3a87840042972d915bca6a8611c3fb52c8cfc8a124d343790780cb21ec269d0f

Analysis

max time kernel
50s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02/09/2024, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

zea.apk
Size

10.1MB
MD5

c7b419d2ce13fd7c472ddd72ae06fce4
SHA1

57604df47d7cec0e71ff6f39fc65b6f273c33490
SHA256

3a87840042972d915bca6a8611c3fb52c8cfc8a124d343790780cb21ec269d0f
SHA512

803c82d4155bf4427a2b56ed2bc34ee29fac487943a207285c9cfedb9ff51a6243f2e632d27b4494337e4492497587da8c882a3a1688158488769d5be8eee37d
SSDEEP

196608:U57NBRrqOvdu7uJ0SISfzkHKbLd3ta7X+X:k7NB3vd2URoqbLd3eY

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.aaaaaacz.installer
/system/xbin/su	ru.aaaaaacz.installer

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.aaaaaacz.installer

ru.aaaaaacz.installer
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4930

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.aaaaaacz.installer/databases/PackagesDB

Filesize
20KB

MD5
456c67b5c8072552df6e17a25fc3843b

SHA1
15ed8745c0993a548ff9a6677e9e44f4545954ea

SHA256
e9d6bd0c055ab7575577cca6a97c128bf27796c2127bb6b98a2f219185b35a68

SHA512
25a56d2d73790f6aabc8926dc596ec23e500d6979ea8ebaf7ee871271adc1fb175c374c55b4bfda0571e9f0a19e8549def85c1ddf6586781c9c8577f4953db34

Download Submit
/data/data/ru.aaaaaacz.installer/databases/PackagesDB-journal

Filesize
512B

MD5
7daae3cf0af07d11c841056f2002388f

SHA1
c7a2724d62a8cd113a2256af38744cda75247f9d

SHA256
f851b7ae06f4cb6c3ce5fcdfdd4044795fe6227d9a54f4b94d4ea2ff699ebff8

SHA512
6012bd4ee432cf970acba9a91c53c1d10a08cb33ed8cb76051c59d3d00d50f575b7c73d706abe3db6cc2b6d15e80280df1412f650de091b39b2a1a0cb55b209b

Download Submit
/data/data/ru.aaaaaacz.installer/databases/PackagesDB-journal

Filesize
8KB

MD5
5ba07dd9697b49854fc3c00a451aa91b

SHA1
81dd28f27061d1899f7ed56fc14621f35b4b1856

SHA256
635e2c9dd6ef40bc57f8a9ae9a2fa106132e3423cae8b230b2e6df8367e3d1fd

SHA512
b347beefbb8b483059d0fb9afd684b1e8be59f150efd8979c65b94d11bbe2340ba6cac3f3c3bea55b4c942f56b5e0a3cac145d76a31985932f9f7565e66984ea

Download Submit
/data/data/ru.aaaaaacz.installer/databases/PackagesDB-journal

Filesize
8KB

MD5
24dd7e348a3037c2697f5ae7d8f845ad

SHA1
a9051103e10a0430b4c22e11cef92bb88404437a

SHA256
60cc1a8fda3d49f2f81aec75411c33a1ff36f587e746116d1e748a9e3d4661fa

SHA512
26ec3ce716e8d29cb6d3e1965124ef8d906561afdd28c8cc3e790444e4ce9b42b8856234aafcde1fd8807e215627f5cf81ef85b9e3401a6fc5babb5fedce9b6f

Download Submit
/data/data/ru.aaaaaacz.installer/databases/PackagesDB-journal

Filesize
12KB

MD5
8d4e650aa3cb16b0fb9b48b2cf74f508

SHA1
9dc79b7b8c49b86f177f0f094e2f2ae6c3d8a31f

SHA256
50cf0b4a5684c354c0f14a05439a6e308fb707f60315fead453ff0720efaa697

SHA512
db7dd666562744e2d26cab103b405b07631e99cf8b2883e893255ca8c9ab8dc9698ab5f14b159a1ae0be8ca8edae2f0ab7ca6e53947f7aceb1e3054c6c299ff7

Download Submit
/storage/emulated/0/Android/data/ru.aaaaaacz.installer/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
a39d3e83724992bacc8e8618952cd4ba

SHA1
7bea1709ae2ae49bd4178fddedaeb04414e447bb

SHA256
eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462

SHA512
e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

Download Submit
/storage/emulated/0/Android/data/ru.aaaaaacz.installer/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit