Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02-11-2024 12:30

General

  • Target

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c.apk

  • Size

    20.5MB

  • MD5

    7fd2ef1fd5f1d60a5f058a60c39ed3a2

  • SHA1

    3e70240789a5eb05fd3b0abd11d54a0cd8d7b2a8

  • SHA256

    cb638b84f41c3bdb88e14a3f11f4dad99896562149c6e4963f40e8f4ab4f088c

  • SHA512

    965a4585643af6701fc813d583f59f3bddd5ca7ced42d2429a6751576a6e65cdcec03e701dffbcda1d75d54e7d8ae6e5827b3f6f8d338176cb9b3e1496a7c536

  • SSDEEP

    393216:R2h6it5sJA35z7A79L+TmN1mbgafiubcQZTbbT9i/zVN2I+TXRxMKpPbNiRSKcsY:R2Y6SJA35z7c5fbmbBffcqTBi/zVN2Iw

Malware Config

Signatures

Processes

  • mbxaq.yntvh
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests cell location
    • Schedules tasks to execute at a specified time
    PID:4617

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    1.2MB

    MD5

    336921950a9f279733cd787f1203d73d

    SHA1

    cefc36a7c17909054cf2a507b34f545af96c0e36

    SHA256

    c6f157d3401cf969f57b4d102e14fc097676f11cd4911a68a3e08cafaf2aa94c

    SHA512

    6fa4f733298e00a8495648b623c04a5a7912a6a5af26089749e9ad26f30e20ba8295dfb901084bbf7e6976acb65ac78d7ce7a0037b1a4044ec5ddecd29801f87

  • /data/user/0/mbxaq.yntvh/[email protected]

    Filesize

    2.6MB

    MD5

    14d119c585aa69bc93fd850ea385e139

    SHA1

    3ffe4d25d73df06b1124750ec768c8c5895dfa55

    SHA256

    264d3dbae3c9977067f877e6fbc381970059016818da052dc74567c4f2d03f7c

    SHA512

    82e653db6831a0ec86180fb61368cf8f68f50a326998ac3fc99e22070bf52692428502119fb40fab281b3b32ed35d44e454ebc481529d068032aa3f131d95699

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    124KB

    MD5

    f15335a640f24813c9b345c99da7e16d

    SHA1

    a0e7fdc85b3c1420bf342676be577f146f5dce49

    SHA256

    6baf6ee8c7c503ed9962ff49957fe3c0b707171d1913450d97c84856a6ae31b9

    SHA512

    5f51ec199de29b23e398d143c4f0faf58ba655a4f455ecafd5b6303c0ef428f3165f5db49daf4697f1dba3033da51113730ee5ad158a9ea9f8f6b9a10b044f19

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    0044ef45f8c0cb51a9dc504b0ac49172

    SHA1

    513f3bfcdcb8a778862e8340a8be98aad2f873cb

    SHA256

    75312e1c7d057bfc0408104c21b81603216999ed20173ef8bf341cfd102ebfba

    SHA512

    e34bbfd1ed08a9f990b2ecdd8d88fbb5b2d15318afbd15a87bb16935df48f44337ba35b70d600e98954f72203807141ba3f5e71226775523e79eec29f4bbc615

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    17d2f8793b89972c00ebbb3441abba37

    SHA1

    2b35595a998054f97f07f494a270ec7050d31ce1

    SHA256

    8cc192df9b74ab33b0cd5c94f6a46699b971af8c989e287847871404d0cebda0

    SHA512

    e68d5761bf22d86f2298099035b0c1cf906b1fc27d074ec69fc23d2282a5df4cebe3e6b2f1503f2e72cf2b0c70a7b5b3b0ed0f6dbcb312447d671783150a504f

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    3a8574b11e97f6de390673a94b3c99cc

    SHA1

    72b342429cb0c434a8947a03dae0495fa6491de9

    SHA256

    8e3e1ed56b42794f14fc0fbfd29ed079c6759c985c143eb3c754fa485640ff5f

    SHA512

    27e6c7d44b043d37909e9ac0401ff143d94469710bd8996de1e74392d5285de4f95d15fafa180e90e86d0f04a848792ab0fe6907539c509a96196798e7e0adca

