f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947

Analysis

max time kernel
20s
max time network
152s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
31/12/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947.apk
Size

7.9MB
MD5

701e28e6544949aecbf43293fe2922f9
SHA1

4d8562680631dcfdc4ee0d44a1f55c6c848f80a1
SHA256

f776a2da1431472ccb9fcc8222df40b06cd89d88798750223c9d4baf7167b947
SHA512

b2b95ae4995c45c2089a596ce682b523c425b50efc04248126e69f7473dfe7cba049faaf4a611ecf823f92834630940f8cf0b6e8bab6a73cc40dd0e2116c0eb2
SSDEEP

196608:YIUYnYKgpiylRht47NQL8vFzw3ahnTRyrka:/n0IylRhQnR6gCZ

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.bnd.nitrofollower
/system/xbin/su	com.bnd.nitrofollower

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bnd.nitrofollower

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bnd.nitrofollower

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bnd.nitrofollower

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bnd.nitrofollower

com.bnd.nitrofollower
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5134

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bnd.nitrofollower/cache/pre9085863235377356001suf

Filesize
2KB

MD5
fcebe4726da2149cf047b51c676322a9

SHA1
302799e0034668b25ca06f89f43afd40ff268f92

SHA256
df8afc23cd0482ee33a46d3c3a0e3df04eea0c90ef638a15bf9dc271878cc946

SHA512
5fd148179b00145278956371925e046bef1d9efaf7ce64f187ecca4d8469e06060af742bd790eb956b152034ac3709a4fc54a9f91cbba8ec828bb91e421d1902

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
a3897a34e2574ba21126ff94a2aa38b6

SHA1
98146ef86d06ce5e0cd4b9e92a2255cafa8d0ab5

SHA256
efa56daa6732050b046121166e2a469fb5f9aaf6b36a58aa29c81312e6caeec6

SHA512
96d1a09ec568f1c08ef1ce5538fc88eb92fbb4140c0972b02cfb4a9f119188c5fdcb67db887550455c4586067680c9f2318bcc2a4fc5c2dca969aecf66d2939b

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d6ff08bee31be94712d4a320f2ec7734

SHA1
1f1e9cae4a3933de87571f73c84c938902b66474

SHA256
1f7cccd5672a177d94d85b2ef62628b3a987a6b1e339a9bbe7a4f54677840d63

SHA512
e4fe634939034dbfcbbb190b537f926e8a2963b819a99121bf759c38714d2746c639a0d349ae3fa8c7bf8d5aa9f461c5b1556fa962a40b8354d46d8f4c8f123e

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
a1570eddb670593c1618fc085ab6308b

SHA1
f887f923adc276202c0d4a4797d80eb0825dc356

SHA256
191ca9f7e2fd004c40d867940be0f5aaa7da3ca6d055f709c91e7f7e86d6b125

SHA512
e0d6de79f7edfe910a6486858b31556fea37485a7d3fba27caede1a67193bd45abdf97afd398e4ed4420edebc5d09c270c934df4dfd891e50e13e98aea003162

Download Submit
/data/data/com.bnd.nitrofollower/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
dea95c8d23a71579e9ebe15d7c79c8eb

SHA1
8e23b1c92a666e28e7a1cc6b7d8de92c916abea6

SHA256
0718162eb592efc497e9a51f82f6ecf9ed9dc0d3567f3438a7d3862ece6fa759

SHA512
1e4a91b4f7b4a82c98e4b136f5543dfb1018dbf03a909e94ac27184eeeb00da86b193268421583b79a063e4f514da1e1e50d900214b61995e351b04d83402cba

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a8aef1376c5438521db576a34ef8b02d

SHA1
5aa9aa59da8708a0d459053ed256515232dd6498

SHA256
807a730a3fdd317a498fc47219974a77164975674c7bb36d33049a1d02da020d

SHA512
1ac8bdf63ae848429d7a9f608f7f47aad8bbe6b49af9b03d3c6bb437f18da341518c68cdf3ecc57a80ecb73b0dc076949ae15daee12a05a515c405296a4edfaa

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5643a896217bd182d589d5adc3db1c36

SHA1
d52532dc51bed0ec2d6a2bd2d6d6a25d61970c89

SHA256
de710592f1671bcf1c295b0074d3aed00074a94cd2e9d843d868f9480f39c836

SHA512
8836c0a0a8bd4a8ef46b6b05833cf511b17a7cb5bbc068a8a586c81210fc2dfe14b9b61cdcd404a24ea8279ce608cf38c39296656526e4f17c264ae5c18de80e

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9a052544fa33ec540ebb7fd759502712

SHA1
90c8b28d65d4111607e4962994e4d36b7fd11711

SHA256
c94cf68a9397632f4602187f13b8e98cff5931a548ec3057ddbf3fcbec19c625

SHA512
6baa36cdd4a3ebbde053fd6e0affb98c2ca0c3d0b4cb6b524a30d68b660e824a7855e76dd74bc4d1b9f5a5ca129ddaecaf2a4218d4c1527154201a0d3c256337

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
99e0097c3e0e72668d9f93ac6491fa72

SHA1
90aec7880bbb442c22fb1c5fe75fd265f42c07a1

SHA256
f6d0a81d5f6bd9dd54e2847dcf0d3caa305e455bc45d3a51a049ade41b5b6f82

SHA512
e726a0ed95ecc8395b745f8b6e6bbd023f8be22dc0ce1cd6dea32635c09a700b71dd83372474673f93cc2671493691b905557d0a0cfdc49cade6f07ed2f311cf

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
35030e0f1fbb61891b48fb8839e8f141

SHA1
40dd0c3889fb9cf2c5684af0bdec0b0501d422fe

SHA256
e04cbdf8a21c0303823f085d3d2165fb23807457de9d81ae8f05cb617de794ba

SHA512
25caaf9baa763aa9e510cc39e8af24f5b84fe697e30560c37beabcf21599e7b3da3fd996ba9a43fb55f723d5b70df4b25179800b7a1d7e5f8d2022d4f4a011ae

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db

Filesize
16KB

MD5
81f0bdd39b514be1c7b64d2c025494c3

SHA1
52b0e15dcd0c96c5662b2aa222615c6a5af4ca3a

SHA256
d8ee6f7ccbe82fbdfc46a5624a0b79646a2a77a6eb78c5f6b88046268c7b8314

SHA512
470bc599ed101d406ac11fc3f01627917b8a5032a02de7d347145befb5e1f8f083f2887e486a9684ebb8b5c115eeeba6751afc749ed8381168f24bf9f94fdc51

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5cf433bb69f3d00bba2185e94857e107

SHA1
ccac47366c096d39beae948a05972f393621e1e0

SHA256
d0de752c24773da9e81baf1cf1f38241bf1e68fc9c50807dd31f4bdb334d8744

SHA512
38eb2e5f27407079a40fad3de63f124232bcd376351e130717285237fa026e54eae36c20a3bb29e8605609ef8c9b5f036a98e65dd2ae8fdb00b4da76daf0b0b9

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
74fb909abd11a6f69993ade1b0659cb0

SHA1
3b0057312ca3cca600a9a385a150bfe86b75e4e2

SHA256
d052b55de7d6e7022bed8f18325a7ba172cdfe183e4584113efa2a3c35c03ef1

SHA512
5b68f3aaa6db650ea9f6d9654d434a566ecce707ab0237b8bd466ccacc3a263e3755f81940e79cddf40c425cf3cefead2b0985968941ae9837992aa5bb19f6a2

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
69ad5e56b3e7d25fd249bd098fcac396

SHA1
65a6f94237fe24c540f8d621dd212aa828cff83e

SHA256
b8e13919c4b1967e258c26a75c6768936c8954a9def232fae9de48f3f5dc170c

SHA512
8b02c6a6e5163184ede6271bcefc362081c5f00baa2cef38e11aee026af9a059f6158cb85253b4d9546bce3070a0a8c45f5f376240b5b3dfe77203d5780f9e0c

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7dbb5e2eac84a75e4be64f6a816a4629

SHA1
abd60c7332e5ce979830d0ac69f12f288e557668

SHA256
461447f56bda5c55fc4f8487a17657dfa71679760ae097122b7a1178f8c5f9c8

SHA512
05d16b87ed62a8502c5505993d588adc0de8aad520bd792caaff3b67a20abf51d13ebba21812ff88c229b922ba0668c00d017818adfe61dbdacf66912d1fe8b5

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e5f738e54bf89af21e1e819a68119ddd

SHA1
95b2bd193089ec538a82134978ad3392085d549f

SHA256
11e67baebb3624e9f5d132cbc4bba51fa57ef713d1b54c39e4710c6c26a32cf2

SHA512
071cadc05ad8c479cda81707638eb5e62e0d0e6e156c770f0893f8ec9527a2634372ccc39955b634ec6d4f89b4672d280b4db13db225260e252773b6a62a8bb8

Download Submit
/data/data/com.bnd.nitrofollower/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6a19d71053c4dfc893cfb6a5d1de532f

SHA1
f030a67ec7bce705bc76117783b4746b0b4b09c2

SHA256
cd55bdf14d3c94930a2630ed1b80dafba7c7915149425c949a80ba580e6eb75b

SHA512
93c934bf3f28e6ecb0bc9fab227a3553ae9d70d912df2d7906d22ec707e6af9bde90463841428845b23fd23d2417cb9f888b7248a5f383e89aa93c114e712e45

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/com.crashlytics.settings.json

Filesize
717B

MD5
b8ec2f834aa5f6688d0f2892ae3a3363

SHA1
89de7e71af25d64ca5e768d9e1885ee00e1360d0

SHA256
567c68c7923cee2139262548c5f8a0d298dcb5670314c9da2e00b34171caa258

SHA512
4e512bf5b8473e09501f0b0b6752c1056047892b7f49811b68c917935ba401b05ab79290a50d0c83d0d62370a9ab88bee33df97cee81b5edfda70b35217df92f

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF81013E0001140EEBDEAD62FA80/report

Filesize
800B

MD5
543d074f809c0edb1f7cb03767748a68

SHA1
d358f446abe4559b3d1eed7a35c9ccaf91f33644

SHA256
2a0b66e32c681e0415eeb160b8774bb979d4253718256124082637ce43864e53

SHA512
cf230718cc17a29fa2d21157ddf941f65bd7b586020a711fb39ad9edbff7a931d9e51828e8f0f08f5aa85d604ba260b8896aca827a1111d9c9aec13c8e3766f7

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF81013E0001140EEBDEAD62FA80/userlog

Filesize
197B

MD5
1bf463a02d6db216a5cfa4d9fd4b9d11

SHA1
a57cc8f5057ebd3e1025591f7b2d27e78147f9c0

SHA256
228c0ac03dfa9d38a91f70b440c63152879b3ce99668ea36682243560031f799

SHA512
7b3d023edd7ddbc3b986f635985088077567443d83b8613f68c984fc0141a634c344de2719c52f737114f6dff3503cf631b15742eb6623c915158499983fa6b2

Download Submit
/data/data/com.bnd.nitrofollower/files/.com.google.firebase.crashlytics.files.v2:com.bnd.nitrofollower/open-sessions/6773FF81013E0001140EEBDEAD62FA80/userlog.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.bnd.nitrofollower/files/PersistedInstallation3883875078926127671tmp

Filesize
90B

MD5
69d479f67ea1e20ef0eb990334a1b99f

SHA1
0c7512aff3a983404779ccabb55a4e7b3c8f2190

SHA256
979843ef624c55548dd199c402a86dc83bfc5002cc732f1728508a7e6db7d547

SHA512
e4901c3f30f2201459010dde54633fef8e75ec176879450a6dc64dd97b2dff3427344d73cdad631245d66dfc7f8f88cc34824effa3421cce0c5707859c7f96fd

Download Submit
/data/data/com.bnd.nitrofollower/files/PersistedInstallation6239725649857127167tmp

Filesize
570B

MD5
259d4ad52d3ef99c5b4e620b9005a497

SHA1
0bcd2250b2f72441b443ea3f275790d2ad54f4dd

SHA256
9e345d32246635bb2ff463c12f81e5dbd6100e1d16170ffe5c6931e52fb5fe11

SHA512
764eaf2216fece85a819219bb691f663347c9af2a90a6a8eb8aa1cecc72320b084ece57d16775b3b4c895651278a66c7ebcf27f055c2c4924886da70e1db0187

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
33B

MD5
35b51faac8b5af3886e70bb5a885dab1

SHA1
e6cb282da46cd4bf113e25c8573268578dcd11b6

SHA256
af5b3362ec35985974c6b73eeba53e5063861f2491252d61d8cd42168aa5ed6b

SHA512
6ad5e9766cc03a4436e1440b9e47c44da6c6440a3c94b1cc988f8c5680043cde6f7b7e02b2b4c71b25df4209c39ed099fb65fdde02a9f09464609a1abe6af8fa

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
75B

MD5
944e6a5a08cb971370c65c06061f0ab4

SHA1
84d47725cc29bf167b782c702575bce4bf2ecc5b

SHA256
ba8f4af0e35f93cc15649f4c51969f5279421fc12deeafaddec5e5c48aa58dab

SHA512
bdc404233927a6a99160492d0b3e2cf00776d51b33612b8c9ecba395747b3572cf1790269fb199915aafe84c546d30e3259833c9d00af8c412823396882ca783

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
121B

MD5
ffcbf87665a36fc21782400bd0537e79

SHA1
3dbfbdbfdcde953317b089f9a9fa0bbe50c698ee

SHA256
a21d3bf2cca0951e9e7b3fed43cafe9f89a4cf9d844c82279b260852d0ee473d

SHA512
7f98ac150c422eb4f1126d86501d0435817ceaa7eb5549e4d21a295d57be3d3fed4388cda782c084130c4ac8d57a4f225139a2e42e8a12b34cc1679140d16b57

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
163B

MD5
dcf7d6c1cfd5e7b56074e3001577c78b

SHA1
b8eba89aee9f6688ecda6675ef8ff4998da0b141

SHA256
ba0830617929c78abca9391c2059f89c78049911f502ef5525d39341e4da2b91

SHA512
42d75be824d69de23d2e8605d60c3608db20ed5c059f5b67c63ca2845484c67150aea88a3aae36aae12a4ea266fb6b469d09f765bbcd444350d836ab83f7695d

Download Submit
/data/data/com.bnd.nitrofollower/files/datastore/firebase_session_settings.preferences_pb.tmp

Filesize
212B

MD5
36753fce3efa8e1dbef23dbe2d32a170

SHA1
747d868dcb8cc76236aff7acde9e04c1d6d85fb0

SHA256
2024fdca903370377f80d05df80bbdab4b45c3ab748b54d7acf696ad5d511547

SHA512
416c27de1d1a8943c3eb36813d4dd205b9aa53b094e4820ef16737d08a818c236bc76c3181ade0c0ae9170e324912fb0ab70cdd5d9cb18e4ef85bd9149a7c20d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads