Resubmissions

30-09-2024 12:11

240930-pc4dgayeqe 10

02-09-2024 01:09

240902-bhr1qsxckp 10

Analysis

  • max time kernel
    12s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    02-09-2024 01:09

General

  • Target

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c.apk

  • Size

    20.5MB

  • MD5

    f95cf2c20d492d6647885e8428d808cc

  • SHA1

    3ac3b2f7b6ef2adf78e3a35463d38c94bc0615fa

  • SHA256

    7b9ce40a5db59d489387d2f0cf3ef0a058b5a7cccb1dfeca54e4d1f30e46dd1c

  • SHA512

    3d5033bfa909468d92aad54eb5a308ffea9684471cc15810974a43e5c39e81558173774599b79d1d37fd7478516f8ba922d76035694764adb0f0a053636917c5

  • SSDEEP

    393216:Hq0sJA35z7A79L+BCZ1mbgafiubcYZzb/T9i/zVN2I+TX5RUKpPbNiRSKcsIJ6:HqbJA35z7c5JPmbBffcSzti/zVN2IkpQ

Malware Config

Signatures

Processes

  • fka.ugsonrqogw
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4968

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fka.ugsonrqogw/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    226e05633ecd3ad3623068b955cfbb0b

    SHA1

    d782cd944c6cc091e84454dcb2545e2791b66ea1

    SHA256

    5c454dd55f77df5920ac7f7fc9d37af5a0ffdf1193092f5e0583c7c94e78b311

    SHA512

    d60917ee1e854af2e0c1c7bfd323f605ee895d4aa3fe3126fc7e9ec3ab810db4a70cbe2e82dd5fa23d80553702760365df7fc5445426fcf20682bdda66ba28bb

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    a790afb0f7b8bcce4c29ee51cc6de44a

    SHA1

    bb2ebda2cc7c856cde61db61ba615d79c759f904

    SHA256

    745057d432925a51e867817ac6cd264a8b709ac82e3fe244a502f265d87aff44

    SHA512

    23cc7faca033c38e26bc1b79cd7752b49bb37d0257a8827fdb78c82e324b803da4b11254a9ac5ae4f045c4c5d21e6aef79a6be3d932864b5b9daab3c96702f52

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    3750867044c995a2dd422c330235daee

    SHA1

    2b1c8d7bd983583ee3bf90574ad87944e803f76a

    SHA256

    4e1e9b85faf3163ae6a7272b6f6f73896613cf0baffcddf51672fc53a9de6b07

    SHA512

    0971f9e30df106f1a39efcf8cbf43e86842bd759699adba9fe173ae9f1cc73b40718c3cabfbf17ec1dff1bc4e8d9e007581672b56f8f1bdbcd31710454d3c7bc

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    a839cf8d4b9ac7327d3dfee6c0d5760b

    SHA1

    71720eced4896aef6a6255c53457beeb34c1472b

    SHA256

    bb031c1582816690e9fe143f14c4e2f38d83ac8b58fb46224e78761ccb8f2afe

    SHA512

    c1d3f8ed28964d36577aa71764a123cd03d91faa66ad0dae1652244dc2cd169f139ab8c8fcd52550007b8d8b6debd8b424af5ae2ebcf05c278cd6f952674e874

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    5c7eebc5e7ec089b2a669f8a8c70b0ed

    SHA1

    88feb43c572b2401b465d3d06af5caf0bbc4c637

    SHA256

    4318515bcd7e63a05e11a6a6a6ef79b00614a998bd522868c2c3814005c865f5

    SHA512

    eaae19bd35b827c37fd76564054ac42be7f7a98669a9e5a7a90a7d0d92b46f66a673c66607650d5ac0ec06b67cddcd5ee6461758b299d64175a4b6761b5d840b

  • /data/data/fka.ugsonrqogw/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    4e07ed932ea6ebd259293e9e000964e6

    SHA1

    a27b3385bd83a3cc1bac13dfbcf461582ec088d4

    SHA256

    9cacdeddcb0d986b3f5be01514d42de4383fb21ae1ed6f042bd9a4f393feca5a

    SHA512

    8935c0b7563676eff56d6fea96381b45a1e46d43e31489689ff7f2f9f762a69401b4f3ed22f47ae496eba9f50acd4f986099f03f0c8ad1d53091cb34c2a699f5

  • /data/user/0/fka.ugsonrqogw/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/fka.ugsonrqogw/[email protected]

    Filesize

    2.6MB

    MD5

    850905bb253b202528d72a6724d68904

    SHA1

    ab3ad068ac55cff5a8b4f80f4cab5507968d0ce8

    SHA256

    abdd3b7a2034ffeba98a4b5192ee6878e5d05e822f8ded07c7cb413e13c944bc

    SHA512

    a15fb152539326a73ee427fc74760c0e4999708a40b81b5b464a6bba8dc841efbeff2a573418e0754e8d14bd750da7e335f680067a6abc4f7807b6f8a59007a2

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    470586b3a055aed7c22156273f38f69f

    SHA1

    39866ece4bc4bcdf2613bd67851ee7ba22df85ab

    SHA256

    65daf0c170cda7fde64c441438cf9875248bd33af61af060d943b48bfb405f8d

    SHA512

    95ab906e2be05248360a5d2a3a4edd61a128e1d71dedc35245384799ae68b686d37ba9063bb2e86a891d96acfec47c897bfca290ee6251afcb07f140aca9c540

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    be21b231725981c569fba0c3e99c473f

    SHA1

    1db9b69a4d8592d45ec9b3a3a8b959d747618673

    SHA256

    5b2e37115d0d49bf690c9b22f0b31cb2ba988f1567c2b0c73ed760402fe3817f

    SHA512

    12547327e584a0428d1bb2edd36846d6df1c6a1eae442869a192bfe04c3d6b01474259e26d2f63638e895717bdea586e7da1185baffd2d40ab64a1a3bf9b5605

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    ce7be3edeba8288dffc38beb306df683

    SHA1

    f018a8d42d865fce221f6cce1189cdcb0349d4d4

    SHA256

    48e5c2cdf1e686f546f6d609f129b86a7e286719fc9e8b2d4edb32e7dbbd42cd

    SHA512

    3866909713f2124bbb1b9090c37cdff06cae1770cb2b1a2bb989b12c52de531f7a3ec66480d405223e367d525d6acd90db4a898f54ef0f10ad0dd6ba721e80bb

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    d61d1ab4a6a21443a932dcec98f7fb7e

    SHA1

    724ab55b0963bfb23d2ecb42a828db63fc1577b2

    SHA256

    5d77fefd069deec9b3e420b4fe199afa628b179812fd17f10a9a0f144ebe3849

    SHA512

    ef9c055ec8053066a42711901b51e525ef70698186b8a680f32ec58a0d4418aff1997341fa2f39428327910d20ac7731d38620ef829c2ab2196cc587ea46c324

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    5dd7967b9c36cf1fc7cfab8c8dfeced4

    SHA1

    74ba2e9ebfaf42b434d8588bf4a6c56ac8a16c00

    SHA256

    8009f237cca526f3adc2475ebc2b339dce9d250dd626357c53f643e4458098b2

    SHA512

    e00025a172488b0f249c20d69d257be9781b2a0326be8a774ba0e7fd4806b3eddde3395bc56ed1f44885f9257043f3ef45a9a6813bbc531e02dc30456325b859

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    6d00d5e3d98b3cfd4e815772286a75d0

    SHA1

    8b756dd5017e15a1ef41a0c41ded5463ae1e0cfb

    SHA256

    b593abdad917719bdc95a38d10a3a98dc48f360852c4fd3ae7707c1e2f1945bf

    SHA512

    35d5be6e5a88fdf7a81f1feeb8a257bea37d6f68432e0af50018bfe0d8386250cdb81cd18c6fa802c3591d9b31898f6907506914ff82c7a2a1f46cf042a85ddd

  • /storage/emulated/0/.am/log.txt

    Filesize

    160B

    MD5

    5d756f76e3724e1b39040953d12b55c6

    SHA1

    c340d41037c1b4272ec055a83590796e167adf9d

    SHA256

    ffc3cf443f53beb1f58f2f751165b85af3bb7fa61e94c3750174dc9d9c22e575

    SHA512

    5a93700a6812089adc3c56f57d3934e1038d5bf6d0002c48db0400699cdc58e367a8a0a4bf475b1970b4e7d3e6c2060cda876c96445d6030b79ef3a8b3a40230

  • /storage/emulated/0/.am/log.txt

    Filesize

    131B

    MD5

    1b4c01d00967cd72bdf8d9575fd65f6a

    SHA1

    360366ccd9dda5dce5c69d55f64fc4aefdb4aad6

    SHA256

    42b67059e2f97150ea0e33c1ceefd28606c6d35289e889e011057f57bb460ac7

    SHA512

    af16c663f2c5392eaa7692b4ba268d53cab415ccb18af41bce609d6d347bcd47f109264838482776e2d6415150e39eeed6a79e164fd5bb4bbb7d79448ea0973a

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    67B

    MD5

    d8ad6773b632b7d8066ed57c6c482c6b

    SHA1

    c07e66a0e8e58e190392896d7b178b7079741967

    SHA256

    50eb09209f1670f34baec877f8bc19fd1ce7419e10da063b46fa4025558dc4ae

    SHA512

    4bba534c373aa27100f1c5eec84c0a9d77c0dc447dd33de3757c4d656a7c8bb7d602fb214102005e355fb9a22687dff6e141063d086ec4275a9b01c8c8c90fa2