Analysis

  • max time kernel
    123s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    10-09-2024 20:50

General

  • Target

    B8U76_.ver.1.0.build.1.apk

  • Size

    2.6MB

  • MD5

    55b1be60416ac9bce81425afe1e235a6

  • SHA1

    38c6d769f098f056d425b7b4bf4b5f722049a976

  • SHA256

    585a58a92e4cd71abbb7aedd297f263c934439f903759b00d546a9cc2d460ce1

  • SHA512

    dbca326eb90a340da6c6436b0ce60bc8aad25aa82cbf954e9e8fdc03d7745cd2cdc3a174b53152a6d3ef71697bfc615583d719ef8035addf003962d972c775c5

  • SSDEEP

    49152:b3NJLWUfhWPB6NMAKQKNiJhLbNRdZ3jZ9V8jaffHTY0r:jNJLWsoPB6EH8JXhV8+XTn

Malware Config

Signatures

Processes

  • com.nabat
    1⤵
    • Checks if the Android device is rooted.
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:5057

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    9d372875dbfe5c6e51f26da37f980d54

    SHA1

    b5804772bc5003362f9359e4ba081adf7042420f

    SHA256

    4464cfe7de976ce52c0297d3071f4e6b9e1c395ed94cca155ae062bec2bd8688

    SHA512

    1179942a42c4b44fedcd56069b7481e43749772e78bd1be71d161078b99f663d687b721d1a1b85efd5bbfe6b725fe0cb75d232872dded80bffaffa421f2df19e

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    796c7e6c4583e5a2336f725c0a31e5cd

    SHA1

    18e43820956e4ad54bbb4f9575347e0a557841d9

    SHA256

    4998d09efa4cafc34e6ec1d11b41fe3286a880bd6ae4e1b2598622b63d7431a3

    SHA512

    6562117e37a22840ddb58d78e36a317dd9433337442818f7f1273a53c1638cc3e421783e9c69328962047fb807808b24f769d7cd552780ad6f43866e570ea4cb

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    dc9f283aa9e983ecc5feb4b64bc3a604

    SHA1

    ac7168cdc0cad00dbaaf1970f488369743009c60

    SHA256

    5845837f50efce04434b1ea26f93a15c63cc4abeac6cace059575af027c6fac3

    SHA512

    2f4990f9ac955a690fb52f4444d639b47e614b067eda3729b13ba86aa94003542bea0d394c5190c7c8bb53fbf09f9244e3ed745d31a3021a8c3c6f6db2538f78

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c820a8fe5792a3b41f8c7d4bfcffb121

    SHA1

    86e160b6e4f2ab5483ffa97b5aeb8076511fa423

    SHA256

    94f9ef3acf3b8b5e4d271ad870d05a19b45282f4698e30f9e81d956eadc71bdb

    SHA512

    e35d3d37fa5c14dab9bd6123062a4b1831bd8a62eb5fa92a01c64b59023f739c967a1f962f11896d473704fe894437b8c0fa2b60534fb5191c11f68778658471

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    adf6082723784327d7d1b34adf974e7d

    SHA1

    b1502f70eb881a1dfe41139cb719fefb877ee37c

    SHA256

    252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

    SHA512

    762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

  • /data/data/com.nabat/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    2043888e4a45bd744fefb9cc27ab6180

    SHA1

    bb203c52ee700e43d47e3001b1d15a392f1b7a4f

    SHA256

    f08eea32a87aa57a5b5713261288c686ca047bb45bcf334748b96718a0e4f3f1

    SHA512

    5566a52eff05de2797cf13e12467eec054c4f98e30e82798154024830040579efac3769857b4c9796184c0164cb602382925376d58804471b60d594d9757ee04

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f29bdf64cca1d76d42812d1a190da5c9

    SHA1

    1b8f14dbd1b00922b7d1112f07452445716d5c15

    SHA256

    f4eb90944e86073e6e0b7c2874dfaf6fb3f1f2435a5f9b9f539548b18d9eecb5

    SHA512

    2a29e28fb5cf7d18be35b7c62ffb85c89e270f84236c2fa0ccfb5c1255126885f80be83180f669ce788684526ca4f777244f147cc1e4cd26bfa0be5f16895acd

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    88c0aafeecbc4c771ef9d02b37e133a3

    SHA1

    d4abf0a02212d3d0ae5fcd840064710e1b809277

    SHA256

    2bc892dc199a5aa49cb187a52e4b2b5fee3dcbbdf9c601b253c66adae632ec1a

    SHA512

    1bd2a5ae02a30c44f9ef05fff53303211607323da19e7a32a0d7a09b3198902aa54e3b23188b619a4ecea64a1ea1be56f5dbaf4c6f159655c0a3134444034133

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    238f991a486bd5d2f9abbaca60e104c6

    SHA1

    f712f5fc33d4f76c4b1a860331ab309cef177b90

    SHA256

    a19ee3eb6789c0aaf4c0a6eb32cedd1779a7627bcf4d1ff6a33abc12697d7467

    SHA512

    2b063e00e28717744b4747d09dca5e7cb2ff9a670724c43dfa3268ab72adfcdba2c2c035c6b85cc528b95db09ee99bf05403bdcc14af2131d3959e1df353eeb3

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    aaf735f0cfe57e94745ccbf1986d114f

    SHA1

    4a3e218db06e2a089f5cdbc85ac8e9adb77f6e4b

    SHA256

    de3d6da48b14ea250bf8166b823f0899f504f85e5693abf1a01e7d2adfb4370e

    SHA512

    b91639f624e02c6bb18a7de39b03e9c9eea4ff5600b0d4083418485839ec8e8c31fb6ce60086a87150adf391b85019de5742ee4ac9f8e91965224a629d6d52ae

  • /data/data/com.nabat/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    71e800c5d54b9afc848de43525ba8330

    SHA1

    00d7f30f94add82f77006130cc989b739a5c33fb

    SHA256

    35ba46633de6aaa5ffe7cc4752538a04e174081ef8fd50907532f95918b41947

    SHA512

    3b758a0d108b5a5f32c1f713242e6f04a51718558b286cf0b7e7d2af1d3b6d07bac4ea6f12d0af7c6a835714ed6caf05f95f833412d4a87371668993f73531f8

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FBeginSession.cls_temp

    Filesize

    77B

    MD5

    83776bd17c356d3664e75970eb1b0ad4

    SHA1

    5590302427cfc18100d5fb1844ca6640a091a01d

    SHA256

    4e3e1e5e8250c737c325302ee7b58f9a7732e2a8823677f6f2c60f1ab2e8287e

    SHA512

    f7aab9b0add6add56d9d763561dba862d12c1e74c362771e091962f7fc51e63f9a235171d4376b1cc7484dacb8ce2a0f6fd507b3385a3dcd291a3341c30f42c4

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FBeginSession.json

    Filesize

    132B

    MD5

    093dd5aceff079bb1ad30631c8f885bd

    SHA1

    939ffffee3afc5958238277b256d7244ed2389f6

    SHA256

    cc38a7b4db8ffe314486ef1f9049e98e1aa882230de1c106aa7965064ca23cb5

    SHA512

    201bcb27f3f49af6338bca5e651a3b14ef063dd310af8ff60532ed3ec08dbb989c3229cd0901a041624846db7ff07c12f0d54cca1c3dfead5de7b5a577c3bd96

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionApp.cls_temp

    Filesize

    101B

    MD5

    1a040c8a5290af4550cdcd8e2ca77a20

    SHA1

    932d25aeb2428e04768b896f662498a828d22e8e

    SHA256

    5f2a4c5c380ed7cc736d14a49f69968583e824332ca7f7054de54ad32b900815

    SHA512

    56af44b942775da2f3d2b54eed4aeb34d965e46e477d3a8f6256a9cf8bd55caadf4333324f6a39d29e08bdbd5c09b821aadeadfa935ab1ab99d08ec7867767e6

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionApp.json

    Filesize

    215B

    MD5

    d3fde85a4b303260a55d95f1a798e45e

    SHA1

    b746461438e51c25130eddc2eac84a1aec032409

    SHA256

    f7fa873ce4b15ff2bd9e8b491400c17b14ff85beded3d86e82cd7b9d8a067e27

    SHA512

    10f0a1430cf4f4440bb01a0f30b67b59686c42be0bfd9ed8a9509634ad38bf8732454236cba8407011a9e8dd2456707cc0b2acb2bc97212c2ef17318f1b05f75

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionDevice.cls_temp

    Filesize

    48B

    MD5

    2390c1f21db00b20c07107e3ec7275fe

    SHA1

    e663a646460acc071aebee942cc1776c23d77655

    SHA256

    d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

    SHA512

    43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionDevice.json

    Filesize

    202B

    MD5

    afa07370d07ed0a8ac9554ee7001bb72

    SHA1

    d1e9de22fda1295087525ff3a377f7d7dd410ac7

    SHA256

    8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

    SHA512

    a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionOS.cls_temp

    Filesize

    15B

    MD5

    2566d27ce8c28d8961f082c375d7535e

    SHA1

    92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

    SHA256

    5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

    SHA512

    1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66E0B12300A6-0001-13C1-F7FD7841771FSessionOS.json

    Filesize

    55B

    MD5

    5caea4b68c57072f7f52a5a41720566c

    SHA1

    4d9712f1702c7238949da43f7d8ae6efb233a666

    SHA256

    3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

    SHA512

    fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    391B

    MD5

    df88daebb82487d3ea1312473df05f3e

    SHA1

    3a680cc58e78b1361ae005bb8ddfb1139fc80b0b

    SHA256

    d5ca2debf3917d68182265bd7a451017c40c43421951ca074c5dfadedb6800f6

    SHA512

    f2b1b57946a15724e5a9fcdcac3cca5d669277bd6bdb9b17e78f82fb17cff7a0673cadb62b09d2ca5e853cee6b13de045fa952f84e84366e54285bf2545b2317

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

    Filesize

    759B

    MD5

    63c581767958279fae98764f0712e3f2

    SHA1

    e7597eeb2b73618ceb39b2fa790054cc080bacc2

    SHA256

    ac2d137d54c4501f09f2a4fad27405e6a137d24c4275eb1f5d38473a758f05f6

    SHA512

    aa61fb7b8476ba3d0a7c0e0ffc28fe8ae9758b18d734753618c1f9a45d8844a68792a4439e2793446f091a46bca712aae1f5720681222c1f233ec3f9c6916487

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.nabat/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_96178232-e454-4b16-a2a6-af2dc4338d6f_1726001445248.tap

    Filesize

    325B

    MD5

    ac3f7ac5dfd441e3dbf102bd6cb33be4

    SHA1

    1269b6b421a75c50149f0fdb6528835cb15d9ddc

    SHA256

    7c2e9120ebed8061e3712f82063aeb2fbfa8a053d3399e0a23b66afdef34bd38

    SHA512

    c5d9436917253357a78561af6978afc9a461660329d0884ba37050716a9baec1271f5d430de2aa0b1ee82dffe17bf1edb2f99b8cb3dfb44bba3f761dfac6ebca

  • /data/data/com.nabat/files/PersistedInstallation3364957092199404798tmp

    Filesize

    558B

    MD5

    ff06e01dc2507dafbe23d28691a7534a

    SHA1

    897369e8977b32d9e745b6f88c2bf8749c485eea

    SHA256

    1d0a7315f47a53f26ec0ad782ab53c8d3a5c6089890829275858ceff83257467

    SHA512

    797cc5b885450ac854cb02ddca3152ff31deff0369a74afc55ee80bc88309d4f5e4b9afdcf4ba69e65dd07ed4460895852a27fa5eb287c27746014d7f71238c4

  • /data/data/com.nabat/files/PersistedInstallation7307598015338783735tmp

    Filesize

    90B

    MD5

    900aae416b7b7f38e6908b1babebd8d3

    SHA1

    cc06ec1c4b227def194f58160733298c47b195a7

    SHA256

    9e1048d6fae01046b53f1556f6ad366b424ec201a2023701f251b23ed4204af2

    SHA512

    4517444fad1186d1ef16be3cdfe60e8606bad971effb5002e510a5533129f3b210b1abc02f80d108251ddcd4dacfa9703935940774dc36b1c3d2b73c2db629da

  • /data/data/com.nabat/files/devicetoken.txt

    Filesize

    163B

    MD5

    12771a020ddeb909d134fbca44dfc147

    SHA1

    9314cf2f0266584af782658969646999c2a74af7

    SHA256

    9b0aca45c56dea6bdd174b6e545455e3ed23954881721c6cb364a3bc22f7660e

    SHA512

    fcad8001d42d564a1d46cc59303176b12fcad3e2aab5f09afa337e2462b3004c53601e5668c19f6e9ff2e7db2e4af5656eab9cc40abbd4f4f7dd41cc08c00b02

  • /data/data/com.nabat/files/starter.txt

    Filesize

    4B

    MD5

    b326b5062b2f0e69046810717534cb09

    SHA1

    5ffe533b830f08a0326348a9160afafc8ada44db

    SHA256

    b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

    SHA512

    9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de