94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4

Analysis

max time kernel
8s
max time network
149s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
18-10-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4.apk
Size

4.2MB
MD5

04b3bd3141066913ad86adff56d78bff
SHA1

57ab9db092806e770b42d3a32b04538763ba858f
SHA256

94a5076bce7386929eb5a59f2e2c9a8ed6954a81a127b238d06f6bfbe62660f4
SHA512

f117e98d85b8c706479979140bd85a38863a3c13458019a33b5aed3cc2a09d1891b3165a1eb097a5d3d8cf76e0e47032692867092ec46514523f70d371c98606
SSDEEP

98304:JZSn/oTRPREuAZ4gCECoW5ovw8MpdbYdq+UjKgkbrMf:unS5SGEZWqNIk9U2dbrA

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

ru.crebkvcx.yfvyodqrm

ioc process

/system/bin/su ru.crebkvcx.yfvyodqrm
/system/xbin/su ru.crebkvcx.yfvyodqrm
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

ioc	process
/system/bin/su	ru.crebkvcx.yfvyodqrm
/system/xbin/su	ru.crebkvcx.yfvyodqrm

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

Processes:

flow	ioc
75	sites.google.com
63	sites.google.com
72	sites.google.com
74	sites.google.com
70	sites.google.com
71	sites.google.com
73	sites.google.com
62	sites.google.com
66	sites.google.com
67	sites.google.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ru.crebkvcx.yfvyodqrm

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ru.crebkvcx.yfvyodqrm

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ru.crebkvcx.yfvyodqrm

ru.crebkvcx.yfvyodqrm
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5133

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB

Filesize
548KB

MD5
384f94b399da1dc96f6a0cb66a6323fe

SHA1
61f231dee56b1ed00fcbc7e4eb60fd4b147cc087

SHA256
61225469867e44c3027c9887f88a056b3e08e993e73c6768f17886c350c64fba

SHA512
e027e29774ea091daecc8237b38ba4a523c1cd4e6de6cc3469bdfdca28e4e5bdd050611391a2766e5506f9bb41d45515968a53e52be855ae9de8967c18b6ee36

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
512B

MD5
1a7dbb52a6eca7ba66c9dc26592aebe2

SHA1
374ce741257092d314de22c859a36319067daeb5

SHA256
1bf4049bf95fa8729c9b96e026c0cfc8983e1e84bc8bd8f6ddf2ea459f739b74

SHA512
a04d38a05bee3e977b9d440c643b09ffc2c48df180566c54dd0cdb27efff28ff4cc4625bf0e9827cde20c29c4c441ca149f9ef733fbb4739755dcdbdcd243d5c

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
8KB

MD5
9cc4e258671e35b30aa52d3dc3f66695

SHA1
06dbb3b7b84781b1b466111946cca3f7c564129c

SHA256
b94a94ab4293bc23925451966f58fedf02af0b3f5877f3845c34b52766d0f02e

SHA512
5a5823bbaded062356e2761df292cd494ffd1e4ecddfb3c579ead5d952ec7fc155bb1bef395902cac05739b91eaa2f9733a217d9cb3d499d30b6c0a0090fb965

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
8KB

MD5
00da7374b3a6b9d2e86a2baaa8c5b6f8

SHA1
9ecfc5a8c0b12b599998891c0546371a744da307

SHA256
dcdbb65a6653c0d25ea3c674c667d91b1e09a0c3cd57d62edbe432e2498d038f

SHA512
ec77775bc98f58a4f462477d3d35cce152767012262e8e4e0a8fa966cc19965276b8ce7d8d492a7919a739e3d11addf366eb4cb7e6ba27622ee0790951dfccbe

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
12KB

MD5
de61dc34fe715115fb3071ad0f11d9c2

SHA1
44432a4cb91961e04d03a527a9a42e102d0383fc

SHA256
18e3db8975c59a2b863937192d7225aa358213b993a866d11f718e2ad6d5cfbf

SHA512
c40c42d4bad8d815830b1f36a6a92211c697fe2e4af0431f6474102a020abef0b2d0e6b76532761b6a23dacad842bfada797b1df05d6cf5b2cabe42dfd5d8e24

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
12KB

MD5
f73f9fe4a23ffeb0c4975c0eb519b83a

SHA1
c61ef8356fae7bc0f2165ab696d5d9b286f2d25c

SHA256
71f0e50d5a4f78a29b3dd9bfd8096cdb64437b5559094166ca154385524c512b

SHA512
936f1e41ffdc9a500dfde1490b04ca1c5be04dcedafe09eab0e1a5b5403981f89bee8086f02066c9e210f0524ea2b64438313c647be95805404f6dd38d220981

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/databases/PackagesDB-journal

Filesize
28KB

MD5
2fd1fd5c66d967d5d5857ac9ac10d5c9

SHA1
b628b9e286b618ee2fc6c8c9ddd8b5d6d3fe10c7

SHA256
52d23e6ed5068603b2dcda2a38df377e6ff044f66edf01ef2671721621d98bbe

SHA512
23f2ad179b0c7918d3c48e5910bdc07d36c4bab00f1abaff78bbb2a66bd1eb7e9e30435ee86f1e9c7b8c55143e996cc0ec42de6bd168fd6e345950c9777847f0

Download Submit
/data/data/ru.crebkvcx.yfvyodqrm/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.crebkvcx.yfvyodqrm/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.crebkvcx.yfvyodqrm/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit