Analysis

  • max time kernel
    11s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    01-09-2024 17:10

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    f95cf2c20d492d6647885e8428d808cc

  • SHA1

    3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa

  • SHA256

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c

  • SHA512

    3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5

  • SSDEEP

    393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ

Malware Config

Signatures

Processes

  • fka.ugsonrqogw
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4941

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fka.ugsonrqogw/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    f3cd08c866cda53ed80ef37c3b3e15f8

    SHA1

    4d2753be418a131af7d4491f551c72f63e5fb8a0

    SHA256

    98b49b895091c6e14b8f81d5e33873e12ee7c9b862998352bccae6681363da0c

    SHA512

    b6aae52c9242ccc4c6ef4736f7110537802ce27cff1489c26559214f6d48ab0140749d2e335978e67f8242959b3fe656648dcfaec4edad738fc931cdce546df2

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    d5d27f5e757fc66ccec3decc7b0c1ff7

    SHA1

    0fdc1e682a411aa934b358a0f08a892f25c4d864

    SHA256

    a8fc274f850f578c2704453fb3562e53e3f9d65c00cc9e8e8de14f85b6635ffd

    SHA512

    d70faf2a6c1f4703a7c3236e623fc9572745f3989715b9248c3359eec60794673d56710ab71056a0fdb91954925025e6c862f41059f4088392e4c13399544dff

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    aa01ac4eaf290f4e80dc9b04e03ec118

    SHA1

    c202e14f7910d86eee7fbd722c921e97cb373121

    SHA256

    a9bd82b7922ce5d3778025315e2cf8a4c3ce63b2b7f91a033416e44401141bfa

    SHA512

    ead2ec7bc50df48dd91c3fe7756c146b0ebd59e78ffa38ae75dfbaa97810df062d6c8daff6b92aa2c885fb1c03d5207fdec1f0537fa1916d92e0654912c31047

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    2f6331c6ad4b4c56bc8eca986d66a8e5

    SHA1

    303eb36ca273a65c59aa0f09c08fe42e91dfeffe

    SHA256

    4102f2fce60c4da9bfc83a7fed5236de72509f4a5004e85f155e3727ff366191

    SHA512

    9f6f142158519c9b978568f0406a4ac76231df8e7049eb62a21225a186078e6036e98ce013944a23323a05cee78c0e3ce000b45e2d0216f86f8da13135f2b2e0

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    89e8c8a4733284fa914b9b72aad323d8

    SHA1

    4664cb8e20857bda7ac4a4263212fc0d37dd16f4

    SHA256

    4e023559f895220e22021108ebb89b51198d2d065cebb2b42d3fc80834c8c981

    SHA512

    f3035c04fc06e1e020e3e9c741deaf4c0027d295fa78a2ddf488e7ab8679791071db66e4836b98a00bd3face9bfd69c54aa61d4655daf8d408797f134f019f26

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    ea2559c81002e38bf1b1138ce0a639f0

    SHA1

    372160f9a304af89f7c695951cfa8e830b0c744b

    SHA256

    0d38f8cd2b6c8d59d9d3621af6b234a210f031d1c30b5eff8ba78ff67ebe9a13

    SHA512

    e44b478fe99c4c7794bfd884885750b12acb327cc79aa01dc3628c6eef85469855d845c6e2e7c5f09766f8f613e6fd554e0b7ee2b89571a6fe9d95f79d74fd0a

  • /data/user/0/fka.ugsonrqogw/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/fka.ugsonrqogw/[email protected]

    Filesize

    2.6MB

    MD5

    850905bb253b202528d72a6724d68904

    SHA1

    ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8

    SHA256

    abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc

    SHA512

    a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    470586b3a055aed7c22156273f38f69f

    SHA1

    39866ece4bc4bcdf2613bd67851ee7ba22df85ab

    SHA256

    65daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d

    SHA512

    95ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    fe5d3af97545d5a79b4e0dc4d9971454

    SHA1

    e7a15c72f8f166edd9df0780edc4a4ce9afe07d2

    SHA256

    ce20ec4538d5d0e6da5d54ffb8f8d150faca610119daa7516eb05eb40f21659d

    SHA512

    85f8c78a3e4a3d8fa94e5a3d64c82140676ebc86b63056b7b72845ae58b0f7514942099dca976d16c52fb473a0ef895437e0281842051806337b3473607e29b4

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    f83fd2140185dcdbd1e717290f0c2c01

    SHA1

    e812fdb36df6de53ef8f4a68f0e7a9c9b5d83186

    SHA256

    9aa271c94d0e29473235ac2326f2fe5b3dc21f190456e80b7d6cf9c422112ddf

    SHA512

    56436689b4b06466afde9e6b7a23b02a18b92a75f865288ece2616c56edbd0970200e71fca615fff0cbb49de9a1e5ab198bb7cfdf3a7543ce365776fb8d48769

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    59228b810bc53c3dacef7b8bd96831d7

    SHA1

    ab1ba0688defc06e5ceaa1a719187edebc5477e4

    SHA256

    ddd41fe060642f6f1e08bec0395e48ad14a422e2f2ee6d1b2f862bf4e4f1682a

    SHA512

    c451880c409b2a8b88b27f4f4d8a29a3bc1031af2348da4ba51155ecd5a2be7391803ff7f094c0fa60218d0db9966a9156f0c7f8aa4103f358de5710652d0539

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    0c33377643095442ead4e1fda3767e2b

    SHA1

    6236d0b51e55f8435d3c86560939c47c6c83cbe1

    SHA256

    df44fb3e48a958d8615ad3a7d8a920da7392668c300e95496e3425a94b4e69e8

    SHA512

    f030cbc75a5f9e7b160f1d34eb20c3a533f9728542da569e877da57f1e116d6311c401286304ae1dc0f6cca8c945698b565140b66a9cfa42003a600650c9c16b

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    afd352c36edfad92a05618c8632e0a95

    SHA1

    f2dedf136e6cbe6b36e9423101c15e6ba4a5ac68

    SHA256

    f2fd0dc90e170bf1e214fcd6d4577823242d7c1fc0c6532fe5b3b8b50e9ca0b4

    SHA512

    c9fbf4a5b1bbf306c59cbf6086bb5208cccb5fcb63e75cc03aca93a7dbb8c5dbb3a3711f35b65d83541a4346e636797488a36605ee479f01e3573cb33d02adec

  • /storage/emulated/0/.am/log.txt

    Filesize

    160B

    MD5

    8996976477e9e730bb0ba618d2a902e6

    SHA1

    61f73c57786a99164d394e0b4e314e48e893f4c2

    SHA256

    bb85129211f49ee0d5310e9dfc6ba17b943a84b4b7d9175619efedad0eb3c644

    SHA512

    42287c42bc3726d54719c5365a5e2cce71c0c059143ce576cfd7d4a359245e8c72ea6eec9ee45d19b85505732c25c327c65e733b4b46864a7450d4c336fa9ace

  • /storage/emulated/0/.am/log.txt

    Filesize

    131B

    MD5

    a80ef52b84da6fcec4e989ba6e06fdc9

    SHA1

    7713c3953ab4486adf0b8898316cba119b106231

    SHA256

    4ad94fd01a3a67dcf3fb3e0b7a312b10461a41a23eaf85dd7a0db5e89fdd7dfd

    SHA512

    ebd3fa3b48d6c756b6f8f12e50d7edfdc67c1a3be5fc7066d64c36c710177741082890871f02b2ea370aeee6bd1e1f0771fd28d77857d6100c8e1cb2276be58e

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    67B

    MD5

    d8ad6773b632b7d8066ed57c6c482c6b

    SHA1

    c07e66a0e8e58e190392896d7b178b7079741967

    SHA256

    50eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae

    SHA512

    4bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2