Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-11-2024 02:49

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4262
    • su
      2⤵
        PID:4300

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      89a1b65a3b96f54a322d5a69dbfe42de

      SHA1

      bab998a814e0f0124d54c0e7751e976a9910b144

      SHA256

      ae2fed9bf54211ff9dc1dc7c5612bb5b81ad48c7511c06914fcf3e4e54ff9592

      SHA512

      13124e900245cbcfb9c75efac432fcf9ed61c0b3819f4f8f815bb213ef26db400514f6a63d0cbddda67ea94859c0346495cf75930ce8ecf1315fac600875c580

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      01d470fe3f6bada0be9821b3b7b2616e

      SHA1

      bd1f25bd28ae3e044f0c8a48168f9357946728ff

      SHA256

      fc3031d94221004c2073f52eb1c5291be8bc6eacc251243749ac647468299250

      SHA512

      bd2ae96781fcb7171964d055bf6297809b2df0d7cc82deb27f671aa6350aecebbe7aeef8ccd2e5a5070f8f97740f7517cc4746cb0dd0354c120399d8c36294c6

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      119d6e60f5750f975f0bdee19586fb94

      SHA1

      ebab47b83071be336a1616d74ac4d41b1ba82cd3

      SHA256

      b0c38d78707db52eaa43f0c0b8df4333c2453bc931aab88cf56a82ca431b33e2

      SHA512

      950fb89d8e91e0ec2e6d0c641d083aa4691fe638a56318d9852114875c6ce09ca14d96701685033644b74e91ea5641c41718abf1d5840c43f530e5c1aa3380e7

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      144KB

      MD5

      4ddcde48b8bde00de9549701f39bd51a

      SHA1

      a2e33f089c12b4f2ba06ec3d0ac1413f4cbcd031

      SHA256

      852f8f88b754f96d3e972b17befbd71e2e2cdb7bf24743893134f033bae823bc

      SHA512

      9b5d111d924a28c242b4d67699a8df99d8df3f45a6fef3f2155c9ea89c034d0cc7b79719ca9f11e5612e37f7b274ca5aad6e668651c9af6baa139951792b7d16

    • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      510b7bfd76671cc5fc2aa6e2abe48ab4

      SHA1

      06a17af593f7ac82483fd518a5fa08474bade962

      SHA256

      473a5dadfbc794937a2b51e876c6c99179e4a5efa1080dfeef3ee0c11f1ca060

      SHA512

      8a53427bf58d68c24cae824bbca638252fedb128df632940c72dedaa4781dd24263f90ca090959bef800a5252a5e5e63fddbed6ffc09f9e0663912aa4870d5e4

    • /data/data/mbxaq.yntvh/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      cd951148e168f49815bb73795cea7269

      SHA1

      c457c9a79adc6f3f415dc44ed630818b5ee76b7d

      SHA256

      985b0e3a5a1c07c5dc271af721b99860697269cef32d94f3db44bd85f509e8b6

      SHA512

      2815257498e5b3bd32444cfd955b33a85ad2517b928e69c85788d163533486b0ba84ce229eceb4a6923bdc8f2f10679b0554ea28d7796db9f198c83f315de7fa

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      c08918d208c53bfa0348e8404a53deb9

      SHA1

      aa79c85e89f14bdde04c06a277bf36d65fae759e

      SHA256

      eb6e9711f215166ed51c7c957185dc4d73f48efa1704bde3c4c08064a1a58c30

      SHA512

      b5127024c9104de5cdce9579d3988edff1babe87349e00fbdea7a6ecf28b53f7653e376d7c61ed076c261096c80e0ce0c5f873dd29e06cb310138a14ae34ddf9

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      09d74bea4b28ea101af16c4d994aa737

      SHA1

      93f7cdd6c14e113daf98dcccacc9d23d7cd3b00f

      SHA256

      fb3e487b5e32173d3fea999f3fa2ce5fc956a2dab44f38f90c20a8905a00feea

      SHA512

      c56f05ce352e31334e17a32ac70669992b707c231bdccc7ee693d4b12f1a5d00faf1d60dd56563b6e68d0339ced9ea67c741ed37b317ae7a50ac314c5aef220b

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      9d86e1b578797f8eb53faeb32c186ec6

      SHA1

      9092bf8053d9c34f3efa403a96bd17e78fd87c44

      SHA256

      a737fb89ca932f3438752c3da6ad778cbb1baaf9789bb6510984cbd271fcbc97

      SHA512

      95beb1ebf42a2c25d9a163b40e73f1902274989a3d49f7aa2157270d16ba5e2d61e20968a973d31dbcecd7e72fd733caf598f0b7966f5049b5f0ae5f670afef8

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      a49514a1b0066daa3539afa058760c66

      SHA1

      baba793451483415bd121572e925841511f8ff22

      SHA256

      5599ff34abf3b6383acba4c06e4a54e3643258347e3a60cc06422522a4c49d15

      SHA512

      59ae9bdbce1b9aa3f78acef6cc6d4830690caf0aaef9329e1372504d47d3661bb4b0440e65eb26c00b0f0046bae8192d04b0d24110b0b09d81a5f6ddd16e0a61

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      7284fe53e5d73c5d20813cee53911a90

      SHA1

      4ebf74db58a3a725df32959508de82f8983812cd

      SHA256

      46be7ae54ac1bf67b00252a2ecb03d8631ea9234d91567060da0b20357bf377c

      SHA512

      33a4927219d2fbef7f705bcef3052ac022ee47d70793305e0acac94225eaab67ac2b03e20ccff2d43e6f9f6b1ab5fafef234030adc49ad5c54344e5dbf49363a

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      4e82cf256563b75bdc46b358b34d9c5e

      SHA1

      f648e881385bf8eb5898001191c338df3f0c6719

      SHA256

      2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

      SHA512

      3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      a8b9baea25fb9865c752b5acbb7704ac

      SHA1

      712513930fe526f118132cae7ca8f9d8f0ec4be3

      SHA256

      67f80e069dbd00f4bff057dcc58b6a0d27a0d7507b3fb297dfa86078430c2695

      SHA512

      ff1ce9db0250f1bdd3ec6d0db11e619627feeece6d16f262eaed9384096bf2d0dc8c79db9d0b74175489f95475352ec76477206abfa0907c2221877fec94ab6f

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      a03761dde4e8217891a914362548f058

      SHA1

      ac362db0160e6ac02faaf8434f0ecff8bfa34222

      SHA256

      3ba6dc0321d89e499f64e354336b3ecd652da407b5811d101ff24466eb13369b

      SHA512

      b3d504fa044c8240bd4228d01618b0c8674c8579894715e842ffb66af409ed11d92d32a7ddbdfe19a33cead833352f0babbfb69f83a304adaf3cccfb4ce6dfb7

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      e8aeb4841e7aa3c5c5c1a1eacfe153a2

      SHA1

      2b99a98ba584eeeeb15c1ac145d889ad8e4707a9

      SHA256

      92e47183439b1d465ecd59d3d36f63d4c592ee2a8709451c33d4de13fd2f03e7

      SHA512

      eb5ca295361bb7c26e9b783930941da9ba8c8cb9cee4235019300e5ad8c007d6c2cc91e4eea3b34d04a6a9949c2b3bca67dc5a72442d6aa8a2ca3bc249a8b116

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      f72adb494bdfa4cd66a5d679caf371eb

      SHA1

      aaa45b76e97164e0a957ba3e4027e4ccb8b2a19f

      SHA256

      c83ce5160dbe5134c0956fe79ef6aed542d09774efaa0b2f534127ebc918cdad

      SHA512

      1e56d01f51604110d55c1ee99547152d27a91f9882585d7b8a72480f044d2ad3e05027e5ac04f52fe20aadf065af61555b7c85114ada0911b778458f23fffece

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      625e6eb8186feb12fa2462b5daa66954

      SHA1

      a01c6095f795d628accdd09be319d890580fa6cc

      SHA256

      caebb9b8e9aaf3c9b673510a6341684916f02e117c4ae1bfd11e4590b8c3b4ea

      SHA512

      0bcb5efcca6eaa576b9141226a9f16614b43d9cd08cb5c5dfc14a452812e648c5d0a225a695c4b0957226b773de6d94686857e2308786d2f1a4d4383aa7ad0db

    • /storage/emulated/0/.am/log.txt

      Filesize

      151B

      MD5

      90cc1b5ba3b0c7fbcaa7f55d1eee6298

      SHA1

      83fda108d2b228d415224de7281219f8867bbf87

      SHA256

      6c5af3596eebcfda7cd29e41d079e16d2c066c47420fee4d641085d6d6fa3352

      SHA512

      32e83c71a439ea9f64f7b139c2057c960a6b6b530d91df2577f5141a45fb47a8537d67255acf21878ef0d72f7d5d297e80fdb731511332a0e84b802f4bd37e71

    • /storage/emulated/0/.am/log.txt

      Filesize

      128B

      MD5

      7a15195d2b3f20e55013f81a0fc6bfbe

      SHA1

      b5b0a537e534f0f68f457a3614163dabcc80ebb4

      SHA256

      3db32a188867904556be61a284123aa7bb6e89eac608212d0897e7d5c9a76792

      SHA512

      a1ec2645e03acf9bb522a07fd42b40deef638d72e062c0ca6bd1da6105403553441515c34491943271629b20edfc51314ea66c883bae1e6a2a420bb1b4bab68c

    • /storage/emulated/0/.am/log_.txt

      Filesize

      25KB

      MD5

      4bbba60924733f37d2c9a605f28e9b31

      SHA1

      1a24818a83f7e48ae0190386899a8c41f829f875

      SHA256

      20ede7ee5de4eff861a2119716f7f8c95bf9d0933a32d50fb911993c0bc2ce07

      SHA512

      f2a3666410fdd4dedc17244929b603498a5c755c80cbd8328ce952913a2ad16284df292205213d574690a250c25298f1a66f395bdb4b4014ac9b0f2de35ebc52

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      653ac6dfa9424e0153fa9574e58b7b94

      SHA1

      5e1d887236f3ddd9a02658efdd9d27ca40c2334b

      SHA256

      2ca44a9523faa6277a689f56748fd76f69137eac80535487b06266d6d688d7e7

      SHA512

      e335688b2cd2e5e2a4bf7d49c905a2711c8f533a4db69da0bcb88f3d5acf48bcf07c205a0f1e6fdf54cf074184ff10e6174d46def7951e192e5977d4fa210662

    • /storage/emulated/0/.am/log_1730429405982.txt.zip

      Filesize

      220B

      MD5

      d4d7425699f28d342d733f98ce922a9e

      SHA1

      d67f32ce316314e4f2d08e6243b46b6d48e8628f

      SHA256

      f845f6937b7956afeb64753a52b689429c18cfd10f65a6d66c3fbbc0c4fd7525

      SHA512

      18604465ae12aaf9558afdfcb34f0d20dba113d315cc8cf8333e4d182dcc3a9b6e7bcfd61ac9d2b9e1aa551845982f73b355bcedb07e15a85c3a0e34364e6779

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      66B

      MD5

      e7df819943fe4bc4d546430c0566f5bf

      SHA1

      ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

      SHA256

      81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

      SHA512

      5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c

    • Anonymous-DexFile@0xcaac7000-0xcad58638

      Filesize

      2.6MB

      MD5

      14d119c585aa69bc93fd850ea385e139

      SHA1

      3ffe4d25d73df06b1124750ec768c8c5895dfa55

      SHA256

      264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

      SHA512

      82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

    • Anonymous-DexFile@0xcad8b000-0xcaeb64b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87