53ebf60490a4d9e16bdc9233e367f142512f6f10efed75b993fe4e2214dcc40f

Analysis

max time kernel
3096499s
max time network
18s
platform
android_x86
resource
android-x86-arm-20220621-en
submitted
01-07-2022 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53ebf60490a4d9e16bdc9233e367f142512f6f10efed75b993fe4e2214dcc40f.apk
Size

4.3MB
MD5

4e73fb6a8f4679f745145da1c960d372
SHA1

de2fcd36ab2f2e701accf7a78dc9419ff47d5960
SHA256

53ebf60490a4d9e16bdc9233e367f142512f6f10efed75b993fe4e2214dcc40f
SHA512

9932bcd8cfda540041c2dabead3088456ec89902731c8cdfe77762e70ec5dab1685fbd14b19a8146016301220f805f68413181de8f06bee184129ecf72e0cfdb

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.cjmn.tch.smat

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cjmn.tch.smat

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.cjmn.tch.smat

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.cjmn.tch.smat/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.cjmn.tch.smat/cache/oat/x86/h9zpvxqbc6erj58z.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex	4098	com.cjmn.tch.smat
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex	4784	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.cjmn.tch.smat/cache/oat/x86/h9zpvxqbc6erj58z.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex	4098	com.cjmn.tch.smat

Reads information about phone network operator.

com.cjmn.tch.smat
1⤵
- Requests cell location
- Loads dropped Dex/Jar
PID:4098

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.cjmn.tch.smat/cache/oat/x86/h9zpvxqbc6erj58z.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4784

sh
2⤵
PID:5153

ls -l /system/xbin/su
2⤵
PID:5181

sh
2⤵
PID:5217

cat /sys/block/mmcblk0/device/cid
2⤵
PID:5250

sh
2⤵
PID:5284

cat /sys/block/mmcblk0/device/cid
2⤵
PID:5314

ps | grep com.cjmn.tch.smat
2⤵
PID:5403

ls -l /system/xbin/su
2⤵
PID:5444

dd if=/data/user/0/com.cjmn.tch.smat/files/_zx_lib/libhelper.so of=/data/user/0/com.cjmn.tch.smat/files/_zx_lib/helper
1⤵
PID:5205

chmod 777 /data/user/0/com.cjmn.tch.smat/files/_zx_lib/helper
1⤵
PID:5270

/system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.cjmn.tch.smat/files/_zx_lib/helper /data/user/0/com.cjmn.tch.smat/files/_zx_lib/helper com.cjmn.tch.smat/com.google.android.gms.analytics.CampaignTrackingService
1⤵
PID:5336

sh -c am startservice --user 0 -n com.cjmn.tch.smat/com.google.android.gms.analytics.CampaignTrackingService
1⤵
PID:5376

/system/bin/sh /system/bin/am startservice --user 0 -n com.cjmn.tch.smat/com.google.android.gms.analytics.CampaignTrackingService
1⤵
PID:5376

cmd activity startservice --user 0 -n com.cjmn.tch.smat/com.google.android.gms.analytics.CampaignTrackingService
2⤵
PID:5468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex
Filesize
874KB

MD5
afc63817854953154201de6c56207954

SHA1
0abb6036ebf0e2375080deedf142b10b4d78de8a

SHA256
671d46040d0de7a8f93bb3d43a42893b3fbc3456bbb3e4dedd8a6476634cb8f9

SHA512
4739bf2ca30e71ebde84f3547a65932b36238d312fc031c433a33a856aa876703218b6eeb7389e3a0f8a2093de148e3d9816ae04f091e1bd6c8cbf434a3d214e

Download Submit
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex
Filesize
874KB

MD5
afc63817854953154201de6c56207954

SHA1
0abb6036ebf0e2375080deedf142b10b4d78de8a

SHA256
671d46040d0de7a8f93bb3d43a42893b3fbc3456bbb3e4dedd8a6476634cb8f9

SHA512
4739bf2ca30e71ebde84f3547a65932b36238d312fc031c433a33a856aa876703218b6eeb7389e3a0f8a2093de148e3d9816ae04f091e1bd6c8cbf434a3d214e

Download Submit
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex
Filesize
874KB

MD5
afc63817854953154201de6c56207954

SHA1
0abb6036ebf0e2375080deedf142b10b4d78de8a

SHA256
671d46040d0de7a8f93bb3d43a42893b3fbc3456bbb3e4dedd8a6476634cb8f9

SHA512
4739bf2ca30e71ebde84f3547a65932b36238d312fc031c433a33a856aa876703218b6eeb7389e3a0f8a2093de148e3d9816ae04f091e1bd6c8cbf434a3d214e

Download Submit
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex
Filesize
874KB

MD5
afc63817854953154201de6c56207954

SHA1
0abb6036ebf0e2375080deedf142b10b4d78de8a

SHA256
671d46040d0de7a8f93bb3d43a42893b3fbc3456bbb3e4dedd8a6476634cb8f9

SHA512
4739bf2ca30e71ebde84f3547a65932b36238d312fc031c433a33a856aa876703218b6eeb7389e3a0f8a2093de148e3d9816ae04f091e1bd6c8cbf434a3d214e

Download Submit
/data/data/com.cjmn.tch.smat/cache/h9zpvxqbc6erj58z.dex.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.cjmn.tch.smat/cache/oat/x86/h9zpvxqbc6erj58z.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.cjmn.tch.smat/cache/oat/x86/h9zpvxqbc6erj58z.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_lib/libgame.so
Filesize
4.5MB