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    96KB

    MD5

    4fc31931d9cf520ede5f8037583c4b28

    SHA1

    53c5700818e9a80b7d700767d35af504af9047ab

    SHA256

    07eb745554251cd07fc19e868d5484b83c9b497872c4157b9ecfad8dd55a9022

    SHA512

    4ca19d37d4c3c174f7ded14687dcfda142224fe8b6f12e5d346b66def1bd9e5dc0957aeccf0eef5e90efee6c872d8487e6ee20a328e221f7d6e42b8f911f4eab

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB

    Filesize

    172KB

    MD5

    6146baaae22c2f079766093fb5848f1b

    SHA1

    72ada124715f673aa69a8369c917477e8f5c3349

    SHA256

    6c7a9138b6766781a42d94c54130775ec7de1f1b957378e28a39ee600b2a99bf

    SHA512

    75de651d38f4ea546bae281e10e85ff272d724aa6a6b2edfe43c725c3afb81ac0a23e60666bf6f6346419eb08eccfbdad2b4cfe295d03a9067523f05ca1558e0

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    512B

    MD5

    7e00ebbdc5d2e68211de087155ff9365

    SHA1

    6814e532e7432be4e62d332889a2a8fcb8aa9df7

    SHA256

    9a7f074ad8b12a3f58e276e22fe0288f0dd16970a5b07daed43a685c966eba31

    SHA512

    1c6e19c6cbda727b47f6edb7b0f6a922d6063eca42b8433957b22d29a6228f61fee6e06a7348a7482226636a05e9896c83ff40d8e1b716d52b94e649ae163b08

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    526b3c5cc8d8a81e9ce9ed48bfe17491

    SHA1

    c45fb10b865a77cca5f1c5a596f86dc5cf937f13

    SHA256

    3ea2bf6d952eaeb211a2b948a0544db8b8d26f61dfe932ed6db82c08156b4824

    SHA512

    dd3e3a080b8578605dc0ed133fd630549bbdffd287bae6f9b5d02f1a49a81474d79e09776984b028ae59d55d6922f998c398ca4ee6d4a6d748642bd4f6164df5

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    4KB

    MD5

    70c35578c6c541afbd7178ff4ad74bdc

    SHA1

    33c8d94836b0ba0e13dd0dcb475e2eacd8bbb042

    SHA256

    55d845097a5dab0cf3ee6544928505fee3b97e7f67c5e1706375f3c54af818b4

    SHA512

    ef0c78324b9df8078e6f058e127708c3b51a4401a15cf04edd446bdf64e7404d2e6f6627ec689c052d21f215baac1b096fcf2f5a3a1cb38b95e483d5356539dd

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    8KB

    MD5

    2f3768104fc8c1d9f1e31ef408288dc0

    SHA1

    75b0a6080f37312b958065b9559d9a6d1ad20903

    SHA256

    0eb8b03c7e13ba7b0dbc03ddb1dad83aa7161d0677ed3434930baf09cd9071d4

    SHA512

    b7c39b9b33e4fb5796e0a7075f2f44501771192b59ba877ee7df0e2e8398423ea12b46a9e41ea0467df53e73d5a09622015882ed08d8e88523ce31e102857b1b

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    12KB

    MD5

    87f1da7d44e7854a0598064eca8ac040

    SHA1

    8d217c91722be3f52dda8bf23a7217f4e64e96e6

    SHA256

    e623c5b930672044e833605eef4ce270032672413ceca18836800571fc4b7326

    SHA512

    b0f86fa5c68bf50ae761952f32e9efe93b8589ea396b84ae697c514b7b0958192aa58e222e09d7000bd7ce1ed86fb74e9b11044f2e8a90f0979471399a17324e

  • /data/user/0/mbxaq.yntvh/databases/SettingsDB-journal

    Filesize

    24KB

    MD5

    c26129ddd997e1abf55dd4b963ac0b0d

    SHA1

    63eb6144b2b6386178ca4fff211d49a6cc6c9fa7

    SHA256

    52662d908b8cf0b67589f5bb5eabddf2c395dd5a9e3b0b7946a39cbe14e12c27

    SHA512

    2996e1bee02cce78659fc7698614d3c071615f0fcd88c1572ebff70358f4ad294824d41a93711cb13615968d36d3dc0597518ec2ba5f0a88c6cf88665ba512ac

  • /storage/emulated/0/.am/dm/md/main.md

    Filesize

    2.6MB

    MD5

    4e82cf256563b75bdc46b358b34d9c5e

    SHA1

    f648e881385bf8eb5898001191c338df3f0c6719

    SHA256

    2b65fbbe30242b1c4f99ebd3206a1f067455c75e065ca2a498779a1b39ddffc6

    SHA512

    3f5171707433cff82e55a867300d4017e0bfce89fa454b3fd4aaa0ab0afb4a9578f235d6538635520017b1fe45aa80f0c5dd55f0aed71fee5371782d2a664bc9

  • /storage/emulated/0/.am/dm/md/main_tools.md

    Filesize

    1.2MB

    MD5

    51112e0a7f7962a8e02bc885025414ef

    SHA1

    40622959af4fe349d8881c885b9b30441de8804c

    SHA256

    2b089f76930214706716aceba0bc6cefe6e132d14dd7d0a7c59eaa4f90f126f0

    SHA512

    f02971a0f493fb72539381c3d1503d8573e8bc67f147014f443df8c01e71bb28437f832c5702d25a8bef2c34c64fb1f46d0000523eed04ea7981186ada22e402

  • /storage/emulated/0/.am/log.txt

    Filesize

    173B

    MD5

    c96193ab176b6f4c6c34627e68e256f9

    SHA1

    a388329be89fed334032d217c3306694620d93e6

    SHA256

    27c6c085a2e88c22bf7c63a658340d0e682b9a7623a41dade908b26c41e68f11

    SHA512

    d826905cbcc7cce8665a6400618fab664ceef7cd58be8487cd876339c1b4eedef6a009b6a4289bf9174025de23c8d37591aa412296c88d7c324fe4a8c6cd3e38

  • /storage/emulated/0/.am/log.txt

    Filesize

    152B

    MD5

    d27c95f5f4e4353d97197088d788b6e0

    SHA1

    5728829d1b0565c51568dd2d131232936ec8351e

    SHA256

    239b00e1cdecbee549e3c535314c292231a04f8418d13a07d35a82af01ed8f4d

    SHA512

    ad7930d268d02810aa7f82bbe6c045da69d94f3dbb30d326910d5c659d362c02707ae299b4354624949c40161927de00d8ea0940bad98414356136f2d9948758

  • /storage/emulated/0/.am/log.txt

    Filesize

    4KB

    MD5

    1f9c19e3da72c22885d59df5329c1733

    SHA1

    2ae5269df9d43f1c49dc9b62f9196f6118273155

    SHA256

    2143ea78307549490c9823907957cb41e8278bca4db86c02e9f6b2725e8448f2

    SHA512

    8d6dbf12baa29a2d5e8c71b239b570acab2da765f7d0778a47ab8993c63da0d1ac60778896942e8e3d487d7ff842eac23a3cd9408b66e9e4707ef9102f2fac28

  • /storage/emulated/0/.am/log.txt

    Filesize

    64B

    MD5

    8b0d96039e37f1743157b3f4988a3988

    SHA1

    f48a2246e5607105e90aab040a3bb36a419a16dc

    SHA256

    30da29daa0da720ece1f17871165f598d05474885d5ea017dbcbb6712dbadc75

    SHA512

    a5c15ce9250a4d0a529250cfeb5d1a8f5548f42ab967eb468e04e84f53ffc37b70bf529a952821edcccadab281a5b8ff33b1d3d108a8e17a0f53e74b7cdff1ee

  • /storage/emulated/0/.am/log.txt

    Filesize

    72B

    MD5

    e0c5d69fa7751f6db7a4aa11e29ee7eb

    SHA1

    def4405211cc440c720d0b3d6f45981a4ed5118d

    SHA256

    6afad37f3cbd8048b3431ac43892499254d770ad5d79e1e4d2cb4e502c31f34c

    SHA512

    b51e1605c0e6a6297b8413f70d7c4ed8252795f7041afff99a5789f3ed7c73d4916282705a84f71ef00607ddc85bff869f23520faf5d02bfd9c05be667f47feb

  • /storage/emulated/0/.am/log.txt

    Filesize

    181B

    MD5

    d2e1fd3b71b5aa259fdfef46b0327359

    SHA1

    79c7bcfa62bcb1f3b02d6960dc7879a1029354c0

    SHA256

    f881eb94b0a72c6699437a5c011979130b65b50444d48fa1c30965d339e5590d

    SHA512

    3be4f0ffb0ba7a5d810bf6842923800bd66e134cc7f2666ed3e3eda86b30823b90ac6ff13d5fcd9cd424a74334c1705c2b8e071271d47d3780dfb27599828d35

  • /storage/emulated/0/.am/log.txt

    Filesize

    128B

    MD5

    fe7b24ff4abb6e930ff8d1800c5d53e3

    SHA1

    f91d41a66f0fff363bb4985959e7692a98ca4bbd

    SHA256

    503e82b6bb81229093e12892c71c30227f4c487a7bbba118ad9f35cd8a6a05fd

    SHA512

    56867089c258ab9d334d57cce53a5706f0d99baa03fb0d8f7fd41b012bbf2580fb18723887d9d4a47e483a7bd31b8338a42ff82fd12cbf73be98a77949c9d68a

  • /storage/emulated/0/.am/log_.txt

    Filesize

    25KB

    MD5

    6684ff6e47657b16092cd9f37a40022d

    SHA1

    d0e4ad5d8d196186866baef162276ddeb72f5f74

    SHA256

    c2c480c72343ed5f2c58509da5d15c5b5647e90981a2dfe6b5cdcb22f87c8662

    SHA512

    ac66d85e9503affb80880a4364c1ce8e0fe56dad4e068f67c44a038fb0e4e050cde8c82386093b2636fa1b9c296dda99f954ee4b7675315b5543b0ee470b5a2a

  • /storage/emulated/0/.am/log_.txt.zip

    Filesize

    6KB

    MD5

    5a7aff91601478050048af101a554061

    SHA1

    7e2ee62053fa5a19e1e58933fc093667ec201b09

    SHA256

    9b2fc3099e3e5a4eefd2a515f30a55128f7e0147863313cb2b9a75cae3d18555

    SHA512

    28bdca8dc2ef176a345499bb800651e9fb525d057b8daf4f5ec991dfad3804d30b743704d1901707e4de3e216f2c6a54944f4316df95c3448e2628a41e7eed5e

  • /storage/emulated/0/.am/log_1730550679022.txt.zip

    Filesize

    220B

    MD5

    ce38aa3a6bdfbe3c92991c8eb7679cda

    SHA1

    d35feff3dad2d3d6e70d05ec80bfb76ac74c6600

    SHA256

    9a6b6861f69373cfb8fc89ce0f5a801753fa714e042a739e67dc4d10e43fc597

    SHA512

    ea9d420f280a15d8c99e61462499812b8c6a45950e555c98450d21df2b93b3446ba9ea706da9a1729b90f82ab5f6f4a66ceba5f8624cdcfaa91d22c97660cb01

  • /storage/emulated/0/.am/prog_class.name

    Filesize

    66B

    MD5

    e7df819943fe4bc4d546430c0566f5bf

    SHA1

    ecb8cf618d4ba22a34cfaf542785f10bb6f260cb

    SHA256

    81c7b46a0cdc3ef14658e0dd57b54446119ebde9462bae1375deb6091ff8dc63

    SHA512

    5247c592ec6c4da81747db406dfaced508d020f0d744f3b22ee1741fb314296be71a27e8688dc195000f88d822c5a0371ef352669f626ae4b4559fd29229991c