Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-11-2024 02:50

General

  • Target

    am.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4317
    • su
      2⤵
        PID:4358

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      9db6498df49cb68357adb5b06a218e9b

      SHA1

      2d651db3372c39b3738aa786832f70dbfa711259

      SHA256

      4418c2a3a651d393459a26c64e0a89dade25dd6f7fbf0e68b1819937f91d39ef

      SHA512

      96ee2f1229c490b92e825495ec4035c50c27defe45ee8c4b156056172e156647a3776dbef56986d31ea6a71ae3ee8f96cd988e4c6548bcb11898faa8abd986c0

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      72dc22693ebcdc7b6c0cf2a8ba942836

      SHA1

      2505a3c1160631540c24b23d86bd7ba09d7e9c4e

      SHA256

      aa1a01fd8cd755e593591014ec2bf4009feb1b0dd029e38d03cb6ba2eebabc4e

      SHA512

      279b9430422643b7af3a47fb72baf0e85e82826b82b54cfa632f8b0f87f744ce09f44f8a69f5580f4bca9ef7682fc9564f221758a02419f9b942547f5e584822

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      18cfee1cbc68f8c2192993ae8fc1867a

      SHA1

      d60b355518493c462c61687235d351f01893075e

      SHA256

      fbb972e49e0e11e021605344f87761392e1357d55ed3397b5a3f6bd0ec34f64a

      SHA512

      1a0f10280bb36cb53f4da7fc5bfd942f7d7530e4f02d87d766e540ea935a36fa7b91cedd403ecd847cc5fa700c9eb5f438a6fb7f038cc6e21b756efc20f9335c

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      144KB

      MD5

      9488b850607248a092930f1343a9efb6

      SHA1

      4e7181e7b82a6212cd73060708d793d43ab72d13

      SHA256

      45fd5e46cb2715a5fbcad5b24878c395582ad92edbbd04023ab6bb9ffab01747

      SHA512

      36da0a2318f4872425abbb883d20b7471c5c8889efd3544aa9709be6dab026fd5b47f3ab462bf60c693c850914d062264c5ee2b7a78cb4e6b4f0f73143c0c3d2

    • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      9904b58f81a39a3bdd126ed098f72c33

      SHA1

      e8deb03c7d26fd6ff2181902816f58cbdcc8a0e9

      SHA256

      3c69b129dd35ec4310d54747fa53c586cfcdc6b5e6a99bfff2c3176eb1408ae3

      SHA512

      95a0d0b151a9dd2eb8b5be7f0f8700f92d0911efbe38b774ae6055a4e1e8d2111957032f0c17071dc3fe129b5950fb770b6c741807480ab8fab585765c6df5ab

    • /data/data/mbxaq.yntvh/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      47f9d6816a484e526a53bdf4b073a4ce

      SHA1

      0ad435fd57fad78daf0899ca3d4ab0a5d25e49ff

      SHA256

      e68c0de900a16e8b3994da391f0cde6c82038b7c954e4386431dbe84d6c25985

      SHA512

      33355bc0b3a081f84fa09958c49a6df26fbf6475eb2aac5484b1a38696775a291ac7aa93b686a5b2641c6ae162b79b350562aaef4c13dde15f64592e4296e72e

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      3ee73a322f2eb43d1961e0773fb53199

      SHA1

      3974ccf572ab7a0c9cc56ec5413f727bd4192d65

      SHA256

      91218a70caa30e4310e211a6fd558003c43f3fcbba358d31ce31420f53e61c6e

      SHA512

      5dede895b8b570e060d488c1ce9dc369719d9f37344c89d7f2e0d75c992f1272db68bdc333cb6ec9a50b81152c6bfae82fab4ce34ccefc40a98a8d2bd1c4de50

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      8f0e91826cf846f3ac9bbbce793f5f92

      SHA1

      2541a59f5c063d7d841a35bfa196db43bc8b3a89

      SHA256

      ee4d981959989164106c0bd3d787be59a4588a8e461024f47846bb21119bf30c

      SHA512

      86bf6f4f2d480339e87254a3ef2d91b65d0f0a006150eb6955f353d0c39ca21dc1489a52290378973ec13d15a82d51e73d67e30be73ac2b57d15e3222c3a77bc

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      5d01eaa15f112b881ed46c5ea693fbff

      SHA1

      0831de58554b0f27a723948d4a9d996c6a51a13a

      SHA256

      61d918174b87de9a6a913496183cda8404a1b1f78c74d6f371304276db8dc4e7

      SHA512

      b94cee3c7b2d9554a0f7180c4046c18da4a80efc5fcddfb4da3188b71182bb3fa0c5eab1ef91a3089ae79d9dee0767f22a8fdfde8b409595414dc8e9b6095c3a

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      e1d54280cc551caad26896501669c62a

      SHA1

      9859bbba7e81ae012a676cf4cf7409ddd4e1918e

      SHA256

      d7b6192e0feeb9dc060699c0fc9ecf65c0ea1a47ad409a358bb756bcee386277

      SHA512

      f2c58f14d22ff2e74491b8609718c83b750a60d64d1565f05af7a237f5d2b871cb739c2b8e10e321ebccbadaeb8b3442c04e8d87c2db58c1977c5da01a2c87ea

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      86e6447b42929b748bfa1df93824f0b8

      SHA1

      f846fd1a17741c4a7ed7d96ca18e2f94fd4845e7

      SHA256

      b33680d72cbab618f030c0cdb0c9dc8ab19b272f2306280d014c27b687b0724b

      SHA512

      391bfbf87febdec7f0d9027764343143a3420af23b3f3a15e90674455ce773057c1458b84f10fb2bc13934deebf7d351c20875ff9cd1ae38a43bcde5fb90fbd0

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      4e82cf256563b75bdc46b358b34d9c5e

      SHA1

      f648e881385bf8eb5898001191c338df3f0c6719

      SHA256

      2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

      SHA512

      3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      21cbcc15c66fedac88ed6a2434503264

      SHA1

      e946a65f41f2b58d1b75ba33d2689912bdc82356

      SHA256

      8b46395586ebde9954b55cfeaf96711049cd3a344860feb19cdc044875f778fd

      SHA512

      29bae134dc899cf3e13d1eff455c8e827c89cfe59e60130f45c9c29f0dfeda67dbddf642896e6091ef0f5b853eabd65731596c4d6e45d6b0a8bb1d979d4765e8

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      1cd09b4c03eca703fee0cc42aaca57ff

      SHA1

      981ec3f99dda4ebef466a1e208b61d2c3e259cff

      SHA256

      0c895e6b4d2b68c4f1332ba3790d5f273899077aad76b0da010acc80dd71aff2

      SHA512

      95c7504b3c1361a235328a9e7224bf1aba4afcf6acaefe4a32a68bdc490380338f851741d14fa7f3c670b0dee5b2bb95f4e4d99870afb62f5bd2b1b7782dc8fa

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      16e56fbcf7e4387a556294ac9642f415

      SHA1

      8cc21667dd0f52fc12f0917776a2007f2547dd1c

      SHA256

      04ac65613dad486567c41d6aee72b8140e1473ce62193cdb2d1a608d62b121fd

      SHA512

      0d307327097a3bb1c69a21208135e8fcede5020b9ba40ea987801c5736469189e23b8cecb3407cd841401c360dbd2522669a301daedb5b15f27b108ec7549b2c

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      027a724d41f612b45f4a08201a71a469

      SHA1

      4840a9e7f737f609e239bedc81b77f9865650527

      SHA256

      b4f1397077b18a98309cf58501b07feb60a32513fa26cd36fb3c3e3dd8a4aca7

      SHA512

      25721b6413d4d3a9f37083bfbae67e41af48d587da12d4ea9143fece1c413b972490d64b98f6689ff86363edc15d6ee3837b63c7bc1ed8ce201664abe133d3f6

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      c34408760922e93c66f9c546dd1a3cd9

      SHA1

      bbeecde554848e9b9db0a86d81f13c03f4a7764c

      SHA256

      13a0394c16bd2d77c18a9d2eef00af05cf2c33fd67732c33a50bef014e32ca08

      SHA512

      9dab792ba6c0cbe8e6803d85fddb4bef530350bb58e631047d23a58b738f8f7633d14f5c2a16fa4b1f882ce2870031407a5c2c2b12fa28915efe163b71bf804c

    • /storage/emulated/0/.am/log.txt

      Filesize

      151B

      MD5

      e8be0ea491b90327c37cfd5ee277a0bb

      SHA1

      271cb6c2b2b97703b503d268f318a66ea06a1c6f

      SHA256

      35df2db843a91ad203946312a5fa0a7b8b65e0d893e5bfb828f720cc3ab9b35d

      SHA512

      02ca91004dc756d60690f88ab9c931304d4e75d8f595040865e93fa9ff09e58c5bf33d12768da786deb9ddbe95879c6a7e7448ecb9ed62fcfcb5ee253272ffcb

    • /storage/emulated/0/.am/log.txt

      Filesize

      128B

      MD5

      a04e659cbed0d32615c73d57c0f84e36

      SHA1

      f72842369008f71d465ecd96214bb06ae665182e

      SHA256

      17faf4b77f3703b9ba635acc73b0354b1ff9f525095a0017aea215c88da1ea42

      SHA512

      0c5c485158390d45da518f713cf7c34fa544656554e3e0315acbb28bd24ec0e65ca485168762fbf09c038c77615beecb4fc8f2287ef5fa0c34f922af3d26255e

    • /storage/emulated/0/.am/log_.txt

      Filesize

      26KB

      MD5

      a2d9a0a49e20af85a2527354cbcd9e5b

      SHA1

      a9897291d56c99d6283921739149e544a0362f3c

      SHA256

      9229d50cdc9681473dcbca927b69005d85830f47757670e46df394d4282853c4

      SHA512

      d0ba82917a178d136e1dbdacdbd7788be98fe97938030dd63ff038114b4d7739812498f6e807d4ee55773a24f97925ec71ab1830d4bb6dbbbd59727cad7db8b3

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      3711fe607a5cac21e10fe9843bee968e

      SHA1

      ec698c8cfe8b30cd27029a01c6c2d18c162f4680

      SHA256

      a845322d4b656a8974a6b92f738c9583ba182a1aa2a66fe1e0a4dc0dcd557744

      SHA512

      767d7afd4339737eca44322d50cb1e53391d7c07574fff7856bd1a11fcfa0e040c3f0a65e1dde5c2d68c152b380c8804c62c62c2a0004e98187b052f04c06b06

    • /storage/emulated/0/.am/log_1730429423656.txt.zip

      Filesize

      220B

      MD5

      30325d08b208215d69af63644b219a03

      SHA1

      e67f8fc15123e3cebd4bf246920e1d88fe30c359

      SHA256

      741a831c7878ef4c81c5c4733b4b417fcc72de2caef9ab790fbc332bb813014f

      SHA512

      e273c441680b12d4a43ec788cbce71e1ca68ddd502e153a808603bf14c76f437bfa015ec98fd89d04717bc7db9eb219d756fb4b18003bf654271ee428926fa5d

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      66B

      MD5

      e7df819943fe4bc4d546430c0566f5bf

      SHA1

      ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

      SHA256

      81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

      SHA512

      5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c

    • Anonymous-DexFile@0xc86ac000-0xc87d74b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

    • Anonymous-DexFile@0xc87d8000-0xc8a69638

      Filesize

      2.6MB

      MD5

      14d119c585aa69bc93fd850ea385e139

      SHA1

      3ffe4d25d73df06b1124750ec768c8c5895dfa55

      SHA256

      264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

      SHA512

      82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699