Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-11-2024 12:30

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4246
    • su
      2⤵
        PID:4285

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      124KB

      MD5

      4c0ccabb25100a908b9db06434a6af8b

      SHA1

      555d9ecfa42e17aec483e1c05be0fc1362db9e66

      SHA256

      79aee6f8af24ae6adc8537de3a061bde3778d3d9634265b85b3e8727d4116304

      SHA512

      b9a4a1227fa927f0ef987a720c5bf16af71f3fba8c1a40d5387ad0d4ba193a1b7b23634b0850af7c25b55c8b2e984e7c84ab8fb3e55c83b3bc2ff859f4dcc5bb

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      a1c65af7c71285cdb5e424eed3c56893

      SHA1

      a133ed31eb368a0462a9d38631223613e3767510

      SHA256

      d175d9c890eab7b4ebd7d58db882c2f3351dae7b550fdaa681c6c8d821bb4b83

      SHA512

      9c97daadd364de4d9102dc8af38bf1a2bf25c13349bc067ab5f992eb2ffc43aa52c4d59a6293b41537f2bada4f3055960107f47c663c402cdbfe0934ac230af8

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      d34a4be660eb05c747d899be6a4cbd26

      SHA1

      176910a3a0afbe94a8aba1dcf27452f834839648

      SHA256

      d929f6fcaafa44d3a70dde66b5cefa65c0994d926d430023ddf47c6801cdb147

      SHA512

      85b2671b6194f47365014c688e2c491b2ba9715a9a7e442ef7035a1b9eba4d9b15f5dbc15ea36f3197ef3e976ea670065c0b0ac8c07dd9c559ae43b0fa7841b3

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      52KB

      MD5

      b6815b344f6926d458cea05acd052cdd

      SHA1

      88f524aff1d4c5fee979a203dd952427871a7097

      SHA256

      028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

      SHA512

      0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      96KB

      MD5

      33d8a6ab6565a5c0b5f1437f19733074

      SHA1

      d8c0670669ad237283dbdc06984f5738bd9ba212

      SHA256

      d2bd32dbb497fb9d115a918ddcbc119f726328ebf2af4e8efc029749d1ab5463

      SHA512

      ca5d5277698e45529414fd24ceb26f682f895070900afa4910c63d17dcd5c7e2a39c06f39e8e98f32368c922296b804eebfc3565867fcf5a25f43dbcf04ad47f

    • /data/data/mbxaq.yntvh/databases/SettingsDB

      Filesize

      144KB

      MD5

      9e1fcdbc2f52c2fdd77a47c8783a64ce

      SHA1

      ca95aa1ea14d18e8f58a9a960ef2c2e3f413efea

      SHA256

      54488f71f7cdca65da26f30593b81f80fe6db2a911f24832daefa3e2cf4475b2

      SHA512

      892fd3c1eaa956d769039e79b1b504992f47db66631c4829744b3b282cb1d3699650a05f9603d85234d84af68ba56d0adcf7327bfae1490cb8bf115127f81c2d

    • /data/data/mbxaq.yntvh/databases/SettingsDB-journal

      Filesize

      512B

      MD5

      987ba6ce15d2bbc3dfd3585fb983be08

      SHA1

      11fc217b838ecc3fd2f8d074c96a88a696bde82a

      SHA256

      455b2986e4ff56169956bb272231c413808e785b505146b6b625be634f64cef6

      SHA512

      165d77aaf50802a809d67326261fa4de598dd3ecdc3e35265b9da9ca76229b0a5dcc64dcddedad5dbae1e2f8e7fedcfee0d84545ad19608136871fcae8613fd0

    • /data/data/mbxaq.yntvh/databases/SettingsDB-shm

      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      414KB

      MD5

      441fd12dd184d905967ae4b767dccabc

      SHA1

      58f639c578aab04833d1a36e62d88921c2e8bc1c

      SHA256

      4a91447212631a0bbc28e241ca139adcb6990c1d7b271ed6dc2e837bd28ba5a6

      SHA512

      0037f4248681b84a38b704c8aeedee176995701be5795a8d3d61cc50f75d29e3f269f08455ae62ea01016978830df20bd0cef2a53598c0d1b991b6ccc46fc0bc

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      a085722ab18ad85fd833cd5a901d2e63

      SHA1

      3f4913ee309f85d9366a5dbc7c3db5e04e8b7c99

      SHA256

      64f206044d58f0dd27128110c229beff6302dc8be4102441c95fd31077af9362

      SHA512

      1458bc8a68b940d273495fb5133a74bfe16c188e81f320b3035b9069ce993d231e5e4ca00be47b6d628fd8368bab4cef2974b1688c4da03294f38a0eb2b14406

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      3fde04c6f4be11878dffbdf56860f297

      SHA1

      1e1ae421c24cf5674957b9ceaff9139b96ef20a8

      SHA256

      8e41bb7a28800aa5804fe57acfa5545da62eb1a424c31ff63f3f95eaa68866d2

      SHA512

      a374184489fc186c6f5f8ae311968214e7d75c85be964938c7b708c508bb0d83168013645752b22d8ae63725aa02ec39047cfff72d549a5ae467ba2e5aafb355

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      4KB

      MD5

      688801fb61ddd3fc2d14996c77224b0b

      SHA1

      eedd88821c744d9a58491a0ae3aac43c43cb109b

      SHA256

      b6310cc4461498c16888367d3159aaa14c3f1398983df6a1a293e027ca72242a

      SHA512

      cebc3d6a22a8c106e2e0f2dd976711f27df846bf72a03661d31c712b16e609ce0822dfb925cf1753d4eb2fd494705187b4a9278fdd51aab1667da1bfa9845221

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      8KB

      MD5

      0bfb5ba092b6b038255ac48617c372de

      SHA1

      311c1818484e5f12e63f6d384d2f83c969698200

      SHA256

      7d2d70860f3cf9b67f8870ef87e91ad3314c1b06aa7591aebc72de6a4f018a4d

      SHA512

      b7a15886e82634255e2ae920fd970a4e156c1ba4366a1c00a6be9ce6c0e262fc30fbe8b2a4387dd8d09a20d474a505d7fec7aea2f9198261baf89e0cbdd378f0

    • /data/data/mbxaq.yntvh/databases/SettingsDB-wal

      Filesize

      418KB

      MD5

      52933c4b343195e54c04d0f53c89d893

      SHA1

      ea5f34c02608a38121ae4e00d2a7398b6f30ff79

      SHA256

      e0878324d6c2f4db9bb63d3b67d7fbc7f229d113199bfa2792da24ebf337548b

      SHA512

      6741b7316e5ef72c5d9c89d1d4e37982c2150d04e411181a493c90647bd7fa66363c9994b33081769186b9d1f6ed7362d9b0096415c8c80daeea27387e87fe69

    • /storage/emulated/0/.am/dm/md/main.md

      Filesize

      2.6MB

      MD5

      4e82cf256563b75bdc46b358b34d9c5e

      SHA1

      f648e881385bf8eb5898001191c338df3f0c6719

      SHA256

      2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

      SHA512

      3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

    • /storage/emulated/0/.am/dm/md/main_tools.md

      Filesize

      1.2MB

      MD5

      51112e0a7f7962a8e02bc885025414ef

      SHA1

      40622959af4fe349d8881c885b9b30441de8804c

      SHA256

      2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

      SHA512

      f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

    • /storage/emulated/0/.am/log.txt

      Filesize

      173B

      MD5

      d44fce60c9d0827244bfa5e2229dabbf

      SHA1

      97eedcefafaf0469a78fec0167a91187d4829327

      SHA256

      5380543ae7b3d01e3dc608cfae73ea1b0f5c00a8ca5406aa1a1fa68a4c67ce3d

      SHA512

      64856225f3b1ba439f41c755df71aa88d2bb9acae5dfc4f9a52218d78bc4f1818380e1b2ac371e3a41e56234880ae0e82ee623050b10db25b557495f6fec1a4b

    • /storage/emulated/0/.am/log.txt

      Filesize

      152B

      MD5

      a5b4a0d3b5f863e5851b23e3216cc525

      SHA1

      d54a79227902bbc2da7ac1ba6a7654f849804c0c

      SHA256

      092db782c0959967799f5194ec1d07f11cc7e0d0c6f07a7a70f4a84ec5a1ebc4

      SHA512

      af3dfbc9776d5c3bb308575994451f33001c89cc095afa856437a15cefb8da0174af834a97d50db2c2973d1a790c5e93026c02a560bf9179a74b6b0c3d29157a

    • /storage/emulated/0/.am/log.txt

      Filesize

      3KB

      MD5

      749a4191d40f2f9c9ac0627e0aa95c50

      SHA1

      2cd6aef4a58c51c6a4f9208dffbedf9203fd7262

      SHA256

      b055454894f6007e9be1e9b177fe5e178d4e54585e64e77944beb8fe843d0c6e

      SHA512

      8f86a6440d0f4b125a8783cea4cef0e838dada092b5d77f782b53fb9065592371c895d8717812228d8294909f00685ce54de7a06030f7f06f6860f52a7a9ff97

    • /storage/emulated/0/.am/log.txt

      Filesize

      64B

      MD5

      7825d749dbd10c1512e5a6ebaf8a6c1f

      SHA1

      16d46162386fc1ec9e3b79ee9b57c273f95dd828

      SHA256

      4174b58740e4c2cf595f11278ea951b1abb9e21e84c184943c562a68e0c65ba4

      SHA512

      7a0c3cf11f647d4834e9c7ba9095128e41ae07d55768d6205738323e1d984d5d11617dcfc274f850f72202424368dc273218425a8eca3f22d77cc4dcb0597987

    • /storage/emulated/0/.am/log.txt

      Filesize

      72B

      MD5

      94ffe3a3dfaca83410a0af0f540dec26

      SHA1

      56a904dd711eedbd5e9ce28fed09a61fc78e30a4

      SHA256

      e3197709ec0ae0cb7f11a70e3b9b1b78f182f4ec51cf17b6087f5e81f8ba1da1

      SHA512

      03299bc887cc1dc3af970d4f0f0fd37f5fff111cffa4e08e6be061ec7d92600de2dfb2a3beb854b00e1762bf13c2923fcb2c726dd7ff32062badfc9d452f016b

    • /storage/emulated/0/.am/log.txt

      Filesize

      151B

      MD5

      d22ed9a8dd4feff98bdf1ad51667d8cd

      SHA1

      18b6a22ceb2271a4f41700217c007145c58d103c

      SHA256

      2f2227a448c6d98762c42b8a46191bc86f4f0ab96570258e5f08892780a14464

      SHA512

      fbf9492c62ba47ccc620788025887698c6e562390fdb7866f8ab69de0eeb3646f6fe6835aaceb9471791a962525788ab2c9a56ba7ee68f82a790af859dd41513

    • /storage/emulated/0/.am/log.txt

      Filesize

      128B

      MD5

      8b03f589d87c5a80e39ea337e3dcb1ab

      SHA1

      c5dbc01befccc78167c383728c25f5bbbbfefe6d

      SHA256

      304353fb5665b90c333a018595d975dba49d4babea6f8afcc858a5c6014fe507

      SHA512

      4e34ac63f967c6309e21a502585372e3bcc9120eda3d84ac42554ea1d61d1489877f0cd2d9317c9db8d0168c57386e71b99edf5cc301cadca9c5977e11370607

    • /storage/emulated/0/.am/log_.txt

      Filesize

      26KB

      MD5

      62df518cd24fcf81e6ee7af2241c897d

      SHA1

      ca786502f69f2e6178e54e05b33851442dc72869

      SHA256

      256e45d955ca400537b75e9fb4a596d31cf223669774aee3b3b016349f7924bb

      SHA512

      36ea6fd5620c474177d4ddd66f3e94ec6f9f25f37ad55b09beb51ce9569496ea274d7568013118b96cfc06ea692e89a654100353ad3cd263a28ad16393091208

    • /storage/emulated/0/.am/log_.txt.zip

      Filesize

      6KB

      MD5

      ea1f2090acefbd891c47e961305338b5

      SHA1

      44ba88aee6bb4f2da7c413bfa2ab9bae12b41d83

      SHA256

      84b23be22b8d31db0c224be4b3840f235a6bc82df875a36b043369942689229f

      SHA512

      71117ad990d3b20b95571c0759b5400ad0482f0b0a4fb41a7a0f8ffeda893253cc98188e0409e437e9c2ef1c57100d2681133a3a20ab95b7d8966a0eb6387d7f

    • /storage/emulated/0/.am/log_1730550677310.txt.zip

      Filesize

      219B

      MD5

      b2fc176d52c43fd07d61cb25294b9145

      SHA1

      41c0ac4cae1d9710d5230ce22a76bd737843ccbf

      SHA256

      bdc646a0a1beb402deda1e0a66d36e2e28bcffccabd25558ba4d2207adc87693

      SHA512

      6e0c8f4187a86058c55460954b88f0a1a3c5138995376845e078051a8e110f8cd39b20b4808305380938a379b9076eb1367ac7072bae80c019ddb909bdfdfcd8

    • /storage/emulated/0/.am/prog_class.name

      Filesize

      66B

      MD5

      e7df819943fe4bc4d546430c0566f5bf

      SHA1

      ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

      SHA256

      81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

      SHA512

      5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c

    • Anonymous-DexFile@0xd25a4000-0xd2835638

      Filesize

      2.6MB

      MD5

      14d119c585aa69bc93fd850ea385e139

      SHA1

      3ffe4d25d73df06b1124750ec768c8c5895dfa55

      SHA256

      264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

      SHA512

      82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

    • Anonymous-DexFile@0xd288b000-0xd29b64b8

      Filesize

      1.2MB

      MD5

      336921950a9f279733cd787f1203d73d

      SHA1

      cefc36a7c17909054cf2a507b34f545af96c0e36

      SHA256

      c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

      SHA512

      6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87