51baf4bc48db631e887ded88c0beb05b7a2f6f26ad2d122ee7c6cca6678752f5

max time kernel
69s
max time network
78s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14-01-2025 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0.apk
Size

3.7MB
MD5

f17c846775fe7d69c25b1f9834ec31d9
SHA1

642e9c6595ed94cf6040c9a66e4431b04a62a2a3
SHA256

b3f23bdd3dea208f05de7a5b9ea928758187b3f2b0f4f5733c8bdb3298818ec0
SHA512

2f9883be40f1b9fda7ef9bd432c7d32e5adf6222e5bc9dbeed974f7e101a8c8af39f3bdd059fb0b83cb7e0d034f1ac85bc860bba30eb46b2da7f6d02657c70c9
SSDEEP

98304:qmVDDWjqPP2X1180Q046fgVPwLBqylSWFk5uYUbLCJrn:p3WjqX2l2046qPwLB/lS+kpUnu

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.ygvezckt.rwqaztkw
/system/bin/su	com.ygvezckt.rwqaztkw

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip	4351	com.ygvezckt.rwqaztkw
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip	4351	com.ygvezckt.rwqaztkw
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip	4351	com.ygvezckt.rwqaztkw
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip	4351	com.ygvezckt.rwqaztkw

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ygvezckt.rwqaztkw

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ygvezckt.rwqaztkw

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ygvezckt.rwqaztkw

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ygvezckt.rwqaztkw

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ygvezckt.rwqaztkw

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ygvezckt.rwqaztkw

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ygvezckt.rwqaztkw

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ygvezckt.rwqaztkw

com.ygvezckt.rwqaztkw
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4351

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ygvezckt.rwqaztkw/databases/privatesms.db

Filesize
16KB

MD5
8a10f85bcb419b77dcf49fbcf348e67d

SHA1
de45210ab1cae4be6ff7485386a0be8abed04faf

SHA256
a0ff1b8c48b78918fb218515f955a788620ea0b61002f73febba862b47092dda

SHA512
8662fc33368068066dfa7bf3543e6b1f68c857699991761afca16c5142995efc4074bac500044591b3af1c221b466bbf4a3e562610494b42cc2019e1f69b1226

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/databases/privatesms.db-journal

Filesize
512B

MD5
185fd6afdb0fa97f94ed1a1b98ae99c5

SHA1
ff0bf60d490ad302106f03f541563c4878d7953a

SHA256
e822d041b9b473d87f3459a65b0f43950208a57c04bd4eb1e305d16ee892c302

SHA512
818672ca9ac2352007295d180b4db2bd591bc833c5ae091a9cdaa02d0238a1577d42ed2c2d62fbb5de16510412d7b713c40842c9484829eb970900d99c040751

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/databases/privatesms.db-journal

Filesize
8KB

MD5
a8628fc237be0c31f87f6eb2c3752292

SHA1
c1341a3c8ccde140730cd2ce3b31c750f3b2e64f

SHA256
860703952e919e4087c267ab3cc1ee89c03a9b6a294d965893f8deb85ea7201b

SHA512
670f61c640182cdaa7356173942ba184e6d4b3b033fe5a73c4d18372307a99045a866f60dc0c2f85db6e3a1e9726f702af6c44b85e11c0df9226aee0c353d9d2

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/databases/privatesms.db-journal

Filesize
8KB

MD5
57cb043610d2d16bce43c42da7eb798f

SHA1
88620b1ebdb69ebb6c5c19a7410ed4699c1d7400

SHA256
1715e496f6e595586720531e3a8387da1fc31120d41743b865eafeffb3c2a6a6

SHA512
24f021ae2d3984187d5d92657f40c02825cf6753e2f11e27542fdaaab61d2c45dafab461d8e462227e9669792541e8ebc971d498cfc72df43f5247d001693e01

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/316f40170801e947

Filesize
548KB

MD5
b6c70945fbc52ebd5f8b4b0a39b9cf28

SHA1
ed4bde3229d0442ad41fe8c3a915bd737b1add89

SHA256
019c22b64c56a25272850c3911880be5c0e4deb12a2b726d35d3b1597b5b3379

SHA512
c6853d543081f95313f899a725e49fc7867fdbf8d53c1a4f55d3fcee306953a34bbc3f51ac6498d6a5b44bf6db2b00dbb87970fd620a96e414030a9f54b461a2

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/477458

Filesize
145KB

MD5
87abfab48f2198a1a851426404b88ed3

SHA1
8a6817cc628e79303eafe6a0bd537389f4b2e5e7

SHA256
ec2560db76d2c5202559ca8b657cee9c8a5d59b99141972e8dd2a8ade6d3409b

SHA512
e83edec2607270f232d0ccd3a66eaac90e5662eddb5a215fa390e0e3f68dfbc56301f1af8bdfde4b759beb6d33928888cfddd0dc7f1c69c7ed9fe2b51845b790

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/477458.so

Filesize
145KB

MD5
8767a74133b3328c2a87a24893142ec2

SHA1
c1c48bcab9d7bf804cad029656d8b79bf8655d29

SHA256
80afd0eea39b125cd5a2f300a3b50302f002ff332943f71bd46d7ce5914e0f82

SHA512
96a2d70a2adfef8b8da4fc8c6b2be0b7eed0c33f76770093799fd3bbccf1b766290151cbd65981634c821baabdd8d445a6f66cf955045f0f402286b61aab2d7c

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/477459

Filesize
270KB

MD5
21440cf115ba36e782b6c13045e896f3

SHA1
1dd1e37f353e0c6698a9d034e08b8104fe202440

SHA256
d8b4258eb91122158caa2f3fee82db109817c6fd43a060b4e29ad5ce7b2777a6

SHA512
7b4d4a298168c36bb2f8d18ef7101b4b69fa4b35a31c489a7843ac02cd5ff0778b94da092b8dfbba37a0e95ad7403e86156f94a8d573e73080c84feefc7439ff

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/477459.so

Filesize
270KB

MD5
e40665b137fd84dcf54c14ae13f9cf23

SHA1
7c947ba80086d9e7542ecd426889f20c92e2ec4e

SHA256
71b047c44eb2a6b34e572ef7d49542c36abc5776c65323772ed7e3a838315bb4

SHA512
2004c305f5460fee3d092198daade2e73ee8cbd9d4304c9192b00f388efccd050165973fa7ad6b581140e5ad5e4182c8e5115a8c542b51685d4b2916303f8ba4

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/chrome_100_percent.pak

Filesize
29KB

MD5
17222a3b78737633ac42349184f2091d

SHA1
fba5e7cdff5bc26107e64f2026cc0f7fb804c16c

SHA256
6750dd82b27f23db5ff82eccbddef6b7c8e137503e5eab83651d2447e63a4f7e

SHA512
2e0a499d9cb211b03390547d9ca59180ad8212b1654e8243b17e6b51d8cbf5680058a7b4581dc5dcab37bcc165f0ebfe9e63551b966d9ab0840fcb30d6507d43

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip

Filesize
548KB

MD5
1b463ebe439550e65863364d145f3633

SHA1
06a1d114d31cc0c0735f6e865290de0df66534fc

SHA256
402745874a8f4229a51c30bb0a3fc4a383d5d2bdecf43f73920c7ec59f402631

SHA512
45be5088110b35464faac2c708084e5337ddf5f89d582001582c47db28e04ab577dc036ee481b02f3743b3bfc1a0bc85cdf9185f23aa8e683a2890833b77be5a

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/316f40170801e947.zip

Filesize
1.3MB

MD5
c276d68c66d80dfed813846189721519

SHA1
3006ae75be916f82d520f683322ce5b8af4be68b

SHA256
ba4227db1d3fb1d9befcdc67847e414b5070dd7e9d28e397c4cec1488309053e

SHA512
b5c1844af6bc735c26cb736691d864c3cb4ac567d49c8c0f5a3f73c7d8aa7de890900563a99a7e0a1e114cf561955225bea7522df876c338f380d03e502bb497

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip

Filesize
649KB

MD5
5631aac4cdaafaf80e13e30ca0f35df4

SHA1
a5c11f94c00875c38fcc29debd5ab1f01b6a6d20

SHA256
c65d54edc4dfb9bb13a51764be2b1a66e6ef781a6f1a18368d22aeea79f1af6c

SHA512
15c45aabc02a08dd369de2b9f3ba736ccdea4cd325e865b079810887d3cfbdf52a7286dbb0516630cc0f83d3fba0a99efcb2a1f37ce3ee0a50bae98eb731eb47

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/lLtoeVfIDbcROVZBX.zip

Filesize
1.7MB

MD5
eba2e1ec82083be20ece86501cf4a651

SHA1
c7296d77e0ff6982396d13e1f6cc54b2be4b5f12

SHA256
7cd112ace3c9789beb88d7d75e3c664706505fc8c5ede01fc92fabb9da2700ec

SHA512
668f0e05318a9a1d8f28aa9f8796450422b0f5d722704bcb37e003d42951e7033053b2c38ba4bc1144b14bac9114d875e860f5ee8add0986234228e2dc9dfbaf

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/dex/pro_btn_bg_animation_img_0.jpg.zip

Filesize
8KB

MD5
7c20a2b01bf3f9df1f0abb72ebbe82be

SHA1
e601b2e41434623edbeece32867517a3cdec5449

SHA256
1a10cc3cd2dc21a9be2d2eb758fd19288082619d331245b927d0a9299462ea2e

SHA512
3faa6efbd3ebf6e1aff7ebe9958c5f94bbfe9c5ff9e11e9092b1b7301bbe6504c01b922d709303147e213b3cadce8e96462220a1d1bf4d6cdaec95b3f84bb1b4

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/icudtl.dat

Filesize
8.4MB

MD5
22cef1e906d7e0cb8bc69e518e5cdce8

SHA1
e4177420be6420ec041e984684baaef09591b428

SHA256
a94b76f663014f0a22f18b75c3c24a40dd3a2fe42cf78bd54880e3574c797dd1

SHA512
f1b35e3e935245dad6ddb812844181670f514bdc67564e3b39c8cec00632a2e6e2400d9e52a07151620dd15f7a88d2b8b8492cda2b88e92548a6c209f85066b3

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/lLtoeVfIDbcROVZBX

Filesize
649KB

MD5
b0653cba43d4070a698a5e7879113990

SHA1
c3c65144659026e26406158f29e4d74351c42d15

SHA256
5d3da2d5c8e9552c8b988c0833434faa5b8c878851c3d6fafc817a60ae7889ea

SHA512
010553f3104994d4a06e8e3451ce035891c394471848cb34d68ad81b8af917d0aa5e23d9a18baa42d2562608a93013402ce8bb34971f9e0e9aa5588a99bbfa61

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/licences.html

Filesize
31B

MD5
79c678254d5c17bbfc41628259ebb0c6

SHA1
c5cb40f96db1fd3d98634dab0224f8526fcb4877

SHA256
fc96619b3c903765885e5fc3aabf3ca4b0eaf7096fca556567f9efd6b124bba5

SHA512
aab3ab33218dd61928e0cd5ff589fbeeb00991b5357c1cf3f0e02c2869e95d3232c6b1723c4b23589d407dac269d9d5ce408627287f67a6e043f3c1ac82ffd58

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/pro_btn_bg_animation_img_0.jpg

Filesize
8KB

MD5
95747642a7c6c86adf31dec70335f86b

SHA1
e367c36e53d055e9005a5b9488bee4ad1850d469

SHA256
c0d01a97b6b7b6fe765a133cfa455cd498e0ae5a06c549f3f7a6c32b003a4db2

SHA512
397b5ae3dd0af373e232a43d0090a38b8edab082df6c24a29b53fd15c0f18af5a60f36af829b02402aecf3edaa66cebe47e876c1a2f259a315b9e22d996cb022

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/resources.pak

Filesize
421KB

MD5
0742f6f0e97a73d92f02ae1cecc26686

SHA1
8099f0fee02a49535d6229a46f4ad35d1c79b41b

SHA256
be3634ff983624480fd0365de5ebe2ab85834ee64712afb774b7590ff8fbbc16

SHA512
98a3ce152628715381c9366b19f75c96c42854d72b1f3fba52ea927e5c931f4af71b423a2b989d945877e36fb4b1430d3d9634f26be597914e2dd9f7dee37289

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/snapshot_blob_32.bin

Filesize
50KB

MD5
216ec11c7151212e630d4ccebce4a58c

SHA1
8dbf22a71be73c31dce6788721e8b2a8786c6a40

SHA256
d2648f968e125a8801301e72775646dd911070276872879a85ec8eb2ba71741a

SHA512
4ca4fb0d2b85b16c23aa7af8147bb13b77108f04527d063088d8ce396a1636529c98cb1a246e30b2ef8f9d3dfa194d3c6630c689bfb76702f9456a00a58fc858

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/files/snapshot_blob_64.bin

Filesize
63KB

MD5
edf46574da88da2b4e3072eb0320b73f

SHA1
cabb9a82eb1a84808547319b221954efdd5e4ddf

SHA256
4385ef1cc4398aa64e2b84953f10df4d905938a5bf4a40ff46efcdf621225a97

SHA512
07d8f35414624e1fcae04824c7b57d536c2cff917c0320424d0acfa843b5454ca2fcee0d299b1ad9f34bfd498098cd29c57999ce3d68fc745a6533cb10535699

Download Submit
/data/user/0/com.ygvezckt.rwqaztkw/logs/Sistema1736832746002.log

Filesize
27KB

MD5
5dcf06691181db564fed88d93022979b

SHA1
c36d7488efbddf549b4871bb15ab3fc86d602d27

SHA256
9e9f43996ccfa512215541fcd791462e544ba2dc332e05b08d399723c61c2228

SHA512
5bd6a6655cc72f5fdd4001314ad1c5ca90732d1b8818d827a697ffe43cac7990b8f82677064fa3391d61789e6c7ac4c8dfe2147d827a5b97841f021bd9c68347

Download Submit
/storage/emulated/0/Android/.ANDROID.PROFILE.9gHlb3mGhiMazjreEyaS

Filesize
130B

MD5
d03a33c48aee3d64ef6a335ecf4bb0f6

SHA1
2defedf8edcc18659934897afc8f424a8376e39b

SHA256
ce8afe917b8f2fef812d36296c56b7ad24cf8ace35eef6b4f1fa754be049c979

SHA512
24bd8bc1c2622ae4391837c385f92c653560e5baf5281f104fd9bde6262f4bfa51eba3aa174c7cb553245389df8115e9813fd3599258476bc23d09c184319d2f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads