3a36f94bb1e89b5fd1650804761ed649385edb747c77215597a3816bc14f5802

Analysis

max time kernel
55s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
30-10-2024 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ver3.ycntivi.off-3 (SFILE.MOBI).apk
Size

11.4MB
MD5

c3162f4cec19a5439b93434c627f7585
SHA1

10759f3aa6fe2eb7d0314aee780e142d4c52a637
SHA256

3a36f94bb1e89b5fd1650804761ed649385edb747c77215597a3816bc14f5802
SHA512

2ebda3a4baecb7c37cbccccb42aa4d223fba149215fd94c24af855e5075096f3e9e8cc9539151df37d433ebdb053196eda0c4726d9dd03c0f45f57c19e0ddeea
SSDEEP

196608:dEV/aPg9oAqy6nHQ1hbla2tQYA0bUQJRjldyvg7mLBKwMca1KSjjsr:E/aPg+AqRC5A0bUUjldyRLgwGPjor

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

ver3.ycntivi.off

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock ver3.ycntivi.off
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ver3.ycntivi.off

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ver3.ycntivi.off
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ver3.ycntivi.off

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ver3.ycntivi.off
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

ver3.ycntivi.off

description ioc process

Framework API call javax.crypto.Cipher.doFinal ver3.ycntivi.off

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	ver3.ycntivi.off

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ver3.ycntivi.off

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ver3.ycntivi.off

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ver3.ycntivi.off

ver3.ycntivi.off
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-journal

Filesize
512B

MD5
cd85e3200417da80edd61f2f60d7cb09

SHA1
96e7611aaab5282cf44283c2ccf95a31b5caf3ab

SHA256
9a28dbb35da6419fee113ffb37f3f941e70d54ad22d904f92b6aee7702576a97

SHA512
ccf6ef1bec0184523d6f5c2d23d66884ea13edd9aae0c0825aca4d59415aefef47605e640723f16815aaa3d0e6b18dac5efff24892224338333a9af35b034c8e

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
5df5342985c66b094768fdf624b97491

SHA1
49c5d7661d18f97bc21c47ecb578a882eafbbd3b

SHA256
918cea2bd1414c5e0923778e39728842bdf56d008e7518100e968179b6788039

SHA512
f44f9760b882af75aa27e2bc6af2fc9a2baac56d2b16f4c969678677ff5c71b1e08a302a0747b0e01a3ea5e4eea13a137e904f1e947078f450fc74e961a53d24

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
c415355192e4f3d3d32b577767f6c038

SHA1
9a37b607c5c4147fb5ccead099551df4a67384b1

SHA256
1d17e1a4a737e473e8187fb0630ab2d65bb07c72d9358df9bce63824df224c17

SHA512
221a4853850245c6f0fef2e4726e5a26931c45e0627ffc4071577b5ed1fd2e3f61278b422dd2ed4f87630529d1481b6d301152ff7b2083fbd15a5035ecfd09f5

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c7291ea546b9c646a205af861819e9f6

SHA1
0416a7fd3b20478d1a2e519478e24d3b151e36cb

SHA256
5f4c146e198441df99149be41db9beed75b4cfb1c589d9e7523b5c46a226a754

SHA512
c4148ece80fa3c1c0808a59b139debe5bdaa2f2c06bfafe3790ce39bc38189463a04e48efd17bf7cb98f392ada1bb7a5862eb7d0217d4b9c8644831e27a34b25

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
0bbc97da33be082d3964a0bd441a5487

SHA1
dd5ea23c60863afdad391ad80bab858003f1315c

SHA256
13dd8af6239868dae178411c293b2dc1e6e7be751abc0c606b64f68b0f2564fc

SHA512
163ec14bbf0c304083b1940c0c8d2546fe2dc7c0622abe9521955defc7b7546b5ab5e528dbf2e310195b69d4df7777acfe1735353a818fe8ac14baf94f3adbd3

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
82ff3bcfbe1180a38bd0a2795ead7c77

SHA1
9c5a5d208b01c8e284493324c382527dca0efa85

SHA256
2563f0845df19133057925188cbe2268a13d02c1800fcaca25a6243159402d1b

SHA512
1558499d085c326e054041e20f36bbfc7ac45ed3b47517724f12c747d5c2b0cf87632e0b157888046e915a995d79022c1caef6551ed79f8028298efe32a8cc6b

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-wal

Filesize
60KB

MD5
169aca5dc95fad46413abe8273e1e199

SHA1
1c3663e3f1379c2c29f836a763d62b07d1d85a79

SHA256
7e82f29f48215311cd2e61830f3e0ad8735a2d211444d903a24dcc4727d316eb

SHA512
b803653dde1f59dd2a3547cf294e11db820942a5661429fdb352da3f01e27f436ff7bd9bbafd0e692f6d229430aa2c6d675810e66176779127f7549233179940

Download Submit
/data/data/ver3.ycntivi.off/files/PersistedInstallation57640820057730289tmp

Filesize
90B

MD5
7740e810c8d686f6a6b26d343465a034

SHA1
3f6906af6ecafa9dbfbc423e0054bbbca5b3e7ff

SHA256
6280ef57788c7cea5d5d0071c0fdfb9f32c473f785ed6d54b5e5800d1d2ce04f

SHA512
218f3f8b460816a3b3dd50771e0943cb17ed91b1b23840b4a8a0e0f3530fe1c525855389f4c441f03be18e3486f0bc5e866bae9dbaadedc7b25090d53b33cc10

Download Submit
/data/data/ver3.ycntivi.off/files/PersistedInstallation8155295178033862913tmp

Filesize
569B

MD5
cf53297fdda91b47e0cce4f2098924f6

SHA1
b234a2fa211040c8d683cb897b4feb77a4e57256

SHA256
44a062f0fb86951b56837124485055fa6d61434dedb37a23ab3ea8fc3fc49c46

SHA512
069f2b529380368596d43079a0a79975da9f2c82aadee7c4056194e2855542422f2244b63fa97a8ae9556301eb418a3ebd7556032bcb19d3fc80785288779169

Download Submit
/data/data/ver3.ycntivi.off/files/frc_1:692330584196:android:68ea9f0c920aa17904cad1_firebase_defaults.json

Filesize
96B

MD5
ae965abfed0bdfecf32fffc8f6da879e

SHA1
6469f81b3f152b6319529c7d19713a42c30e2883

SHA256
78325d25c7fbb5f4142360897a6defd8d8a63b2d44791e38ec25da514d39f1d5

SHA512
08f1445bd50548210383325436907d36f1a7e06c3f6f584844057de678f1d3a0a5c75817a19c4b477c8ff6e0f2ddff23c4b59cd0955614b3e85d0bfaea249925

Download Submit
/data/data/ver3.ycntivi.off/files/gaClientId

Filesize
36B

MD5
6fcb8c44dcf77f316a406ec772982f80

SHA1
079f937d80eefd74c8c9fe1e543e685426217255

SHA256
bedf5e8b0c3e5e051e21541d6464939315150185a25cb2825cd97804e4de0924

SHA512
64c3cb0fa4afb9c1f6c4a6af2bbab1572534bb4b381d89ace13586ba262fa3114ae4b8c3f937cc3d6b5973148cd7e9887d2333af5ea09e6b486954174dbff970

Download Submit