Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-09-2024 02:40

General

  • Target

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk

  • Size

    20.5MB

  • MD5

    f95cf2c20d492d6647885e8428d808cc

  • SHA1

    3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa

  • SHA256

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c

  • SHA512

    3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5

  • SSDEEP

    393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ

Malware Config

Signatures

Processes

  • fka.ugsonrqogw
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4244
    • su
      2⤵
        PID:4289

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      96KB

      MD5

      3b357b7ea8d86a3e8228c352dcdd4bd8

      SHA1

      9579594b500d9362a42d57f83e1f0d4a50b8f91b

      SHA256

      73043bce153b3e0c40adea3e6ffdaad0bd38cadcb443ecb4a8ef4da9e3d8ae59

      SHA512

      e8c9ddcecaadb0f752a436b18371de5ea7fbf7a93df96fba20fe7e91d10c3e79fe16df39e18edc8f85749e054215c8e8abc7d5c43de18bee6b16a30819dbd4a3

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      96KB

      MD5

      d69f0de2aa993c43d5f12d61a298bfa2

      SHA1

      77bd4f455e3c90b45ddacb1f023351ea9d92606d

      SHA256

      277cfdfa3180787698ed8e6830f36ce4ecd4dde411766c2e104f21886c9aed37

      SHA512

      38ddaf48016f9a0b27facb30bc60844257b955eb9b220db0ce0167dad7256378765f7bdd5faac5c8fd1dc4bdbe6dce87ab73787433e382c008a3074cf499b0e3

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      96KB

      MD5

      a3d802698e402a270527d4ae5f7ba8cf

      SHA1

      4e4c9bfcb9103294a357496cca270ef606c028e6

      SHA256

      3b9c8431ff80606130198da094659dc94921304e79c17c7c13ffd5ab9ff1cd7e

      SHA512

      5bd54923d322dadcd5fa8514bac4a8808ee054e0bbd91e5f58ae98c3bb5115fedaf2026c1a02d0834e59377561e44c4742d0c294b10f2e1c40d57759ae07d448

    • /data/data/fka.ugsonrqogw/databases/SettingsDB

      Filesize

      144KB

      MD5

      e236d7f4a9a5e7f4a329b3f4dac9ec16

      SHA1

      af601dbc8264d0cdf8afa8c5f78faee19265d5a7

      SHA256

      a4f37db082d9da39442066ec11138f1e6cdb100821a339a6d9c2dfd5ff9b5310

      SHA512

      0a3a7fff62cd894294645289600fc684aec5856d2508eeb32539b2f5e97eb5aaefa236bc4583c37258a76a7a0a90799790d139b266fb07be12d14e11383982b5

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      5a9e4641aea84aa59611c33cec464cfa

      SHA1

      868b8185582d349eccabde75c6dac3afdedd149b

      SHA256

      6cd993f639c4184bfdda1f738ae3ea0443d569b61e066b4b67a2b0b8ed613b3d

      SHA512

      e30ae2bc61ba254d3f8e3fee66ac100072fbe3533bfc8b16a3341b3b8059e33134943c3dc10b5c5559dfbc7f13d2764ef43e35838ec7d01f79486cd05463b26f

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      215ee5a0c5fc9e8a0e46b2cfb289ab2a

      SHA1

      589cae5ff8ade4e43aa475a5781bdfda8238aced

      SHA256

      04f384125e88fb92e700b52ae2f6bf944a5af41a8f253d495fd2ea0e72c7621a

      SHA512

      c10ebd543538eecfa3dbcec1b437fb5805333589de69dbc9faf7b39674f100f14c838a2a7402bcdf1b21be6de3dd97905b33c5cac926f66589b76d690b6681be

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      53d99db9fba62612b50083cdc6ad7038

      SHA1

      e166cd115a1d2cfe878e894a980277eec7fa6053

      SHA256

      0d4b3b137d6e87de165a1b1d02c340174a8e468ab93178a818c972669af1bc07

      SHA512

      6918dd49dd84f6f32ec7591196665e5a1641b92a3edebefc60df23c555cf0ceb473149892811ffcb02fbb17ee4436c5a29f1116bf54aed5d5a2a8caa0a23ac82

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      38b542e53d2809ad843877adf0f291ad

      SHA1

      c9786c16cb19c17816a6adff41df51ff9fb3faaf

      SHA256

      a74ac9ba9fbe1026060a33b39c49970e8d7d01fd32b54ac9700a6121b3522ba0

      SHA512

      46f32691089194d842386e0e2510879dfbe7e8bae6bd96a5fbf5a5087de096c2f6c7baba45897f698275bc10557feffa9391603006d16699259f8f526d8346bd

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      3ce4ddaf71cce1549a715ed200720cb2

      SHA1

      72d414c2876f1a0ff748ab8bc92074d952637cf4

      SHA256

      3f37412f6f75315fb55fdc6da758a4b82cdd583e64ecbc23f05e780fde32244c

      SHA512

      5ebb5bb9e029447139e14d4a4e63ff1b60104c9f1cec299def69492c777f864a7f7080c7bb05755c968224c14756148efd2494aad72574ced432b3edbe7a045e

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      337387194ef35864e248afbb997c63c4

      SHA1

      4737d49bc00afe3b8e6c97e2c5c970ab50b19110

      SHA256

      42975c039f35f66c8c597a0f66c21f5b30da791dda89100a9298f442b23c9878

      SHA512

      cbf6a8ae60a3696e079171dbabd73b5573f67639518dd63e9a2ff5b9fc68e6995d632fafb91b0b2c1c44e272411177f4e868a415cbb7608b0bbba76b2ca8f43a

    • /data/data/fka.ugsonrqogw/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      537cebbe5823d10f30891e064221afbd

      SHA1

      f84eeacc9d737fb33a66bd94cfc3c9e376a8e3f8

      SHA256

      f876d580c5b666612f0b4abf8148b1ed92f01c2a22d2a3a9988df2d989597b3a

      SHA512

      c7e7b138f1384e91cd885e69568c5000ff2beb260722e24ddb6816c764911821f7cc78ca134ea8f086c7338ffca1970f7ea1f7dd1f6b9bd95b2bf561653b343e

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      470586b3a055aed7c22156273f38f69f

      SHA1

      39866ece4bc4bcdf2613bd67851ee7ba22df85ab

      SHA256

      65daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d

      SHA512

      95ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      4b77078aec4470dbddd8ef7726c0d2b2

      SHA1

      b6d2524baba99b329ec6115b4f9c564e85a99f87

      SHA256

      498ec3428f0b5fdd2050f23c6050b560ec83998b7f6b942e258e24dfc066ae97

      SHA512

      2406f6f1d953d4d35690bdc96ed675bd7562c1f94eabaf649bd75c522988fc3aa4165685b57e197acc9524622c64fe05dafc193bc570ac21701e458bb10dc197

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      eace8c52b40c0c00a6507a960da6e633

      SHA1

      2bbfe0e79ae1e80305999e5a5adf925916ed2dc6

      SHA256

      2dc8e8be6dcc05c3588d7c667e826fce4218ae0489142c386fc3bbee5b3cf7f6

      SHA512

      391bb04eb35f439e01c3c697b19a18df43ada9c36d0bdf952bd407cceac6699765c579bceb56cda10105b9ce936aa370ebf49fb0799e508b95ea12ee438d9b9d

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      d7420a29bd689ef015279426b9781713

      SHA1

      9f52441113868442d1e3bc7fad24da13cebdfc78

      SHA256

      b6a2760384dd28226bf7382f54dc03f9ddf1e7a07a7788715ad3df72a4e314be

      SHA512

      9acc0edf882f63cce485447ee0446259faaca87ba3824f4097235ad27ce848ce12128a55714f4324868eeaff5b94a24cb5d3d9000885b1e2de363edeb41a7fac

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      9da3a83f243a6a6c41e9bbcc9ea8a543

      SHA1

      c3e2588ef8953924f1fe61f8bf6607b90ea45adf

      SHA256

      501b7f60d3fcbfa234571e05af4fecb4fa065b75cf0bb08617b0bf5d2f0b1391

      SHA512

      be9c7df5e62bc728a39ef83702aea5bc87ab4dd71a2c78b7fe461ce2695da964c5e460e120c1dfe2d1d0b5391d89650e1b6373c6378672fe0637cbe7527c4354

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      6c5ccac0e97c76f3974bab623034b04a

      SHA1

      141fba27e93499ac4f7866df7a8b7f5c44a1e41c

      SHA256

      f71af1d75b4a3052db696f401b8c84ee25c34595512ca3a89fe3597f22ad2c72

      SHA512

      6f7d82f659def504540e6565919f842127d317512faaafba55a57f0434c427f8bd497463572c02ba5787fca377aa36efb6d4bcef20cdd55e8925501f0d56fa17

    • /storage/emulated/0/.am/log.txt

      Filesize

      157B

      MD5

      c0ddddb5b50d28239ca902646499ce9f

      SHA1

      22411f55bda3574e4401530792d4a06b9f50acc9

      SHA256

      69c17dbfdcc64e741fe022b648a065d935221e344e5c3bbc3c3bd69406087a50

      SHA512

      ba5cb56d2491f12224774656a1e275b89f5db021b09e5e656430b7522d6b7391df4717368cb458c012c21f116aca80deaa9b79af08de26c21a6c66372d7b48b7

    • /storage/emulated/0/.am/log.txt

      Filesize

      131B

      MD5

      0acf397e7f7d14d5506b96065721f719

      SHA1

      f9450f423bc58e00d85c3fd5e07ad7e84a96ff43

      SHA256

      bbf1ebc9d1e5f1dd2ea7e8c0a1a62a27347375eaea91393c4ee468f3fa2bf44d

      SHA512

      fbc4dab497e44cd2a6fb6b930c08ada069d597fe94a8bdc96d41749d8d218695740f07062ef0a0f0c90c66bfa75eb44600524028b20058282734d506a8ab6624

    • /storage/emulated/0/.am/log_.txt

      Filesize

      25KB

      MD5

      70f3958aa9f0f2efd81147e6d32a2cf0

      SHA1

      38b5244f07ef7ec65e85ef9a0c0f463ef475f032

      SHA256

      39c4506b5bc25ff0c49164d5af7d2599f0426c39f31aeedf274e32762abf91dd

      SHA512

      c9ee679f4cf5662c1f2c5f2a63a0eb0d5219abe3ed938aa7d24ed3816efd015ef0611be6dc91bd76ba468eaccef94d05c85a146f47a84c83f1b01760a574e1fd

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      e2fa6fc9528aa5fbde71293b34531aad

      SHA1

      c3e3222debb54b2e6bf467aeca27ca3d5270f307

      SHA256

      0c76ec318c78595bc739ee59581460ebf1f06f4650bade42bc599325670b3279

      SHA512

      71cccfb767fbd08f0df81d55b0f6160774a3572c48498d59f72cd27d186d37276d1b96036b741858293ec4a66bba47e7109ea7d40c50b6dc0b75c10eabc53c75

    • /storage/emulated/0/.am/log_1725158422983.txt.zip

      Filesize

      220B

      MD5

      2e72b038600efba9d3fd806f6399feb2

      SHA1

      ff836394d1c017aaa325f6f8d751484eb003fe60

      SHA256

      a41963007706d02d765f343e357db575b799c518db844c91c04dfb2a83ac1348

      SHA512

      bc891fd651eabcaa621f07b1338ff133e9cefead10895c49022654d3373da6d7b057e93927a8f5337be3395da5c4934d2dc6eff9d087fa86885ab217583e89ee

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      67B

      MD5

      d8ad6773b632b7d8066ed57c6c482c6b

      SHA1

      c07e66a0e8e58e190392896d7b178b7079741967

      SHA256

      50eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae

      SHA512

      4bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2

    • Anonymous-DexFile@0xc7b94000-0xc7cbf4b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

    • Anonymous-DexFile@0xc892c000-0xc8bbd638

      Filesize

      2.6MB

      MD5

      850905bb253b202528d72a6724d68904

      SHA1

      ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8

      SHA256

      abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc

      SHA512

      a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2