Analysis

  • max time kernel
    13s
  • max time network
    180s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    02-06-2024 08:52

General

  • Target

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2.apk

  • Size

    20.5MB

  • MD5

    95b2280beecef198e0000141611c25f5

  • SHA1

    412f94db6e1472f3157a4ff2c3f73a090474a18c

  • SHA256

    7e8781523b8f388f6a84fe0a64eda900e90238e2e4abdbf0a713f1fe321fd5b2

  • SHA512

    91609c6b985210db45b578e261e13c5de8f070405b7d81a611fc3375e7603fa8e728bfd19fb9003369488ed4e906c3f10554a13b5c50530df4de86a7e12fff18

  • SSDEEP

    393216:o5pST5h6sJA35z7A79L+icn1mbgafiubcNZjbZT9i/zVN2I+TXt5kKpPbNiRSKcG:btJA35z7c5k1mbBffcrjTi/zVN2IkdCd

Malware Config

Signatures

Processes

  • ultfp.xluluazofns
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5172

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ultfp.xluluazofns/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    b930096b5f51085761546a9ca5205e2e

    SHA1

    981e8b10d424176fe8d85eefbb3fd39b9a07ed01

    SHA256

    1a45e440428034ebe285172f4c7a07f44e056097472d906e7a13e7d1b25d0b62

    SHA512

    022006a2df5206f16e8e4538ea9cb32f3fc7709cba45994790cf07d709148496a4c55f23c44553a41594bd9c9203e8f4e74c0fe9a62d0e43857e3fc4c2c05c85

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    c287146b428bee74933eb9ddb48f86fd

    SHA1

    bd469207f7c1bbba1abb61ecd15b7eeb5eab99cb

    SHA256

    bf4e63782359dd27d748a7fb6e32f95d8b32124f3c466f2d4e25c1ca852a4ebd

    SHA512

    dcfa0b11f732174b0299c547f9de716b565ebca1a4e41ccef43847f42f187ece39819699b98908199f5e2b3a25a7a60cbfaa3323e0e29ae7b9cf4abba7a63529

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    f6b9604bacd5b3109c28a588ed44a5db

    SHA1

    102f76ba6577175670e899c3299b8dfc1e3b4a89

    SHA256

    0f2299e4acdb667696259a2f4ad604ee0cbd9c06686014049b85b2584b82ca66

    SHA512

    58b8966963928374d3e5a51569ad7ca8d5a56a8ef928522bf12114e315627efee5d7472a530eee70103d333ab0356b62141c3f41929e061543c8e05cbc4a15f5

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    b1b96b27009846454b3c0dbf6f42eaa6

    SHA1

    4acd10fc97469df2855bb70789cf0d9f9fca812f

    SHA256

    2c0f31fe21e286a2ae7b57087482492bcaccb9cb8c05082372a189f46094e178

    SHA512

    1d696f91df64906e234b3d6bf373aa4126488997cff668290339c10ea429953232e1f1014158c63dcb5233a958c1ba0cf0bd9d97fbdb0b964e4ccc8987e9c403

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    b995606b062dd9603ebe995db21b076d

    SHA1

    7412212b22a2aeac1af8d76c73430a264e1beaba

    SHA256

    d798c6a0ed47fd6ced4996d3deb8d4235535592e74137781d4c20caa855da6f1

    SHA512

    b74f1b89fec4917c68304f52316225e05aa7b18df9044f443cbdae60a6921301bbb47d34f54f10f1ab9407a23ecea0c4386103c68fb856f0082d61a30ecd567d

  • /data/data/ultfp.xluluazofns/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    324d3d4a6285ad95d3b0825ebb9b1b97

    SHA1

    b9c954ec2b525e050e758d4ef8272ff8f4922fb9

    SHA256

    48a1384ed6560034b1245a305e9798eef70824434f85064e47fa4aaeb6f7e92e

    SHA512

    92efbb2c33e907f7ba5e29a891b811b73babfe5f84103f4e3e9402c21723df4ed1a3f16c0dc325c08725474574a0f159a230007fd09ee46a8990d70cdfc6d3ae

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    2.6MB

    MD5

    a11095265b09ae16734bc3b64a287e71

    SHA1

    880f31b9f8816a40960b0276447e2252194d5f0e

    SHA256

    886111a93011a48dfb6eb6231c42864b42364bd8a71d0efc229188653dbe0a9f

    SHA512

    81963a169cfbe9dbc6a47a5d5c52d3f25ad3b56e82ad24206b24b257f0118d52393174a4219f6b27b4cb3a2ba8eeb832e61ea5bfb2b2160cee63a895a28cddc0

  • /data/user/0/ultfp.xluluazofns/[email protected]

    Filesize

    1.2MB

    MD5

    cb16f947895faf71d09cb5ad792b0e35

    SHA1

    c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

    SHA256

    e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

    SHA512

    8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    b6d3a4cf3c50723d4c2b606550f66078

    SHA1

    fe6541e98b3cc04a31d269c3dd51beda11814796

    SHA256

    e10b67c58d2778bbcafa71e34353c26a089eaef19021b8a52274708c6c664a8b

    SHA512

    6b482bec5b3bf9f39f09164b67a416f238973e799a88245422a06caeeda73daf0aa0fa4e319384e6ac6c03c99c5808c9cba990ab5028169e820a2d8694eb7c5e

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    1e05a2d987a9b8ace6ec423e1de9ae2b

    SHA1

    8ba9fad037667f9a091541ac11cf4e27965d5288

    SHA256

    743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6

    SHA512

    1744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c

  • /storage/emulated/0/.am/log.txt

    Filesize

    171B

    MD5

    549f77eb782915d5fda3844057043670

    SHA1

    7e458263f4a6a4583f596c3465385e902b6bcb5f

    SHA256

    69a1f3c7e9b758613aa06d9180792a47e12d46ce7a76eafac6cfe444305864a5

    SHA512

    7fd1caeabbffc4e3a5ee5177cec42fb0e0820dab1499042fcca10c4eb4e9feb052d52a1509d1e2d87dc9c0caba57803b9a0e0ec9dbd6540266b7f9135eda2814

  • /storage/emulated/0/.am/log.txt

    Filesize

    150B

    MD5

    09dfcf95fda1603e9c2126c22169013b

    SHA1

    23e96986b88e8b9fdfec06e74537b80bff0c27e0

    SHA256

    ef7293f1491645c9d9bf4044dcfbaae4da736ce1670387501261fc4ad55f2fcd

    SHA512

    0dfa0f04a01b13da5a8df4ec9868c5f7d18e3bf26714b09e377fe940b72d822637759f8c0f6ad084a192a6287346af7b32725ecdfc6df77da673dfdd4e49d1c7

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    047ac59103dcae0f2ce9cf2df357e928

    SHA1

    53ff8fbb9a8446a5f51a3734e6a360fc4b5a8fea

    SHA256

    4bdc5cc104e6213a4566dc4e6c096895229f4350a87d4af196d2724191e1a5cc

    SHA512

    6949482d097e6d9fd03ca4da06a90b7929ba3c59ca511f51246fe5224fac3f52c4fe249358fa3001d2d74af05f0b2390f69122fce3034250b69b46fad162bb1e

  • /storage/emulated/0/.am/log.txt

    Filesize

    62B

    MD5

    57942d1245a0e511cbcab1f63c0f6493

    SHA1

    f862d2936222816e23411976a16d749bbfab96f7

    SHA256

    fcced9c18c7212d1d731bec6a6958e30782e707dee81abbc68017ac24f7b3157

    SHA512

    7325eefadf6cea0c93aee6d8a4bf6c52cfdab80960022b2ebc028ed9110e2436d9a6e5919479cc6e53887dd8f6ddc105234a521110ad8a20127fa1ce9fdb0785

  • /storage/emulated/0/.am/log.txt

    Filesize

    70B

    MD5

    d4cd564602f4ec928ebb74c081becda0

    SHA1

    4ae287bb1548a420d988af9a2022e87eba4c8094

    SHA256

    e20467419241349bab497d3a7375cd54d165b38c5b15e684070ac4bdc6ac4d1e

    SHA512

    f54deebdb883ee1bb8a851686ca2bb2fe7c08c7448e10de05914a8bbc93aa7c3f323e569217d085ab882ae8404fee00025fd50de6a626954adbe576673906653

  • /storage/emulated/0/.am/log.txt

    Filesize

    164B

    MD5

    2afc6003d99984088e9e05ff79c6bf0c

    SHA1

    3c0506468267acd0ff7077818313ce917c79f2a5

    SHA256

    81bb96ce5d3adeab1034f87f0bae1bf1a4626ddd30c6384ba10be9700235866b

    SHA512

    b914812a43a502974b51d843138a7fdc0146d82a2d0e461ddb55e41f51cc57eefe2260ae555ff82484a6369c6d7c5225498bbf574813f40d529d9f6a38528782

  • /storage/emulated/0/.am/log.txt

    Filesize

    132B

    MD5

    d121cc9ae4233d45e88e13fd35894ddf

    SHA1

    46fd19b6b9ed225393e5f3d5e1b7236bfba26138

    SHA256

    100f4322c2ab96e679347d08de9eebc3a914683f6fa84777f786c2ee093ee2c1

    SHA512

    c3403c8c7a2db352078f46af270445b4d392a2eb79a7db4aa4a1f769a32616b3a267bdbb2f3c5d1989d23fa845c714e3b9ffc6de767dbd68d73a2356c0946837

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    81B

    MD5

    b8b5f3bfc09d894b59b046a334c95afb

    SHA1

    63553f7add999d1f9279baae996086f6da7e5c63

    SHA256

    724cec8037ad196328560e2dee682aff4e295682d738789468d8123e9d447871

    SHA512

    30d8ca6f0c05b027d1fe1504a5c95efb8b48ab61a8da85fbe49fe5c24cd23266450e95e48cc735244e764019c6065e5b8420d615baaa39d3abc6489479f66b67