Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    02-11-2024 08:23

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5071

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    124KB

    MD5

    9cf7e03179a00e0097bb8292c310a7f8

    SHA1

    8046f1a0d32003f672b2da8ba6c7eb8f54ffcd17

    SHA256

    b428664066ed6496119d7ef35afee74fe8f5eb834939f9cacbf55804aa592438

    SHA512

    1d046cd7d5a96b0b4f0c5d218f97ebc850ea4a3385658ea4a9d36dc05363659d1dc53660f94d4d7d87794cfd60b94593f304e9011421d35f3f17296d28c28cb6

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    7e62b672367cbd83b9962d4eef67843d

    SHA1

    40f376e2f15ad62d34112f6e1385b55862ec7734

    SHA256

    2e6a94ea0421d402eecb70d1690b1077b0c2e220bd7c8cb4f3320c28f53a07d2

    SHA512

    7c8dc966f8cbee64933a1312e2cce38ad6fdfd0d2ae92f5940e1bb90a8b48f34e5fe4219296ec39a184b57da019f0ae48311aada582ab44c71a16b4dba5cf024

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    05edc6351f0080b3c3b124d461b6713b

    SHA1

    54dea316db9d8fcbb2702f2ac0f68eea0c428e35

    SHA256

    91a92fa07bf8d4bac96c5f1caa20a2e5e99fcef20de4a4ba4e008cb9c4e3b16f

    SHA512

    1d2b686c6e4c440be56fcf67934ba67b13e3361394353df3f69e05df06d953da6ff4ef64bb41aed9c41d242b795454f2667df8faa56ec543771cc415a199a31c

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    9cd96a39ea4ca9c66b0f31f3d8c51d8b

    SHA1

    88e9ae8d8a6016ee871a2d91d574c19a6681aff7

    SHA256

    abf244598eb88cf24f15b3d912268c62375e1351ef885286df6bdfe2afbc45b5

    SHA512

    48aefa999e03b78fc55c45650999d1bbf866626335e4e8b0e713a4c7f707242134568afa1e25dfedc0a0dd94449a3e9f72df3561643a1a101833d5f9373a4160

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    b6d72175bb9c1c6710fc71ed69ae924f

    SHA1

    a321767e2391e29af6ade985a7621cec76de3212

    SHA256

    b68fe357ad81c367c1e30b9ce83cd18d87271edd07efd2284b849649739cf68d

    SHA512

    daa3671c4ca4390b122255c10b8e8a4b17d633ce9b34307594e1d4715e0de7d7a329815409f596737db09ebb07548bad27f703adf93207a138ea26cb25df2d90

  • /data/data/mbxaq.yntvh/databases/SettingsDB

    Filesize

    160KB

    MD5

    000d6cbdddb05b8dbf8bfded8975be43

    SHA1

    d0b13ac27cedb4b5ba63138fc7a9ba084325d056

    SHA256

    494c67809eaabd92cfeabeb8035d87ce6deb5f659708b570c9a51f26330609ae

    SHA512

    c6b1acebaabb1da7e4270e3772a117a93d37b292e749a317bbe59a077c5a19c90501390d9e7c22603c86b116d869760602e1913cfeae457eabf2d8345e5dc1b5

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    37869c805b4af933c5bb737dd2c76f43

    SHA1

    a048513b38113320f8a32bf67e752b0e99cee40f

    SHA256

    e0b46a070fec85e9ae5567cc27d7e62bee8391e866de40347f69fc924d5ecae3

    SHA512

    9cd2eaf19babbcc7cb446b5a8037b21665e7cd6d10876a9e4c9812bf85ee3f00be8c442e0c181652fb69bd2190bd49e770c92791d950d149b7ad5f2c14f9fe76

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    dfb0199d120af0bb98893348be360434

    SHA1

    afe15efb811e8adb01928ff30053d08d637104ff

    SHA256

    199ffd1df82a9f7402c0aaa431d1bf8a025366acf3ca3cd354f5fd4584846815

    SHA512

    06727bcdbd2bd8bc5ee1a15b785e55818e6317c87033615734cf910bb11b96b887223213be83f070f8ac48b4eb93edc69ea11917ca3864b3fb575183b90ecae3

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    61744f027f997849a061e72e878079c4

    SHA1

    8fa4a7e7e9c33f680b89d829ef2912b298612267

    SHA256

    db26d27d7332cc3e12018484d00e0b24f4766c3d65d01e1fbc8b87b513697a01

    SHA512

    5d46091e707a1b1b5fb8fdb1c838d955e0168dd355225a4322f2607e05af7e3215558397d82cd7d383a0898299af4d16027c57c8d448a7440d356e929d902a01

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    b051daa103f2021d0d1502a7e6f1a053

    SHA1

    a285d5bd555a51cea78f69ea4793cb1556142e71

    SHA256

    64f7121be462c40ec6e5c25689f5faafd496af079dab3e1a80bf9a0b22bfb70b

    SHA512

    47a8106da5855a393be9345da66ec5656834947bd7b8dc8468e4eaf0e821657128d80a6eefb5832ade8e37e0d3ae7000814b1e8da648ef2afd124186dc018f97

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    cba068cb39cfbfb913c460f5f50cd1f4

    SHA1

    ab7ff1ada5f84874f56f62129d34c2acc96c36d0

    SHA256

    440991ae82ece8f15bc543afbe4ab920e44598cad8ce3134db4bc8c0b9f4031e

    SHA512

    ade4dd4dbb9af87c3a13fcaa10f4a9d4e17b6478e668fb4b86cb7520049f8cc23ff9a6c9119b886249f1dedb75a2c3705962aad511bf79cf9be3a91bd1902edc

  • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    20KB

    MD5

    1490c4aa6199935e80395dbf9398a887

    SHA1

    b7e030319b4de6d28474574cca8f555ee56d8fdc

    SHA256

    6f33892bce04d204d6d2bfabef81171eaf1604256130300cc7ebb67cb4ba6e71

    SHA512

    98c89690365494684797e1436e6e6013e333be71d12a8c9160a2a1eab4a131814fd2670e941fb9aa87407c0a9bfade2f8bbf5b1398bb004ab69050cbbfdb0cd0

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    2.6MB

    MD5

    14d119c585aa69bc93fd850ea385e139

    SHA1

    3ffe4d25d73df06b1124750ec768c8c5895dfa55

    SHA256

    264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

    SHA512

    82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    4e82cf256563b75bdc46b358b34d9c5e

    SHA1

    f648e881385bf8eb5898001191c338df3f0c6719

    SHA256

    2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

    SHA512

    3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    172B

    MD5

    79d0e936750b53f5c7f6a2ba3b3798c6

    SHA1

    2310912bfd38d218d203006ffde195380d951f60

    SHA256

    e3651e93194f37a1d57e747217254c21e35f8b3b71f9d7a03a3903492a45ede8

    SHA512

    4e86291d1abf18070aadef9e6c3e751a533b51fdd8729ede0d5a63146c0ca549e4043b58177a85c5e9143c379e3628b3f3303949d4e538531a7788b0ba1502b1

  • /storage/emulated/0/.am/log.txt

    Filesize

    151B

    MD5

    b3ae4aa9bbb4becfd78f692f38934ec3

    SHA1

    b80a4729a306291870a44e68dcef616fc6f4ef4b

    SHA256

    dd44f9f598824e5a8c1059e62adfab5119f654ad6bd045fd4732a8f217af6b94

    SHA512

    5143414357447cb4a67eaf0b51e62ca07faffcf2fcd7f8c2ffe30b932fb9568335ba93887661dd5c48283f83effbb6a42c453248fc4611a8d54778a07b8444ae

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    28a48347c571d2bd255773afdd7799c3

    SHA1

    af68cbd272945766e5fc001e755af2b6d7fe13f2

    SHA256

    1c99c4b15539e0f3eb083bb8ccc8fba96a724dc7bff581e151801d2805561a13

    SHA512

    96cb0202c27364df4d9afc77da1873c5e24a11632d191400ae792245300dd80a917fae56c2e025e649d036be3b7243602a0d6a7075971b39e825f90e4ffb8aa5

  • /storage/emulated/0/.am/log.txt

    Filesize

    63B

    MD5

    6d7d2fb8189991421c4eaeec76b30cdd

    SHA1

    e46a2af7f2be6444ebe69d79cf55c229410c247a

    SHA256

    44d9451e6b65d545f882ab8bb4d44c7a3045bc0042a71ee3e03529352c1d335c

    SHA512

    04eded19dfdde847bcf6a0db60913abf3e42354a348dfd44776bbdb3e3c28228b8b18c695cb060dc711da8444f2c08b076f1173185c1293fc5599a7d87671339

  • /storage/emulated/0/.am/log.txt

    Filesize

    71B

    MD5

    20b296decf7d1db1bdfcf02f6b08cea4

    SHA1

    0dbb89e5f61729c79c6193d002f70a2c54158940

    SHA256

    484d37734002529f678624e49852db9696a9dd40b891ead80ffb47d330b865ca

    SHA512

    d07a8f0f92db404774e9708197b0cd9383a0e1544b3e1c75f9f5e9b4b83e57448ab3f4b87f01be91a4f0672fa9ae266c0991cc355541f62d00ff5aacf184d392

  • /storage/emulated/0/.am/log.txt

    Filesize

    153B

    MD5

    909691603849412f2ddd37acd36f60d5

    SHA1

    27375f5108f06dfe28b17b5cc0b7f8faaea29d7e

    SHA256

    5c3f8ae1e42edac6745d7975874ab779671170add76dea05b113de15939eb5d6

    SHA512

    51a535b232b60a1c02aaeeacf1555fccd5834d42f1ff1210c0eeb85c3645a38c66a6048f25ce2dd0920a71f58503804d43fea1546ee162ba256d9be274bf8c9e

  • /storage/emulated/0/.am/log.txt

    Filesize

    127B

    MD5

    c81814e00d24bd6587932baa33c1298f

    SHA1

    38970af0bbd82e5656236fc2dd3fb70375537391

    SHA256

    09383d9cf568cfae681ce2b31e43616a81befcd96e28b7fdaf763fbf88b92251

    SHA512

    8437b2a9dbd39301b5fa4d09679f8e80bdaa24a201f0952b5c46ed6f867e6c5faa08b7a33ba5c7edb7b2a7eef14cae18282272e9495914c5c424b10f4e4dc8e4

  • /storage/emulated/0/.am/log_.txt

    Filesize

    26KB

    MD5

    29bb289021ba892d028e00b4897814b3

    SHA1

    35b49e09fe8b40e9c6516434a008558ab1e89f5c

    SHA256

    10035d11e8fa74a2b0a45e5a6452be4fdcd1af6bdd438e9e111f3345ea2c4078

    SHA512

    c13ed8877724f56bf9948ba431b8fd1949e990c883f8058db65f9d819bcf2c86f8dbba381a6df642529a1ab4f569d43917bc2f435f512c86ed398c7dd98757a6

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    1a7e2efe216f921086679bf1be9177a4

    SHA1

    45576657ca5d6f20a74074c5c4c2469e311c1dc2

    SHA256

    73038e20ae7f04e3bc288fe37d3ae30945af7b7ccbbb6791ea6231c11d624cdc

    SHA512

    6f8d7520941ea7c956109000aca9246555949642e158c24af10265c54e73d5d2f70cb9a383565829831308a4bd92db786da2129d4ead6c7bbf9260a6d83d0ad7

  • /storage/emulated/0/.am/log_1730535814094.txt.zip

    Filesize

    219B

    MD5

    b1a428d4dd1c3fb298d5a5f826df6ebc

    SHA1

    24c4dc5a318d5e1567e29e3aaa9bff629b74fc59

    SHA256

    48c2b301bf2dfcd944842f1a1866ec532d90444cad6a42c4f89261c796f92536

    SHA512

    70d68f7f40f7ee9f959c144c4f5fb67e2805ddc3894671a5c03766cf1cabd8389e0f1f26ec3a66f8cfd20051da2103c87654bf48aed7d465988bba5b26bd1ff8

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    66B

    MD5

    e7df819943fe4bc4d546430c0566f5bf

    SHA1

    ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

    SHA256

    81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

    SHA512

    5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c