3a36f94bb1e89b5fd1650804761ed649385edb747c77215597a3816bc14f5802 | Triage

Analysis

max time kernel
46s
max time network
68s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
30-10-2024 11:11

Sharing

Report Analysis Logs

General

Target

ver3.ycntivi.off-3 (SFILE.MOBI).apk
Size

11.4MB
MD5

c3162f4cec19a5439b93434c627f7585
SHA1

10759f3aa6fe2eb7d0314aee780e142d4c52a637
SHA256

3a36f94bb1e89b5fd1650804761ed649385edb747c77215597a3816bc14f5802
SHA512

2ebda3a4baecb7c37cbccccb42aa4d223fba149215fd94c24af855e5075096f3e9e8cc9539151df37d433ebdb053196eda0c4726d9dd03c0f45f57c19e0ddeea
SSDEEP

196608:dEV/aPg9oAqy6nHQ1hbla2tQYA0bUQJRjldyvg7mLBKwMca1KSjjsr:E/aPg+AqRC5A0bUUjldyRLgwGPjor

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ver3.ycntivi.off

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ver3.ycntivi.off

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ver3.ycntivi.off

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ver3.ycntivi.off

ver3.ycntivi.off
1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4932

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ver3.ycntivi.off/databases/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-journal

Filesize
512B

MD5
1ccbf92a10d8622a07766f7e31360ce8

SHA1
c1ccea6fb56afa37615a60c08eeec37579b24b7d

SHA256
40da77f5a2b6261779ca7d45e3f2e4d62f3b9eb19ea6528a6f4e60dfc887c11f

SHA512
deaa15009ea143df793f57c05d8458dadfc6ebc2fdc23755bf138b32ab43375e86361c26b02b2ebfa74450df8e5d34ca10333d950f26ea3e80648a336459aa6f

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-wal

Filesize
88KB

MD5
c032d42976c54e83e1ccde228b518e6c

SHA1
637d8ce2d0401ba516bdf9280ef57798029ef6a3

SHA256
bff20f26b688e8d1adb60c7ed9c4f43347331985ab536dff7bff26fc37703d8b

SHA512
2870bbe5ad776ff1c85ffa5479b927a8091d684e48d5e0a17cda59f161942424ae0025714a6978785b454d7b38c4e66f1f9f8f894758cc6def41490e18317a1e

Download Submit
/data/data/ver3.ycntivi.off/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
ff92304e31c6067b6ed727a6c1581110

SHA1
231476d5b83f46fbdf02b6a3eec72f64e8da34a4

SHA256
b50617d42c4bbfe1bd243f15824ae29797d48d5cb05851bcebdea2534b21ef44

SHA512
71adb89771ea8e492351e086e0ac6d94f60ba9013c191ee95e1b239e53b3f43fba842bb2d31f5eb4037f6a5a73e6140a84af26bcd765d12e673f59965a6fccd9

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
33844fb9892c90ea9c9e9909454265f3

SHA1
e2a27855e70d1ce31804525585297ab886b6c041

SHA256
388afec54eaba2e4a2ee6538e246246ea93aa3d1d628e93b2b15cc3461848436

SHA512
fd9e926a785be5b18b013c8a9acaf410f4f5ff2ffc7c34a36694804ef361be5946e1c10067aeed4d373c8514b0ea1618d973a335c8fe83d71e13a4f42d73ca8d

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ca829920420dbe3c6c691a752b410028

SHA1
f5d59dddd70183cb89ecd7eccc65ef1a99d2e542

SHA256
7891b0393b07b487bdf3638692474e48dd2921f2769ca9a1296e2a2931af54e7

SHA512
ea5aebc75562acb26afac1e76a02e907a325b050c3f46f86b6355b6dd673ffca32a00a6838a4f4aa8f8c78bce756eb0eb9f10cb9b9c5837b74531d87ef611ba2

Download Submit
/data/data/ver3.ycntivi.off/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
bdf4d7ebaeb30c8649ef4c185d440b19

SHA1
5075c125b0935e88ba278c33ae3d40b42441b1dc

SHA256
0e838676f6cce8b88adba8b8bfc415547fde809a94ef567721cca7649e4e670d

SHA512
bf703a822c329d0fc34d439cf2cedc471a6e8f00d98117a9b94055e99251073b20983401ab86f9ed426a7997723c856e7be3e758789b8c704303274d90560d57

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db

Filesize
28KB

MD5
f975059e83279ec632e77d063207f81b

SHA1
b24d4556ae3f5f931a6b19e61dceb3101f0fdd69

SHA256
5f67252287becf0b85e20f1594645ed25bcdb7382ad29454075bbd4f0a64cc04

SHA512
64c5fd0d5ac250ded501440f5b6032e08561d7e1bb567d8fa84def5465f53d62c2b0a02c92f46eea71ac022745602f57b65788697d6c1b3cbd4c115bc7537a59

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1fc8170b3015871ac82476f4ea2a4358

SHA1
20d67c43cce2e3d54eddb950d5016ef8a253f64f

SHA256
0518e28df3e9b18d1803b8e1fd1a554800d504c59d09fc3e741025a6f29788c5

SHA512
476fd586a130901a4153a196a8b459c9081faf185800b76a9f5c3f7d5288fbd1d48eb3f7165328c7a4ec52768559889f9faef1c046b48655d65044b0b23e9cdd

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
f737835fcf0caad04b5504682bf81a2b

SHA1
f25bbc51ae28a3c002cbce0b2f114b85a28d7dbb

SHA256
5378d842a3bd9f8e70906d003be00e2822ec6abc28b1d421e92092e294ee7782

SHA512
49205e49211e73c14f97c7d8a12c7e18c9aa929cdd610b07773931b6caad180f1bbd8cab133ba38248a1ab2f73fe0c06a858aac8bd04503ca15b1c95cac28e42

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
f3a0ed5a18334b8413128902c21bac06

SHA1
f6ec83c6a8281c55426d8a1208e6fc51e8271872

SHA256
3dba3a8c971763c464bf0a552a8c0f6540603b7aa3e232edcc1fe1fb110ea21f

SHA512
3e9c397e5985b592de6b515e75af546d4ad70cd37d231fa056ebc77b235e7f9d537853f12dd3fef318a985fbefb4e52ab6b1eb6f0969a9520906600083ef8098

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
e1ef7c55d917765c60896ea8fb89bad9

SHA1
287d9bbd50a54992fe8cd38cf9ad7fb534181b96

SHA256
a6b3e7d640adec13599ad5b4b92768efd991b62b8c5fcb92fba9da81197e17bc

SHA512
ea5519e89448030b7bf31ac1e0837e1bb8fb4d0ed78c64edd512053414f512528183f9cafe03e796efaadc75cb9cf9fa2c18e91be3a8775231f63b9230242b49

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
3f7072cbaeef0de948c03d9b47891730

SHA1
d028877ee327c0741dbfc9b9c8af2d9fee3c132e

SHA256
97eff5101e4ca902c869c2bb7191c91a50551034e342903e333fc868306f59c0

SHA512
0475b13cfac9abcab49b4403dd28b36b3074a737acdb2ca80903dfd81672bfadf159ba745f79713c1610489d1e7828dfd117d97a28c36845316f4369962bee81

Download Submit
/data/data/ver3.ycntivi.off/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
502fceb7369ea1f5214b6c8e87ea7920

SHA1
cf24beea3f54a133c53c40e458f788dc0dcb8899

SHA256
dbaea3ce7e7f8f221f07ff30aefd0e8f67226319eb1ec73f6210bd3621644de4

SHA512
395ed2f17d152acfcb2554f6e34da5c2928623595396f04cba484c9d0d7f18246fcbb9b446d88872ce6f1872ebb1dfa1703db349d26973bdbc559353ca2b0ab9

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ed3b3b5dfd5bc9fcbf23c84dfff624e3

SHA1
43e21ad16ce43574476e58de312d011fb05ab151

SHA256
1972d8c6eb83ff6ffb9562657272f172fc792af34cd7f6560b42a09844f69109

SHA512
60577860c5545d852b9d6f5fc882288fd19bde3cbf798dd6f28afe13f74f3e86e511774a6f874867120e6695794f8a1b6ab7c2b66920359b9455c5dd047419ba

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e288832597d1cebfa46033af2292aef0

SHA1
abe6bc9e57bee3f16a67c05e7a04cc42a19a088c

SHA256
bc00a82c0526aa2490ff0dcf52f6313b19144f3519c4b59d22796b848ff3428a

SHA512
b86b2cf665b80444c93f6bafd94543e897d06e020b4db7ba8ea8dc3873b0413f15f07f9ad0b0a6b582f9377bc8886908a201286e48f78b85467d53b2ab36c458

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c807bed1f861c105c8afd580cd7dd8ab

SHA1
a7317528647bc2e6076a9937dfea0d48e28342b4

SHA256
a9e748a7231dcdaad4065fb065a286d2d39b783f264794bd259c822db9bbd2b3

SHA512
4431c6902a01143dd54d51b576a86555b8ac09aa48a7c484edfff41f67a5d73b1cc935e8c77fd03da98e5ea9bf0b27adf841b2213c30ca034130400ba86b5dbe

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
920c1c516564ea6f113126452fea16e8

SHA1
206c281ff02a00fa6002688b560c1b896f4057b1

SHA256
615c95527789fe4ed8f11d554a2378d085cfb6fba28bb04e03d2af9640da450a

SHA512
0b547a6b3b78a98557ff88f27f5bd7a91bed407aebd90400174e3ce9728a30f2bb9b1e79add47d5e1cffe57099427a4a8053770eda1fb98df8557600a3fc0c4f

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a555993b82810850eb8d67ae1e5e6891

SHA1
9e5355e1c3503b2c63db27ebca88d58df35f3b40

SHA256
d675eee81a23c1998e38e8486cf725c88657a8b165b3c74ce689f259da38eb26

SHA512
139cb3fad27ceca956fd8f73cdf58986ecb4c7750cf26376545c6c22768d3029297942018efd359b31a97ab36d88d45441d346a3a7aea780a00170f046f9e4e8

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
34880572b9853826269c377974e11e13

SHA1
41746785600006ed8a46db9d42f8c7e9474803a9

SHA256
330d8dd5087c6c8a284678b08c5248e0c0b467a9252fba18cc85e89173565166

SHA512
fc72643c46586c7102afb00efccad9fe9afa92a2342d51fa6085d0415951de53dd84c0dd171181354400a29357f4a7dab11124556534869b6af3d00cf82914d6

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
3b8a39be1f6fd7c5cd1b44c5d3768b9b

SHA1
07a490659ad491e776faf49a5dd7a6543de10575

SHA256
8d61a3b5e1a9034e4a49c8656ac92dff922337fe5938a01a4b574bfebb97fd5d

SHA512
72fdcc68ff909e71accb0855d8aafa8dde7e0e7eea483c5d695d735035592ce30fa9dc6ad910718d948b77644991fc1e1f166b6a851e779d90d855306eabbe70

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4fc1625da159bfbfcc7a181324a5b298

SHA1
77405260c4eab83ad0abdebf64012e2ea31874a0

SHA256
e262440bd02480af394b93cdf181a4a68f50ecb3c7ed429041e29330b21ab6d0

SHA512
0194d464000497b432d4ec27ecd238dcc66c208a57f1d7c269b0b28d006f1094f9866b19a6b63eeac93abfe38e09f14a9565f62963d49fd3b69825e38c98b346

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
34fb778c89f47ee5441d5485b0f49766

SHA1
2874a80dc4065feeec3f2e55391dc407ac3ad3a3

SHA256
aa8860ea3fe8d5bca2fb7a2dbe780f764b9476647a1c7412cc339a4113a6a4e9

SHA512
7b20ab47d82b6cd63c6ffded764b3fa765dc06c3e20a152a2193e29e2252af2096d58075e4b2979c70471722b47b8450a7677b269d5f4b6a85bf304306b2cfa1

Download Submit
/data/data/ver3.ycntivi.off/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0fc9424c6d1cf3cd54957e5ec47dcea7

SHA1
67b842de4e53a26d28567c6559509425d8a9c3b0

SHA256
7bdd5cfa88eff260541b526d35fd4c234f553f3c4ad27fe127b1e75f60f3aafe

SHA512
17e274080518efbf357da820638c36b3dd7fac4035376df3787689348fde7d5a1d193d541dfa718fd016944a080b144f8977db6781acc8af6ba65c88188b86df

Download Submit
/data/data/ver3.ycntivi.off/files/PersistedInstallation3232388894797971942tmp

Filesize
90B

MD5
02d8c07986ab3a6197b8e1569b84620f

SHA1
bab1cbcf29eff4473e4e61af4baece879eb58d4e

SHA256
2304661a756aa3b2231620f2bac52e144d2bde0fabd966c9c15d9b1aff6af1f9

SHA512
b4589ef524e69ad5bcd8f70adae31b238ce0b1d71746196e94bca054bd6d85bd2ff607d4e416b577946658d667eddc890d3049e092d8609764775a66ec2c0035

Download Submit
/data/data/ver3.ycntivi.off/files/PersistedInstallation4705963715496480494tmp

Filesize
569B

MD5
21a7a000fa96d430cfd1d2cb295ee906

SHA1
ebc5ced7dc9d28067728b9abb66b517a43b13c68

SHA256
2e92f8765b91e397d10a278611868cc68bce17f3277ff88ff52ef6773415980f

SHA512
6513a158014fbbaf340b373422d8c212fed7aa2a08da95109f74abe90b6531300848cd50d355fac71b6848d28f176c1bc6131a4ab1e414e34157cfb4c2fc7705

Download Submit
/data/data/ver3.ycntivi.off/files/frc_1:692330584196:android:68ea9f0c920aa17904cad1_firebase_defaults.json

Filesize
96B

MD5
ae965abfed0bdfecf32fffc8f6da879e

SHA1
6469f81b3f152b6319529c7d19713a42c30e2883

SHA256
78325d25c7fbb5f4142360897a6defd8d8a63b2d44791e38ec25da514d39f1d5

SHA512
08f1445bd50548210383325436907d36f1a7e06c3f6f584844057de678f1d3a0a5c75817a19c4b477c8ff6e0f2ddff23c4b59cd0955614b3e85d0bfaea249925

Download Submit
/data/data/ver3.ycntivi.off/files/gaClientId

Filesize
36B

MD5
fda3d21e55b4447c17277f20987977b4

SHA1
50baa61321f1f11beb41867657f412e3b2caf8a2

SHA256
b7a8d581b186ef8f38a7613a4422b984dfe7699157e679ab38745c668df8e592

SHA512
bf867c7d1f7341ff1bf7547d3fdb117c27e2876cbd2eaa48a81d0de8971f0db10f72b81462ff910ac38cdb21b2fb1ec07a704848180c78c4ba3e9461e1102eb2

Download Submit