934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498

Analysis

max time kernel
8s
max time network
134s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
14-12-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498.apk
Size

3.7MB
MD5

476382748732fd119013f431eb526b96
SHA1

211be0602084eb863fc1509ade6647593278ed9e
SHA256

934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498
SHA512

4af84c7b27a0653ba612a9d4ee958fa1e203e140b1b15bc7fdc47e08e08427193dbc5d49f943b29e00c11a9481c8ea7091d558137e34bd580565c1f77acd48da
SSDEEP

98304:zZQ8Diz3+jcExrUH72jobqqKDPLWFovYoMkJkRFPj:zezuj71UajMsvwoBaRFPj

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.sxbuIDfx.pFSOyagrF
/system/xbin/su	ru.sxbuIDfx.pFSOyagrF

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.sxbuIDfx.pFSOyagrF

ru.sxbuIDfx.pFSOyagrF
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB

Filesize
548KB

MD5
a3acc4d8850e777ea97e7c25908e3137

SHA1
a9d576ded6917ac23614c8c0c431382794b29e9a

SHA256
abaac6e1a1b20f4d463d930d37951b993b1cd19baa8f5449134113cfde8e7b16

SHA512
4caddc454abe82acc9521efaadea4819df847f04d42a8db684e93a2213aa28226bf2d3d21680594fe29c4a1b4f06b83515293a27ac5290867ae60954dee1376e

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
512B

MD5
c236f3779fffd4d665a5cdc8201de610

SHA1
a46d756a3c24db7136d5d0de5133f46a0bbb3bdc

SHA256
00610942e354f70d5ad3dcd4336c49becdbfffc59209606f92f73d904b29e921

SHA512
55f9690c49e3fc02436f6e0602d3748433212b6b7be92fbdf895e676ed4f02044c5f90da511fac7c93c0753ddaff092aaabb41e1cd5df13e833670351301d5eb

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
8KB

MD5
12113993a8de8dfdfa23ae339e15fd9c

SHA1
3375a8db82644abb8c20d144302ea86cd6719c2f

SHA256
0c7460a7ec8272d245cb6562a8271952b490aa3254a0b9f5f236b3c0146e3813

SHA512
cf8b497d579b16eae51918d74c509c83ab8adc35a2721e8092d9d6094433336ede10f25b73cc2aea52a339af6c332df5b45d9c291ecd8be2b58cc43a33f9b524

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
8KB

MD5
9d7801ad7a1806e7cac16ec72db0a5e4

SHA1
e77bf4c7744ae99f2b5a682ef65f52c59c6af6f7

SHA256
36bed1638ef7d5f565d9401dc287dc25ecd8624b2e85c2a2feee16437b6a308c

SHA512
12c3c3594f90357579b957c2d883996bda76e8ca79f622c06d2c3fef7db2582b5f843e65bc4649f104cf3b198b4b50691a0cbff0f034b809e092c98103e3d946

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
12KB

MD5
b78fc7373956ad9fc47a806786fe5bea

SHA1
0a3e38e33c9b7d1c425e6007c7a342d8858a5473

SHA256
a86f6cdbacab18accad3bb623e8fa09f5e601df7fe36e0d9b84108028911a146

SHA512
ed6e1535604c22b613fa432c74df369272317ee19c6cfce7497e7b1c9620fbbf1d0b9b835f977115cd380ee6684c9106d4a410a6c6005c21214adc83b4e659ef

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
12KB

MD5
19863a3b62020c30c5ab48e3f2fe1eb0

SHA1
1e5695860d981449f75f7a20006e9df80772e35c

SHA256
60af57b66a202429e62f719b2079ab8d71508b1e06249e48c7ec2031756a869e

SHA512
968499c9a8c60382a783215a5a4d793c40e0b15b2711d36b08e7d92f5a5ffb715d9b18a2cb69b098f7d3826086b5b26214048003a008bd8716550dd715a887ed

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
28KB

MD5
b8bfd194b48da8bbef5894521f02ddef

SHA1
da14c9e0da62904a4573d4dbc8ae9627b0cf2789

SHA256
d42170ad4f3088f1a27fd16de0c48a63ec22daecb520ca4e3d3deabba503ee30

SHA512
c3c50f827d83c8d015097bc590a3a6372104d432cd5d06bce8f14bded09c4742de31ab510caf364d067eb1f357a566280a148a2dbeb445e037aa1c32b9954716

Download Submit
/data/data/ru.sxbuIDfx.pFSOyagrF/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.sxbuIDfx.pFSOyagrF/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.sxbuIDfx.pFSOyagrF/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit