1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494

Analysis

max time kernel
7s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
07/04/2025, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494.apk
Size

3.5MB
MD5

fc2cddd695703c2803cbae0c17765758
SHA1

675e261902686cad8595d4c425178b45e72e31e1
SHA256

1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494
SHA512

b3cad164c17fc1d2a85f92bd1f96674d3a3df965bd8ba5d2f8750b2880f4f636ea8ad30e8fcd6215adcfe7f6dd263f157aa5aace4a307b130fd3b9931b4d205a
SSDEEP

98304:zy8qgP+VJP/XiawvIFWXYzMjHpBUpF5sr8Tgkbi:2keiawvIfaHCnTdbi

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.cbqtzewa.wnyrcynct
/system/xbin/su	ru.cbqtzewa.wnyrcynct

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.cbqtzewa.wnyrcynct

ru.cbqtzewa.wnyrcynct
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4335
- su
  2⤵
  PID:4457
- logcat -d -v time
  2⤵
  PID:4479

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.cbqtzewa.wnyrcynct/app_error_log/Log/Exception.9.0.7.txt

Filesize
633B

MD5
a94c9a9fc0d5ee70a2fc5a100832824d

SHA1
1e3f1a8341552f0bb719b057f787e867f30946ef

SHA256
a12537e4d73f28909a71a7fdf97b4b088c81c3c1ebe35aa71ef9894fb1f3c747

SHA512
bb3b22b3a17c682a9156fff25622a804dae7118111ee70701be81a2b92043eec5f090a784fb0e0e235084fe6d95ad2ee5bc4d49f7e25a75a74c0a5004c95e0e0

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB

Filesize
272KB

MD5
23babd2df2d70e9e52fe76e286e0f570

SHA1
838a78242971a30ea170239c266de998daac6ad5

SHA256
3ed84a04fd8321183e22a1ee5073785060d0c90269e85caa8b0eb5bb9b4cf942

SHA512
68b32414034e2e45d96903fa19a706c0545541da799631b90e93d792914fe0df96f2ee092bbe3056963319f5fca5b6c7a1eaefa5b3f15b7570420d01c9a575b4

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
512B

MD5
5d11b9d969e29402dafe072738d6d6d9

SHA1
2ad41cabba7bd71e31c1e59c674d6edd382aa373

SHA256
ff37adc279b5c2588f5770ec5cbf728b6d1eedfa2487737527594fa5ced51870

SHA512
40ecd1b7ab8996aad1dcbbc683311fc513c6c93eb4683fdf42695a4a0671e18e9f7442c01b351be80e391446f04aa339d73efc19ef86878dd92546101f79ba1c

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-wal

Filesize
418KB

MD5
50c4582e44542a235c958e5799be2448

SHA1
d64baa75ec34e9f71f016aa2f85b691008ab5bcf

SHA256
739b7c176e502959cfe9f43e11d84cc819e2d12681006321fb0f32d74571114a

SHA512
c4a12bc983b5170ef378059e8b6fc09c433e47b8d75a2f43b9d2986605e09c4f58742c6d1a02e45e3a6bdd70ef8eadd2cb23beb1d6ea4a0f37a4a7ac0d4e4fc6

Download Submit
/storage/emulated/0/Android/data/ru.cbqtzewa.wnyrcynct/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.cbqtzewa.wnyrcynct/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit
/storage/emulated/0/Android/data/ru.cbqtzewa.wnyrcynct/files/LuckyPatcher/Log/error_log.txt

Filesize
541KB

MD5
b1536e74461cf59c5294786411abe55f

SHA1
deeb4fe644fe87b1256ff38e8b1617e2e6734988

SHA256
98b913b75dbe960ec24fac40b79dc084a7ea49c5e94c5e16d1dfbb5a29f35e04

SHA512
d1dd16930e548c9f2e3be674190ca500a6d1002ecf6a1db9c03b715ec761db5800ec31746535b70387cf3432b8441ad91e968801f311dd6c3089c24924762cda

Download Submit