4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3 | Triage

Analysis

max time kernel
66s
max time network
158s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 22:09

Sharing

Report Analysis Logs

General

Target

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3.apk
Size

4.1MB
MD5

197a8546b376f953c54c5b084bea6712
SHA1

4354e75bfb5696b6043494e55df17b5ff343d16e
SHA256

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3
SHA512

143ec93168bfadbc6335dccb04269b469a2a4c8dcfc1933d42ae48150d9f81e0917b4e8d0a31f50c44ee0662f5a6a27fd2612acab0996fe083dcc9b98f1a3207
SSDEEP

98304:7oekLOs4iOVuf7FBupQKprjuZMYdFL+e2b8gkbKEEKmMq1M8ux:7oZLBTvkG2e9dbSKmtu

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

ioc	Process
/system/bin/su	ru.jeFvQXWJ.RRbmYTMFv
/system/xbin/su	ru.jeFvQXWJ.RRbmYTMFv

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

flow	ioc
9	sites.google.com
11	sites.google.com
4	sites.google.com
5	sites.google.com
6	sites.google.com
8	sites.google.com
10	sites.google.com
12	sites.google.com
7	sites.google.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.jeFvQXWJ.RRbmYTMFv

ru.jeFvQXWJ.RRbmYTMFv
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4226

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB

Filesize
268KB

MD5
584ae1a6e10c8b13487888327316bb68

SHA1
bbf730d544b7ab38c80cfd6abe7be05247b7d422

SHA256
3c8dd4920eda2a63813990daf3172a431d12eccb96c8a60316188099c22c5618

SHA512
653a59652aa1b666a3fc34825dc43c44f71778f90e062320d38c01c991883a47706541c63ec35b872ecb083ae6eb1ba5686c4044eb004041c514bc2e44fc1ef0

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
512B

MD5
16d814b144fabaf7cb71d77d18081ca1

SHA1
e8d9fd5311619159ea9ec2b47965b66890d113ac

SHA256
34e9b61daa3448ae0769429aa51c85b11ceb87535e574d8636b9258530c64eae

SHA512
fad9a6a07723cf45d75ebd3bb50084110a232cc626a55919032493587a46083377da856ecfa95d93372491184238fcc5f65382f80225f8f0c3e3e0e1d9e829e3

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-wal

Filesize
414KB

MD5
6ebffa8a0fa943d027cc9745653b28bf

SHA1
9e4b4c4fd6d50172f5aa5f236de92b5cdd6498a6

SHA256
69f87daf8242adc653458c5539ff5de249d23db2b46809bab9868a184fbeb7a2

SHA512
5ee0cedf0335a52642898529125015d2ffd3b33fa77af9809fb738c5240d0b2f7ea68391289f67dc77c4db3b5f712db4e700809ac59aeacda2b80c331cf264a9

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/files/pinapp.apk

Filesize
95KB

MD5
cf2e6e73a455353b55ac6e6f0f62e4c3

SHA1
8c6b5dae3952e6f9cc132d458941e426e12c3c87

SHA256
e1c9198e5663bfa6bf1fc7bfb4f2932ba4b26743a64458d695245385ad10d494

SHA512
c19bfbfeca9245a6daa42d09303a06b1d255db6ae47fec1f1005b9faf1b79c288b7d401f3f1a8e827aee29058c497ca89c5ec9f936c457088a791f2bd62c8fb9

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
50dcd85ef074fb8121f155bc19b3c7f6

SHA1
c45c2b45cf49fabbeb7d3f12328e57d531a75f37

SHA256
02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d

SHA512
118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit