Analysis

  • max time kernel
    138s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    15/11/2024, 22:07

General

  • Target

    d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c.apk

  • Size

    2.2MB

  • MD5

    1d3997cf8c06348ca01a02b35997f54d

  • SHA1

    a2c5674eb15e44f61718d348d630ac3b3daa1534

  • SHA256

    d058d1d1ab781cf11302ba9ff270b1e84e70b05f54b6330079a1ea7f648dc50c

  • SHA512

    eb4e8e7e52385ebbf26ae644af0d2d44ab0e6b880c57073136196c662e325633a2995d0439f648c73d3bb5b6aec718812da41a9cf8b44149c7b4b58d5466731d

  • SSDEEP

    49152:5/Wy7fJLjWFMdPoTwNm2ohM9LqLNQ6HtIwttgEi0frpQ7:5/Wy7fpjntoTkm2ohM9LqO6NIwt60frm

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • qxfuugux.pnclrzqk.ktulspgfjkgv
    1⤵
    • Queries account information for other applications stored on the device
    PID:5156
  • qxfuugux.pnclrzqk.ktulspgfjkgv:kygwd
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5193
  • qxfuugux.pnclrzqk.ktulspgfjkgv:Daemon
    1⤵
    • Queries account information for other applications stored on the device
    PID:5413

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db

    Filesize

    28KB

    MD5

    1687e14abbd04397a3d6d85f92a5031b

    SHA1

    a68b74d501cd10d75b610d92dd4b4beb4904c274

    SHA256

    1f8cbe0f5e9d04eb8504de74f840766e6ee43ed5a9af092942ec78aca8392ce7

    SHA512

    65f945c65e6cf4b95de1ba0b1d12354b68d33225865e500cbfff5cb890cd3721683d2e8d49e566ba003f1f453fb0d2a9f9770f29326dde08cdfab6154aeb1bcb

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    512B

    MD5

    f1a461c5647b6a2aa9461c1986f39579

    SHA1

    aad61f91c7151b52aec319046895db037e426569

    SHA256

    4462557e81795e382e3d6c95e186e4eeacba2f23ed679b042885376dfaea9def

    SHA512

    ec300dc28f8480b6d8ec245983702e76c930a3d1ea413dd6907e19072edc1f1d1555d4b4af30c2a8a55779521d51cb7fd78fdf66f52f551eaf3bd5a547cb4af7

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    8KB

    MD5

    8aef7a0ff74994175f17071f6190f1a8

    SHA1

    7d688887926af7e09747df15dcbc51035d8ac35a

    SHA256

    ebdcd1e399932a8654081a14d774fe0dcca4f5a6b56c65aeafa16840548ccd5a

    SHA512

    f68b57e0edd675845231792ab6aa8ddbad84d43edcff241a79626334e26de9940a64fd602ffa0316d18b45568c2a7814441d267426816bebc8688e4dcc6a10e3

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    8KB

    MD5

    06b506a3a5f92451e2f49b8373c34ed2

    SHA1

    58b2efc175dd3d5c5a419a3741b6cacde11b899a

    SHA256

    a76984271a9c5eadf45eb492798577d8ab88c8fa0d18c67d23c75c3f8f987d04

    SHA512

    da5df7d567f7fbaa8c310eb044be1a0a7d5b6de1b1d59aa15b42116e14a5b3f2e6cf56209519babae037fb3ea4ce9ed6999f3c1b55caeeb1c37efc3ec1dcff30

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    12KB

    MD5

    2a397f4f0be768ee05bd8ef001b3634d

    SHA1

    1ecce391016f7c7043c3c151be3c9c7beaa0875c

    SHA256

    abba37e4932f4af24f5a0b55939705049564658a91753d6dec4a9783d2cecb0a

    SHA512

    4cf6380dc8b65c6f038b6ca4c30306861fec4c6e5897fb38ba748aac2970bab408eca40d909c40279d91cf37c66df895571db1de7347a87e8255758e3c120b93

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    12KB

    MD5

    a8c4f913a3eb6b3bb5853ff0824248d7

    SHA1

    bbc9d3cbdfaf3918f17b52c4d0d9539c669d86bd

    SHA256

    b816809bceb967372eceb40985bcafdef8ed539f2b82d28b12b9d29624d4454b

    SHA512

    c4f65d7db58064c0e34d72a64c5f9d3c6c12076c92556d05e458e6e1a942a52e3256417746815781b5a34e911a3fcda4c40c1d8a903119bce4e55a63b37e40bf

  • /data/data/qxfuugux.pnclrzqk.ktulspgfjkgv/databases/tray.db-journal

    Filesize

    12KB

    MD5

    7117b8115af2ab8ca4c581176094c06b

    SHA1

    176a82cfaee5a81a3c7809af9713683b424db005

    SHA256

    789779fd775da4c0958d755e45e87eaad130abe1624716ece85b2fd28fd872f0

    SHA512

    91ca457e2e2d4a1b42b5a4a240ec3aaf685510bfa27bebdbdbd4636a5d5c90488f381e46d5e1336795fb715e9c294b23dfafd46fa06889cd68751c16df346713