Overview

overview

10

Static

static

10

d11d8e348c...8a.apk

android-9-x86

8

d11d8e348c...8a.apk

android-10-x64

8

d11d8e348c...8a.apk

android-11-x64

8

Analysis

  • max time kernel
    1s
  • max time network
    144s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    09/04/2025, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a.apk

  • Size

    4.1MB

  • MD5

    675f4bc84ed3d61cf057a3de8a00426a

  • SHA1

    592dedaaf6216addaff3489492b6c02608b805c6

  • SHA256

    d11d8e348c18619058f8aa759011b290da27a98ac3e1b730cc3ef1ee617ab88a

  • SHA512

    dd6a8f5b06bf70ac992981b8eb7002d41ffdf1a94744fd45a859d4e035e1c27caad17c9e45e0f7ce882b9b28a1d5a52638e258ff211fcdfda1556407eb871275

  • SSDEEP

    98304:O2+v/7fp9OtWgWpcsdSeeyxcNXdCggrnHDnlZzSSyGO2pNDRYdq+5jKgkbrQJF:O2+v/vKqpcCe/RQlRSSzOqK952db8JF

Score
8/10
bankerdefense_evasiondiscoverypersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    defense_evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • ru.tyvjweza.siiteulnl
    1⤵
    • Checks if the Android device is rooted.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5139

Network

MITRE ATT&CK Enterprise v16

MITRE ATT&CK Mobile v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ru.tyvjweza.siiteulnl/databases/PackagesDB
    Filesize

    20KB

    MD5

    331bf044c69f8b9fb4160091f519f777

    SHA1

    830a4c2eb31abaec3faefc2179bd0e41ce3d3911

    SHA256

    f0bc70dbc62ebcfc8de5532c8860dac520110546991f2051642066d06246c78b

    SHA512

    2683020b7e96acf5692d0cc885f4c14c8d02da02ef09e57c49133c51493cf4ff2146c965b12f19d94bd390679c311b0c556d90f309db77a46f2c1ef4492fb631

    Download Submit

  • /data/data/ru.tyvjweza.siiteulnl/databases/PackagesDB-journal
    Filesize

    512B

    MD5

    25f2ca53baa1566f8545096d2bdcfbe3

    SHA1

    ffc1cf37ea0ae060aff0fb77aa6f28306935394e

    SHA256

    020c74f171f236a83c9ec80e8daef40a4710c8a699204ff30d0cc26eaea3776d

    SHA512

    dfa89f213d1ca9671cde771200a20d48814106b139ad5faed52f701fb303543644b15e63ccd7868b87d94d5af7a06b3b20a93736a0cbe87beed822b606de8914

    Download Submit

  • /data/data/ru.tyvjweza.siiteulnl/databases/PackagesDB-journal
    Filesize

    8KB

    MD5

    7a6fe49108923f8814f008ba4eb16e36

    SHA1

    974726418a11e17a4c01fa8c4902abc7b76efa77

    SHA256

    cc1b95ab3aef10ddf2292555f4fcd85dcb47177db2bc6f5da84bce04d84f3905

    SHA512

    9492677965728f0bc5f031941cb91782dd167958bfd5362b43494236f1c76aca86c22bccf25b219b15f42e6bcee2d931165f6aa964b4bb83fd5c75a1acde0870

    Download Submit

  • /data/data/ru.tyvjweza.siiteulnl/databases/PackagesDB-journal
    Filesize

    8KB

    MD5

    874256f65d98e6e3bd18f9011ea47d21

    SHA1

    a95d9beff85fb3bafd3e61468814bf9640b2481b

    SHA256

    2e5048853919a7d42d50956205beefe1ee18fc7211a798e0f735a94cec83bec5

    SHA512

    e8cc2dc1cf3771c6d32850458e69da64ff43732c89cf3f59ef28a93ce55935108239d12093e2c3153a453ae8a92cf0b1980bf4efe6e1853d52cf9d6ce796176b

    Download Submit