Analysis Overview
SHA256
9ec6dceadbaa0b9506a878b50ed5d751049cae020d3e539bcfc36e2e8b19f9e4
Threat Level: Shows suspicious behavior
The file LuckyPatchers.com_Official_Installer_11.4.2.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Launchs application installer.
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 19:17
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 19:17
Reported
2024-06-11 19:17
Platform
android-x86-arm-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 19:17
Reported
2024-06-11 19:19
Platform
android-x64-20240611.1-en
Max time kernel
50s
Max time network
94s
Command Line
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
ru.aaaaacab.installer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | chelpus.com | udp |
| US | 172.67.182.114:443 | chelpus.com | tcp |
| US | 1.1.1.1:53 | config.unityads.unity3d.com | udp |
| US | 34.110.229.214:443 | config.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | webview.unityads.unity3d.com | udp |
| GB | 18.165.227.78:443 | webview.unityads.unity3d.com | tcp |
Files
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/AdsBlockList_user_edit.txt
| MD5 | 302f7b6d9a4ffeccdda9ef94184c8326 |
| SHA1 | d4038ca0629f57b7e5c4056e74a395e5598aa16a |
| SHA256 | 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe |
| SHA512 | 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/AdsBlockList.txt
| MD5 | a39d3e83724992bacc8e8618952cd4ba |
| SHA1 | 7bea1709ae2ae49bd4178fddedaeb04414e447bb |
| SHA256 | eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462 |
| SHA512 | e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | 923c0b707fc6143d0b75cbf86e840d49 |
| SHA1 | f5363fd8141243e374b3514362977a5ff3bcfd6e |
| SHA256 | ec40c78778ebce302fbd24c87418b59fcb947302606c7e7f019133ce040f0c03 |
| SHA512 | a5616adf8ac3f6a131e1f207385f6e54d66e17147ade4f0e417e37c2c82a376c4e2ffd32f0d7f41b230ce35d015340a3728ab9a5a6359ddbffa6ac0c0656e848 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB
| MD5 | 342027a94b8e3bb8fd7bf73ccac0a689 |
| SHA1 | 155ae7e5575205bfcee17f763255349424e3df63 |
| SHA256 | b95bc8a73fda90363a09013bfb7ecf43a92be9fc4f9f56afb63caa4f8529b953 |
| SHA512 | b7ad45b395b30fce7e08475616d35796d18f84b13b0e2fc0ccbf54669e8722ea485b81572d24d7ac12b99562005a3f63833b05708ed09e8302ffb0c7601e5c11 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | 2d9242bdfa6583b351dd2fc2af1b73c8 |
| SHA1 | 5f2aeb8436a87d6beb9be37c47cdb3adc04d714a |
| SHA256 | bfbc665ffb5315b46c9ca9408f63e821b1a4f29ff864739d63aef12bd3f922df |
| SHA512 | 998e0ef06cae58d48b5e24c40d62abf16d3a448d24a3963fc42e459618e1ae63ecad5bc0791fd2a342cbfae5f0491af4fa56a6aefcdd8b4f82c6ef6a335848ed |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | 21c68100fa50ee82b936612b82e17b1a |
| SHA1 | c53bc16f0a0a3373e10e3d3aa32d7f845e649cf2 |
| SHA256 | 26c911c4122945a51d970ffdf54592a8984ff7b04b6eee882f1bfd436e83b78c |
| SHA512 | ee9b92838fc958c6143980938f6e3e950b83c36235806d5f212804700ecf7da92e45ec0da8aec9a98c3e9b7c5cbe29b22d7ae55589d57bd93092ef5a621f4636 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | c2b48a428cbc15d214898b5064c6fe21 |
| SHA1 | ac95523fa582eb0e8ce96b8cfdfa40798d19caa3 |
| SHA256 | 886ae9c93cbe7e0a727e06fd4aba92ad28d0410d8e34481c180b3329b121061a |
| SHA512 | 58bef25e57284ec701dbb3fad87c45b3187a33f0d6958ef78c04a9db001a45fb7cb85254a5537a52e50f0290fff77d3a97983415766d68e2325f092d8f165cb7 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/classes.dex
| MD5 | 5146a450e58186f991cdb5aade6c860c |
| SHA1 | 1789b2d310c66977945bd492b33fd0331cc689b1 |
| SHA256 | 8a3b444690e73d8bda73acce7db3754c41b7685e79394335bd7144074652a006 |
| SHA512 | 10881c00fe8da9121d479b9c2b19a33cb6a9a1c27bae0e65a0f537a07fe35f5cb25e9bbf0512d10f8d0fc4ca799b2edb4410156aa722574a70661f594a96b62e |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/AndroidManifest.xml
| MD5 | 831c386f0071298b9ca6fa3507cfdbbe |
| SHA1 | b5ff9e2f5f87ae13664ecb75e0be5c8b97134dc1 |
| SHA256 | 3c073eb1c7df6794ca3f6826aa506f50784cddbc423ceb1547edd33194441edb |
| SHA512 | 1885b4904547714929f6f8183c0ce1d40104e1d363dbd123959af16fd9bfa95c01bbaa1329aa4e5c9a93aee0ea5bddda2647b616fc2527a9065078fc3d17972c |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/AndroidManifest.xml
| MD5 | f60f332d5835997cc0ab9d58682c4e18 |
| SHA1 | d4f09f66f20442ca914e4e5eac6c58434361332b |
| SHA256 | fd8ff780571df19affe4d9d8d3eecfcee5c7299168c8d01793bbebadefcb0192 |
| SHA512 | 38f77d8377354cd88d8d1e55c9dbd94e02f2133410f938c11eb9fa73324fba4a0afa0e8e60630f5c12e5b3f5aafe23b5b97f2b352e7346df931e5bd86d6b25b4 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.pk8
| MD5 | 1823e4bcadb53e275a8ff8e1b261b7ad |
| SHA1 | 92de052cb804dea75f9815a66d7d3f6f911cdb63 |
| SHA256 | 495675d32e89a149d5abe191f4e9c0e218b9068714e9b53a7c91e164a0741a23 |
| SHA512 | b0d46eee477ae57c4dcb417f4f5b7b51691620c51603ed9097bc0d1e39ce94a2d7ade29d1ab80819e3639fd404034dd025c13c824d9cb21ae71ae366a2ce21b1 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.sbt
| MD5 | dab2cead827ef5313f28e22b6fa8479f |
| SHA1 | 74054568f9bf25c23e59498d3458e4d98fbb4b5f |
| SHA256 | 0c234449bab53af16510e32102ab99b861a8c5a575cf1daa287d5f25010eb3a6 |
| SHA512 | acb7ed9422761aef8995b221aeed72e1bae35ca2ade9f3aafc2abf5c2952669c90fef9d11ec6ecb24d4118d7fac07d46bc941dfdea61b2285f54ee8a1286be49 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.x509.pem
| MD5 | 4033dafc873dc7271e205b83cc9b4b17 |
| SHA1 | ef543a467d830d9975ccf0d569a7841c8b5df988 |
| SHA256 | a4384ba815b9499a5ce349b4e33c1755278873fe2eac150a068823f526e6dbde |
| SHA512 | 6051af324ad8b3837086092f213904b26d63cbd9bcde46a75bce6dde69669ae418c265ebc91c1fe163ea1199959f4b594d982d4e38c201895a948f9490357ec3 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/install.apk.temp_for_add
| MD5 | 544363bd89bc7c226d6f5e8917052026 |
| SHA1 | 54da3b42d53036caf8f031a329e1df8f6338e3c0 |
| SHA256 | 3e9a29d456eb2da1a333933ea98db794363c620c3d70e6bfc8795802168c34f3 |
| SHA512 | 6d7416c6179aafd1254fceec7b7da1babedffacc4ddcea05719d54476a56da6c13d36844fe3ad6d34ab71cc35e61a2168835a352ff713aa8729fd99b0cf7013f |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/install.apk
| MD5 | aa229d589fd602403511270dbe0d6d48 |
| SHA1 | 958c3f8282f6e1eaa4603cad1a000a91c32d8fa6 |
| SHA256 | 96e41e9c2a7c7d2caf172e520c23000ba48cd37dce81f883fc081d546486ec01 |
| SHA512 | dcdd3385c5149d5c720d529a343582b84aa5cb503fd0d58f420cc8a433d4cabaa8b2b4d739d4af660ed4515e7a062513d60e6b75253a384b357ad35604b26f03 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | fb210d7033952386da76f31413856b40 |
| SHA1 | fc092a2c8f697482adbdc8b52799d0f5830de0e2 |
| SHA256 | 863875437e49165cab315bba74d2b8b8abc311eee5f4461d2d84ce8e184be2b2 |
| SHA512 | 7e05a4aacebd51bb579a86acefb6858a0339b9309fefb3344b30d3ff8c3635da63ebe83450cfc34b611ca10ac2752884457b80c9f46bb82b97c6ba238ab9c514 |
/data/data/ru.aaaaacab.installer/databases/PackagesDB-journal
| MD5 | 6da25931e46cd9eece3255f31f7198fb |
| SHA1 | b5bf3fc438e71bf11e8fbb989b60761565d2da63 |
| SHA256 | 0d12c43279def9eb401b9a283b07a01b1fbc05b94e809c023a3d697e4645ea6d |
| SHA512 | b9ef1204d1ccda2dd0250bad5a9473868dc509cc2219a36ea0b26b240734fcb5468cd234694e651a2dd2849f9520aa218d9cdede5e4d31f95d2a353ee20294ab |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 19:17
Reported
2024-06-11 19:19
Platform
android-x64-arm64-20240611.1-en
Max time kernel
21s
Max time network
100s
Command Line
Signatures
Launchs application installer.
| Description | Indicator | Process | Target |
| Intent action | android.intent.action.INSTALL_PACKAGE | N/A | N/A |
Processes
ru.aaaaacab.installer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.212.194:443 | tcp | |
| US | 1.1.1.1:53 | chelpus.com | udp |
| US | 104.21.59.188:443 | chelpus.com | tcp |
| US | 1.1.1.1:53 | config.unityads.unity3d.com | udp |
| US | 34.110.229.214:443 | config.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | webview.unityads.unity3d.com | udp |
| GB | 18.165.227.63:443 | webview.unityads.unity3d.com | tcp |
| US | 1.1.1.1:53 | publisher-config.unityads.unity3d.com | udp |
| US | 34.110.229.214:443 | publisher-config.unityads.unity3d.com | tcp |
Files
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)
| MD5 | 302f7b6d9a4ffeccdda9ef94184c8326 |
| SHA1 | d4038ca0629f57b7e5c4056e74a395e5598aa16a |
| SHA256 | 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe |
| SHA512 | 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/AdsBlockList.txt (deleted)
| MD5 | a39d3e83724992bacc8e8618952cd4ba |
| SHA1 | 7bea1709ae2ae49bd4178fddedaeb04414e447bb |
| SHA256 | eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462 |
| SHA512 | e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/classes.dex (deleted)
| MD5 | 5146a450e58186f991cdb5aade6c860c |
| SHA1 | 1789b2d310c66977945bd492b33fd0331cc689b1 |
| SHA256 | 8a3b444690e73d8bda73acce7db3754c41b7685e79394335bd7144074652a006 |
| SHA512 | 10881c00fe8da9121d479b9c2b19a33cb6a9a1c27bae0e65a0f537a07fe35f5cb25e9bbf0512d10f8d0fc4ca799b2edb4410156aa722574a70661f594a96b62e |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/AndroidManifest.xml (deleted)
| MD5 | 831c386f0071298b9ca6fa3507cfdbbe |
| SHA1 | b5ff9e2f5f87ae13664ecb75e0be5c8b97134dc1 |
| SHA256 | 3c073eb1c7df6794ca3f6826aa506f50784cddbc423ceb1547edd33194441edb |
| SHA512 | 1885b4904547714929f6f8183c0ce1d40104e1d363dbd123959af16fd9bfa95c01bbaa1329aa4e5c9a93aee0ea5bddda2647b616fc2527a9065078fc3d17972c |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/AndroidManifest.xml
| MD5 | d670d933e5fd3c4e8a37168423e43af4 |
| SHA1 | 17e77542715e054340219fa3d47f0294d95c72e4 |
| SHA256 | 8bac923fcad2a9805074e393adbb7730d1356e12d4ce241043d9472c00f4ad91 |
| SHA512 | f9ad69ac6f77d5cb4f5cbc8fe923bc875fe862e138f2a9e12b3e19fa1fce36ae83a47677724ae9c893efcec392bdc41cfe2f1043f4eddbe6fb027eb8eaf8217e |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.pk8 (deleted)
| MD5 | 1823e4bcadb53e275a8ff8e1b261b7ad |
| SHA1 | 92de052cb804dea75f9815a66d7d3f6f911cdb63 |
| SHA256 | 495675d32e89a149d5abe191f4e9c0e218b9068714e9b53a7c91e164a0741a23 |
| SHA512 | b0d46eee477ae57c4dcb417f4f5b7b51691620c51603ed9097bc0d1e39ce94a2d7ade29d1ab80819e3639fd404034dd025c13c824d9cb21ae71ae366a2ce21b1 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.sbt (deleted)
| MD5 | dab2cead827ef5313f28e22b6fa8479f |
| SHA1 | 74054568f9bf25c23e59498d3458e4d98fbb4b5f |
| SHA256 | 0c234449bab53af16510e32102ab99b861a8c5a575cf1daa287d5f25010eb3a6 |
| SHA512 | acb7ed9422761aef8995b221aeed72e1bae35ca2ade9f3aafc2abf5c2952669c90fef9d11ec6ecb24d4118d7fac07d46bc941dfdea61b2285f54ee8a1286be49 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/Keys/testkey.x509.pem (deleted)
| MD5 | 4033dafc873dc7271e205b83cc9b4b17 |
| SHA1 | ef543a467d830d9975ccf0d569a7841c8b5df988 |
| SHA256 | a4384ba815b9499a5ce349b4e33c1755278873fe2eac150a068823f526e6dbde |
| SHA512 | 6051af324ad8b3837086092f213904b26d63cbd9bcde46a75bce6dde69669ae418c265ebc91c1fe163ea1199959f4b594d982d4e38c201895a948f9490357ec3 |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/install.apk.temp_for_add (deleted)
| MD5 | 24d4501248f939490bfbff026eef3aa8 |
| SHA1 | 7044722f751faa2195a6ea157d8c9f69258c55c0 |
| SHA256 | 26bcb36a9554b4d57a05fc7705019af0a9d9252cc8398d11a204046646e1673c |
| SHA512 | 6c18b7de05f96d7b9d1544ff026c2ac6dcacc90ec1eead4bec77e856ccd6442b54c8d34532576e8e6061076e394074aea570c3726f09e1194a6e69a7b5d3435a |
/storage/emulated/0/Android/data/ru.aaaaacab.installer/files/LuckyPatcher/Modified/tmp/install.apk (deleted)
| MD5 | 1b1132d79ad758ed5e00db72f757d33b |
| SHA1 | 4e3061d53366415afde56da284f58e88c9d53231 |
| SHA256 | 0ea65058f19bcbec18041ea516e33f2195259929df7193f70ba966df63a58f83 |
| SHA512 | d28a45027015e5ecbd808096a6350e4951311043bb152a64da7417c0ac12c3d55b0056893263a4615c8f2875bfc74bb15f2ec83f6ea516b0c1a1e0576722dab7 |