1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494

Analysis

max time kernel
7s
max time network
128s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
07/04/2025, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494.apk
Size

3.5MB
MD5

fc2cddd695703c2803cbae0c17765758
SHA1

675e261902686cad8595d4c425178b45e72e31e1
SHA256

1794ea2b91487fb130c9568b9ee301cbd097d3d5ef294fab69c1ecb9ef354494
SHA512

b3cad164c17fc1d2a85f92bd1f96674d3a3df965bd8ba5d2f8750b2880f4f636ea8ad30e8fcd6215adcfe7f6dd263f157aa5aace4a307b130fd3b9931b4d205a
SSDEEP

98304:zy8qgP+VJP/XiawvIFWXYzMjHpBUpF5sr8Tgkbi:2keiawvIfaHCnTdbi

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.cbqtzewa.wnyrcynct
/system/xbin/su	ru.cbqtzewa.wnyrcynct

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.cbqtzewa.wnyrcynct

ru.cbqtzewa.wnyrcynct
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5054

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB

Filesize
548KB

MD5
9d79ea08283f206593ff3a8cc5b2c033

SHA1
9de254b80453336ff6133f9eb3d6ffb1fe827573

SHA256
976356622c7094d5ca26eb25436624d890b51ab19f7815df45c9ac11b3c8ef67

SHA512
0042254d90c5b95b171d037ff2fae38384f1e44924cdd88f6b483f640287bf4aeb7cb4586e8cecee6d203089a71220461fbf3d660554ef6197b685a8a1776980

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
512B

MD5
c12d95de7f10c42adb87b842c344c804

SHA1
62b79f0a936965f9ebea82178cfaf796c5049a06

SHA256
0bd6dd6323331e957ff70d01d4a2a390ccb7e5cda6afce19466dccaa777f2af5

SHA512
5642021be6440f24f11a28d5c17ff7599725595064a31654c2fe6cf0c7d15f9d5fd0482f7a602ebd18a8f6324570056884f0b3b22b57f6de25fa596959336391

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
8KB

MD5
b20b84f68d0353dc188b1bb71cee306b

SHA1
b658f8d854a215fb3f9bc6587e255aa9286b0acf

SHA256
13228cfddd0bea3fb759283460c1dec485a05f4c41d8def08941d5fa2d243cef

SHA512
56d4c7de7da2aa8c77d97b7e283e1724f1c86bff5807ea32fe845145e46fb8690e37cb92a61a889a909c0cb28dea1159c963e3ffb7d8bfa6e6bb2a0fa2d2c64e

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
8KB

MD5
0789a420c32abc7839d99e9b234b1c2c

SHA1
0bfa653ed1014a1b4743b385ae480ba81ae1cedc

SHA256
4c41b140c89fe82233b231ed7220d49078229a8f402d8fd4e3df87a5eeb531ce

SHA512
f320e15418ef70d11570eb0b2ff23be0a2173ec1d485a7b4e90c3cd6a7000fc75d8be6b1991d822153b92da9f71b9c9c2272ef8d06fc0943e318c02ff0477c43

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
12KB

MD5
6c9a0f5ce38fe344b725ae1b3ae97d8d

SHA1
9e017ca818afaf3f30aa11801be70dedb7c8fd60

SHA256
dab214e177c7b57e106bf8475393dcf1c500ced3bdec64c41e95b20765e70bca

SHA512
36e1c0200ee7bc30b3242fbec53fb717f5e682bfa7546e9eddae3e1ec324545bb40753ca16757b4e5cfa0b5be89f758c186c7c8e307896a6421f9e1af9c68cdc

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
12KB

MD5
02cd535e3271e2e5f944c4cfdb57767e

SHA1
40d4170662f2bfd74451987493d2cda154d99c60

SHA256
fc8584636f2fb1d9cb9f0288919dbcd1ff8c22702c59ec75cc8a32a2eb4c51b6

SHA512
ca6119801decb2ce25d55e7e22d5ae7b41285830b68b051a85eba94f6f251e340191a7e0663917ba43f02925ba2b5ff9c3032bd7f4c95f492ba1ec3cb30fc528

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/databases/PackagesDB-journal

Filesize
28KB

MD5
6656c518fc6acf113824982e5496daa7

SHA1
4882ec4f914270f61e13c40ec9e7fb984ec83a8f

SHA256
a8ac9ccc26d6eaf673711e0c229e9a1b76270ae224c1b7a38a4fbb10d0a55cbd

SHA512
291b2f886f69cb97a13d47a5bd6b8582178c37dd6d5b25834e5c384bf165aa90c45388f85899a0b8832381fd9ddcfe520e4beed5f69ad4dceda99fc7f94f9a97

Download Submit
/data/data/ru.cbqtzewa.wnyrcynct/files/busybox

Filesize
209KB

MD5
8c63ca86e6f030fd7a11fa739a319fd3

SHA1
c4ea94cf652af134c451dbed0d794ef7ab9937dc

SHA256
145ad43b8aaed463ad4333b71b464e44efed3803713846b974abb7a4925b8d16

SHA512
7db10d4da18917b098630c304ccdfad0090add058364a4724c9a69d94266e540f1ba1728f12ec62e0010842eb967bcd04f2c1145ef9bbcf9991a67fa56b80126

Download Submit
/storage/emulated/0/Android/data/ru.cbqtzewa.wnyrcynct/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.cbqtzewa.wnyrcynct/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit