8bfd3346b3da5814f82eff6f1b1b5fedd0ad585f39a25709b23eb54aac45691d

Analysis

max time kernel
2s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21/01/2025, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Magisk-v28.1.apk
Size

11.2MB
MD5

ebe29762bb3ba4397462812ecf28ba0c
SHA1

c1611cf8276883622f5c2ede709113ffc7ec8227
SHA256

8bfd3346b3da5814f82eff6f1b1b5fedd0ad585f39a25709b23eb54aac45691d
SHA512

82ef2227f34315a60bdcbe1be10df6b5c2c76ff10b778760a2a53c1299cb2cb75c94f5c239ecfa9d0da3eabb738937db117a4ae55b1c7f74f93af236a1d83cd3
SSDEEP

196608:0GaYVcVS4OlQ4OB2oTn9ko7scmdA5ASw7liDOLANeHqghsH5Wt5Red+La06NSnzG:0GbwUzbokAscmgq66ANGqCMdLzAS

Score

4^/10

persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.topjohnwu.magisk

com.topjohnwu.magisk
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5075

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.topjohnwu.magisk/files/profileInstalled

Filesize
24B

MD5
541dedffe1ead9439381912f454a1c3d

SHA1
82d5c6cfbfc5f72b87445643ce46401df4a39ca4

SHA256
a370a82a3bedef621bb0594e51145816ff748567cec4ca6fd189a900088ab39c

SHA512
1f0aa5e6392c939bfb92a437dc06146963132510c64da4070fddd1e957c68e571f062fbc828f0cba5cca0f1fdb6da3dd37ff19305fbbd9d36314493d5690b9cf

Download Submit
/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
f812e15abde5bd2bd4a49c46b3b9d16f

SHA1
b14ac52e635d96fcfcc9e9ad97078e422b6cb386

SHA256
7bb262d0439d18869dfc56986815a173716bfb5e69e13193534ceec83d253ea1

SHA512
c11e8c92e09735e5334a65f7cd40c4ddbad06be6d0fe020c32d9a6e09adf825c21aab1f670a715685efed3d427568c5f0156617f971fba5933ed6949063eea4d

Download Submit
/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof

Filesize
3KB

MD5
12ade2275cbe887e0559d74347973235

SHA1
3bd792627b62ef615a7d339d684aa0d330714c10

SHA256
66e211c4a355c5f973622410f98d5b597c0271ada16ff9da20d7ee7ad30b09be

SHA512
a9feaaa0f8e51be69d538d6efd9ef16174313f61086d35eccdbf830965c833a5bf2e65a986ff57dbf76f9b04166a54a17dcf58607b258084427c3a54c6da741c

Download Submit
/data/user_de/0/com.topjohnwu.magisk/cache/main.jar

Filesize
3KB

MD5
51fc1652a346f9ade84aabfb44fa8853

SHA1
4c4da2058dec4b5457c109f5e807592a75b19a29

SHA256
ae7fdb8b70bd2c1cc2c27043e985f8dc5cfff2cb9142a1576dcdbc889763ef7b

SHA512
2b79aec9dbe7f1a1db081c8bfb35784de44d6c394fb9f19f47f5053d6210eed34ba920dface04cc12502fd6cb44449518be389cd04cd5417f4548ffe0ba89af3

Download Submit