Malware Analysis Report

2024-12-07 17:11

Sample ID 241112-194laasfkq
Target 980348db5dffdb2c830f130a2a3f6e36f14f459bb180e0592bdaab4176d890c2.bin
SHA256 980348db5dffdb2c830f130a2a3f6e36f14f459bb180e0592bdaab4176d890c2
Tags
banker discovery evasion persistence collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

980348db5dffdb2c830f130a2a3f6e36f14f459bb180e0592bdaab4176d890c2

Threat Level: Likely malicious

The file 980348db5dffdb2c830f130a2a3f6e36f14f459bb180e0592bdaab4176d890c2.bin was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion persistence collection credential_access impact

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 22:21

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 22:21

Reported

2024-11-12 22:24

Platform

android-x86-arm-20240624-en

Max time kernel

51s

Max time network

136s

Command Line

ru.bevfhmoo.dgrceprjq

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.bevfhmoo.dgrceprjq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 sites.google.com udp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 1.1.1.1:53 chelpus.com udp
US 172.67.182.114:80 chelpus.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.39:443 webview.unityads.unity3d.com tcp
US 1.1.1.1:53 publisher-config.unityads.unity3d.com udp
US 34.110.229.214:443 publisher-config.unityads.unity3d.com tcp

Files

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 793fc46ecc2877d1daf6a14a8ae52b5a
SHA1 4f2950ba4fb980e3fd84b7a2ab35436796639d0e
SHA256 1964921eea1c5d9548499e83ed3fa7becdf9e6bea6d384121249bcce56fff29b
SHA512 d306ae334f400bdb114a1769ca321b7658263ff18ad8191c24a9145c76e12638d915eceffd998520afc87e96200ba896560c370a5e3a4aaa909e0f8b795a99be

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB

MD5 3ed908ad281dde8959e46a57bd7c2f9b
SHA1 4a573e2a93e00d63a9b01b665467d3c1de409041
SHA256 7dc173da51f6150ed312a4603432db8194feda81bbf6a75bddf331021734f9fe
SHA512 28cea825ad4b7a0746e43a77e3f22c49eae7ecc40cf8e9a2ae00ee5102a0f9419b9a473034b86d1d52381b2636996959e720a5b84d61db21773269661d9653ef

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-wal

MD5 3ea7b4f7c54b450ee75cc29beb18d656
SHA1 272b0d800d30a540b743a152865d76ab7030ba7e
SHA256 93211a590785cd90807c5426ba68ca09169825cda6c79f3c6e668533de40b80b
SHA512 6f7f3558fe251ac7b4817cb11d899bf8ef0301103a56360dced368eae899a9f20c94484669d3c94e9ff8a262141d5df432f10cb95f9f56bb1842d942e04366da

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.bevfhmoo.dgrceprjq/files/pinapp.apk

MD5 ba57f9fe62bbcf10348091b7d08ce123
SHA1 0fba82354a775094f68fb49bd8530f97f6db97cf
SHA256 1df6c43a03bf45cb91c83eb81d123877eb4f663b0693daf4ba590df900a01160
SHA512 d030cb078a399eb104e5780426e14efeaeeaff93c4710186d1622b64a5ec547e20e318f72ac3c6adc3baa4680a955a3e43fa5964dd87a0684b21902672854e69

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/Changes/changelog.txt

MD5 61a55da92ec27d21434035f229201c34
SHA1 f0b036ad91a2f88a305efa12858661bd74e1774d
SHA256 cb34089d0e17b9e2d75b8940803dee678005332279c557d560293cddb8fef9d6
SHA512 ec1ad8696495025d0c1f598a03d430040a3d63fffd2d890db633a1276a4508893f6d4e128db30471873c019bb3400159558f00167a865f6f26c6c2952faa8fa1

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ru.bevfhmoo.dgrceprjq/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

/data/data/ru.bevfhmoo.dgrceprjq/files/UnityAdsStorage-private-data.json

MD5 16d3e6eac0e79222a9b368edac765b34
SHA1 48d5e621fcdd84108f5750d6905180b622715b11
SHA256 3a518b70256a689906d6740062462e3124aad6e55c5aa47339a87a56e4933ee7
SHA512 d0aaacf86100135241426e2a0e9ba44414aa456cd708124e2f9c3a8037e008870cbcb506d316e4fe7cfe1d6dc3073393989a6f3c29f7cfabd6b0f65057afe747

/data/data/ru.bevfhmoo.dgrceprjq/files/UnityAdsStorage-private-data.json

MD5 19911ed17221ac8ae2702fb124d16c90
SHA1 db39516080d528f55f3e135ed7f5af8763c37117
SHA256 8c3193dd72ca30408d32d2b88e68e4af4ad48c9c535fabb45431e203a26f721f
SHA512 cbc574e53f5fbd245691b088bc9496dd6ee37b5b13de30fba92eb0e819081b5c3927330f53c993af5332d4dcb7acd14e9342f9db3bd90c820c14c63f19f514c9

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 22:21

Reported

2024-11-12 22:24

Platform

android-x64-20240624-en

Max time kernel

24s

Max time network

155s

Command Line

ru.bevfhmoo.dgrceprjq

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /system/xbin/su N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

ru.bevfhmoo.dgrceprjq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 sites.google.com udp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
US 1.1.1.1:53 chelpus.com udp
US 104.21.59.188:80 chelpus.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
GB 142.250.200.14:443 sites.google.com tcp
US 1.1.1.1:53 config.unityads.unity3d.com udp
US 34.110.229.214:443 config.unityads.unity3d.com tcp
US 1.1.1.1:53 webview.unityads.unity3d.com udp
GB 18.165.227.128:443 webview.unityads.unity3d.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.46:443 tcp

Files

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 ceb8e6fa2ead54118305fecc7f244bcf
SHA1 5ab4703cf348921a75e700d0741f720b3d8d7285
SHA256 83907c3e5e2947eef1d7ee86f5aa303d7560aa717323e138b9edc121a31067c0
SHA512 ba105064a10077e041bb02b4dd3ca57db3f2fcfc5c2543f8963ce4f876885a81942b6ca943e0cab0b596da9b5a6fec7070111c8670621913980b9ab167a657ba

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB

MD5 12b82c602e6bb6a4760861108ff669dd
SHA1 8bf04a9159c020420cc5fcbddc817c6069b40330
SHA256 32268e746ecb46b5f19592ccf53b805f3cc117f4bcf731ef57406130faec9f30
SHA512 5edfc4ff4915886729a97e658e22d2affce946c06ec2a8d2b9fb089b7d1ad5d4b1cc624ee6f1aefa6a725255d807990abe90a14cc9c22151d3a19a8cfc2ee8db

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 22f1027a9369c4613119c994404b2536
SHA1 a72bc5a58f25457cae0f09a501f2ad5d050d23d7
SHA256 9af1268f24c38480a45b69c3f93063d1a0293c3250ccac6c31476733cbd384af
SHA512 82ccffedb2ecf5e9d9d5d5aa03d9642ecaad241ebd1a02dfa306b136e16265a8aa5d04d80df263549faf423db8a08a22e41eb9bf2a8bccaa3a18370d542890ed

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 4e1b480d53c291f19b9bcc8fb3f5a25f
SHA1 0347b135c29d785ea1b9edc43f7f2de04e50c2b3
SHA256 55df02edf1360290060882f093f2224c12032623c93d643e72766f4eb6e8bc60
SHA512 f10f910b258198d17c0b6afcfbd9610ad035aa5c7c5ded72743f983cdc711d820d9ccf5bad6dd5267fa7df7c33ef85523da08245ba56b1b686122b47d91b740d

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 f301b465219835dcd73b857fde978900
SHA1 fdcba5a5ea1267a64744e9a09ad4e39cca9d8cf2
SHA256 7e5734ee539e48fe92ea47e3d605ae004df7c8de1352c906458a47cdcfdce0f7
SHA512 bdb4806d7248b0e21d565f7792bfa6ec1be5fe81ec3f8238c53498c3917708f223f6d65d16ab8d1d52b890c490f384f5b262e6a37927e976fafc096de5ea58bc

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 074cd8dd6180692070e265616f0aaec4
SHA1 593c7b25517ee5e6216b18077b0860d30d8fa9dc
SHA256 6c5aaeb9690f23924df82ff53923eebaa2e9c0cba1940cb893b916487e09c93c
SHA512 0edd81f361486b3ec9d673793dcf26b4bf823e8321bf2f494b1fd3f4138db7067f62edd7f16ac858836d213799542f021c5069bfae8314e20befca0b4635d3a5

/data/data/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 c8ee1fe8e43c8c7dfd70a62fd003f36e
SHA1 b03e32d9a2ade4fd7c5065f5b2ce435317925fa4
SHA256 cc5762f797ce29174bba5f73d68a0dea362d82f1e5bc5bc6bdf3b60c573f4f11
SHA512 9aa2304920de7bac1749c0ad474c5d3e8a871cfe7113e45d1bae02fee5bb6aebd6c903c6fc07f7c50c8b91889a220a12f76e2579277885410a5fe4f850fa372d

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList_user_edit.txt

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList.txt

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/data/ru.bevfhmoo.dgrceprjq/files/pinapp.apk

MD5 ba57f9fe62bbcf10348091b7d08ce123
SHA1 0fba82354a775094f68fb49bd8530f97f6db97cf
SHA256 1df6c43a03bf45cb91c83eb81d123877eb4f663b0693daf4ba590df900a01160
SHA512 d030cb078a399eb104e5780426e14efeaeeaff93c4710186d1622b64a5ec547e20e318f72ac3c6adc3baa4680a955a3e43fa5964dd87a0684b21902672854e69

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/Changes/changelog.txt

MD5 61a55da92ec27d21434035f229201c34
SHA1 f0b036ad91a2f88a305efa12858661bd74e1774d
SHA256 cb34089d0e17b9e2d75b8940803dee678005332279c557d560293cddb8fef9d6
SHA512 ec1ad8696495025d0c1f598a03d430040a3d63fffd2d890db633a1276a4508893f6d4e128db30471873c019bb3400159558f00167a865f6f26c6c2952faa8fa1

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/cache/UnityAdsCache/UnityAdsTest.txt

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/ru.bevfhmoo.dgrceprjq/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/cache/UnityAdsCache/UnityAdsWebApp.html

MD5 ec0be7729506bf50791fa8831a1fc680
SHA1 9ddaaddef48db397270eba733a39b4e30eb1a39f
SHA256 3a523de9bbcb80dc3cd9ec2c2d87a46bbd5cfa8017f1e03786317292a8e6d5bc
SHA512 f98fcc152d485d35718150d4ea3e59f6a91dc61dddf6fc851d0775f719253b24b1972f34b9d5b124a0c5f24464b0e14596afd354bd976567532892054300d5ac

/data/data/ru.bevfhmoo.dgrceprjq/app_error_log/Log/Exception.9.7.1.txt

MD5 15b7cd75ca996dd3887071fc34fb2f36
SHA1 ab498ac351c1e484680f9fcc7c9d26acd79c9402
SHA256 4246b796829e4f28f5daacaeef1167620fef49f38f30abc6b9bdd68794a55fe6
SHA512 a985f7be819e03f514a8e89664a71c9c6eadcd12581afd22806fa6b07f9f13f0925e2a38ab41ee5b2d3d21faaef6f00faba9649531a5732052a10f1cf58d4022

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/Log/error_log.txt

MD5 f6350897689e86f9b86fbc9218ea5a64
SHA1 9d289539d7b7c784b7a4553e99a5a06ae0e93a3d
SHA256 f753f8cac1be33215597001819b3f20701576ff05f71efe5cdd15a9576b9be70
SHA512 a102a0a742086d3f0262af28c52ad9fc27bc7146516c90af88b869347e59e4f448aaaf36ddbc343da8dc5ebb5f031df00d0c70f803d01e93ce9cff8640195797

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-12 22:21

Reported

2024-11-12 22:24

Platform

android-x64-arm64-20240910-en

Max time kernel

6s

Max time network

150s

Command Line

ru.bevfhmoo.dgrceprjq

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Processes

ru.bevfhmoo.dgrceprjq

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 android.apis.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 172.217.169.14:443 android.apis.google.com tcp
US 216.239.34.223:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.193:443 tcp
GB 216.58.204.65:443 tcp
US 216.239.34.223:443 tcp

Files

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 fa04ccfee99cad90af73b3e951850d5e
SHA1 f31d89135829afff6104db19b80c7302b52b9172
SHA256 108c93ffdd071f899e468b23dcf9b9367d9a4f1483548c5aec79037d49d1eb86
SHA512 68d6ee33e237f97b04adca7b8ef67a4f81ec50f7f2162c55fd448dfc33d039a48c7408b5fcf53dbae32bfb5e6787804450d83aad31779eb3cc9990b69929efdf

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB

MD5 81fceda5241bfafcd833b5b080282e78
SHA1 e1b5489da98b86994d550ea41a1d60908ad485fe
SHA256 a49a5544f5f57cc2b56af0355f6fd7fba1ba6ff53e355686b65328fe00258559
SHA512 16bf3c6a15b04ad181abbb5ac50914a751bd2a1d675df07b5c9a9253b69895fa1e2bc7bf1c262ce398c0dc30720a29200a1062813593a5ede27a9adfe709c455

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 20be7903ba845b41aed149db0dfc82d9
SHA1 856828f990f013ddd0957d5d5e182a399d1d9c7d
SHA256 953f32cb4fbf3c013789285e10f893caf040861747aa2605f33227f8380da299
SHA512 533756a752511669ed81e793a82dbec166529c88d7237d98c536a44043fc8e1eecb7bc0afc9a2ea1fb9fd84ca800213800219d11188f934e2c20cf4109af7890

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 945130afaa72217e57b932b0b8b46bca
SHA1 361c7ad940039df6c1ad0aa598b2f71c93da07b2
SHA256 3a655e283fe5b68af0d038d8744fa92365d36d7bb01a0cb30dac90523b9a6a52
SHA512 14940f56325b80ada318cb7f03a932854c91bc47a5ad9556aab1988b010400bc9c906799707fd146493475f127ddca01109a4319e977346a0ee980bcaa329b0f

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 46544c17fe3b23a0d851a9ace163b20e
SHA1 26a8e9f11f5af83b934a359c5f6bfade19636c96
SHA256 7a4d6a23343286443ab1f25f316fc08b56d91f801e9f219573e6444ca5cf93d6
SHA512 a625c2eb0554cc2489be2b6dbda2ebd7f66d6e548c1be6a0c2409f2f5c38bbe074df53b20b277e7a32d7efec1bf37f6e357dd65139b91d862d5a0b556b81d8e8

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 4bad7250f6a2082290eac7bcf7ffea73
SHA1 c2a7cee9b72c4e351b25c50e21b6a7f98a524130
SHA256 4f7325d815cc9cbdbff29fe66274adf9222f010f42e5c03b4f07fe4594f044f9
SHA512 7437468b5c127a52a61ea216621c843736f0fb71e99351f236c3f34d4def248b28c6425e7be88eb80155e4546e958885c39cdb470f06630fcfa21f17cdedab4c

/data/user/0/ru.bevfhmoo.dgrceprjq/databases/PackagesDB-journal

MD5 951763b8f16e96afcf73ccb46671a3f3
SHA1 0aa4a0b9ba50df45e15c6d868313f0734c4c9c1a
SHA256 a0ca41ee2d457709c331f592a0b5d3afc32a3ad6ea4099520af7c6bcade69ac3
SHA512 1073e7699f84c88371ea4e256a98ded4c668487682f247767b83228d55b1c42f252ade85c0cd9956ac8614362b308d2805682ac4dd90c283e5b98d259ed12d0a

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)

MD5 302f7b6d9a4ffeccdda9ef94184c8326
SHA1 d4038ca0629f57b7e5c4056e74a395e5598aa16a
SHA256 5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe
SHA512 299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

/storage/emulated/0/Android/data/ru.bevfhmoo.dgrceprjq/files/LuckyPatcher/AdsBlockList.txt (deleted)

MD5 a39d3e83724992bacc8e8618952cd4ba
SHA1 7bea1709ae2ae49bd4178fddedaeb04414e447bb
SHA256 eb89dcf955fca4d11d336236724ad91d6cd4803e1c3706a265191ffe58499462
SHA512 e31f7dc2bbdfbbe90646f87f7c21156729955f91b6a4ac300464e048e28f9eb87c05b6bb8f171c8bb1a85c2ac49110d7fc3efe943443baca46d7d83dd2501e96

/data/user/0/ru.bevfhmoo.dgrceprjq/app_error_log/Log/Exception.9.7.1.txt

MD5 e16b98bf0aaa19a183ff38df784632cf
SHA1 f8d7d2244d906ac2b2e82506235d57f931801155
SHA256 14230bd02f187b9c4fbcd39f403b1aae077487b20d0d85c52e10538a8400ce56
SHA512 6a5d5467fe11097d96bc04e8f1bd3f1118b3deba032e10ec6f902112911ee266f4ab9235e4ae9dcf68e86623af130b4d579a749f896c370df45168069b390f62