21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41 | Triage

Analysis

max time kernel
8s
max time network
128s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
09/04/2025, 22:18

Sharing

Report Analysis Logs

General

Target

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41.apk
Size

3.5MB
MD5

2e475aa3f666a9d8db5d3115c7854353
SHA1

fa00c9230aa5f589a12927ed3a63fac99516a84b
SHA256

21310653d1745a48221fe9047bef6a9337230178fe42f10621d0f7a2cb1d5f41
SHA512

a8a685706f294b94dbb4a12f6a3ab49224b50960f8791c04fd9cd5455ba5be4fdd2d861779c74f869c6ffbafa4443bc233369df458095831e5b491fc4c7e6ea0
SSDEEP

98304:W9+oFv8T/N/GODie+PlbwevYHpBUpF5sr8Tgkbn:YFUrN9IjwHCnTdbn

Score

8^/10

banker defense_evasion discovery persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

defense_evasion

System Information Discovery

ioc	Process
/system/bin/su	ru.jgkvbffy.ggkfqtbuz
/system/xbin/su	ru.jgkvbffy.ggkfqtbuz

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

flow	ioc
45	sites.google.com
37	sites.google.com
40	sites.google.com
47	sites.google.com
49	sites.google.com
53	sites.google.com
54	sites.google.com
57	sites.google.com
98	sites.google.com
36	sites.google.com
38	sites.google.com
39	sites.google.com
46	sites.google.com
52	sites.google.com
55	sites.google.com
35	sites.google.com
48	sites.google.com
50	sites.google.com
56	sites.google.com
41	sites.google.com

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ru.jgkvbffy.ggkfqtbuz

ru.jgkvbffy.ggkfqtbuz
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5156

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v16

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB

Filesize
548KB

MD5
177ecf1b3a1feae3d0db3bebaf29352e

SHA1
26ca8ef497fe599659b85dc89d53f4c996c94786

SHA256
a5707a1b049c12e5f69f639009525fe1899dd9affe8e10ccaf03a6177f226c6c

SHA512
81af4764366b42262fe3a197a2ea1012483845fe07e33fdad898357b893ce2f2dbe23a7103ca1766b54c87f1cbdd925509cefae3cf983d18881dd93e20b860d4

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
512B

MD5
de9caeefab2bc0850f874a293022194e

SHA1
8f23f2685d620cfd93cd0e1755f9c9bae873c614

SHA256
a91016d50ecdf060f335a7d78b36ebf49f8bf20a0585edc9d3556a61432695b9

SHA512
9481e1cfa75699dc19917ea57070e603810f34b49c53f8a3a717dc726f13e297c75e23de29101b50f27ea8c4cc9c0f251dba425d4ea96df4c5cf2dce22a2e860

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
8KB

MD5
8c26158c4ec7f845cc850e757ccd1d23

SHA1
7145f0d84388d80a880e5fc0b3f5e723681f644b

SHA256
39b019c2a4b7f1c4087b2d25cd4630fb1f8316ab67e4aa7bc50b377b823f26a6

SHA512
0cac4102e0f8ea34201f50dbf521083ab6b22d8f86e65366936514dfca81f336317200cfe187b2e986298b77bc46f3f62b00543593f1b3ffcadc018fb16a849a

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
8KB

MD5
e4aa46121ec1d2b5615441505ba052ae

SHA1
cc74631fb3c7a07f733566b32227296a93447234

SHA256
660254b040356fa9c0c561f81968910adf4de6af7c5625062f189565fe167654

SHA512
62cadd70ca602fcfea528edf849b04f5aa9989aa7045bf191d1600281cafa4e037d7eea02d081a6b6ea90840e62fd09b4ab22bf4ac2e7c9c8047a66f2a2951bf

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
12KB

MD5
c0aac174c0d09e4ace2d0ccd2c3fda03

SHA1
05d0d3baa4a94b5e19a44e436d71c45d26452a58

SHA256
36b92aceeb7b5b626b50a0aa5afa2fa6b990f1a201ea0c9a1973bc40bee5d35c

SHA512
7362ea54bf537cdc373524c83f89ac530cabf43d942fdfb0e87e41b8b92e32a591f74129d46c92f5da976f97a969132b536eddebbece16150b9a9da8ae036f56

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
12KB

MD5
666abc19081c9c1ee0d353eb9f828311

SHA1
c9215402886ab44ee034b46ca50b9bc71b863c61

SHA256
dc1325406c673866780fe7f3e5c50972378e3971414eccdb09dc892fbde207ef

SHA512
4144ded319a93c8d2ed0eaf19ccf172ed50af86de4a28a115a7047efdf5930bb777100a9c2fb6a205cec0f7a18757a68a9b1003b945ee4734a70e19a72f9f0cc

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/databases/PackagesDB-journal

Filesize
28KB

MD5
f8976995b04d3a5b8ad4c6977c45f758

SHA1
7f6374b10b671b9efb708bd7372b7d88081c7f1a

SHA256
c8a7526d849355a0d0c6a5fdb8e34f31ac8127473d1196f379befbcce7ca7660

SHA512
ada9ce0ed4a459351891ae10cf8bd64d9f60e059ea1367e39b5c72125291c1d540e0fdedd036f774d4f627354f6864c78ec4ea81819c48bd4a8219b9ba5f81aa

Download Submit
/data/data/ru.jgkvbffy.ggkfqtbuz/files/busybox

Filesize
120KB

MD5
58d312e7787a2065e26950bf0bfc522e

SHA1
dfc5c6835978399ac52bc259ba0f9ec08af98aae

SHA256
d65c8bf355dbc2e0ce016912a4b9aaf350a096ac475877cf46821f5e3e676d9f

SHA512
8e07b008a4823a13705c184ba9199e557f3173a8f66c184a358bdb4f35b25c10cc23fb029c7fe76352406f4529fd50474715970d58f4c02a7f36361bc2c8f056

Download Submit
/storage/emulated/0/Android/data/ru.jgkvbffy.ggkfqtbuz/files/LuckyPatcher/AdsBlockList.txt

Filesize
1KB

MD5
634ab5e3e49b830079f88825c88d7f80

SHA1
cabe4068d07d52c60f5b9f840fd887051748a3aa

SHA256
2824000ad496be920c29d0a78589c72935288b40ce44b44c5fae672fbfe87fe4

SHA512
ffc893fcad8d81f6ca272cf03737ab466eafd135599e6f6f20285d7f4c3454bedde4de5929dbb1be5010192747f5f11d86166509f24bfbf778f949762e47ef72

Download Submit
/storage/emulated/0/Android/data/ru.jgkvbffy.ggkfqtbuz/files/LuckyPatcher/AdsBlockList_user_edit.txt

Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit