4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3 | Triage

Analysis

max time kernel
121s
max time network
155s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 22:09

Sharing

Report Analysis Logs

General

Target

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3.apk
Size

4.1MB
MD5

197a8546b376f953c54c5b084bea6712
SHA1

4354e75bfb5696b6043494e55df17b5ff343d16e
SHA256

4301d7592b2f99e51a063d868b915884316fb7fd1bc08f3d283a16166c2cead3
SHA512

143ec93168bfadbc6335dccb04269b469a2a4c8dcfc1933d42ae48150d9f81e0917b4e8d0a31f50c44ee0662f5a6a27fd2612acab0996fe083dcc9b98f1a3207
SSDEEP

98304:7oekLOs4iOVuf7FBupQKprjuZMYdFL+e2b8gkbKEEKmMq1M8ux:7oZLBTvkG2e9dbSKmtu

Score

8^/10

banker defense_evasion discovery

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

ioc	Process
/system/bin/su	ru.jeFvQXWJ.RRbmYTMFv

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by remote views services to bind with the system. Allows apps to share and display views across different processes.	android.permission.BIND_REMOTEVIEWS

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

flow	ioc
27	sites.google.com
29	sites.google.com
31	sites.google.com
32	sites.google.com
34	sites.google.com
28	sites.google.com
30	sites.google.com
33	sites.google.com
26	sites.google.com

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

ru.jeFvQXWJ.RRbmYTMFv
1⤵
- Checks if the Android device is rooted.
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB

Filesize
644KB

MD5
84756c21c3542c81f654f930ecddabbb

SHA1
8c1f5a67d8605d5d658559136fde5f34a946590c

SHA256
36809b6d915f5e73b88e84bd08c5ec4acfbe84e04964cfef9b3b7003ec185c77

SHA512
5ab8f7fab129cb06ea32c582662fece805209e5767fc208593970afff306f8a575bdfb8241af836f7938679b1cabb80de6e9a796cff4313c73f510d5263a6a83

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
16KB

MD5
ded372cb19ec6db6d310d70ed47b18ff

SHA1
259bbaf8d53274d8d449035039f66ee071e8ee8b

SHA256
451d851f373fd099795f666433af5c201c9e250344c3d3b9e78a4567660b3b42

SHA512
0b87e61da7a92f9ec003066ea764cc62abd092c48d92c8e1a6fbf5819ff7d5c2bb1de9aad1b7f278a0cb3f470387b51c82e399aa1805254b2379b7a3e6610695

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
28KB

MD5
3b48b8717a41ad49a1ab6101fe2225f4

SHA1
03727a580af7b2ce88138595b7f73c1c120ddc77

SHA256
307ed12a0e9d20856b47c3ad4fc653ae2c047251af367f5ffc516950523e3e88

SHA512
bcae4e677fd5c41370000c4e9c2785543f04c182df8f56325b8c1bf9f4c5fcdace4bfa05839f4dda5dbf5348cfa76067a640525616362eaa50ddc53ba30ec397

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
512B

MD5
cc5ba4aa880f500016641ddc76797912

SHA1
b598694d88095abaccec62713ed2a2896c81d3e4

SHA256
9bdbd14d3cd7c449691f1ba5706bc9cc91f6b6f39ffcf834da034d8762bbf3c7

SHA512
a29674a3bc0b6c2952578bd7c418eef5cc95d80e0441f553eaee401b1ede6bc6265307820a623eb4531baea904097656ee1990c84acd2a26519f630afc0db04b

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
8KB

MD5
b3ae23491d6b80f82d948f0fbf6533c3

SHA1
d73a3d647f1eaf8f4a1c11bf29bc23ef6ffdf32e

SHA256
43062f287460992f49e8abd6d6539379ca5f7f6d08601af971543e1844f40489

SHA512
d04688952d5f3ae4cf6b168be5fecf5a69d7955f145d6a5efdbdbb23fb177ec9024ae0e3fb3f24ef63c223b50c167b4d6375e5af7ff31b9398629f8db37bbac9

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
8KB

MD5
0580b0f5edac1d15ed3a603a9202a80d

SHA1
fc7a0b1785a65ef91fbd030360abb103cac9cacd

SHA256
12f03591b61a592856f81f4db1af98608b5a46264da4ac57c1194fd9e643666d

SHA512
9a095a05b1f841dd17e9684072c8cca8ed9f8fcc0960808506aec1f33f4dc6541bca09bda5f4df219801629efa9a4dc7b2601539c640aff290121501eaad93c6

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/databases/PackagesDB-journal

Filesize
12KB

MD5
350956650413d525f8692970c86a1492

SHA1
c3eaf3a7ad23b8a25a4c43d1d818cb398408ad03

SHA256
c83233b8144d28fd4811e4061e1073d5c541228f1806ce245f63d2d00551edf2

SHA512
5a8d427be32ceaba80846645ec9faa655e66d3c164a7c639fbcce900bf0a562e5b00855d5361e974381b619bf98d6693f5c027f8df512735fbbc9f32d27ba059

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/files/empty_class

Filesize
140B

MD5
6ceb6f454e31d55f7a0c4bf3000b26f9

SHA1
eb8fd3e0609f2f3db8bce7bd3ae426f3eacbec38

SHA256
e0aeaa1d698e1d1149ffdcf116e7b3e98b3a3097814e01718c80caaee147b7ae

SHA512
ed7a03de9547f858965a449d39fad799c7ff9c2fe66c9c256d4a1549d785b60a3207a4db6e5cc8438839161dc1fe4e9575329db2f5185960b3429a435532c3fd

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/files/p.apk

Filesize
172KB

MD5
92fd3bd28ca78e69c81ab975c3f1768a

SHA1
d1f341575b62d42db1273acd7f92759fb10c92fd

SHA256
3515b0a3a5dfa6d84c4d04df356c7858dd28a8ee1840aaf486705b28e154ca8a

SHA512
ddd3ada439684bc6793c1f7bf909df65b25e410c44e1e04266d17ff3e7cfb99f07bfaf29fa16b0967d7ee630517c47f8a06be2c45a9a84b3b657a6dc4dc4edaf

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/files/pinapp.apk

Filesize
95KB

MD5
cf2e6e73a455353b55ac6e6f0f62e4c3

SHA1
8c6b5dae3952e6f9cc132d458941e426e12c3c87

SHA256
e1c9198e5663bfa6bf1fc7bfb4f2932ba4b26743a64458d695245385ad10d494

SHA512
c19bfbfeca9245a6daa42d09303a06b1d255db6ae47fec1f1005b9faf1b79c288b7d401f3f1a8e827aee29058c497ca89c5ec9f936c457088a791f2bd62c8fb9

Download Submit
/data/user/0/ru.jeFvQXWJ.RRbmYTMFv/files/reboot

Filesize
2KB

MD5
42188ebd6c9a1dcbdba7ca266cb2624f

SHA1
6aa25d11f567bb2749cc6d1c5972ac58d15009b5

SHA256
a5227e0c7e3cba03626204a645748b508c387b5f8c297af31b2e53a96f471f09

SHA512
b28b0dafe618de69d2a97bb40a730978d5387ca55b260777f99ca16324e38070128686bffb78de177b237e4de95a97eebe395c3846ee64679594a421af6d192c

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList.txt (deleted)

Filesize
1KB

MD5
50dcd85ef074fb8121f155bc19b3c7f6

SHA1
c45c2b45cf49fabbeb7d3f12328e57d531a75f37

SHA256
02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d

SHA512
118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

Download Submit
/storage/emulated/0/Android/data/ru.jeFvQXWJ.RRbmYTMFv/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit