21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41

Analysis

max time kernel
7s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
09/04/2025, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41.apk
Size

3.5MB
MD5

2e475aa3f666a9d8db5d3115c7854353
SHA1

fa00c9230aa5f589a12927ed3a63fac99516a84b
SHA256

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41
SHA512

a8a685706f294b94dbb4a12f6a3ab49224b50960f8791c04fd9cd5455ba5be4fdd2d861779c74f869c6ffbafa4443bc233369df458095831e5b491fc4c7e6ea0
SSDEEP

98304:W9+oFv8T/N/GODie+PlbwevYHpBUpF5sr8Tgkbn:YFUrN9IjwHCnTdbn

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	ru.jgkvbffy.ggkfqtbuz
/system/xbin/su	ru.jgkvbffy.ggkfqtbuz

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.jgkvbffy.ggkfqtbuz

ru.jgkvbffy.ggkfqtbuz
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4305
- su
  2⤵
  PID:4373
- su
  2⤵
  PID:4593
- logcat -d -v time
  2⤵
  PID:4615

Network

MITRE ATT&CK Mobile v16

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.jgkvbffy.ggkfqtbuz/app_error_log/Log/Exception.9.0.7.txt

Filesize
633B

MD5
a94c9a9fc0d5ee70a2fc5a100832824d

SHA1
1e3f1a8341552f0bb719b057f787e867f30946ef

SHA256
a12537e4d73f28909a71a7fdf97b4b088c81c3c1ebe35aa71ef9894fb1f3c747

SHA512
bb3b22b3a17c682a9156fff25622a804dae7118111ee70701be81a2b92043eec5f090a784fb0e0e235084fe6d95ad2ee5bc4d49f7e25a75a74c0a5004c95e0e0

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB

Filesize
272KB

MD5
84cf777eb282772505bc179b1fc1cf15

SHA1
b1a5901bf6b28f30e88bff6c45158d9330cb5219

SHA256
4274d5cb600145021af43637a734a1f0c4a930ef55eb7dbf856925d3f2178067

SHA512
537124ebf6a2d13b861f0bfb0a964930036f47be226636abdf4f740fa860da79437eed13af063c428f8c184e78b2429160fc6f505cc27ae5acc8c5f44b3e175d

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
512B

MD5
53c8f5bff23f3c0dacd0e62803da1354

SHA1
10344bda7c5cfea0c991ac406ab3aaaa5136837e

SHA256
744769d11967b2dc9b1172dcfe317c8f8bbb47916330b4ea3d9ffb9d5c53ea88

SHA512
172091eaeb2797b027ca369af19264f57d8ba885e92e4844782da9bb7bb6f6b1cd46a376727732a4f06fd94f9489f7fa71e95736cb938fc937b81fa96507d9a3

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-wal

Filesize
418KB

MD5
eb0d5662a8b56f38a6f71f5062f43195

SHA1
85e04ce7c7cfefa83eceb6d006f9cde45261aa13

SHA256
7c2ff95df4de304c3b62ffd9bc2e82d047c489b9b515b37d4a4375634b168303

SHA512
de04be1fb7a9ffdf71a6e9b8e30983cb97a12ec3f185a444f5f83b027753071c6085cf190ce7f73aa0e631004b39333b63e2a86be6d1461c40246993af6b5b92

Download Submit
/storage/emulated/0/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit
/storage/emulated/0/LuckyPatcher/Log/error_log.txt

Filesize
532KB

MD5
ddb66099ed4cd6bd8557db13141e5767

SHA1
6f6d0e0ec0ac360b598bf6d3178e448a176cc2df

SHA256
cd42d610e3976e0239713f5b9cbfc4d2628bd3c1e5b180ea20c5364a200c55ad

SHA512
bef32e93f9d535b7a21dae3698a2ce7ebd058350f50f7607f858ac7d8a13b8914499edea959e872616a2804d4fab4a5468bec903a24ce3e5c1bed2dbcdb068d1

Download Submit