Analysis
-
max time kernel
3896250s -
max time network
129s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
15-09-2021 06:52
Static task
static1
Behavioral task
behavioral1
Sample
bd889272696244e9baa8322d6b7151873a121518969f3986020b623be4ccf0c1.apk
Resource
android-x64-arm64
General
-
Target
bd889272696244e9baa8322d6b7151873a121518969f3986020b623be4ccf0c1.apk
-
Size
4.2MB
-
MD5
6630b2e0d7430b6dc63705c471c442c4
-
SHA1
f8bda4328d63f3d90fc862d82ce797de09f45245
-
SHA256
bd889272696244e9baa8322d6b7151873a121518969f3986020b623be4ccf0c1
-
SHA512
c8a34d76ef4a3c9a023db15eb54d6ee04bc360624f4e3ff8c8e2e298deb0cf8ad068cf8615dd50f30c15a58d10e7357edfed6a1ba33c3ee8c954abb6906c2b67
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.didiglobal.passengerioc pid process /data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zip 4152 com.didiglobal.passenger -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.didiglobal.passengerdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.didiglobal.passenger -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
Processes:
com.didiglobal.passengerdescription ioc process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.didiglobal.passenger -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.didiglobal.passengerdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.didiglobal.passenger -
Uses reflection 64 IoCs
Processes:
com.didiglobal.passengerdescription pid process Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows 4152 com.didiglobal.passenger Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4152 com.didiglobal.passenger
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/MultiDex.lockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/base.apk.classes1.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.didiglobal.passenger/code_cache/secondary-dexes/tmp-base.apk.classes3783840817013258459.zipMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xmlMD5
547f888907fa778578cf0d692462415c
SHA1043c97f071be2ba9b3962b1e9e94561b79b7c1f6
SHA256459ca4afbe0d3daa2faa418da9dda8ec05e543159bd67891a92dc6b135d4ef36
SHA51201186b08eaf8720a41fadc545dc08a2ca3ed97e346b358e66fef3eb88bf1d8d2d6833f5bd0a07516ceea61d35d2d447cc29c2f1954fd8bd12d2f47ea2b5a398b
-
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xmlMD5
31c3d6e433d8981b907c44998eb2e833
SHA1a3b64d6ee9a1a7b1f7e1b4a85c11fad47e025eba
SHA256892335e85fe7160236165832ef85042380e5f4207fcbe6eee1227e6030db8856
SHA5124d7eacf0f9103c2136940e202c02d2f7c30b612d9448b05129c97539874c5d4757365cd41f892e43b3d37742a2ce4cfc0c83b49a8478eaa8f5f9024861bc4c60
-
/data/user/0/com.didiglobal.passenger/shared_prefs/Voicemail.xmlMD5
3cfe28307f37acd63df28b11a4755665
SHA167cbb3567b2ea420d1f2a7c186bb980b9c7d9880
SHA2563fa39864dca3ad2cfd7900656bbbc07eb2b8715c55098ecf6fb49727cc6c092d
SHA512fba5e13945a054d6ccc6b12dba31c1dbfaea34958f9559ea01a31fb241768b7ad8ec99900cb01f40fe093d822dbd04e0a109c07d9f2252182371e36754e472bb
-
/data/user/0/com.didiglobal.passenger/shared_prefs/multidex.version.xmlMD5
77d8cb69028d66d4cf59cb4488453fe6
SHA1ef241e07048f402de56ed17a7cd28ee357d493dc
SHA2568bd411dd07432e4a9f3cdc585ed81d7198de246babd40aefed3849be8f048bb4
SHA5126bfa543b6c5ac0867e818e3f82d2e2a719920e22f3294c7f7a40355f46c047059fe23828d45dffb2966aeed47ecc19d92aa1106a5ba9b54eca2cf73520762586