21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41 | Triage

Analysis

max time kernel
8s
max time network
128s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
09/04/2025, 22:14

Sharing

Report Analysis Logs

General

Target

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41.apk
Size

3.5MB
MD5

2e475aa3f666a9d8db5d3115c7854353
SHA1

fa00c9230aa5f589a12927ed3a63fac99516a84b
SHA256

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41
SHA512

a8a685706f294b94dbb4a12f6a3ab49224b50960f8791c04fd9cd5455ba5be4fdd2d861779c74f869c6ffbafa4443bc233369df458095831e5b491fc4c7e6ea0
SSDEEP

98304:W9+oFv8T/N/GODie+PlbwevYHpBUpF5sr8Tgkbn:YFUrN9IjwHCnTdbn

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

ioc	Process
/system/bin/su	ru.jgkvbffy.ggkfqtbuz
/system/xbin/su	ru.jgkvbffy.ggkfqtbuz

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

flow	ioc
34	sites.google.com
48	sites.google.com
52	sites.google.com
33	sites.google.com
36	sites.google.com
44	sites.google.com
45	sites.google.com
47	sites.google.com
32	sites.google.com
37	sites.google.com
43	sites.google.com
46	sites.google.com
50	sites.google.com
53	sites.google.com
93	sites.google.com
35	sites.google.com
38	sites.google.com
42	sites.google.com
51	sites.google.com
55	sites.google.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.jgkvbffy.ggkfqtbuz

ru.jgkvbffy.ggkfqtbuz
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5063

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v16

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB

Filesize
548KB

MD5
bcf3399ffc0d9c9205eb1d7faacdf28f

SHA1
f3697f0ee28cb6f144c5e7e430b63eddd5796381

SHA256
5a3cfd82680252921817080a8ae6e2e238837314055a1648ba27ffc7c4c6eb4c

SHA512
80797d671a9bf09a9cf24e51ba70b617cc6bc5221ac354d6afff6c21a9d3551f85fe34ee32bf56b050952ff8e3a9440029b4aafef0907dadbfb6857224f6d3e9

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
512B

MD5
3b61445ad5e1fe315902ee1ba69b5e47

SHA1
972dc1e4b8d01b451edc20c6f63efe69383d5e8a

SHA256
584a85e412dcb734ecfb3d0a63705b6e3600a50c13964b859545b8be864fafb9

SHA512
3daded4b7a1498fedea2b738e77d8892fc42e9b58b97af0988101f5748edfc77240d7d52b8fede2c2eef5fa445f1ce0b8f3b241dfb81f4b3667487615a254f76

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
8KB

MD5
28fe09795163d554638125e19c5d25e0

SHA1
1f48f58077176c1a2d43c4f7e7d1de67197ea163

SHA256
3b7e6d389582bff5e89493b605076c763b66fcd8c096926d9b5b98b3f29835be

SHA512
291e208cf204a8adb9a535e4619ebb58be9ea306f3ccd5ea95ab0e9a0c04fe4db0a386c4547e6613f58951cd345e80d7f329d21f8bdd6296c2834d84b3736267

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
8KB

MD5
816d09acfb63d8abd15aea24c8ade6e3

SHA1
043d09bec5da99dbd7d3d43b9dd11e9acc508113

SHA256
9accdbfd0f7569726cb4778e5bc82fab58089e9a9a679a7c38af343fb01c79f1

SHA512
aa307044584378e22a1faff125a591836ee84ac9e1a6fe2668543858509d53b2191fef96fa6b224ec4af7e4fe5dc0fbb68599c7c66746d8390c9fa9f3ffa5b36

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
12KB

MD5
dd575dea816507ba6c77d63bc72cdc54

SHA1
effac6c033ea4b83410c3c84f72dd038095e1eee

SHA256
984bb72ad4f6a1fcf1c7d10c04b9d0eaa3e0c98f5e4fe049f02f81393b91451d

SHA512
c0185e4991661100eed83ce3f61ee0607e246c41620459cd6eb57cac5fa8812506acae6eadf2485caa3fb93f73a11eaffed28164739869ee4353929bc91988a2

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
12KB

MD5
f0fd7847ef3ddf127b09d6c819cb9eff

SHA1
52ca1a53f522f010877538d8aa76f179c8937644

SHA256
d6f36b511bdd36f0a9e322956dd91becb5574bda08506653b0a60605978a19e8

SHA512
70e8088bb5db8e91cbce067186af5a6af08c9d6a96e8c6daac2c1cfee560567c6ad93f717a05db4580179a10e0b91c5e1cb87a206e355765760e666f08c85154

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
28KB

MD5
b6e71edc07dc0f7cd66bed38a5cd0d67

SHA1
c8a99bf30650335ab74bd3066483b0493910c9ec

SHA256
b0c25858a5001b222ca9506ae1d5a4ec6ded77a270a6b39d3f2f65b3a3c88c36

SHA512
c2c674dcd9075fb5c089957d5c22c8620a2b47ca0657d0f6e92549f049ea59bcd36fdcd074c8cccbfb22bcdff5320a660677926f17da450b6c974e53dbeb6270

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/files/pinapp.apk

Filesize
93KB

MD5
ba57f9fe62bbcf10348091b7d08ce123

SHA1
0fba82354a775094f68fb49bd8530f97f6db97cf

SHA256
1df6c43a03bf45cb91c83eb81d123877eb4f663b0693daf4ba590df900a01160

SHA512
d030cb078a399eb104e5780426e14efeaeeaff93c4710186d1622b64a5ec547e20e318f72ac3c6adc3baa4680a955a3e43fa5964dd87a0684b21902672854e69

Download Submit
/storage/emulated/0/Android/data/ru.jgkvbffy.ggkfqtbuz/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.jgkvbffy.ggkfqtbuz/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit