Analysis

  • max time kernel
    137s
  • max time network
    145s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-11-2024 08:23

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4307
    • su
      2⤵
        PID:4346

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      4df8ef96fc4a5f94ebcb521ec9d55c8a

      SHA1

      8eb3366a1ee09523ea4ef6e5dd226986d8ee4dbb

      SHA256

      2b72e489ab2809720bb11e69b1b1c421e23b54bec05177ca7ab706e91edf39d5

      SHA512

      48067416ba929f0c8d1ab29406f4baad2bf9b01b00714b2306f4493f7effb46ebe9d6db8838684ba121af025107803bdbd6128d1c9bc3229f3685f0ce940004c

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      ba75f98dda3ceca0282b4fe4e3501f3e

      SHA1

      28ff2ff551d1cd381bc1cf2e7bcef1c072b2fc4f

      SHA256

      d0b15ada53230e69864713564bf82a073656794356b2cf9e328ee208ca8b24ae

      SHA512

      5f875cdacf866789276c7a75e37c0be8a2bf75a5e4fc924f9092988c15f9beb60dbddaf2e3cc18f94f2f904346427376675644e14e88f33fbfee0dcb21189767

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      dbedcece4175a77cad43cf97277ba60a

      SHA1

      5adb9759258779ccfb9d326f14b0ca00ad00f06a

      SHA256

      f0b90dc3866f7894f7a34068f4200040948f862db3aaeb40ef1d433eba6ced60

      SHA512

      51d9055a9142dbc624bf63c9afcf53854048b6f17d0ba8b1b2624c4810b35418a004c844811077ab500b663cc98f56509771b2cdd60fbfa9acc1f1b6e5aaba37

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      144KB

      MD5

      01a4a44994e0205ed89ea0cdfc86ef84

      SHA1

      2e4b55be92c5298cc302beaaf6b2ad4f3649c55b

      SHA256

      02f2ccaf8664686e6ff10ad5d11161fbc84c58ab8eedaa9d4ff6bc992e595ec8

      SHA512

      61c07a850310e51ca84aa16763004a23958b2272fe35b6f8f1bcc0282133c2f0c80041eecd3e6a05c79647fbb3cf422c5bec2ec8a166ea9aaaacaccb71ade312

    • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      6bd9c3d175c83f9ed7a1db6892ef8280

      SHA1

      c31e2e90abd4ecf08282fc1b059798e18a031d4b

      SHA256

      18daa55b02c41d8c3c20a8e650995654ffabd4288175d85f478cd5a912f62626

      SHA512

      f3ad13eb3f73401e98c377db695c60129b3d4b34f7cd698f40b44661c0b3a85d73483b955a9508e070d8cc0a49299d59af1743c8b3d094ada963fef1f052fb68

    • /data/data/mbxaq.yntvh/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      eb5327ea5b157d0b2cf3b78db96e06ab

      SHA1

      b4a562dbd64b54fd46f001ee33d021346df45754

      SHA256

      7e3823842be4e3632d6440f410a204b6ea243864b090b93c68dcf23e4ad9bf97

      SHA512

      7450e970eac0b9ebf67af7c58d5d36e3d5413ab68a98b1b1c6f12d712172ae2261ed58571c1341fd026305c1ac7444054cc2c4c0cab8acc7f7b8c643719d9f5f

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      cc43335b05965c66f11c1a12422c99fc

      SHA1

      a46edfa0ff992d5c7e135bd5a2faecd36b9354c2

      SHA256

      02b1b44f4f582e1c125852f9aa4dbcbb337b2a06438eaa2470ba7f7221c73444

      SHA512

      92c2714da02ad4a4e252128aae56c8d0d47afcaf2e43e36e9c2a1bbd3a0670dbb561eaa018eca0ecfa3e02117382e6b20849fb700372a754dca158f38b9876aa

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      69abe5bc50561540114b0e894c258186

      SHA1

      bfad29a52a34e95d010245c4448053cc9be25931

      SHA256

      8204e2c6ec8831eac54ac3846bfc45fe1c670311a1069830d1ef56c2391bc48e

      SHA512

      609999fbf298a40c22f22c1e6e1be4952def0d737066d75572581720ea467a90b63230fb29c02e19dc3b7de400819eae12b53c9084f81ed6571f5749d314327e

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      f68bc1556adfa54a6d4a1f3496151e52

      SHA1

      ec434ae27d33452e45caaf59dd2fc510f05f09a9

      SHA256

      b8ac47fc237ee9cbfe95391b0559d61acf0ae9cf572c79182575b0d6c455c437

      SHA512

      4e990912148574e9aff112d411d4ec6445cfc47c8e5b28fde0a8be273d0c0f8c1bb3e5b199add28a45deb2ea7cb383b40969fd0a962934cb5d9b7a6fc489daa6

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      a7067d6dff4c8cc83d6051925b0a722d

      SHA1

      85420ca1c85b0a7874e42224eec56d1be3f3df12

      SHA256

      5392f58c4cac0d0a46c3839861dd9e3ffe750118e121a4a78ad70ca11bb37be8

      SHA512

      764387b1b512e0cc213c896671fa6c4c617513cd4875122d01a2de4381e892a63c64c0ba537d173c6a070d45d379ef31bccfc22316e122ad7ce37e684f3ec4ec

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      d2149c894eff9e8d4bf134758ef43275

      SHA1

      32858244514fb15fd06397cc15dea11ca97dfbb6

      SHA256

      79ee27f752a67f461c65ec7bd39636c17ccc12ce6959ef4fa21fbf06a7b6aa6f

      SHA512

      e6f0fb23331a053e93afb38a036efa6096ea9d33e83d2cc7f5d4f71f46ac20d536ac20e86c5bdc76a751b2a273ca912ee210d8638f4c35527e3ee009a990e101

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      4e82cf256563b75bdc46b358b34d9c5e

      SHA1

      f648e881385bf8eb5898001191c338df3f0c6719

      SHA256

      2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

      SHA512

      3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      b8975b0e5ea9e5d69fe0fd70c376739e

      SHA1

      81a3581230a3a2123dbaf3f1ba6833b67a8ec501

      SHA256

      4f7135ca4bed807428ab46ecdd2d3c8f4f34ab86e99685c02aa2c4421c27270f

      SHA512

      1d661fe5d56d1fecf8ab3f9e5d6ebda6b0561e9b62d90ace0013cc11dd3e6f63e5f653039061fbd0b400e2b1a72653130e8dad5e763b85c245af0855e1118ed3

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      2fd335e78e818689ca415957ab6c7022

      SHA1

      29602afecc5ec280ce976e65bdb4b8d9a168c2d2

      SHA256

      f0f8d83c69641c5ea09f5ad865adf6a40afb79d195e401342700d3f7d814c4a1

      SHA512

      9e8261905da58bf6215a99f83a865faec7af33cab727b07509e37b005a5624a4924f42192fb01286fe954937c948450136a4308c3edb1f90364f254d8847aa9b

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      22129498fbad7f569161c12bce4e720b

      SHA1

      c83b493f23355088d4e6977b69b02c9f67c5df82

      SHA256

      1583afdfda2db2c740d4f00d2c021e3e84cdca89fce436ef4f0a65fc03adb0d0

      SHA512

      4d0e89badb022b8a2007dffb54b8c2bd00dbe908aca2d87e3cd121af9942f071f5a73a62bc22bfa0ec79dfde4f3882ef30a6f4b0fa3b3a8d0ac0fa83d01c3403

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      3d2a2c5ce1683735005d5fc9eb326a52

      SHA1

      aa63d786d559c4ca7a138389eed6a2371dc8e04e

      SHA256

      cbcf06d0885eda0f23f3b19e50994d0d73e0d7a985d4ac65d95a556dece2f356

      SHA512

      b3f69b1a666d06c0ec4fb10da7266ea4dba01c2b244df26478c9148c28df748100a51c059a0c6f27fa70b12a6b9b42c53e8e6d9a94c276290341104dc8f55053

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      d84e5fe9110733ecd312226ccc30d7a3

      SHA1

      a95a5ba6b0b7b40dba7a9b95e88f7113817b0723

      SHA256

      ec927480153eec4d7906b6f94ea4906e1dd3bc529adb643c3f89784c0e9f90cf

      SHA512

      a8dddc952084d94130ef779b8bd3979b6fc83d6666c119d3a349edbc96c1c5f9eb7fed36c9a15993ca0c10a083e29957d3395d970c6446587a33c8c84fa7f960

    • /storage/emulated/0/.am/log.txt

      Filesize

      151B

      MD5

      77cbeb3f9889abcf4912c2325b1fb932

      SHA1

      e8eea1d3ee1825d60d4b6836d1ad53cc60cc82a7

      SHA256

      acc3c68b32e9389f9ac515c04f3efa052962cf59c7dbcda8d4d0dd345a873970

      SHA512

      013a4ca8569ac22140df5792ea29badd3f9e06e637d748f9adb1f55287967460bf5dbff6ae639d9ad54b2683ede96fa377e231fa2a00c5b1fff5ddc628801c46

    • /storage/emulated/0/.am/log.txt

      Filesize

      128B

      MD5

      1d2a9e7ce1db4cc19f9f7eefe4cb7272

      SHA1

      ce6cd12935c65a88371be7c9cd938e219bf374a4

      SHA256

      342f5fe43461faadc0cedc6b23874d15cccadf00f32c67e9124e4b0e99636742

      SHA512

      471409864253212f4d40ca3d5c8aef8c1dd044f14f3d252e34956f1afea60ef6ba5a4d638970d5bb43de604d6699c296a0d49013ff8e2c338d6fca072af3f8fd

    • /storage/emulated/0/.am/log_.txt

      Filesize

      26KB

      MD5

      ee92c485adcffa22a97e11f98225badb

      SHA1

      b4b318afaba60c7488b6e11b7d71228b67b98256

      SHA256

      c307f2aeb45a124ff3cd28b1061d5e879348ccc5c565e87c1bbc7acb289ff8da

      SHA512

      5d0dd6cf11b8cf4d22bcd1d94e74e4129867d6c572721785e4123c6e64870b8fe2d02e665be30acf0ab332e7b878685f2e44667e785cba7ee0850a62e6eae530

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      63f52f15f4ba3cb571e096f141f43f4e

      SHA1

      92a86c10d4f2ab043493f6f39bfa2a51d8ca04b2

      SHA256

      4835d994723c2916309582e1f0a4dd6c4140dd27a93d7658b808ec79096347d9

      SHA512

      07c7fcc09bac5b225a72dc06c915e030508e89dd3f313643dd08ed2cd30f517de5fdd9a0c6b1bd042f0302a9f9a659d423f5d07fe51be9935637b071fdb9061e

    • /storage/emulated/0/.am/log_1730535814692.txt.zip

      Filesize

      220B

      MD5

      049adff6c11632803ecb57ed123b34b9

      SHA1

      70530918c075770c11a4d47b68907b8153d46445

      SHA256

      bba27efb3e103003099a4c86d6f94697be46862cbc229eca3d2d191ed8260561

      SHA512

      3a13d9dd9de716731c764359fe82fe3cbf331b5281ef379b590309489eccb4bc6f9329918c84bfa1b48918f7e22dcd10123bfe6c4c4b50b9ac5f06b4fd47ec44

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      66B

      MD5

      e7df819943fe4bc4d546430c0566f5bf

      SHA1

      ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

      SHA256

      81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

      SHA512

      5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c

    • Anonymous-DexFile@0xc8856000-0xc8ae7638

      Filesize

      2.6MB

      MD5

      14d119c585aa69bc93fd850ea385e139

      SHA1

      3ffe4d25d73df06b1124750ec768c8c5895dfa55

      SHA256

      264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

      SHA512

      82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

    • Anonymous-DexFile@0xc8d6b000-0xc8e964b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87