MD5
0034bf65e4f01cced09a80724c5b0bea

SHA1
09f194445ff5688a1425f00ae670a84b23ab95f4

SHA256
9a673a1d82d4fd0b51b750b15097aee34f6315f7c520a39ab51ff626079e213a

SHA512
3d084e7a47a1a9b47b87111fca1337b3b0bdafcd6e7ca73873fdd45264fb339601f38dfc583ef13fa5953d35816ff89e5a8b494d32685013a99f7b2d6bed19e8

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_lib/libhelper.so
Filesize
17KB

MD5
ff77b5d69b34041a8e08a6aba4eb1767

SHA1
1f78eca6afe441a5c059b58c98d7bafb3450177e

SHA256
78607f7e8ec75e26163536369b8a14de47aa35609616dfd520229e056d596f77

SHA512
09ed69804f14f75356ea2d4e57b7553f7df7cca1b182f9783da585ccb7209f7c0f8c35623a6fb0760779d32bd70301a7cf94d97b6274b58a35eb175ed5fec84c

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_lib/libsmsmanager.so
Filesize
13KB

MD5
21c9ba13d9207e7387d13990dba81ae8

SHA1
fe1110fbc573e9859c94e9b18c7a2c1af52d895e

SHA256
3cc7323f29bf4b749b8ba79010f36d626dff620fd217af6f1ab525b450a8b466

SHA512
65f901296b8f60228993840a54abd1376141c404b3e356afd7092a2c240c198bd32217533cca13b8cebc688f801bedf3accbedfd0157b84daea5350b89a68edc

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_lib/libzxvps.so
Filesize
29KB

MD5
471092c979a32e1f5e3be9616af8fe14

SHA1
f97a011129e46fa2354d7963377bd65c41c8286b

SHA256
6cbcf74fd86c2bd347034bc58c083b3a6a78d9c4e2429930e9738633a0ae0b2f

SHA512
cf59f844730a26b4adcee36ddaf51d838d4debce9743056e715b46ab0d76e1b949ff1177b9dcabb1c26080bec2e9c2b4c1b0be8afa4816445d3e771051432f03

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_res/baidu
Filesize
1.8MB

MD5
5a011920908ed7d851af5303cdb60009

SHA1
4040904c3e8f98a5fa387b3c2cfa05062a28eb15

SHA256
be01f0748b095c5bd212205a481e8d7c6893675cff609992b01af84aa4aa82ac

SHA512
413064342d822e95eeeaaacc30b69d8f736bbe7d2a2cf6552f938f23f28972bcbe462b70e6a40aa93d5192df8367549dd22735dc05b883d40dfb4e8343e6c757

Download Submit
/data/data/com.cjmn.tch.smat/files/_zx_res/config.properties
Filesize
210B

MD5
ad865372eb7441fa0ff4460c8f9871eb

SHA1
2fb89ec28cd86a0d489dbacbd3f94a0a4f6d5115

SHA256
9885989b6e7ad630a4c909898253491b9bb3696abe55304df3e2631c568b4d42

SHA512
8f25823ede3b4a222c48036dcceaece5641598b395537e4e0126b7c65810e59348feb2454c80957ab4f25addaf42dd3cc512a06484208cb625d24dd9b973ca47

Download Submit
/data/data/com.cjmn.tch.smat/files/a.so
Filesize
85KB

MD5
c3a9ab337fe5bd0b3eefb04b332f08b0

SHA1
d3f0fe65c61fe86310dd10cea9a390886b9eb938

SHA256
d4e5a7333d40dda1cd874440cec1aa1f57e74ea673b6d306d4886c20162558f5

SHA512
b99124607be6b46fd3615b2bfcaaf02acc0541ef19fc8e302a9f3e4410d0f2dc3983dfab380de42ac6ffe3dfc7e8dd83020a8d4f44ca39cf049087e2048238d6

Download Submit
/data/user/0/com.cjmn.tch.smat/databases/qy_db_pay
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.cjmn.tch.smat/databases/qy_db_pay-journal
Filesize
524B

MD5
f8d092b13b4fa0adf79622fab75bbdf2

SHA1
75456a998c540d730e39c747f4ee9728569053c1

SHA256
df46325b93176a4528ee88acbfd751ed0e0fc2a47e26dbc0ef7b437ce446a992

SHA512
fbac7561cbb0afba43ec93066a020f600e661c8de298c408545231688aa182fa08f2f47d6f0b3d83f85f30607383f0e24cae6e44e4f85c922c161a50be0938bd

Download Submit
/data/user/0/com.cjmn.tch.smat/databases/qy_db_pay-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.cjmn.tch.smat/databases/qy_db_pay-wal
Filesize
48KB

MD5
43f31d35797606112555b3ec77f2743f

SHA1
b677f2cc8de72a4bdb68cc1f42c67f8bdca39e7e

SHA256
6f08965ff94af18931e02fcc7919ed31d94555ea69f7bf7b2f8860b4bf9a02f6

SHA512
8b2aa3c61fd6d18150ee006a1555eef9e5421b13a5581571047bdce9606f04d8d56149a4b372250e5b2395ed26ba8a982fb70d0b72db4dd1c5999c7acac3cabf

Download Submit
/data/user/0/com.cjmn.tch.smat/files/_zx_lib/helper
Filesize
17KB

MD5
ff77b5d69b34041a8e08a6aba4eb1767

SHA1
1f78eca6afe441a5c059b58c98d7bafb3450177e

SHA256
78607f7e8ec75e26163536369b8a14de47aa35609616dfd520229e056d596f77

SHA512
09ed69804f14f75356ea2d4e57b7553f7df7cca1b182f9783da585ccb7209f7c0f8c35623a6fb0760779d32bd70301a7cf94d97b6274b58a35eb175ed5fec84c

Download Submit