b6d7db68320d747f0662761abbf6e8f8d96aad1779cb48b92854c9caa84d5905

Analysis

max time kernel
47s
max time network
97s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09-08-2024 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.celzero.bravedns_45.apk
Size

62.3MB
MD5

a687fe97c6a7566d38333e2e482e3e11
SHA1

488255ad7a7a2e9ca9199586f5e6bd1a1f678feb
SHA256

b6d7db68320d747f0662761abbf6e8f8d96aad1779cb48b92854c9caa84d5905
SHA512

8c0dcc172749191d7d44013fd1e2213ff79b9244b9b7847041c67f9c123fc9ab7a2893310f7bdc79f2deca5f854cf6acf10488b21c60ff7b0f70750e99fe29bd
SSDEEP

393216:pfjtXY7rbIrBFTFgRDyJGPmxAq6elOWRB3H1OfcDPSDVSg/L/fJOCuzGLMPPV3uE:p7tX0bdDUwm2M1Op4PV3dRy8RPO0f

Score

7^/10

banker discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.celzero.bravedns

com.celzero.bravedns
1⤵
- Schedules tasks to execute at a specified time
PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.celzero.bravedns/cache/room-copy-helper4227613974246831208.tmp

Filesize
184KB

MD5
bb29fea8c444ab913c28bebdab4686e2

SHA1
c3ca6801b4359567613235fc5acc080b7c7b1840

SHA256
835aa837890ca9c5bc7068ee094bc3240d5486d92d82cc0ec79ed725214d1f76

SHA512
875ac598ef36e15fffe27f3a753f322298cd72da63d893dd7f2733a38faf73e279edd9d549dc58d4ea7c16bb79d980957974ecb9e3ddabfbf5a359374c4895c2

Download Submit
/data/data/com.celzero.bravedns/databases/bravedns.db

Filesize
124KB

MD5
83fb25f1cceaf9a1308d3a81422283ea

SHA1
43ca5c4553c1f552de5698bc9038878297729af3

SHA256
d40ad0f7e916dec91f4dd38582a5b4d0a92b6346c6e44939cf26562ab40044f6

SHA512
c4b073d105d75e53f39fccc06eb517d4d19f5bbf614921788eec504616caf6448738916585d461a8100218c23f2fc8129cdf902465ce71633fe8e70a0447983c

Download Submit
/data/data/com.celzero.bravedns/databases/bravedns.db

Filesize
196KB

MD5
91ac12b33c3bf4fefdc91f4a287a6f96

SHA1
1373dbb921ce4c44f78ef99b0a6b9846f4653d77

SHA256
2dcbcc1cdaf69b1ba4d1b255f133dbcb52c5ae6ba4acff0cbcb3d2fd7d348690

SHA512
62bde5f8d94331a725b68e2021e64848b56a8457a55c054c2d6bc5adb227ed2099ea9a84c7c0a42164448e8b6d422f2838ca67402c3f7d37185e0b6a4b507c2f

Download Submit
/data/data/com.celzero.bravedns/databases/bravedns.db-wal

Filesize
12KB

MD5
32f291cc81f4115a702ffbccee3d5a87

SHA1
113fbddddddc7fc1433bfe5230c2e9509383054f

SHA256
96efedd36846c66b732882bc8b3b1f18138a141aa4cb611b03d723607531fe98

SHA512
1a4341f3af088ee7e492713c13ec97ed76c5219c8373452d99e4af84a7756c97800286236d95da78149658784f4be91696078747a682425183abd7e5a03450e8

Download Submit
/data/data/com.celzero.bravedns/databases/bravedns.db-wal

Filesize
406KB

MD5
78a01e13c89bd29333b5e420d0ea78a0

SHA1
01d09e301cd3fa645538e58c9b44609a726b026d

SHA256
787cd719bf5df1691b64a59e03af1caa61dcbce4eaa082e7a88e6c33c8a16098

SHA512
f9c521f64186b67898254a43751013aced535e3869e784e787694a650a7c8ca1a20a4006ca5708114f2f11855277e1e40815236915014cb2b9ee8ad405057976

Download Submit
/data/data/com.celzero.bravedns/databases/rethink_logs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.celzero.bravedns/databases/rethink_logs.db-journal

Filesize
512B

MD5
7993c584401ffc0083d088488c5ef569

SHA1
f6d2cbea8a60de7f93ffb448c4191e43ecff1daf

SHA256
f94065ff721de52667a6de5621c1a612496d557757694e282024ecfc9271bfe6

SHA512
0c8f2f6a59d106268d41e1dd5216f0b5a6e798f627658fbee03086800f1158e126d05df71a6bfdf7ebd4ea75b4682517e0e3634db38748aa426c9a242c409c7d

Download Submit
/data/data/com.celzero.bravedns/databases/rethink_logs.db-wal

Filesize
16KB

MD5
9149818b17094fd53c0314c5b9be44e6

SHA1
076077fab7b6eecd8108cf72f2d34cd2979bfe65

SHA256
600f4fa2b0338a015a7f94c7767c7bbf5a589825583ca520dfc8518db91e6111

SHA512
30e354dbe37f15acd824b44ccbb7c89609a0992858216f395fad0022554dcc2e98fc3fa5d9b8ba5e4db159389adba382dff2bdd09764b1a9d2e27949a25ba04f

Download Submit
/data/data/com.celzero.bravedns/databases/rethink_logs.db-wal

Filesize
96KB

MD5
1ddb2c49271167323e14d62cd4682fbf

SHA1
bbb88ef0c229cba1517748b618c292af3ffd88f6

SHA256
a5bed8cd1304ea92f6036a6a520b53bff84e58bc122c7782f39d2b62f146e02c

SHA512
64e6cb08520477b67a5670a7068c587c816321dddb884bae706d2336581fce26b7f936366573981cfceb13bb32ece9b8edef6c204c36e7c3d340953a14d2d535

Download Submit
/data/data/com.celzero.bravedns/files/profileInstalled

Filesize
24B

MD5
3fcd6f9d9b82e2fda77cdfb8583634b8

SHA1
f875a6d912cf5e06d5e42d6941a1bc5837794320

SHA256
08e7bb3ff81048c5837bd600bdade7760bf3f341013a906d1616f0be05186c0f

SHA512
2e76fd75bcdbefc2e9be3cf78b4261cb284cd43d23774100c063cb2135ac1a73ac365495904bf1f7c7981f378585c89a0dea358a5e6691ca4bcb43fa682bf57f

Download Submit
/data/data/com.celzero.bravedns/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
3d03da6b0690b97d4ab7df604e5a48f8

SHA1
034dd26d29f72fd2346969491d1b65b75af1ccd7

SHA256
5f8825c040337379901cc42cfff6bae64f4a3ce2367908e30d39a771cb9ca97f

SHA512
7dd1adc8e7f009e46d1a5d95952b87b32d2f01383cb8c936aee9bab3cb4e5dda57c753b697105b5689322a0b155c9931eafb8709983bf6424262171682e2f472

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb

Filesize
104KB

MD5
df960ce3385e51ece65057a0b44668da

SHA1
a04d5559d5edfee570ef58fbd892015b3e930845

SHA256
0b5cc607ba7ca95af07e1bb9f581e6b8d86ffb08ebd18d49bfc05fb1a23f21d5

SHA512
1555192f60a3edcdda2cc579ae065cafba2491e7c47f70a9ef42ff469be71e6be9ea6217228f67b52a91ee7bd50b832be31fedbcc0280c4b1d04ccbc35d6729c

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ae8c1c85b179a1e53dbd8fa774099e2d

SHA1
a629e02f417a87d3ad315dc4d295647c9775438f

SHA256
724914b61ea98ee49536dc8025ab62dce46656fcb2e8051d24dae0e85fe3b4e1

SHA512
b0ee6cfb67dcf2bdb4ee0bdef118d07cdb69f0106df5a28f7780e7f7286967e2d3954b897e013e8fb84180615b6db0b37052769210ee0dde057dfc5e7a65cf8b

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb-wal

Filesize
406KB

MD5
7bb2c3e80790c58da3bc45d87a9cda8b

SHA1
13d189b78096ba95c67afc7cd6c4bb7dd22e0f4d

SHA256
6f236fb0c6c310f715a4f8df6614e501f9d5d9422dfafe1387f57fc2ccb57d61

SHA512
41dcf260c4c2d973154519d1367a271a121f223463c0de0c9362ebccbf7a9f4fb708d104f94153ccb7908f9f8f458b9f42d9e815990209dc08e81f1901bba0b6

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7e7d4fff561f48987cdc7b0a44af15cb

SHA1
34ef0b3cf8da0fed08b75c6fea00e2ef991a3ebc

SHA256
f771167b9253b5fe179c078f3e8a13a860beb5ccd3a03f04123f000a5dd30c6f

SHA512
8ac374c8497cac189166371e277aea412715dd5dd2ead361d4c91ba9c717e2ddaf2959563457f08349d3ccc319bc79e777c0562dcf73f2fd4b8fdf2add91ce17

Download Submit
/data/data/com.celzero.bravedns/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
f1c321f5bf8172ffdb52c68d38f09c26

SHA1
ef88836e7caf57902767e6021970db746b1f1a76

SHA256
a459d8ec4b51dc07fd8d6503193e60f81af45b55435664fccaf415165f89a775

SHA512
c87f1705d9b0d7fbf004044fcc30d6c00aba98a7e99f67365b12236d45b35db110cb8c886edac9e5d865350878d2ee0068a5ce049e65d77c058f344656bd0d56

Download Submit
/data/misc/profiles/cur/0/com.celzero.bravedns/primary.prof

Filesize
2KB

MD5
c88396d1362e0b60bde8a796dc323920

SHA1
a7c447e4421c78e407c602a704579d008274da1b

SHA256
e8094f2629265c18a2c06dae918231ad8226be05c28fe9fd10fa258dfbea9502

SHA512
a893abf1e5b3f6a241c58dd2a129e8dac19c8b20633cac4af154b74115d55beac25fc663ec57c6dda7e50801b1365f5536a6ffcbe6a0f7acd3276d2e3ee4df2d

Download Submit
/data/misc/profiles/cur/0/com.celzero.bravedns/primary.prof

Filesize
10KB

MD5
c378041b24753ce0a4da72482c1b9a3f

SHA1
7ec2dd1e36965f920198ced99ec57b23a231529d

SHA256
b7f15c76b706c45c56aeb1c6b98053b9493006d055998d5311adfabcd09e6bc1

SHA512
426d99fde2ff2da8552014e42e37ffd97e6ea4c7b55461c4e44121f108afa3a78f45458bfd24f12559013b610521b0cf4f9465f9f9a38dbeb3a81b1a7369cf68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads