Analysis

  • max time kernel
    167s
  • max time network
    177s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-07-2024 01:53

General

  • Target

    ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772.apk

  • Size

    20.5MB

  • MD5

    69a3362a56aceeae697d711b85ea1bd0

  • SHA1

    05af8c183ee7934be6bb1077992be1aa79a4d17f

  • SHA256

    ae4e024bce0ae2f7577d6eea4b616c585dfdc48daff98ecf24a1e36c60690772

  • SHA512

    75f50d474571b4d722d623f7d74857fd831553f941bc5fe7b7b5b310ee2c8367adca0f4e32ee44ba9c5d945e76b8b6269d4197dcbd5efcea245dd6da118ae61b

  • SSDEEP

    393216:/rTNsZsJA35z7A79L+piJ1mbgafiubcrZzbfT9i/zVN2I+TXu1qKpPbNiRSKcsaT:vzJA35z7c5R/mbBffc1z9i/zVN2Ike84

Malware Config

Signatures

Processes

  • wzfj.mxwub
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4257
    • su
      2⤵
        PID:4299

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      96KB

      MD5

      98a74b817983777721192314a4191b18

      SHA1

      26a265d8592d17e23d22e38e1a174be2c42e9af9

      SHA256

      edeeffafec0d3fc401c34f1d8a52a7b4e346a61a98c9c1665bc0518762be4730

      SHA512

      c9eb1e44917e29462509aae90c90f2f7e1af8afef765925e4d4c5b6046c18e584904e3dd89128731c4809e82720a0baaedac8046ab40e892c981caed8e7c5925

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      96KB

      MD5

      b7f7997004d519afe9f5efa3e5af5c6c

      SHA1

      08c2a8e16eabe1fefaf7928829aca8cef187686d

      SHA256

      a6ea8ab0064a5b581944ff2015bb76b178cae7fe23eb99d4b401080ee98c551e

      SHA512

      b54e87741c73a55a455bd9fc620720387ac2da66eb1bc34eb238d86c841af1ed5acb59db2bed5535403173bac5455780ab853170d68191287cf119b7747cb937

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      96KB

      MD5

      752ba3b7a91b2a3557dab8cebfb695e2

      SHA1

      30e6e472939c96460f28420fa76278f58aa24a8b

      SHA256

      5d2c74a102b3a9851f412a1116684c5ee1b262c96d10f401a65a6ff3bf483b87

      SHA512

      9e349b920e9964411f7f72c3182c41ae80e25459819fcc5cb37ffde2791e09b1223390249d83aefd768842466f65bbafb2a10d339d2a06a6dfe2196af5f073dc

    • /data/data/wzfj.mxwub/databases/SettingsDB

      Filesize

      144KB

      MD5

      9359c53a8ad5f0a17e1145d888c1fac0

      SHA1

      cdc9f8178120427ad9829efde6ad6240c50a0c7e

      SHA256

      7f763cb05606d37d20d4d1addf33e38ef5e63ae1d3ce4fb15ff4b25acab0256c

      SHA512

      4cf8316b6075b7a47e5d92a51a2b50c54f9bbd9c4ef7cae2d12958a75e18badc52c523c291ebcf6252760d9b9da31f686a9f9cb62fa469e74cd9abf06923b0d4

    • /data/data/wzfj.mxwub/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      5b35468ab47bb1f358bda22b528d9ff5

      SHA1

      a640cd1fa28cf24ec0ad124bcf0ec98a1fb77edd

      SHA256

      b9e16eb388ad73d9ed9e148fee7e23a850e702d72767fc099927547515a54e10

      SHA512

      1a0c6d882ab0ea8df49d2423a3ae3249456214a93b0663a6d76e79cb8f12f5b7f4da48c4759afdc584149591c80c1e8edb48cd96d642c357c267151e8bc7fd2e

    • /data/data/wzfj.mxwub/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      a3f991434d3298d715d67ba0a4e7bb45

      SHA1

      c37283160f679c75ac3cbd5171f871809ab48a63

      SHA256

      99692e0ce08d21c994b7ed503c7a3f918e8f0d44db4c35b34f8e986c26707c41

      SHA512

      9230f85a85ee45d93082bd2fa961c4bd73fc9054fb4f0211185f40293582643a4b7f5aec5f967ab35b29ec3c0f1b44bb15e547b3cdab10e0507c2c81d3ba0cc1

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      d0493c6c3e89b58e3347f89f6229e472

      SHA1

      0761103fc8aabcb882702c939f73ae64ab5ae30a

      SHA256

      de58976bf9890e74356188c614d4c027c9717eca0672edc9abfae6470392e216

      SHA512

      87f0d2efc1a1a2b8ca08587bf8a13e5d89ecda585ff348a824526303a1f39e60ce5794cc4f791219f73615a0f0a4d749b974acbbbcca242d4b7fe5ba40baac6c

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      103db8600f85a5cb399ca931020ca276

      SHA1

      b707128106017451810a9b475d2b76c1dd73ddef

      SHA256

      48f765080aa66864b0820e7355f60ab89d324bfbbf5f1a65df43e34fdd29b2cf

      SHA512

      19bce8cdd63e1e15b6e9024f28a7972f0f80735daa1e6e65d9f5f5152626514729a47404f5afb8fef2198e67e617c53a5cc3710cd81e7437d782f5845f4b9906

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      acfae39eab21f0f85295ebb291d5883e

      SHA1

      6691c22c72e6a55fc6f30bf1190053adbd7d5d4b

      SHA256

      8829c64ca9a16e7e42c51e1767e66909ad2c2de6a2620dc1e624f219021fd346

      SHA512

      3ad4826fa340a1d18d521057ff618427d77dba1750cd4045e9d40f905eb875d5ec7467f355e6ff50dbaaefcab733cd8ce299072167ae0fecc3429aac2e636b5a

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      4fcfa8f81d2b630d2056019072fca4a1

      SHA1

      318aa4f223436c74737adb5e8bac19f866b388ff

      SHA256

      4ea913a0d69b20e9c4fcf311c049621036c1c554c471e57243bc3cffeb3164e4

      SHA512

      15af1da3fb5274a30af8e8b6623a1500b680b643e9640170dea20f76f83889108eeaf60c7c89b4219d480c1d2e47d33116c5770b5d5a9329e45fb1ce8f85777a

    • /data/data/wzfj.mxwub/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      253cf7c2b38e45dcfb6f805aa389ce4f

      SHA1

      88a628dfa90ba14cc12b417d046a7ae58ae903b4

      SHA256

      121a01cbd3d3534c19a5a6094ad901d98af2426ca7ad2b24a998e59d8f587927

      SHA512

      032044c8121f0d5816cba7537573a93ad3dee5526b91de04ada4ec7a93f309b4f8bf1924296fdd9058c6a224f1f4d2e43f49fb1cd5ec852cf08b483943a0eab4

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      558d5aa7136f7b710a2c5100138d2390

      SHA1

      27b5a2c0a2ce93b2b9186dd3cb653ea5cca9e08b

      SHA256

      8f92f889d237db8c29741086d76b3fa430325c240801f3153a90b83c42640321

      SHA512

      4a9d967d95b41257c74e1fc692bf3156e84bf1aa7221898effd8e2025d1f2b19a5384416c69865165ae07d5ded4ff05590f9a5d76c3037112bb44bcb78a9183b

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      1e05a2d987a9b8ace6ec423e1de9ae2b

      SHA1

      8ba9fad037667f9a091541ac11cf4e27965d5288

      SHA256

      743e7d3660de8e672bf0d07078d8e540b1cdb17d216e63b8703fa180c97179b6

      SHA512

      1744113900cd787eb4ee34c9fe5b72dbefd4e6c334373f6f32adde0e3de22044a2cdb1ed9a6137e4dfdb7ec53a7b77fd5d059e07976569a30e192e680233d54c

    • /storage/emulated/0/.am/log.txt

      Filesize

      171B

      MD5

      7010bfb1f301280fe32bc6cbe01784c1

      SHA1

      53f6a0621d751ca1298ef38f0034d4e5b387df96

      SHA256

      78f84eb554249f72125e3b16d0ce317b89ac53b89eb1a8e6db3419e9d6f7351e

      SHA512

      061cc1129c5443f004efcfa2a5d6403a829b5a9e82a4139a5de3065f9072d4bad22ae68dadba6052287f3d98b72e554f16b1e632c86007a45cfa8c120450f79a

    • /storage/emulated/0/.am/log.txt

      Filesize

      150B

      MD5

      fc6d80169b4668e06cbe0e8f1f573da3

      SHA1

      da4e299a835a596cb8c4b4c3fee06b587a627fd4

      SHA256

      c40dfbb4a3ad0312ec3a5b85b7a40dfc2b02c646e4e3f41ce4a677255fe52704

      SHA512

      553a735e290d71a3c5534b2fa15b75e833fc8355e3334b7766e12877ffa6c67769b9e75bfc2dc5ea50b07e5c8ae5eac1c1ed0b812a97471f2cc74edc0414af5a

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      ffd5118752d842c4abcae0be976dcb84

      SHA1

      be02f9ae09fe00fa4f25fe4f47921a1d28a48b1c

      SHA256

      a0cbba5018525c9b9273140d177ec8832b03e2d8f7efe205b05b4c959d16e40e

      SHA512

      3d5a170cdbc0c85a4f0fe4f3028aa13ed142c3ef374b6f75a5ec898adfdfe1001406e7709035639dcd88484ef2e3759e8193a26dd7c73e385b3add9c17153a7c

    • /storage/emulated/0/.am/log.txt

      Filesize

      62B

      MD5

      5a939f92a3d984ceece41191c93213e3

      SHA1

      4f7e78e94c898addf6f560da3ff9c2ddc6e745ff

      SHA256

      021928bc91a288aaac07037ab23f52e766885c641ebd4cf93bd394b213e81625

      SHA512

      700c7f2c86bdf14daa2dea5f26fabe8adec23855eae1e1c38d6489b9d588d7652f342357ffb3a7dea5f331b0c6d58d6d682daa4f4f2dcfb694f452b9138f0599

    • /storage/emulated/0/.am/log.txt

      Filesize

      70B

      MD5

      6d6eaf51d937f56c1370088b83cc240e

      SHA1

      030af0b7d2f9e53450a728cd35a2a6a02223b057

      SHA256

      c18b998e0d87e8114dba44de26b1136f71f55155a96475ac18d085da05a532ff

      SHA512

      0c06bb9c704e8c28bec8066065a48f57a2d855635bf4d7400206f8153a8ed616fced283dc4506f9877f88663f4e442e2da7cdd35170ec8328e6373d59c14c222

    • /storage/emulated/0/.am/log.txt

      Filesize

      147B

      MD5

      816cc70ed584b692c7b3c03acff5e4a8

      SHA1

      b29e4232b74d401189203ad4c3aa9ff17b5cc742

      SHA256

      23bdda922a6347d324eae24368f42d665242aa1e9b53572f57d880f63663969d

      SHA512

      09fc71c82b004bafca46b05d53a7e7015d6354858740eeb4e76252a7863061ae6461a6ab97b6cb2b16378a32de50a2f68e9d749fb616debc92d4fb9396064f65

    • /storage/emulated/0/.am/log.txt

      Filesize

      125B

      MD5

      bec381cfdedaa1ed6322fb5b496c6ca7

      SHA1

      062b8027d52ea8b560c9ad24ce6de08cea26981d

      SHA256

      f1d65affcc69d313a6ef0dd9a459c5d2b84de0af23ecec02ea3340daa5a9f387

      SHA512

      a1a1b0a266c5c39ce5d9b4bf5d4fd9e2f8d3757ed256eac6672e7d1b7e9f72f18be01440d886d675244f504e4fdc4d407c6e31accb667ead6854158b0840c017

    • /storage/emulated/0/.am/log_.txt

      Filesize

      27KB

      MD5

      c0d3a8d73fc99a770ffed2763fcc7de4

      SHA1

      8a119a2bc64c4a491ac46ee0e6453e3e54470acb

      SHA256

      b9401512c083358da5dac4322fc6a89c49df135a7b9eaa864ef54dbc56d245f9

      SHA512

      767073daddbec50778915b149990f23fa548c39c1907003ada3b8319e7a1ed6679836fb7573059acff25a23e5231dd7dcc9599e59bbdd9773eb8b33f061b5453

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      60b490545e89f370cf2fafb7c8978c7e

      SHA1

      3e6aa40683ad5f1fb43b2689ca9050e3d6842928

      SHA256

      ec42f4b20b8172b151b1fdfd077f3e87aabb8f26a1e2110df625fe45b07f1270

      SHA512

      0b054f197634f307b1d2eca87d67860cfca29f79b36f57ce5f587994c64758e9fa8a2a7f13eb4b9ec3c9d1f2c5068cd22e0e3c627c911a200c2abccba930a21f

    • /storage/emulated/0/.am/log_1719885260280.txt.zip

      Filesize

      218B

      MD5

      cc090f5dd11824c94013472e6b97863e

      SHA1

      9189a130f6e6683a21d9ff5a165751ada632b24b

      SHA256

      8533c43277352fbb11193bc1f7d8f21ca351b9c55c4bb6391f266afde859af66

      SHA512

      c3f85fc378185644d07e198b21ac19efe29467294b38444371320f2e4e2f7ec250403f57a41084b2efa6b8ef31251cf17fcd6c3cb0f08643f26360d228f732ef

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      55B

      MD5

      101c484352bb59877382ea9109d6a681

      SHA1

      d5693b21c30ea1a15a8a9ab9c3722feab1d0b4f8

      SHA256

      06c108ed059bfff10335645acedb8d014706a2b9f0f83dbafc845f256fec6d2e

      SHA512

      e5cebc32bc60d69dabebe614ddc441426c8f78e717c08274dcc227b2974b5b4f449d5507f7d48924f169084f71c5e4021dd2e11aee0cbc4196dcda537b554af8

    • /storage/emulated/0/Android/data/wzfj.mxwub/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      13684d2547f64dabfe299d1c6553a05f

      SHA1

      b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

      SHA256

      3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

      SHA512

      e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

    • /storage/emulated/0/Android/data/wzfj.mxwub/files/Download/mch.apk (deleted)

      Filesize

      64KB

      MD5

      14e7336bfa2b8d361e2c973e4dcccb85

      SHA1

      ec79fd59e40d271ce33f7bbd7c087ad3437b9d5b

      SHA256

      46189157904a7b9acdfe9627515ebf3dd7f922fcd9f92e05ad402c9349c0ce8d

      SHA512

      3f550a5620959323063cafefe98aa6cbee5bbd3aa91ef20b9dfe6e210d15d63b3240674e898bdf8730a1c3e1cc5fe8f670f604b15395f0b81746c0ac84abc62e

    • Anonymous-DexFile@0xd1935000-0xd1bc74e8

      Filesize

      2.6MB

      MD5

      1b5d7af0d254b409f3abad6d01570547

      SHA1

      7c496db9cb7bfcdb8832246bcec5276f5a280c75

      SHA256

      e2f0cbb3e3ae65a8b8289743d576d21db62b62158922993759ada8479225fc34

      SHA512

      c1f2f5a61fba8d3333d1b65eb4e1c536cb5660239f1d32183610cf463dc300a896e7b8fb96ed324946ffccb88d29ca03590e07535d4d426ed2a88b83acc788e8

    • Anonymous-DexFile@0xd1e4d000-0xd1f78250

      Filesize

      1.2MB

      MD5

      cb16f947895faf71d09cb5ad792b0e35

      SHA1

      c1dc4f7d5942a9dc0e1f27bad9239a4b4e8f49a7

      SHA256

      e884e38eadd126d05e90daacf4250127ea46787315a235296d3c9341c2df3bef

      SHA512

      8ed0d22895c375649c7eee45c2911d816d194ee36c648e8cf84805dfff0889602bb3d17b376d2e4c73fdb0df23002349df0a872d8e18fe219862ad06970aa2ba