Malware analysis https://1-dontsharethislink.celsoazevedo.com/file/filesc/MGC_9.7.047_V2_MGC.apk Malicious activity

Add for printing

URL:	https://1-dontsharethislink.celsoazevedo.com/file/filesc/MGC_9.7.047_V2_MGC.apk
Full analysis:	https://app.any.run/tasks/2eb54605-35e8-4c01-a104-f7daf9524652
Verdict:	Malicious activity
Analysis date:	March 20, 2026, 18:54:08
OS:	Android 14
Indicators:
MD5:	FC2B05677E2DB2E5A948BCB7AA5C7A0D
SHA1:	22419B19CCD145D15FBA677F8D184CB25C5A1190
SHA256:	99E84AA0C72F61C9F1BE95076E2E5E6FA8921E0DDDFBDDD6E735384D63E9FA95
SSDEEP:	3:N8jaJX0HMUTWTXqN6Y0NVkn:2Wu1WJY0NVk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
- Executes system commands or scripts
  - app_process64 (PID: 4296)
SUSPICIOUS
- Accesses external device storage files
  - app_process64 (PID: 4296)
- Detects emulator through system properties
  - app_process64 (PID: 4296)
- Collects data about the device's environment (JVM version)
  - app_process64 (PID: 4296)
- Accesses system-level resources
  - app_process64 (PID: 4296)
- Updates data in the storage of application settings (SharedPreferences)
  - app_process64 (PID: 4296)
- Retrieves Android OS build information
  - app_process64 (PID: 4296)
- Retrieves a list of running application processes
  - app_process64 (PID: 4296)
INFO
- Loads a native library into the application
  - app_process64 (PID: 4296)
- Dynamically inspects or modifies classes, methods, and fields at runtime
  - app_process64 (PID: 4296)
- Returns elapsed time since boot
  - app_process64 (PID: 4296)
- Gets file name without full path
  - app_process64 (PID: 4296)
- Stores data using SQLite database
  - app_process64 (PID: 4296)
- Dynamically loads a class in Java
  - app_process64 (PID: 4296)
- Retrieves data from storage of application settings (SharedPreferences)
  - app_process64 (PID: 4296)
- Dynamically registers broadcast event listeners
  - app_process64 (PID: 4296)
- Gets the display metrics associated with the device's screen
  - app_process64 (PID: 4296)
- Retrieves the value of a system setting
  - app_process64 (PID: 4296)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

138

Monitored processes

10

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
3956	org.chromium.chrome	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
3981	com.android.traceur	/system/bin/app_process64	—	app_process64
User: u0_a54 Integrity Level: UNKNOWN Exit code: 512
4015	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4026	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4053	org.chromium.chrome:privileged_process0	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4077	com.android.adservices.api	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4126	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4296	<pre-initialized>	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4328	logcat -c	/system/bin/logcat	—	app_process64
User: u0_a108 Integrity Level: UNKNOWN Exit code: 0
4330	com.android.MGC_9_7_047	/system/bin/app_process64	—	app_process64
User: u0_a108 Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

11

Text files

9

Unknown types

0

Dropped files

PID	Process	Filename		Type
4296	app_process64	/data/data/com.android.MGC_9_7_047/cache/codec_hevc.lck		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/cache/codec.lck		compressed
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/cache/codec_vvc.lck		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/cache/codec_avc.lck		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/cache/codec_aec.lck		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/shared_prefs/com.android.MGC_9_7_047_preferences.xml		xml
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/no_backup/androidx.work.workdb-journal		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/no_backup/androidx.work.workdb-wal		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/databases/CameraFatalErrorTracker_db-journal		binary
		MD5:—	SHA256:—
4296	app_process64	/data/data/com.android.MGC_9_7_047/shared_prefs/primes.xml		xml
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

3

TCP/UDP connections

14

DNS requests

19

Threats

3

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3956	app_process64	GET	200	216.58.206.78:80	http://clients2.google.com/time/1/current?cup2key=9:aqQ50-3IIoW2-FuxGG7QW5BgGFYnDbNgfEvYyETpZGc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	US	text	105 b	whitelisted
—	—	GET	204	142.251.155.119:80	http://www.google.com/gen_204	US	—	—	whitelisted
1921	app_process64	GET	204	142.250.201.163:80	http://connectivitycheck.gstatic.com/generate_204	US	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
452	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.251.155.119:80	www.google.com	GOOGLE	US	whitelisted
—	—	142.250.201.163:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
—	—	142.251.156.119:443	www.google.com	GOOGLE	US	whitelisted
3956	app_process64	216.58.206.78:80	clients2.google.com	GOOGLE	US	whitelisted
3956	app_process64	104.26.15.150:443	1-dontsharethislink.celsoazevedo.com	CLOUDFLARENET	US	whitelisted
3956	app_process64	142.251.154.119:443	www.google.com	GOOGLE	US	whitelisted
3956	app_process64	142.251.127.84:443	accounts.google.com	GOOGLE	US	whitelisted
1921	app_process64	142.250.201.163:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
1921	app_process64	142.251.150.119:443	www.google.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.201.174	whitelisted
www.google.com	142.251.150.119 142.251.155.119 142.251.153.119 142.251.157.119 142.251.156.119 142.251.152.119 142.251.151.119 142.251.154.119	whitelisted
clients2.google.com	216.58.206.78	whitelisted
1-dontsharethislink.celsoazevedo.com	104.26.15.150 172.67.74.44 104.26.14.150	unknown
accounts.google.com	142.251.127.84	whitelisted
3-dontsharethislink.celsoazevedo.com	104.26.14.150 104.26.15.150 172.67.74.44	unknown
connectivitycheck.gstatic.com	142.250.201.163	whitelisted
time.android.com	216.239.35.8 216.239.35.4 216.239.35.12 216.239.35.0	whitelisted
staging-remoteprovisioning.sandbox.googleapis.com	108.177.15.81	whitelisted
a.nel.cloudflare.com	35.190.80.1	whitelisted

Threats

PID	Process	Class	Message
1921	app_process64	Misc activity	ET INFO Android Device Connectivity Check
3956	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3956	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)

Add for printing

No debug info

General Info

https://1-dontsharethislink.celsoazevedo.com/file/filesc/MGC_9.7.047_V2_MGC.apk

FC2B05677E2DB2E5A948BCB7AA5C7A0D

22419B19CCD145D15FBA677F8D184CB25C5A1190

99E84AA0C72F61C9F1BE95076E2E5E6FA8921E0DDDFBDDD6E735384D63E9FA95

3:N8jaJX0HMUTWTXqN6Y0NVkn:2Wu1WJY0NVk

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Executes system commands or scripts

SUSPICIOUS

Accesses external device storage files

Detects emulator through system properties

Collects data about the device's environment (JVM version)

Accesses system-level resources

Updates data in the storage of application settings (SharedPreferences)

Retrieves Android OS build information

Retrieves a list of running application processes

INFO

Loads a native library into the application

Dynamically inspects or modifies classes, methods, and fields at runtime

Returns elapsed time since boot

Gets file name without full path

Stores data using SQLite database

Dynamically loads a class in Java

Retrieves data from storage of application settings (SharedPreferences)

Dynamically registers broadcast event listeners

Gets the display metrics associated with the device's screen

Retrieves the value of a system setting

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings