4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3 | Triage

Analysis

max time kernel
7s
max time network
128s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
28/03/2025, 22:09

Sharing

Report Analysis Logs

General

Target

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3.apk
Size

4.1MB
MD5

197a8546b376f953c54c5b084bea6712
SHA1

4354e75bfb5696b6043494e55df17b5ff343d16e
SHA256

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3
SHA512

143ec93168bfadbc6335dccb04269b469a2a4c8dcfc1933d42ae48150d9f81e0917b4e8d0a31f50c44ee0662f5a6a27fd2612acab0996fe083dcc9b98f1a3207
SSDEEP

98304:7oekLOs4iOVuf7FBupQKprjuZMYdFL+e2b8gkbKEEKmMq1M8ux:7oZLBTvkG2e9dbSKmtu

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

ioc	Process
/system/bin/su	ru.jeFvQXWJ.RRbmYTMFv
/system/xbin/su	ru.jeFvQXWJ.RRbmYTMFv

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

flow	ioc
33	sites.google.com
34	sites.google.com
35	sites.google.com
36	sites.google.com
39	sites.google.com
40	sites.google.com
37	sites.google.com
38	sites.google.com
41	sites.google.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.jeFvQXWJ.RRbmYTMFv

ru.jeFvQXWJ.RRbmYTMFv
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5135

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB

Filesize
548KB

MD5
5b61d3ce67a3363a8b7bf2d8017276ff

SHA1
25ca2a0c20b7d323aa524c798e48930f94f1b036

SHA256
974aa111963b6d437903336f39faef3d6851c90509ddf4bd55742619b37b78d5

SHA512
153fdebff5cd45fcb1f3bd47258d142f141498e209323f91f086044373ce555c289686574479247f67f42a31004b632dacde8873c31d7f4119e265651abded11

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
16KB

MD5
c8e1952e93e9160643d44fa41e5008d9

SHA1
d3483b39698e07b87213e0a95db9a1c23b23336f

SHA256
c8445313153488c9e0acfc52649db336652ed5c0359abbf30fe5f94049eaed7a

SHA512
e6d6a5694b843989e79bd5150bbe2a8d5126bb6ce33705c9e92840fd6a1cdff7594c19bd8e13a24296762aad311b6ef1c339eef77215601abe1099be0e5c7f4e

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
28KB

MD5
a556e961e6e7165318da8c574f44d2c4

SHA1
a0687dcc344646630c0ecd15588e90e2a5f6d3fa

SHA256
7228149d38fe56ff0d2b755b17c21ba7208046ca0db1bd2be46db094481fadc8

SHA512
c54675769a311f60397eb1f0f9b474f364d14d2d8b9c386aeee9a2750fdeead21d5c89f5f555251b75d39a81d8b187a8def544ee8b9e5ae84c984e78a735452f

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
512B

MD5
e161a6f9fe07d410cdf40e501a849f24

SHA1
15a8ac7f11b0df7c7e5a562a9ee815e949a3a102

SHA256
34c31433751fbec97f649f8170d888404dc53e774f1c3005ebb86dc4019abc29

SHA512
b9620d770e7588e0b2c4662194e1494df83f66d9db25bc90fff433e9a72b71841f27e9f24063be0913b5d0ad6cae771268667346029a7fbfe5c2c9b261a68813

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
8KB

MD5
965286c57ccd17411bed61116735c9ad

SHA1
0390647282035988d1e9db763f6efc52a00fb7b2

SHA256
0b885b27d21cb3319764936fc4a893127992fae3a5bb6082aaa2ccfdcee53da8

SHA512
5ee880b20ae03255329be2dd5175b7972824e468c1166997423579440744dbf0fbd99048248643d8b1ee813dc876c7282279fad2c0346fe2552a16a07c959e0c

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
8KB

MD5
c18117cdf6989da1bfbce73b6f902dcc

SHA1
5e697d8200f9c02bbdbd5aaa9117074bcecda149

SHA256
1f1ab9f0ebf9d84930d688249bbd31ac8de9abf932fea69354aac5fe5d5cb466

SHA512
55f4f36ae59c72b1b15595226526a5ed3800e946052b63e7b3115410adc2f9c325036946484b672e54b634f400db80bddf597a8feb5bd971d4ee0b2e37fd0f84

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
12KB

MD5
81088b360c7dd551516d678f33a68ecf

SHA1
3c69ca8a8973887ea76a751c6bcf82c617fbf400

SHA256
05775870c30d784594b277a1357f30a184cab032ceafb0487cdd5acf6d19ecc1

SHA512
bf18b0d7430246a81536bc3814cfe099f283eec71d7bcbf785a956f813325a0b212074f2d64771941d7d62f3e0bc2269c55730f230128310ee4c7d89117adab0

Download Submit
/data/data/ru.jeFvQXWJ.RRbmYTMFv/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
50dcd85ef074fb8121f155bc19b3c7f6

SHA1
c45c2b45cf49fabbeb7d3f12328e57d531a75f37

SHA256
02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d

SHA512
118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit