f650d333d32fce85a906bded4fc57213c90052b08f9ace1c0cca5e658eeb7432

Analysis

max time kernel
172s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27-07-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xuwexi.apk
Size

3.0MB
MD5

a38a3000393bb258f4308a7ca69b7d0b
SHA1

6bcb76a2f0f9ca53aa7391ee4a9bcf30f3df0eea
SHA256

46af9709835a5d664094a40c2922af519e39aa04324fc57626f4cfb1dd62162d
SHA512

58ef0a50eb2ecd9d2d8c6196c45f716cad2faa8a18cc7aee21d9c26ce7e8e0041a6b7111c931fead6a8c444b89be850ebb24e27f1935549315f5c28dbcf9a6c7
SSDEEP

49152:wox/YEdJsYI0xkzx18pUpzhjDzgGGUc32Dkuk:woKGKRGUc324uk

Score

7^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests uninstalling the application. 1 TTPs 1 IoCs

evasion

Uninstall Malicious Application

T1630.001

Processes:

com.civexefati.output

description	ioc	Process
Intent action	android.intent.action.DELETE	com.civexefati.output

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.civexefati.output

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.civexefati.output

com.civexefati.output
1⤵
- Requests uninstalling the application.
- Schedules tasks to execute at a specified time
PID:4492

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Indicator Removal on Host

T1630

Uninstall Malicious Application

T1630.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.civexefati.output/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
0f6f0077baf20e5402f333297d371f86

SHA1
5ba383ec6db502bd41e20684f998d804b947d9b9

SHA256
b1b5c43520e48b712e85511c3513ca7e8f0edb3190f4fa442b5ea9953b673858

SHA512
ab36834961ae1daa2d307e05e8943020d1483641c94f4fb6a3d7fc1b0247279206cd7de80ee2936c26963f44c6e5e56f204ce9d0ee79ad4be367fe36b8a0cc18

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb

Filesize
104KB

MD5
686ac943ba91b90b3125217b082aa0fd

SHA1
35cf1fe4f62ab904f7c355ffe16289e9bbdc1483

SHA256
fcce753d3b6523147f69fab65315d734b466d394225a545fc50b8da4ec5b64da

SHA512
7859363f0bbd6a82104fe72083ecbe35b0afcc866ed2643f164ea20374228426035f3b88882c62f002e2cba7ba055881df8170b528aec9f340e69f6a5a432bf2

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
9175842e84e68bf7ac32def07ce14b75

SHA1
34d7cbf471b33b5130934166b3b4f06bd6942950

SHA256
651e497fd7847816c78f7823cc57a044e00d3088329a522f275d9ebdfc9c1b3a

SHA512
9e8cfda49ec6e2809f22347255b895baed758ba675535aac46ba969b9648830776b0c0265e8bcc8576203e93ee081003eee7f1703e69d953ecdca33d33bd1cb0

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
90f998ca5233ac594284f1db42e5bace

SHA1
456351614438c80e6dc1b2004f2177dc0a4367db

SHA256
3adbbd5fea47d9231e6562ffd2842cc5bda638fc6dc492a93f68ea72aeaffb60

SHA512
e340096ca3681ae5ee2c14321a0506c1f123525982662bd10e58eb6630c5d5274fc45d999c99a80db412515a5b8b917cd7cecd2596c8923501f76b072175fe77

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
b70a7898b4dc522ef7e4e6300988871d

SHA1
66ccc206bfdec96a3c81ea989f8c4e9275f66189

SHA256
4199e552cf5299b28ee14117899cc74a0109aff140181ebb504459f25041eb31

SHA512
85519a71ea7cda1e4de060664e160379055af7308570012a1e4fd44ec5f22b3f6ad78ede0e33ebb800e6fd922669997f164d5c61c040b4039aa9089bade50173

Download Submit
/data/data/com.civexefati.output/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
4bc33446ede1b85e8fb9028609b8756a

SHA1
21f15fa7b48fba78db4fe225013b451f64e455df

SHA256
8ed28cf53c40356e0ef243c37045326d8b1c963e148ed75f7270cc035d71365a

SHA512
fa362b458e19dfd2a2fe57c107af592bad670ff7437be6f753db8fc9b7e2a9c1395b884cab110f1fe7e11f67b71238a70c6d4484ff85c0b517a3fcba7dcff855

Download Submit
/data/misc/profiles/cur/0/com.civexefati.output/primary.prof

Filesize
1KB

MD5
994cade9d899e8c4cc987b80fecc58b5

SHA1
84a60f7593ee681005f38f10c143c51938eecead

SHA256
aa3aeaa7287ed5637358d1e3815f7fcdc574ae8365b3d337e72ae5802cf2a83f

SHA512
d1408dc1b4986f401717207c68e5b11d46172531f9a0d20f95fbe12d82bd13f4d8c7acf92df16a3f547845ef4b1b437dec1f087fe00a25a37d350b8112c496ec

Download Submit