ad7273322f070274c1604e430f039104d9a6369e9ee094897003137e8bac989b0a25a20309ef

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    96KB

    MD5

    10e40f812959b3864ce88ade83006333

    SHA1

    ea963e482a0193cedd0ede9813be30594e622f83

    SHA256

    6d2e1b2f9bb0330a0c968a87f75ca9e36759ee5c1b0a4aad3ab435f0d025fae2

    SHA512

    bfbe6da1047b244c64b6c04f408951326e3da24ee70c9a3c9e16eddf8ff7b3b31c9e004e03d280fa9d6a4efbe64b32bce4d17bda9909169d33a6e4b790b279c9

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    421fc326417e59935f761eaaa7850979

    SHA1

    78d8e09bf8e28522b8c8527a72f4832a14fdc87c

    SHA256

    5669b80144c3c2fff865b764f4a22a3877964d70f65abca6eb33c196e3dad938

    SHA512

    b22af4cf292c479335f9574a62f9e0b30c37784ecfa764e9a74225ea0de0f5071fe1def4b24a7697284ab68aa6be31e7b943e4dfa1c0f3c3d3c84671c9dde4e3

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    e0159962595a7c6c11e6c52573040d22

    SHA1

    6ab2f49e3fae60acece179f01fcbbc5a23b558a9

    SHA256

    1f1ee8e478a78f381e21b29264e49b10fc387b090636eeedf4b2edbd12ddd89b

    SHA512

    58f6b84d26cc3d73d3aff0f99f1c662185cca41c3d097e61810c8ea18feb18379a4fb75bb0be0a6f290346075c8474d21662b22565ac49f4b4d2e133784d7112

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    be69d272ec9d967963cdbaf15c944954

    SHA1

    ee068c1034f2180d45d8eede6fa0b34f1fdcb2aa

    SHA256

    93c5f4b63b5fe4d56e8f1c976a4b66ff458f458ca9f91d3d38c1478e61363465

    SHA512

    905e28edcad206ba2d206183045922bb40728353b0e08b6c15fd1c93254e677cfab1e0354f653274520a7ce2683cad9fb4630cf5fd016ddd2f8362053120170a

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    277835d0f9c6e82846261fc2f22360dd

    SHA1

    acc33cc58b9541755a0e722c67e3456606428337

    SHA256

    8d1a696c664db57a170003ee24e62ad701d2f5cc789253306bd9d6d1c9a0d1a0

    SHA512

    ecfd078855b2a4ab9811ac94196aae4f3da93adf50202780ec61418e6b923ac505590c95607590e07992d7d04ce6b6c5acdb8084d449b66e104d23a41bfbbd62

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    71fe56e60fab9db8cf8f8913118f9039

    SHA1

    356931814c56302570be5c2e1f8283350acb48c2

    SHA256

    90b7e7528a7a5510307afdf6ff074e1c3ddb4bb47a895385b28202dad283bbb5

    SHA512

    ba617689782b68d52844593986f5fde258ad39773c1c293a279e8aeb00e7bb9f62b1f253abe967282df2af8092234c7f3861a8ce4f1d514b7c1d612c3e02b64e

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    aa855c1e16a9ab546ce54658bd6a21da

    SHA1

    d09456b6db8bb0007c0b5866d3db946c15dfb6e5

    SHA256

    f07488d437d5458ce8f3bb912e5803559fcbb91df033d087c5e87b225953d8a1

    SHA512

    3a5c65b157cdeb7c758afae5944a869729a5717507ea85b61a533b5e0a1c115b3129e4412649eaa310e4625b9df1fc5c620f16f579e7ff4c0a200a01462a5860

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    2.6MB

    MD5

    a11095265b09ae16734bc3b64a287e71

    SHA1

    880f31b9f8816a40960b0276447e2252194d5f0e

    SHA256

    886111a93011a48dfb6eb6231c42864b42364bd8a71d0efc229188653dbe0a9f

    SHA512

    81963a169cfbe9dbc6a47a5d5c52d3f25ad3b56e82ad24206b24b257f0118d52393174a4219f6b27b4cb3a2ba8eeb832e61ea5bfb2b2160cee63a895a28cddc0

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    1.2MB

    MD5

    cb16f947895faf71d09cb5ad792b0e35

    SHA1

    c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

    SHA256

    e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

    SHA512

    8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    b6d3a4cf3c50723d4c2b606550f66078

    SHA1

    fe6541e98b3cc04a31d269c3dd51beda11814796

    SHA256

    e10b67c58d2778bbcafa71e34353c26a089eaef19021b8a52274708c6c664a8b

    SHA512

    6b482bec5b3bf9f39f09164b67a416f238973e799a88245422a06caeeda73daf0aa0fa4e319384e6ac6c03c99c5808c9cba990ab5028169e820a2d8694eb7c5e

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    1e05a2d987a9b8ace6ec423e1de9ae2b

    SHA1

    8ba9fad037667f9a091541ac11cf4e27965d5288

    SHA256

    743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6

    SHA512

    1744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c

  • /storage/emulated/0/.am/log.txt

    Filesize

    171B

    MD5

    f6458957be8737791ea51069fe297893

    SHA1

    01ea14c9773b8a0435c35483363ca999311a1bfb

    SHA256

    cd641e675961e00c43802651f4951c8c5488c3251f5e1cf55caa0e97256b33a1

    SHA512

    be584d767e90e5a6e96f0e45873983fdbd7d568b9326d63f98159885f8b7485e263cf18bb1a668fc8a477ce9ef9562fb39b8b32195ea7e8e252ef3c5f5926b50

  • /storage/emulated/0/.am/log.txt

    Filesize

    150B

    MD5

    087c30a59c23a5b14761ed010df434ed

    SHA1

    6158c6af3bb9e31c139f14d4c505e8ab1a2aaf11

    SHA256

    a2631de0ceb0e7572a5372c4c84a2df7e4e6efe24c417f3a8922c18aa225eb8c

    SHA512

    ee5050aac09a6ac44c909cb63a948b214acca78b37e77beadf0dd5f81ac767aa77097e225104e13c8baf468048e916d1467547fd37bb4d352325b9fd4a7b9f3e

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    0ca7fcca83597269fa7ffe7e90ccb34f

    SHA1

    3986605b61102fa85631918640b6254f8b2abe5e

    SHA256

    ae914b805f918cc464a2741d223a5cf8c3544cab11cc801f2283aa74fe1199b7

    SHA512

    38f128a89b8570ab7a6961d2e2328001a9d1420ae9d6b94f88928a11ff368d240f2262c9b5a659af1916ce472222259e33b967b46fdbb07398ae3a57f1c72bff

  • /storage/emulated/0/.am/log.txt

    Filesize

    62B

    MD5

    958c26b3b12952b3313935b85aff862a

    SHA1

    3fc52bd0a70f61ec94af78c21daab1e4d14ce277

    SHA256

    1eddbd66654d297f0ce6ad7d6d21aa3ecaa56188205525babb468a9a99b85172

    SHA512

    527c3ec9fb2c22897b00c44af3fc8935588268ee27a33ea2df0839a25591154dd4461c953b3fdcdb87827d1fbd96ed5c3cfa4cc021803749aaa8da6718dd5b6f

  • /storage/emulated/0/.am/log.txt

    Filesize

    70B

    MD5

    41f8d8de7647608a2d32db511919d901

    SHA1

    a6217f927b4e7d637d7deff8ec3e76e928fb3710

    SHA256

    ff5738f544d97ebe1fd75a29170a441e5564ba9c054094f9c440a14baef18620

    SHA512

    885c668496173bfd63b3f74ff437079f169fd1780807b20d0aaa8c7287d500111bbbe599f3dc15f8c91b1ecf8e8ab7c30e41b2cebb30ddc18f5943cf81cc374e

  • /storage/emulated/0/.am/log.txt

    Filesize

    164B

    MD5

    e0afa6f942486b275999f1e068dabe80

    SHA1

    f08e64805c44efb2860b1c20adaa493cd73714b8

    SHA256

    b990724dbf94f6c839490244efc0077f534dec27d1229e8ab0ece0b7830771c4

    SHA512

    a38b1f1fd822c18725ed63b4a6485a5c91cba7e0abc06f0923dd6b26732c603521a0bb89b3524fc055d0d1ffa7de26e635f458ad385760347a6da5592e94d877

  • /storage/emulated/0/.am/log.txt

    Filesize

    132B

    MD5

    7aee27684bcfe083e0617a4585da15eb

    SHA1

    8ed21c6434378eaa75487bf7860e9613d83c6afd

    SHA256

    6cf1bfb80841f5ec1135bdf8db49882ba41d89ec21ff3902e2116a6d35dd4663

    SHA512

    3e7cab31bc681c8583bbb581503e9926078cfca85723b69269cc4406fc49be6398fb01a6b45c8257005d1909be3c499a8301b3697b28fde9eb00c954f5775019

  • /storage/emulated/0/.am/mch.apk

    Filesize

    45KB

    MD5

    3cfa758df675a49ce7a48ba461605e24

    SHA1

    7f0e175d6f2473c8369ff5841a59f0f616cacb8b

    SHA256

    47932b3ac5484af53ef9477716da7a7279194322f9c2a1b276b872481a63bb19

    SHA512

    3b915f3348297d89d894ca4abfb8fd565f64aed6b0365f8a9388b98a99e7cc8b4a0234e7e15bd4f3f264aad61b325a663e87ae28484355a6e45bd42286465e2f

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    81B

    MD5

    b8b5f3bfc09d894b59b046a334c95afb

    SHA1

    63553f7add999d1f9279baae996086f6da7e5c63

    SHA256

    724cec8037ad196328560e2dee682aff4e295682d738789468d8123e9d447871

    SHA512

    30d8ca6f0c05b027d1fe1504a5c95efb8b48ab61a8da85fbe49fe5c24cd23266450e95e48cc735244e764019c6065e5b8420d615baaa39d3abc6489479f66b67

  • /storage/emulated/0/Android/data/ultfp.xluluazofns/files/Download/mch.apk

    Filesize

    64KB

    MD5

    bbb146ff193cdf02fa7428bc4b8b8c27

    SHA1

    973a9f12b7174ef2f58d23838271d5f4263ef8db

    SHA256

    cbdf755e9753dd6f6aaff892284ed5528cdf81e41e86d0cca436a8f94207ea8c

    SHA512

    3592aabb47d5d4023a9c15e1d51afeb2e8baa8a7b345e74a1c272c7a15a482df5357e06bccbbc493dd2c560d437f0da3b120180a836928afe9c90747543d699d

  • /storage/emulated/0/Android/data/ultfp.xluluazofns/files/Download/mch.apk (deleted)

    Filesize

    64KB

    MD5

    13684d2547f64dabfe299d1c6553a05f

    SHA1

    b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

    SHA256

    3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

    SHA512

    e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217