f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947

Analysis

max time kernel
12s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
31/12/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947.apk
Size

7.9MB
MD5

701e28e6544949aecbf43293fe2922f9
SHA1

4d8562680631dcfdc4ee0d44a1f55c6c848f80a1
SHA256

f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947
SHA512

b2b95ae4995c45c2089a596ce682b523c425b50efc04248126e69f7473dfe7cba049faaf4a611ecf823f92834630940f8cf0b6e8bab6a73cc40dd0e2116c0eb2
SSDEEP

196608:YIUYnYKgpiylRht47NQL8vFzw3ahnTRyrka:/n0IylRhQnR6gCZ

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.bnd.nitrofollower
/system/xbin/su	com.bnd.nitrofollower

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bnd.nitrofollower

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bnd.nitrofollower

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bnd.nitrofollower

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bnd.nitrofollower

com.bnd.nitrofollower
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4263

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bnd.nitrofollower/cache/pre6634758746651221700suf

Filesize
2KB

MD5
fcebe4726da2149cf047b51c676322a9

SHA1
302799e0034668b25ca06f89f43afd40ff268f92

SHA256
df8afc23cd0482ee33a46d3c3a0e3df04eea0c90ef638a15bf9dc271878cc946

SHA512
5fd148179b00145278956371925e046bef1d9efaf7ce64f187ecca4d8469e06060af742bd790eb956b152034ac3709a4fc54a9f91cbba8ec828bb91e421d1902

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
b2cac6140dba8be1b2fdb092eafd206b

SHA1
90c680f590964f0342a0e66481848f025faac155

SHA256
850475f420b7f56a448e29f8c4150c2047f59b0160ba38e2951d9733a03e289d

SHA512
ffcdb9922978daaad4b85973123eef8424d7691da8bab3a9ad45b52c2bd5251f4db13d0b1d7a70faad79f7fd0ca93ac20702f61f11c119036a8b9e582f2c14f5

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-wal

Filesize
68KB

MD5
28af1327b8cbc4b5a2544a10d4a6d595

SHA1
866acc4268355e74d2c4e6d805c02bc714d726b7

SHA256
45b667810d9828c3af590904deadfb0154a15d52d69d179fff64f7a219ddad21

SHA512
d5b462479a07a0a5b083a0d081a7879be57f37be712521cf738fc1575d785791cd2c3e0ba9d4aa7f51cd1a6be26750030cbd5d5dc0a071ab228cedc52999b388

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7809e697287a4f100e2da20fac437b4f

SHA1
828f5ba0cfff6cf35c38946b12e8878c62e32d89

SHA256
0b82012ce67a22f5edd5894a271516978c096758d54bd15c2e5a7cf8ca64f899

SHA512
67f7a5ba7b76044908401b809e93bd9b29b94710e4b6802c6d15d913c5e428fbd5476e744feb0026c7fa22507c312cfe8966dddfb1069808ca5be14722f7eee4

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7978ba0355415ce846ec4ed11c8f9a48

SHA1
4d9713a0120f476b1f8ec697712f49694561b69b

SHA256
d8de1d49a510883f1b2053d677d9e5fadeddf200c09dd75f252e3a83b93ad0b8

SHA512
ef0fe5e6964aa3faab83af0962a04826346c70f0d1f5002bc4a66ccc04f4dde57d73e1ac23a111951db02d78ff7a819c084f57e1af3c9e28018fc3785c4ccf0d

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6200e69ebad6993b25bf240592c056bf

SHA1
339b9cd3c2181df60ede232170e5554f3041593a

SHA256
391f01cb148d63b886139508b4c564d13686bfd177018555044de970df997aa5

SHA512
9de3d0ea693304c8b10025db3d0fcc0f37df46e82b43026c054ca3fece2fd20baa76bffcebf4d0f6614f074d98af4addb59316f63b223f6ed5736b0db022cfbf

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1813aa1b2c14f540e49d6a573804ad75

SHA1
9993fd0a99de0b6fd0b061b000179c6a35a1295b

SHA256
8ae13fbe7c914e9bafc69ec732bec1caca4637a2be5cba6b7fa492020ce16bca

SHA512
c2f8141895c3dc4757b3746efecc45cfc1c6e499a03f8dc18e94c5460e8d27c2f3c4f0bbdf0ab69f9c5bc8ded18eb7e0e78de813e15cb22a91465c56a95ab0d3

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
78849f9178453fe75011cd885776b720

SHA1
ce6a9ec5184ec6b317caa586a56877cff0c1f980

SHA256
66e03b8256506cd082c43289cd46fe2c1c48328940313709010209dd5a9d054e

SHA512
2ae7fc544ff09e508ebd4c886c4254cbcad3e7f5516d5ba18a7222f2c871fee51e41f25b71ea038531e83d31b0c46d1100c05fa99829af564e220fe597d89b41

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45b02aa3b9020d721b87fa72e494f823

SHA1
1dff3197d9e6c9aaf74b6b266f746058c9c88d8e

SHA256
35726d4a82ec197a4e34ec0239eef93b09c6afb5276ad705a0a7f18b41f2bf7d

SHA512
1f2f8cfda07e5d9b6c6dab42acc1889f91ac8c4d497ab18676a033ad60536c832d34f3ee3ee281f512925ee725e6879bf81d78562c1a760445d1e011079ec91b

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
39f08914c54f3bd1aa353898d15e8cdc

SHA1
39704096a682efcf6691cc896550d9107a0014fb

SHA256
02b82b0c6787b4363b887d86d0f67907aef7448b786d75ebcece839be1193b02

SHA512
ae47e8be0b5aea85fd918d1879e0ae3fcb4760f64063dd3d44ee95d971c5b9123d885f684b3ae3fbff97120fb26b9ea439098611cd238d204464bf630c9362ad

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
659db93022ef65f8f37b8c3b4a80e054

SHA1
24cadc2a686e89a4eab767564faecb8ffd6f54ed

SHA256
d90be4ae648758944629803eebffcd2309984f897289d836009e4884293d5387

SHA512
9c93db59a2ed56d3b8171864528a10447151fe77fb2c11169d7b022cea6e222437e4e5537edb4db021a83e40ab94c5ccc6c5abe33d849490572c656d6fb4e7bf

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
73038e72896db4dc4855eb2c89de58ad

SHA1
29aaf944111feff57c84fd5dd7dc0a39519d9e68

SHA256
0b1033416b768533a7c1f28300b26c4ec4d52e71e10d268513e2e2ac808a8778

SHA512
8318db7efa1c22a323d06c41e4f20fa8c873cad88d100050ef6bb818f05849a73464dafcc9cd2c1869deb6b1d0ecdae3e22a2c294c6dab3fb54b9d3e01d6cdc1

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1612bbfc3478919f0a69617117c78cae

SHA1
963f4b26721b7759e5186c1ca767a432d7729a65

SHA256
c211691a0b56192a1b5f8c10ecb7b4ab33b40d8671c697dd14a921e1f9e4dd4e

SHA512
529e9b80b3310ab1b45e2e6668e100d80dc3b88a1f7e64ec2607730c61a5fbba18579569e9012e8649390304ca3c13a035523c7aaf5aa0f163ee8320d720bfc8

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ac6b6d54c64fdb2f65da0c3f5064b1ec

SHA1
f039ba2402b329e19f4c6fb50af0a1e7c3f80882

SHA256
9e70864139f46b9bdb29c1d71eb08d7f9123dac7a3b498b30029ff868121b513

SHA512
673e26d58eb95b93be5aed8569d48549ace80218c7d8c7fa1ce3b16ed718ec586dca86f87545790771e34971b2efc1ed5ea9f2a6c8de398aca4bb643b3cd3376

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a9b104dd7add0610216321b519ba9ffe

SHA1
737e38bc1818d612cb6fbab208fd0d680b199e29

SHA256
b7e0ed4bf28459835f7c023b5e030f16cbbf26f4a2884c36edfa13092633d48d

SHA512
fbdba2a940b5c56a62fac3bbafab52ab250a1353a6149bb45c7ec4fd0b4dedb183985ea9fd4ce97718fe8a960392646c4dbd63c1d51391ac11931a55ff193c46

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0ab0e98501b41c04ab83cb06a230c110

SHA1
07decb589340cd6c630ca72f254328ae29e0052f

SHA256
5a4731d8d7661118bb2a5d809f540bdc4a6ae6e09f14cb0cfbdb2a899890baae

SHA512
335c40fe49bae0a47463c1a2b5a0b6b35f0b392663c0755bfc3ddbbd7b52ac014daa5c4a308c6eead13e34ba49ef90db609601dc5cdd733a891e0693f93eca79

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/com.crashlytics.settings.json

Filesize
717B

MD5
06e1e73030a96c0f48cabe28f669a371

SHA1
350563c1b4c24172f66ce106f3f5d1c59af6e475

SHA256
0f2ec5daa0e0c56c7a93e78cfc0823f910b77e270d25388db13269bec8abf8d0

SHA512
868f54b8605b156bb8cdb85c6b0f0a2925fca61a3db48dc29196cdbf127c87909e85be4b6028a5f3d0cf4887d48c76181f76b0ea22c69a0df82a5065ec8d0ff4

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF82007B000110A7B43C44D33766/report

Filesize
799B

MD5
d3ceeceae1d75692152265571bec59ab

SHA1
02167418c52c98dfd10dab71734a617e1e46a16c

SHA256
749bd54b274c9fa776dbde1ccae1f3e15e979968a71332505beb2c75ff24b859

SHA512
271357516d2da88ea60741d298c69fb8b8bdad914653a96ec49f6d85809ce023ac7aa5908de4f76ba2c1fda41db92914945b68f5a05192414dab437da8c93291

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF82007B000110A7B43C44D33766/userlog

Filesize
198B

MD5
585f7889de89f9215a295ec40f197f0c

SHA1
15bbcbf79102a7b379f77f2c6a6f80efa16a81ff

SHA256
a79b03f101852dd394e7843b9ddc723782168ed0a8af0d3e7334a73fa011840b

SHA512
a0cb689f5b75e51a2e350eaa3d82a53420e57ec9caddaade827ea438e85e89306ebad04eac2d36965343b0e48bbc8f98d826e2545527cdef2f9ddd88795facb7

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF82007B000110A7B43C44D33766/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.bnd.nitrofollower/files/PersistedInstallation6573773517267733280tmp

Filesize
90B

MD5
67a13e9457f6b2f0f47d8e8315b41717

SHA1
9ff7e6a34c7d0dc56dfa2fcfef2d3c3e2c53e1e3

SHA256
61a358b002175b7bba8fa04b6deee87c42270ce526b250116a99267d5f487769

SHA512
58933f121504d18be94977e48de6dde1224474ab858a8f8f9082b365b06ac5ddf1978c0737ccc51916160bcf005a3d27958c37892ab9ea92f84e469053590b76

Download Submit
/data/data/com.bnd.nitrofollower/files/PersistedInstallation7935715620590524789tmp

Filesize
569B

MD5
0cd100f0a375e98b13af6c06e9296a83

SHA1
66a4bb0065c87c14b21f8b9fbb0b2da2fe5a5480

SHA256
a3a27673e7cbc49c3740098166c0ce6bfefd476f1f674dab5cdc542b3a0faf53

SHA512
73526c4c7967ed96d30d5dc557f95858d886db7b4e81a52a0cc8ad61c11d2edc732519e1669a6419adfcd74f7b0feb6abdfb7eee667319d6feba3d325efaff3c

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
73b8c341dcd2005769e1b9e17e6c6b98

SHA1
361fef669e87a969f7a453db92d3bc039f043024

SHA256
9246057d5f32dfe6f458c1162a3d421f264bb36e145538d387c9ed6020d8ccfe

SHA512
c600a942f8f656fdfaba2faacb23b8b58750cea7ceb2612051e96bde50e7c72250c6d7f69f20b2e69279c570da5ead6eef420d52b19e93807b4302096747e616

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads