d261717413e4674c65ae7e9176757c2d2a5264da8017f10adcfb7f090bde53ca

Analysis

max time kernel
179s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
21-06-2024 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d261717413e4674c65ae7e9176757c2d2a5264da8017f10adcfb7f090bde53ca.apk
Size

2.6MB
MD5

9bd3c26f5acd942822985b71b013eb5b
SHA1

97a872ef553bef20f1ac5953c983e6650a9e6bd6
SHA256

d261717413e4674c65ae7e9176757c2d2a5264da8017f10adcfb7f090bde53ca
SHA512

dcd7acc837432cbccaadda57165df1ebf0416fa3df64d79389c6e9938977b3ddf39fd416044725db2bab9701e12e557a16d16fd002b2f8f4a5e072c7d6e3d95c
SSDEEP

49152:XZxQvcHiuOVHCluwTpQ4YDjrBh0EjAKjyZp3En19X7tp/cM2ob/p4QSOjccmo0xO:XZxQvI5OVicDjrBaEjgEnjX7rcM7SQSS

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	uqc.hiuigu.xibgex

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	uqc.hiuigu.xibgex

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	uqc.hiuigu.xibgex

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	uqc.hiuigu.xibgex

uqc.hiuigu.xibgex
1⤵
- Acquires the wake lock
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4270

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/uqc.hiuigu.xibgex/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/uqc.hiuigu.xibgex/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
236cdd8fcb76deffed6c08013aa0ace9

SHA1
94f84b3bb79b8c0f5bb982a962c158a09b77a1f3

SHA256
0da95cb45b0b5e01984fc96adf501ad354d30ea83b57d80c3ad1bd90ca4caa48

SHA512
95b53cfb4fc6c1c408830821bc6679250f3c89f9c0f2845235d2ac86125296bc4034f6d9ec2e78676a88f73b0e8ffa60189beaf88586eb6c0ac371ff2e63adfc

Download Submit
/data/data/uqc.hiuigu.xibgex/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/uqc.hiuigu.xibgex/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
4b035e42804fb1d585f63e90cb36dd14

SHA1
df66f6b396dc422dc302757c3b9cda63a7e8a005

SHA256
8a4baa1fa9e7cf146f96850362be6db179a798089553b09e069f4872cfcc0b95

SHA512
87bb5521dde337e2a45810864940892b4900584813a301c351983ed77236c21a4e56811a6a4dca8ec912c99a1440dbe7f1f136450ac9ebbeb4659b308a186ab7

Download Submit
/data/data/uqc.hiuigu.xibgex/files/PersistedInstallation3563479171182673657tmp

Filesize
569B

MD5
ad5dc8c4ed91cd2b04b147a849f7d518

SHA1
78be179b5288fef62238e5815e10fdde3affc277

SHA256
6294cada1d688cc8bfef9234b997a6054908c6b870112e5277bb1a8876d3c288

SHA512
fd6e0b1d642dfc428cb02ef4f5bc074261621eee4a6fd77f37f9a2524e40f140b2fcad5388c23dcfbe62870fbb9116d4187163aee23abc65d8771643f7d474f1

Download Submit
/data/data/uqc.hiuigu.xibgex/files/PersistedInstallation8220967512929229043tmp

Filesize
90B

MD5
0596f5fa4925e3b1b5f632df0253542f

SHA1
f7b6af7ec079cda765744177b10571a7ee53241d

SHA256
653de7c5767154a989e1dd4e55b6d6834c4053868da01291687890c18dde3921

SHA512
a8e279ff36ae723a267f6d7d759d3f1e043529306264a8824afc66085f9f9330d5101568365f28452148b08a7e1619260f986ddb790fad979714ab69fe8f125b

Download Submit
/data/data/uqc.hiuigu.xibgex/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/uqc.hiuigu.xibgex/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
df483ea57fc8d71f3c12a6695aef7383

SHA1
a52eefcbcd223a6d5027672112072dc475fd750d

SHA256
64dcbf0105818efdcf7f396e7e82dc30a65dc2fbc0afb52c139cdce8d777ad32

SHA512
df41820d269c03fac67a24b6b586e432d399f284bb295e246381dd19310bc8dc03b412fb9c70cba69530f6e2aa4d0e7411a2896e8d19d7ba3734e4dc719d192a

Download Submit
/data/data/uqc.hiuigu.xibgex/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d0f47b3b5d89e0543f2bad40b2da1acf

SHA1
bb6f74185e3102764b58ac06471ff765b1aa4b94

SHA256
afd1f3ccc8129bf904b9717deb28a8c9c98f12fcb5f32b3c551899907825f8c7

SHA512
d5012f64483ba0f0e178927677c852d29abb495e3905a827801a34ec967a090daf75e96f01ac55255a2b16966d2d938539232dcbea72f038a47910d0fa32db00

Download Submit
/data/data/uqc.hiuigu.xibgex/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ca670344ff191d6d99cff346d847db9c

SHA1
0c42776cd034070899efc6e487cb0c8ebbbd1f27

SHA256
c9447a51273db3bdd9a7fb9172504a5b0b66050cd52164264fa733f2bdfb22fb

SHA512
05282d5ca668abf003ce335a1825a8e8f13dd9ab04985614f3c81f2c60b3b2888f54439a91fadefbe1bcae07065af344a366dda0e3e2b21c6878e7d52b9b209e

Download Submit