934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498

Analysis

max time kernel
149s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
14/12/2024, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498.apk
Size

3.7MB
MD5

476382748732fd119013f431eb526b96
SHA1

211be0602084eb863fc1509ade6647593278ed9e
SHA256

934011382159cd62787ee5c5887da4faae903df852152faf191c66e8454cb498
SHA512

4af84c7b27a0653ba612a9d4ee958fa1e203e140b1b15bc7fdc47e08e08427193dbc5d49f943b29e00c11a9481c8ea7091d558137e34bd580565c1f77acd48da
SSDEEP

98304:zZQ8Diz3+jcExrUH72jobqqKDPLWFovYoMkJkRFPj:zezuj71UajMsvwoBaRFPj

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.sxbuIDfx.pFSOyagrF

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ru.sxbuIDfx.pFSOyagrF

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
24	sites.google.com
26	sites.google.com
33	sites.google.com
35	sites.google.com
25	sites.google.com
27	sites.google.com
30	sites.google.com
31	sites.google.com
32	sites.google.com
34	sites.google.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ru.sxbuIDfx.pFSOyagrF

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ru.sxbuIDfx.pFSOyagrF

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ru.sxbuIDfx.pFSOyagrF

ru.sxbuIDfx.pFSOyagrF
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks memory information
PID:4521

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB

Filesize
644KB

MD5
1ec7a8a058b87319107d349e511f2468

SHA1
a1fbdf96f1ba9ecf24d57fe804d28852cd430b73

SHA256
e14fb118ba3742484a2bff69cc9aaa45b291601db31f0cdc9a718526134848d1

SHA512
8617761b2fa1b5db3b513b41cebfdb570ba5228923775eb138116e81693f7090b7e4887fac75a303c0ab1a426f54c64ff68560f7b0613fbf896f2588eb350dda

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
28KB

MD5
a0c1ac08a4622f0fa6a9fc0545c06f40

SHA1
f2604f6ffff74af6781bab1ddc9d3d123d67b519

SHA256
b0ca294d4f83b59ef022bd83e005982d890340e7d1fed519aaa62ae8e02983a3

SHA512
1977eb00b9333ba68b2576f9bba81470380c40e5b5f7929b64ec571e10fcaac61dcd380484b778212c67c0fa2e5863a1a6e073fcae76594541533fa0c5976c2d

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
512B

MD5
557d026f46fe04a482998e6da23e5f75

SHA1
4159f914da873d772c7bc2926e35b52e953b81bf

SHA256
7d6c7c83a93a55798b9150b01185fb980f2deb2339c685eb58c7de55c8e55d88

SHA512
ea05847afb83d86c0d2dfa33f699dad94f517699ec780e7c94362de40d5123589dcecc4c2b4553aadb046579ca31040c0759bc36e8824b12e6391df9154a3a94

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
8KB

MD5
9b0b03baabdd8a424b93f8fc530b8f38

SHA1
c0530923f3026ab6d44a80f2dd8f163669dc8ab5

SHA256
5b1bdde839bdde8af028c31635d21c7b4ff6bf09145569e6a02bf485eee8010d

SHA512
083b290c2c6eea26c523a1fb1795cf4d2a47cd6301d8b650526c23252245d77064d2522d1976073b0d096e670f4ff6b39f9944327c5af5d22b7af015c15e169c

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
8KB

MD5
9dfc7377ab515d493f09187d2585729c

SHA1
ca9d095c14204a0d019bb70ffa8743a7a2591132

SHA256
87decd80710415a6da8f3f82adc53fc8e55e626de6b8286b5619f3536913c67d

SHA512
747881af97c03ad6e1c307b5466849aec3514ca3a0e99ed73fbbab2958fbe7f7625b293ee7b47685a1b6e32ee8d0353a44ad1ecfe0e31ea79127e9d649cf6719

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
12KB

MD5
55482066ea00b095c3a04672012c1a66

SHA1
0cf090645846897b4a051e4b6773f122f82f30e0

SHA256
e0715d3eb50151818e30df97488cec3c3658a8f6855710107feedc66f667c01d

SHA512
99eaffe07894d12669ae9e1c2c1e0b3065ebac98c74e61e025586b0339bbe8e2a7629b1876a0bfa9ff3d6840479013cd6f1b31d4d75d4f7a74d190d4fbace70c

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/databases/PackagesDB-journal

Filesize
16KB

MD5
f9a639da484d7ca69645b3cf87b29a9e

SHA1
90120b224743f678f1c8913f463aab8c6c0c34e3

SHA256
8c9b119984617c85e9a15e45eec590b254388914faa6fd79025a0dedd9144a85

SHA512
d3d7c4737fe4f2ec3d933140efe0b264af71b286b556a660748078d76c8c418c18f5f82fb4e815cadc344af44dfb1d6f948c71e97cc6da3534565e8bca933997

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/files/UnityAdsStorage-public-data.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/files/adc3/AppInfo

Filesize
68B

MD5
429059fdba597db89e491d6bc8d92b45

SHA1
2500f7f118b7d4c29521eab5030ef652d21c3630

SHA256
a9ecdd5568d8ab46101cec0af5a5e2d14a0d44859e442ff55e241383e293f557

SHA512
f9ffc61326c7acf79ca5c6e3405126ed2035cd422841392c8f4e485313095e13ef0220c275a756481dfb8542e75ad14e66311d6d039dc2aa51d799cd63de97c1

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/files/adc3/AppVersion

Filesize
26B

MD5
5d1249d56166b55ee23d24d70137fef4

SHA1
2b387cfc6709eccabcd209d78e934a549883f355

SHA256
3e1271b62bb11052bc4c23706b0d0b79358addf7659c356fee72871f96064357

SHA512
81dd56bba20ee472517168dc61ff8b836511a29415eb2f584df6fc2874033daee21a0e9da9dad0557d88f65efee9421d9c73a763d6cc8ed80dd295c32b238020

Download Submit
/data/user/0/ru.sxbuIDfx.pFSOyagrF/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.sxbuIDfx.pFSOyagrF/cache/UnityAdsCache/UnityAdsTest.txt (deleted)

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/storage/emulated/0/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit
/storage/emulated/0/LuckyPatcher/Changes/changelog.txt

Filesize
41KB

MD5
e00c742768f30bd4e90eeceaec33eabf

SHA1
601746abb7a60535a3f3dac62d134b8971ec0640

SHA256
feab96c0211e51d22c57d0ac33ebbe260bd0695608f1b2b277931fd677e3f57e

SHA512
161ae35069616ed43dac4a44552f7b3cd1e81d3b35e941c4a06836f517b39022d884d805a7f10f46c9923661b256546341df8e611ef8cc27a32bd640b1c78b73

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads