8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67

Analysis

max time kernel
18s
max time network
138s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
02/03/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67.apk
Size

3.5MB
MD5

d427e2c5e2802cdbc7cbd4cb65f890b0
SHA1

3ce2d6093dbd45d239b68c267b815c9791759a3b
SHA256

8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67
SHA512

276ac493cc4028050ed2d87cee9d18fa1efa7cace9cf69ee8d4bea6bd968fc554d3c1a24c92c8cf34c89fe24584e4efa85ec59e5ab59221a0ed60e372ca99f22
SSDEEP

98304:oQSyZo4DpCHrRdzxJV9uUj8Tr0nkeF22axCHpBUpF5sr8Tgkbn:oQzhIrRdVBuokqRHCnTdbn

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.lndgnitk.xzryxvwih
/system/xbin/su	ru.lndgnitk.xzryxvwih

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.lndgnitk.xzryxvwih

ru.lndgnitk.xzryxvwih
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5126

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB

Filesize
548KB

MD5
c255162445aeab141d4052aa9de7509d

SHA1
ef17e6a3043e68b7997072a083893098031bf005

SHA256
f30524570828039d18f1abb51ec3be774ac4ff3d8f1c55031be0c0716812be7c

SHA512
1b1b2138d2c1f8390972e28cd9c1e89ea5421197eb15cf7abd54922f592fbd5a448431ae3d3146cb9a2612aceb316c4c54b00625b1a7a39bd6bb7c500c73f625

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
512B

MD5
d9eba2cbdeec40943ac72f9bb5b89148

SHA1
31fb71e5ede5566eea2550d0b1364e0d5673a320

SHA256
72aa784b4dc72b72d9f7a59246552524e6a5828e530a2201d5131c1dd893d6f9

SHA512
515f0f206ff2a0a700fec8ed0ab6481a23d7346686b7ae368e2bd5c323deb5f9f1cf2b148649d64a48fb0d6694169ac966adecb740130878b4996909def8f3a5

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
8KB

MD5
27b997f645376e95ec426960ee7194cb

SHA1
6d389098d6b3d9f1debd59d178e9625204aa36df

SHA256
d5c55d246564cd961e2d840821e5c4679b171d2a5ee3245321e0ab143a05a8bf

SHA512
ef90e37beb844120934727b24699af7cd78344a0f535e70e48d237949dff3ad3d91bb0bbd4ac77f8ede0f87290046189851703f7a9fb26157431d377550f2ce5

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
8KB

MD5
4295f00f7553c6b0850ed50418c662b4

SHA1
94f9426c338d0c103504709d6d17c5186f987353

SHA256
b6e1e375bbc202f045481faf99b5c9154652c522d1550a70090a5bc240156ee9

SHA512
8a42af1ba4d81d92ab4d0dd307f079f5033a59c5bff0f77012aab974862106f6e3e23ef9d455fd9e8439090ead24183ffeb40ee2c2dd402cc41c996adccc1721

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
12KB

MD5
ff8712654642f1c0d48b865523edaf9d

SHA1
a36a6ec2e959d8e3b71277b2df83d564661d49aa

SHA256
c2f00aa3b15b85ef8a4ce6b1ed40fc4c43b3e4808d530b4af87503224f1f11b1

SHA512
672519bc25eaabf77bfefa0b559f0e91b26289209e315b9a3f8a159b4e913dd17e81cddeca22cb50af29ca3904904a3ad478d623cf723f1d33a38068b0b9ab31

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
12KB

MD5
3daf5f98e880ff5840b57eb4adaf853a

SHA1
9c1e21a7b785bf0d16b75bea336fe16b7960fe61

SHA256
8b07b724f0ca96be780bf733bafad0c0fac0169cbd313aaa6f8052d51aae23a6

SHA512
18ff3a398bd59c09dd22fdb39f785ed9cb177bbf42fbb6e3e615b3b407f379591371800645fc4ceeaa3a40638bb49a7d11ec4d0355af91bc502340c1b89d06c9

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/databases/PackagesDB-journal

Filesize
28KB

MD5
b1215d9fa2f3407b645107c3e19319b2

SHA1
373e39b6d5207f81d42e60217127457d5e733923

SHA256
7518ef8d632da3c3fa59cd40c020a10efc2181341abf994c473e56da062c5dfd

SHA512
c71b8ccf225b6d1aec19610b982729796d8ac224813e2b54b61223f15de6c5ce9b5b9881c3524b29690e6ee7c9c91bc2578f18b812bcafc392f7e9af1932cee7

Download Submit
/data/data/ru.lndgnitk.xzryxvwih/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.lndgnitk.xzryxvwih/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.lndgnitk.xzryxvwih/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit