Analysis

  • max time kernel
    130s
  • max time network
    150s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    01-11-2024 02:49

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Makes use of the framework's foreground persistence service
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4512

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    2.6MB

    MD5

    14d119c585aa69bc93fd850ea385e139

    SHA1

    3ffe4d25d73df06b1124750ec768c8c5895dfa55

    SHA256

    264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

    SHA512

    82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    124KB

    MD5

    011cd6a11afb071cc79ef5019e0548e2

    SHA1

    06456658c8ad8e29492347ea80b83b0cd1dd20f0

    SHA256

    9b72e53428efa4d1b97f3e59a765390e5116af3b6be16c645a61a8f96c040c97

    SHA512

    ad7ef191f6be037bdad532e90c4e48c152b6665e720a640f4bd7ba35801d91b5730f131201da223443b0a964b8bb815c719ca7b6344d8d1ae5655aac4ce16d30

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    e5da9b706513f7d4ea6b514c5b306b08

    SHA1

    7339f93b33574774a956b520c27573b12a996cb5

    SHA256

    4c181fcb67c9290b14000fe201ec16e69522982930d9b01308e7189c4e8e3d77

    SHA512

    6d4eaeb0c5e86f52b485abc940cde7cd8c4bafb351e6b0d75cd4ea3ff5e86a97f842482337feffa8a6e35326aa4b0c332115faeb909275d7b0a81a4547806241

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    030c24f0650d357a813b85ff955e067f

    SHA1

    34624925b1ee5e543a9f41136328f358c038763d

    SHA256

    12f120aa66c75b87b1924c7c6a6b308f8f2606fd7293b6135a3e7f12faab01aa

    SHA512

    4f18dfea0b274193948e1be0208f8743bea7ede90fc3f765ce1f2d5b9a285e183af5364997047811c6f99caa39f6a9391abd38631083a56b999920512dcc44fa

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    8f936e59af6e6f4a4649a78b1b3e082e

    SHA1

    0883bf47773f1ef7dd1d9240a88ffdd77095af3b

    SHA256

    3ebea23ae2e14df2ec6db46e2e6fc16d30b60827dfefcb1512a3329b8de7bbad

    SHA512

    9c0df552eed7d8e21e4b33a59eacffc228250cd90f9d3c5ffe5efab6ab5531a88ee559bbc525a43f6a04478cbbcc373107aebdc720cde7bfd5ab20bb47ef69c3

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    5861253991bd633fa53a4d2c94b8c74f

    SHA1

    2f2bf11d8abac7bd6af5c41f1da10476b3d09148

    SHA256

    00904beaed35f989f114ed89a505fa32099d009dbe2c0ade461bfe97409c6998

    SHA512

    b0a039618c7d33bc91fae827a98c9d6cb16ac5b6d9f0c43ab42cb99c7d2164a28a03b2ad747b26022b4f21d50cdbede1ec60432bb785d966faa19d2e405578e0

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    caf388abd4e3b1bee3fdb1a9af3d115d

    SHA1

    86ea074a01e2ace1a120fbba4bc6ae7e22850793

    SHA256

    b81267bfbb124d02308743339a3e9c0c19ac2eeb79a416cf97cecbdee6cc64dc

    SHA512

    5448858f587958e2380f7e2309c81d6e498cb5dc0c382267475fe2f187cd3952e3846bfd0341e29db65433e4d11ab3711749b7a6cbf87de22f2761a0b1117420

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    70e829a7775c5e4203338b935d4b083a

    SHA1

    ad0d87ad49983d4bc2d2755ee8fdc9787934a735

    SHA256

    674c0499ad0557be56d92e42711e0439b8cfdc6dbe7b61895c85783cb2734112

    SHA512

    91bcf87afd848adac30f3f76fb53f19ffc5f7b7b2be123dd7007f98269f4684dbbbbd37021fd65b9f7c114107edc32b2103506e45b266eeb9a22a2430f96d72e

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    b1d2bbff8377443d0c241c72f95444ba

    SHA1

    45cff2dc74a4c2da854d1810e3bce90966e25519

    SHA256

    5c835217b2fdf318dc6dd9a1d5a546bcd70ae8f1df1262b850338d9322ce9017

    SHA512

    b90af63ea2719591cd70733f4e4f51f20d22446e5433580798a3c5be82169f5541a7606c441b2b787c001814dc4a96f2f7a4c04e568f20e89e39e74799f3f4b2

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    d5f02883677336746d341e208acddd8f

    SHA1

    7bfe0f8c621b95308a913afee6a2465cd9232d71

    SHA256

    295402198623dfaacd6061b9b177dcf478791a808285359ca8168ba472880b02

    SHA512

    8124c3244f6636f7b4353db118ff9872ef29159527a9119aae44b885c2d0bb5e5f96090a12b02cfbef55da669458f979322b7fb3b1cb931913cec5ec948c15c0

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    5aa29f4084b04878ce3d49bed9092c79

    SHA1

    c1c12a8cfe51635b95f2708e46ea1b07d1a36177

    SHA256

    a7586ee892623faf4b01c9646e560005d5bf8276ccb63787e44831ba1f2276da

    SHA512

    86eb311e8871b287ea286bf89999bafd58df7111bfb6321c8e2e1bf59019a2ece35683c96f7c244f2fa7a1a6d8b318ba0e31ea052b6afa5550e7d1bb349fb2f6

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    0a0977d6b7524cf73ddd3e1cf27927d9

    SHA1

    e55f7da444c7f079c59c3af66299afb5e62f9495

    SHA256

    491d0d6e3f0d2d4a27d61134b9aa8a71a6c3103abaf0c8f21cb8cbce75466055

    SHA512

    305baad3a5960f1716fe7c4a6f3f32551496debbb83831ba70472ad21bc7ec04dd06fb38312812d6e0eb6826426d2169671b4c7a556e33378e390805504c5daa

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    d78bb81e7508af7d583f16a871729b6b

    SHA1

    eecfbba56e591c99d796fc2e85ccc9b016a1d4ef

    SHA256

    105e71c2b8922e8606a0acad789cdb4dc36ef6c01a764364e4d4512ac4a88d8c

    SHA512

    93c54653a68406dc59b17736435b0ea53a055de82ac9f65c9efefed4fb4c4596e30de1f2cc962a3afbdee11283b75732989626f0f9ff5cb157041c5e4427dc51

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    4e82cf256563b75bdc46b358b34d9c5e

    SHA1

    f648e881385bf8eb5898001191c338df3f0c6719

    SHA256

    2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

    SHA512

    3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    4a3643167ef898cf2466fd0ce825b791

    SHA1

    b6814d318a2aa84eeb9ad1a1eb7d04242e897f3c

    SHA256

    817b8e2d613997820bcf06f0c2e152ed7d2a1960909f989700df4dbc7b1ab8aa

    SHA512

    13e9abeeec6d55a9b19c40eb29648c32664d04b64f538e78f6a15f1ac71e308f4c48df28d8b226b3a0e341e1f76106f6d7f504c102cee0d040f2531a3432e63b

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    002c0d02b218acab367568ba81432d27

    SHA1

    4a8d965fdf8cd4e0396c88437f8347efbb9ec133

    SHA256

    a346daf0925a61c2a2d060d355ad8176478b93ce9cd7b6428e5ce5bb993085eb

    SHA512

    71b7ca855bdd99fd5a09743c270e211b6d03d994e7e0d10eec7619f227558df9a07a1d86f4793939aa7253aa85ae6f89b09667b4dd89a73332e98a4059eac644

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    7f190090419c123c8c060b6b6711a518

    SHA1

    bdf4bc9c223f12ffa59816cf7ee591f25394203d

    SHA256

    08e6ef389d22d705d8d66930f0f9da340229d1ae037be488f1c8d48471f0c3de

    SHA512

    552ac3cc8b74052343e73d18ab29b648caac46a712b7fa2cfbc685fadcd7fca72140f6c73237ea40c86323d65aa34652b3e929bf651785977d4ce17c5cec237d

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    11d78625351d6377b1c3be9770179ac1

    SHA1

    be59c8522ef51f4337213b8e372c18ca9f758e9b

    SHA256

    1d0903cfb8ed68bc4fc2edd7ec7bb7c3b01b7c5ff573ce28b613d3d892feed97

    SHA512

    a099072a5b4066687f8f87a20916c8ac59189cea72ce8facd86e699d9547f97f6703e166921a4549bbab260c2f39abfe497a44b113cb3d9733c22d8077aeafdf

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    610bf7d5d05945bfa1bc4e609664c511

    SHA1

    0d4a40d64e0f9d86a93375cdc320ca68ae3a9665

    SHA256

    0c274657cafaaaa7429dabc2c6534594cd178dcbff85efe2251c9d22ebb06567

    SHA512

    ab17920ca68e188327f3ea7c263f0aec1a3b52a83f47a1611d105449688d867386e9d1f9235992cc444cfde69cdacfc99af28e262055bec005f96fad05e4ae56

  • /storage/emulated/0/.am/log.txt

    Filesize

    181B

    MD5

    fbc11b9419ac688934cf2cfa28af4dd6

    SHA1

    a79c3e8ef47f6c3bf5ea07f6b091da4a84924c27

    SHA256

    48bd1249c801ae0a5097f35656ad7b414a4fbfd8ebd5c0aa8dfba5ff6193a1e0

    SHA512

    9981eb722b0b3383acde8543c2406674ec9c4b9e64e32a894cad23cf6b641a4b83550d600e318ddffd8b68595556155b825f6442de8385def04b6fde80f11004

  • /storage/emulated/0/.am/log.txt

    Filesize

    128B

    MD5

    137670874fb1210b0c33ec7cdee2dd58

    SHA1

    5701d0e136c7c9471094500c09f70d432c792b5b

    SHA256

    15bee8b26c33035cced953dd6656c57f8cf84284e59a0717b43238505c50e250

    SHA512

    feb234035d84f15aab37bdf16ff39cbf9c87802e96170e7ac7e4eeb5cec34ec70cd8e6ce1b68be37ed20a6ff08cfb036e67db65dbd6a1e0595204f43afc18ca9

  • /storage/emulated/0/.am/log_.txt

    Filesize

    22KB

    MD5

    1f668c17977fbb9ceb21fb42dc95bf31

    SHA1

    4c2189ac9a81138126a48b45782fe781502d43e8

    SHA256

    4f1e4de128c5b2642bf5456b10a008e2592ecade2711c4e56d788fe193cf7de5

    SHA512

    1613069a138abc5394b3c355fc1014f6c3769d2d0ea00bd17b5bf0bba810fe4f20714ee63b2e064af1dc2fd6c46a2621fdaff7a5468d5a30759d328b5da9f331

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    1db92f6491d7ef4112e28c8894b9ca0f

    SHA1

    e0c64332c5866ebd381de239952386fa7deeb8b5

    SHA256

    64da4c840200ef4e1ecc0dd0bb3cd5bfd6813084c556bee99e3d4ace91d83175

    SHA512

    8cfa7570445f7591107c9768e7ea0da63011110304d14631ac8c64771f18c48102d8beb729ec86d59d9468029fed80b2f87b75de1e4ce9d0d879577853d06f18

  • /storage/emulated/0/.am/log_1730429400925.txt.zip

    Filesize

    220B

    MD5

    0f7a428fce93c92ba89b4b4fddd669ec

    SHA1

    3c06f25252da6a3bb99586bb54f3d4e7aee31f3d

    SHA256

    5e1f0160410c9a0db62a4ff6cf096442c0a01d515f3e983389c6993385cf01af

    SHA512

    f3c41711ec7c0c9baf30a7bdbfb75ae5cfc65e1da58ca675ce32a160ad85a65056c333c94d52229986cbebcd98b2ab1eca5d2a9c5fe3b064e44cc349490ac80d