Malware Analysis Report

2025-04-03 14:11

Sample ID 241105-bd2pdasajp
Target Apktool_M_v2.4.0-2411022024110201.apk
SHA256 e84bdab8c76e3da5a546987785360e75d5311ad417c7c025103e5e26b89583a3
Tags
banker discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e84bdab8c76e3da5a546987785360e75d5311ad417c7c025103e5e26b89583a3

Threat Level: Shows suspicious behavior

The file Apktool_M_v2.4.0-2411022024110201.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery persistence collection credential_access impact

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 01:02

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 01:02

Reported

2024-11-05 01:05

Platform

android-x86-arm-20240624-en

Max time kernel

19s

Max time network

132s

Command Line

ru.maximoff.apktool

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.maximoff.apktool

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.179.234:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/ru.maximoff.apktool/files/.checkpoint_2

MD5 e8b137cc0bdbbc44f0434e96f2879fb9
SHA1 7d4ab7a3f8ef410e24fc68c6ddb16118f5f769a9
SHA256 76779b9e71ae118bb36e125f3306eeda575534e200099f39ac0a49fde7ea4d02
SHA512 807e97448cf3d1283945609fb2848b4bd9918fdfa17f970832e24a1176725e4e71317f51aabd1263bb632c289b857cec43ef098ffa9c4677a9b48a248c41b8be

/data/data/ru.maximoff.apktool/files/key/editorkey.pk8

MD5 8f7a3982014e43efe388abcb73bd93a3
SHA1 841bb2403bf0886f2d4fcb809cb422bce423fbf4
SHA256 4521b30fb44c2d3e92e535b4605571dbcfbfcdfd060c0a3f5295e2dd9ebf92ea
SHA512 d5712925c2f84a8f2ed4bf68f909aa525aef6b4d4b5331648f5b0a64b3c87bf9f13881438cac6a19c83e22c93e932a9d037785cbaf1661bb24568b3b3c484ca7

/data/data/ru.maximoff.apktool/files/key/editorkey.x509.pem

MD5 f191b8a3bae223b3a3e6c44b0b96de54
SHA1 18a4f25530ac5ddab7792e5ecf5be61b153324fa
SHA256 ac2ac90b3b2bb81277c88b505341b02a4eaa3908473078e2d5a90bebed397959
SHA512 ae1748641283b7135b6ce26ea858f9876a154cdfff650b6bc3a1669c2becb7b7a2b1ca30b3e941b062bdd2b0dd8b7e2e38142be10bc2146505aad950f6682658

/data/data/ru.maximoff.apktool/files/key/media.pk8

MD5 9b5afd50951b69e9e5fda0606c5be14d
SHA1 f824f74f62e12e1e0cbb48aa9c225319617f162f
SHA256 ab578e1fcc9297cc33202dd1806bd33575c405a5daba34d096da7d7fe30752fc
SHA512 84a4ac743f5f3d57a58fa8c4b5896a6261f9eb1377149e40ed58033632acce9643da8b38a3a029cdc3094313ad7b3058e0f6733461b0c3b8debc59ac7dc3fdea

/data/data/ru.maximoff.apktool/files/key/media.x509.pem

MD5 645821195e628756b08c49617ccde2fd
SHA1 54a40c69c1ab0ffd409b3f4bdbe3531ce449d822
SHA256 84c279d163d2ff27b63d1b63bb648bc413216f4a97bf716023d1fe480020dddc
SHA512 dc381cefe5026788177b422f573a24e92bc3dee7bb376cf38519fcc41a9f162f47120d1548a34de20d600810f4f37a062bd9cb725e68fca68c46f8d07202f7f5

/data/data/ru.maximoff.apktool/files/key/platform.pk8

MD5 6d1611ff6c2201b5edb8c4906b8adcfa
SHA1 9280e7212bbe3c96c005bff495048eb974d73162
SHA256 1ad8ef556870edb70f69a9d3c112544c07de5162ba440d84d33f8bb0c5962875
SHA512 8ed1f5362882bbcd283fe3f44644b4b95ddba08e82026b9415bde1aa679e0f1dacb4b2008d832e7cad05d3fb09567f0111aed11f2de81bde7b6d09c7f8ba8832

/data/data/ru.maximoff.apktool/files/key/platform.x509.pem

MD5 23e9a8b69d126350ba96a04fe1946cee
SHA1 654f597c30d646d96074596fbfc4bb8112737809
SHA256 9837de028f460c35cc8d3fa45f14eecce30f6fbfe4b93d399aef1acb80c20d14
SHA512 ea1e3f3b69ca998baef5abb8095d9869815d7f9e6f9a25aeb68bd82e621d3810e1812edf2c0e0dae0acbaa715f5b8833894fbb67d5312a74652f23b80b8fda56

/data/data/ru.maximoff.apktool/files/key/shared.pk8

MD5 d7d0766193ebb94e0001454b62b33ebe
SHA1 d60ea27a1ec7b1dff2a8147ba0628edcd9e00e86
SHA256 561dae618ceeb3b97fe92d71c7af8c30b05bfcda661dbb29dcb3883a772c4685
SHA512 80c7760a36bd5b73f08b2a3452447bfc0367ae32e28ff83e3ac00a9dc7ea1f5f397aa0cd7a59f1e427661563125af87f5264a741c69efabc6067cbc2e6a26abe

/data/data/ru.maximoff.apktool/files/key/shared.x509.pem

MD5 f9c35ce11686090540155f5c5b6ef0e1
SHA1 dfc4257695d534c19c54d96c25f656f94cc8487f
SHA256 d72c27d4375f37c2bc0631a873eb115e030781753846aa2073e0c20e49c45832
SHA512 cf3c524248ee6c5c45581d94e63181bc23aa5590525404207bad976c035c06aee963907e909fd89d7f8befde4c973a978b33e9a00a12928dd49312231e3e6e86

/data/data/ru.maximoff.apktool/files/key/testkey.pk8

MD5 1823e4bcadb53e275a8ff8e1b261b7ad
SHA1 92de052cb804dea75f9815a66d7d3f6f911cdb63
SHA256 495675d32e89a149d5abe191f4e9c0e218b9068714e9b53a7c91e164a0741a23
SHA512 b0d46eee477ae57c4dcb417f4f5b7b51691620c51603ed9097bc0d1e39ce94a2d7ade29d1ab80819e3639fd404034dd025c13c824d9cb21ae71ae366a2ce21b1

/data/data/ru.maximoff.apktool/files/key/testkey.x509.pem

MD5 4033dafc873dc7271e205b83cc9b4b17
SHA1 ef543a467d830d9975ccf0d569a7841c8b5df988
SHA256 a4384ba815b9499a5ce349b4e33c1755278873fe2eac150a068823f526e6dbde
SHA512 6051af324ad8b3837086092f213904b26d63cbd9bcde46a75bce6dde69669ae418c265ebc91c1fe163ea1199959f4b594d982d4e38c201895a948f9490357ec3

/data/data/ru.maximoff.apktool/files/bin/aapt

MD5 837f6b38bd97edd99968bb2625de8d0d
SHA1 a811154bcb8be72fb7ea9f6b414baa38451a7aa4
SHA256 3f84c1570fb34b2c47f642a5f03c57fd1ac67a4c00412440c05842ad227d0fb4
SHA512 38212f2bfa6040804380958da137e7a0d90b1c1bd5eb8ea147f4b02b03e8d062fa0e70b1d4a58ab5cd20e883f117c8aaa9ace780e7fd9bc13abae8c2e8bbb3b2

/data/data/ru.maximoff.apktool/files/bin/aapt2

MD5 2d089bce50f634b659fe40d830a42030
SHA1 382e3f3e997e06f9ffa49e8326eb779757027a32
SHA256 c74e664d98a666ffc9fb253cd589b4232e630d2482207afe79944d2fd2cf3d35
SHA512 6f606bbc6bbb6901d60ec5ffc5f74ce1a9e9736e8053e74ae3ddfca56a6ae01257f339edf555a395e8f87c1ecbea34ac2cb33afb80db80f80d9a5a4624aae2ce

/data/data/ru.maximoff.apktool/files/framework/main/1.apk

MD5 b720a067c405a9e0077da4fe675f20d3
SHA1 ea827d6d72c002617185af8631f1596713ac5875
SHA256 c8bb115cd1e721b2b15f7daf4730e5ee47a27070fdb0f6a3f7f0c342737d447c
SHA512 4444f3102afc0e457e363bf1be1e4fbb853337c7bed7af3ce2e9c7073ef00ffd38cc81b4cebd4529e3d18fbb916959e4995b2c8e102c234a12b8f2bf25c084c9

/data/data/ru.maximoff.apktool/files/theme/new.json

MD5 14c0f3758b7f12bab928c3788c537854
SHA1 8c9778281e9f1c8b6e42c1a3c040ad1c9f7fca79
SHA256 1b8fcb498991d184a2977d7a8bac85aba160dd7044b04d8586ad0b60f5467819
SHA512 71b6ebc5e82ce4079e3c19841c2436d99a802eeb265f07e96d8362223ffba9c8f66b7f8d0ebf5147d5b6a27f47c9f44967358a1c2af30930be87f2665258860e

/data/data/ru.maximoff.apktool/cache/data_app

MD5 9d435e46a7e51e4e756ad0ee2ebfa856
SHA1 8a309af14060339355af8a34606f9ca56d0c8fdb
SHA256 16480e5aa4f7d4b1bc0e9db31eeaa8d0b82af459fb77370d443683f6efd1d062
SHA512 3748285f4ab142f465855e7f825042c3cb6784bb17f8424d27b13c14d2c3de775fcec6db90824c77ec870aa2983d1184448081f4d65b8e8d7580f68e2e8290f7

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 01:02

Reported

2024-11-05 01:05

Platform

android-x64-arm64-20240624-en

Max time kernel

21s

Max time network

134s

Command Line

ru.maximoff.apktool

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.maximoff.apktool

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/user/0/ru.maximoff.apktool/files/.checkpoint_2

MD5 e8b137cc0bdbbc44f0434e96f2879fb9
SHA1 7d4ab7a3f8ef410e24fc68c6ddb16118f5f769a9
SHA256 76779b9e71ae118bb36e125f3306eeda575534e200099f39ac0a49fde7ea4d02
SHA512 807e97448cf3d1283945609fb2848b4bd9918fdfa17f970832e24a1176725e4e71317f51aabd1263bb632c289b857cec43ef098ffa9c4677a9b48a248c41b8be

/data/user/0/ru.maximoff.apktool/files/key/editorkey.pk8

MD5 8f7a3982014e43efe388abcb73bd93a3
SHA1 841bb2403bf0886f2d4fcb809cb422bce423fbf4
SHA256 4521b30fb44c2d3e92e535b4605571dbcfbfcdfd060c0a3f5295e2dd9ebf92ea
SHA512 d5712925c2f84a8f2ed4bf68f909aa525aef6b4d4b5331648f5b0a64b3c87bf9f13881438cac6a19c83e22c93e932a9d037785cbaf1661bb24568b3b3c484ca7

/data/user/0/ru.maximoff.apktool/files/key/editorkey.x509.pem

MD5 f191b8a3bae223b3a3e6c44b0b96de54
SHA1 18a4f25530ac5ddab7792e5ecf5be61b153324fa
SHA256 ac2ac90b3b2bb81277c88b505341b02a4eaa3908473078e2d5a90bebed397959
SHA512 ae1748641283b7135b6ce26ea858f9876a154cdfff650b6bc3a1669c2becb7b7a2b1ca30b3e941b062bdd2b0dd8b7e2e38142be10bc2146505aad950f6682658

/data/user/0/ru.maximoff.apktool/files/key/media.pk8

MD5 9b5afd50951b69e9e5fda0606c5be14d
SHA1 f824f74f62e12e1e0cbb48aa9c225319617f162f
SHA256 ab578e1fcc9297cc33202dd1806bd33575c405a5daba34d096da7d7fe30752fc
SHA512 84a4ac743f5f3d57a58fa8c4b5896a6261f9eb1377149e40ed58033632acce9643da8b38a3a029cdc3094313ad7b3058e0f6733461b0c3b8debc59ac7dc3fdea

/data/user/0/ru.maximoff.apktool/files/key/media.x509.pem

MD5 645821195e628756b08c49617ccde2fd
SHA1 54a40c69c1ab0ffd409b3f4bdbe3531ce449d822
SHA256 84c279d163d2ff27b63d1b63bb648bc413216f4a97bf716023d1fe480020dddc
SHA512 dc381cefe5026788177b422f573a24e92bc3dee7bb376cf38519fcc41a9f162f47120d1548a34de20d600810f4f37a062bd9cb725e68fca68c46f8d07202f7f5

/data/user/0/ru.maximoff.apktool/files/key/platform.pk8

MD5 6d1611ff6c2201b5edb8c4906b8adcfa
SHA1 9280e7212bbe3c96c005bff495048eb974d73162
SHA256 1ad8ef556870edb70f69a9d3c112544c07de5162ba440d84d33f8bb0c5962875
SHA512 8ed1f5362882bbcd283fe3f44644b4b95ddba08e82026b9415bde1aa679e0f1dacb4b2008d832e7cad05d3fb09567f0111aed11f2de81bde7b6d09c7f8ba8832

/data/user/0/ru.maximoff.apktool/files/key/platform.x509.pem

MD5 23e9a8b69d126350ba96a04fe1946cee
SHA1 654f597c30d646d96074596fbfc4bb8112737809
SHA256 9837de028f460c35cc8d3fa45f14eecce30f6fbfe4b93d399aef1acb80c20d14
SHA512 ea1e3f3b69ca998baef5abb8095d9869815d7f9e6f9a25aeb68bd82e621d3810e1812edf2c0e0dae0acbaa715f5b8833894fbb67d5312a74652f23b80b8fda56

/data/user/0/ru.maximoff.apktool/files/key/shared.pk8

MD5 d7d0766193ebb94e0001454b62b33ebe
SHA1 d60ea27a1ec7b1dff2a8147ba0628edcd9e00e86
SHA256 561dae618ceeb3b97fe92d71c7af8c30b05bfcda661dbb29dcb3883a772c4685
SHA512 80c7760a36bd5b73f08b2a3452447bfc0367ae32e28ff83e3ac00a9dc7ea1f5f397aa0cd7a59f1e427661563125af87f5264a741c69efabc6067cbc2e6a26abe

/data/user/0/ru.maximoff.apktool/files/key/shared.x509.pem

MD5 f9c35ce11686090540155f5c5b6ef0e1
SHA1 dfc4257695d534c19c54d96c25f656f94cc8487f
SHA256 d72c27d4375f37c2bc0631a873eb115e030781753846aa2073e0c20e49c45832
SHA512 cf3c524248ee6c5c45581d94e63181bc23aa5590525404207bad976c035c06aee963907e909fd89d7f8befde4c973a978b33e9a00a12928dd49312231e3e6e86

/data/user/0/ru.maximoff.apktool/files/key/testkey.pk8

MD5 1823e4bcadb53e275a8ff8e1b261b7ad
SHA1 92de052cb804dea75f9815a66d7d3f6f911cdb63
SHA256 495675d32e89a149d5abe191f4e9c0e218b9068714e9b53a7c91e164a0741a23
SHA512 b0d46eee477ae57c4dcb417f4f5b7b51691620c51603ed9097bc0d1e39ce94a2d7ade29d1ab80819e3639fd404034dd025c13c824d9cb21ae71ae366a2ce21b1

/data/user/0/ru.maximoff.apktool/files/key/testkey.x509.pem

MD5 4033dafc873dc7271e205b83cc9b4b17
SHA1 ef543a467d830d9975ccf0d569a7841c8b5df988
SHA256 a4384ba815b9499a5ce349b4e33c1755278873fe2eac150a068823f526e6dbde
SHA512 6051af324ad8b3837086092f213904b26d63cbd9bcde46a75bce6dde69669ae418c265ebc91c1fe163ea1199959f4b594d982d4e38c201895a948f9490357ec3

/data/user/0/ru.maximoff.apktool/files/bin/aapt

MD5 837f6b38bd97edd99968bb2625de8d0d
SHA1 a811154bcb8be72fb7ea9f6b414baa38451a7aa4
SHA256 3f84c1570fb34b2c47f642a5f03c57fd1ac67a4c00412440c05842ad227d0fb4
SHA512 38212f2bfa6040804380958da137e7a0d90b1c1bd5eb8ea147f4b02b03e8d062fa0e70b1d4a58ab5cd20e883f117c8aaa9ace780e7fd9bc13abae8c2e8bbb3b2

/data/user/0/ru.maximoff.apktool/files/bin/aapt2

MD5 2d089bce50f634b659fe40d830a42030
SHA1 382e3f3e997e06f9ffa49e8326eb779757027a32
SHA256 c74e664d98a666ffc9fb253cd589b4232e630d2482207afe79944d2fd2cf3d35
SHA512 6f606bbc6bbb6901d60ec5ffc5f74ce1a9e9736e8053e74ae3ddfca56a6ae01257f339edf555a395e8f87c1ecbea34ac2cb33afb80db80f80d9a5a4624aae2ce

/data/user/0/ru.maximoff.apktool/files/framework/main/1.apk

MD5 b720a067c405a9e0077da4fe675f20d3
SHA1 ea827d6d72c002617185af8631f1596713ac5875
SHA256 c8bb115cd1e721b2b15f7daf4730e5ee47a27070fdb0f6a3f7f0c342737d447c
SHA512 4444f3102afc0e457e363bf1be1e4fbb853337c7bed7af3ce2e9c7073ef00ffd38cc81b4cebd4529e3d18fbb916959e4995b2c8e102c234a12b8f2bf25c084c9

/data/user/0/ru.maximoff.apktool/files/theme/new.json

MD5 14c0f3758b7f12bab928c3788c537854
SHA1 8c9778281e9f1c8b6e42c1a3c040ad1c9f7fca79
SHA256 1b8fcb498991d184a2977d7a8bac85aba160dd7044b04d8586ad0b60f5467819
SHA512 71b6ebc5e82ce4079e3c19841c2436d99a802eeb265f07e96d8362223ffba9c8f66b7f8d0ebf5147d5b6a27f47c9f44967358a1c2af30930be87f2665258860e

/data/user/0/ru.maximoff.apktool/cache/data_app

MD5 e5a360ab4655f92f36dcd8474bdb5756
SHA1 ee9111d7fdead27edcb9a959df75e2cfdbdb0016
SHA256 517aec6b03c116a1dd42eb3ce5b3e3151d5cec2abdc0ea184659932048dcb997
SHA512 fa06a449e8671bb2e9a05a987883e169c86ad27685cfa6be8ca913a3e521e11bef5c9aecf0a17c9a7c82962325e081e63aa840bea6daa1010337171b559b46f7