9133e4470d7f1c8375faa4a5584121bcd30f4b6716da6c39280d25083d8a71e3

Analysis

max time kernel
2839566s
max time network
142s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
24-11-2022 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9133e4470d7f1c8375faa4a5584121bcd30f4b6716da6c39280d25083d8a71e3.apk
Size

3.6MB
MD5

86927fcd1511ca96fa5630d3df0a2195
SHA1

ee1dcc6265962b312eba0935444d108f27a13e66
SHA256

9133e4470d7f1c8375faa4a5584121bcd30f4b6716da6c39280d25083d8a71e3
SHA512

2dfc2fe75e376c1bcd254a1ee4d7a1b37b9a446fcd7b7ab5931693992cd413fef2b0e0dd35d0785e3269da2ff44a7c9b0df6092c18682dfecd230e826b938c70
SSDEEP

98304:fLOZH/SJ4+bqWcGS/mr4kx4Ew2Jr1/cS2D4BFlz:z4fSJBbqWcGSOr4s4EwIS4BFlz

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.poxiao.standalone.llk

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.poxiao.standalone.llk

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.poxiao.standalone.llk

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk --output-vdex-fd=71 --oat-fd=72 --oat-location=/storage/emulated/0/Android/data/com.skymobi.push/plugins/oat/x86/com.skymobi.pay.sprpush.odex --compiler-filter=quicken --class-loader-context=&com.poxiao.standalone.llk

ioc	pid	process
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk	4115	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk --output-vdex-fd=71 --oat-fd=72 --oat-location=/storage/emulated/0/Android/data/com.skymobi.push/plugins/oat/x86/com.skymobi.pay.sprpush.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk	3994	com.poxiao.standalone.llk

Reads information about phone network operator.

com.poxiao.standalone.llk
1⤵
- Requests cell location
- Loads dropped Dex/Jar
PID:3994

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk --output-vdex-fd=71 --oat-fd=72 --oat-location=/storage/emulated/0/Android/data/com.skymobi.push/plugins/oat/x86/com.skymobi.pay.sprpush.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4115

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.poxiao.standalone.llk/cache/CommandCache/0c0d9b7f1c2770966796b51ef2f5f0eb

Filesize
768B

MD5
31586b20ee3ae1ffdaddb96897a5893a

SHA1
d352de9629eaca6cb334500d098e9bb33b0aa5ab

SHA256
b84dc31be93f4403e3c7ba0d761eb6469828a84f17d76e8dc4e9375b16106c7e

SHA512
35336366097b45f44a9689edf31bfb8825e3f81de2ac36fd087d702c995cc6421f25a000da9688ba211ffe787ad8666524a1df378102926a2e56edc37815a47e

Download Submit
/data/user/0/com.poxiao.standalone.llk/cache/CommandCache/d7555e213f11f928f0a9ad426841c962

Filesize
1KB

MD5
ab4f9b90ce793ca6b3d8ec0a6340a946

SHA1
89b696cdd77a5d801062b16df5f670a825f9302f

SHA256
fcd0ae1aeb40ecde072945617849e8b90a8ca30e44d1d292874ab48d5e3c5951

SHA512
005aa29a339fe758efa146e73b502a30590ad89798e7b69ae1afa9ceb190c486615a9121d193fd3a1f745bcef8c011eb30319d8795fca0c271d7fefdd43cc464

Download Submit
/data/user/0/com.poxiao.standalone.llk/files/installation

Filesize
1KB

MD5
302ca308fbfaa70d1915ad678c26602b

SHA1
40508aa90df41e148e17c8f6947f9c1c77e592f5

SHA256
f6ba678007a71909204d031942174f96115493a3b751c06200a63ff05e665784

SHA512
596091ea3b87ef616f8d626151c0133f768eebfcead33e01c592c63f7819e7347deb7cbfb1ec164c716f89e97dfadfb1e225f61e87dd65746275617d66cde042

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/AVOSCloud-SDK.xml

Filesize
117B

MD5
6dc79ab0f87a05bf7567abe519743486

SHA1
d29301cc1f46d5d1612626517465ea8071879bb5

SHA256
9e0e964eb0a3c34f5b6c0f9aa545953f222332eac6ed841bf7c147c5d1cc7aef

SHA512
9d8bb4fcdc1cf5a00118d449ea7e0cd825ba1c5ab9f49195f65defc608764b994e28882938c63ec112e29a8c8d051a21af4bf1fb45e10a04874a5bf37d2f6910

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/AV_CLOUD_API_VERSION_KEY_ZONE.xml

Filesize
123B

MD5
f3e930fd6f61a69a9720c35e282db1bd

SHA1
747d9ec1e652c30d152976da101680a86f18dd33

SHA256
e0c70ec0883b85cf892440de5d4dc3b58bb192eea1ac6412e66bcaf78a4f862b

SHA512
c0d29beec0648eb2efeb88353b1576dfb40082af781d45b5027ec65630ddfb10c4f0be73d9612d2800418590c41973982b357ba9ae97c8825f36eddbd93b4a28

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/AV_PUSH_SERVICE_APP_DATA.xml

Filesize
205B

MD5
7fb8b1ccfb3db73d65f121bf465c4e1c

SHA1
3529d9bc1df91ec13963b35b8d0397475da29adb

SHA256
40c0c64fbf5fa4073ced01c54536db56f0d7e5667b7f278312cda9ce7f248162

SHA512
e3081a2e6506771b0ccdbfe5d4d38b8eb7339ce9ed6441af3fa261084ec3e2bc4aa59a0b9dede8746ec2dd05277f44e19ca7dea03933dbf3898e404465ffe5a4

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/AV_PUSH_SERVICE_APP_DATA.xml

Filesize
298B

MD5
3f2412708b5a4eae077d03a0d81378f6

SHA1
2b567d111cd4636024d974c886371dd4104a842c

SHA256
c2eeba12bd2cb3ede04008158508b548af38bed2a9c0858362166ed5bc3fcd1c

SHA512
0f54da73bc6bb90bc982f9cc94aea3ab1e5b7d815a73de1302837f2d1a15cb0d7b3797307222af96b036b8c7b1fd690460713e2e924692f5cd5c4a5f5bfd99bd

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/AV_PUSH_SERVICE_SETTINGS_KEY.xml

Filesize
125B

MD5
8c354d1eb89a4242473c45152022e49e

SHA1
bbb255ab482691ff501e109e7cfd872e437725e5

SHA256
d36266379c0c281ee4e812dfbf04468e8bb363fa551513d95f4083c7cc0468ce

SHA512
10f4900385a65cf6a7f576e496b0edb239aa75baadf9c7a504712cf29d1b60e0888920f1c4e07c54056c6c9154cd4cb7afe8ad8a179118355227043e5d5f307a

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/llk_game_info.xml

Filesize
109B

MD5
73c1638708ab6587cfb51e000eb69edf

SHA1
588d6884813235a11bdc13f9e46c29e3be74f72e

SHA256
dd4df47dc02e987f027fd0b0af6c4857449432582c9960c8582c1f5ed88316dd

SHA512
f09dec6df861685af558f733b76fbe154dc1207e28fc0534d1d5eedab641ad73a1cb9afac8c3fb4b933d8cdfc016e4bcfa9499837fce840ad572943d31ab2a66

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/llk_game_info.xml

Filesize
151B

MD5
01284d9322c737253ac8431f65711456

SHA1
f9250e602eb0ca7c775e22906e29790ed86c4e5a

SHA256
96992448ceb7a8a445cae266b7aec284699fe5662b8e2f57d03c8177dd1a9926

SHA512
d7b113463f5e2f28d9392a06622473b89cde15dc22df7357d5c3ff52b698a82e58670dc86674c79879200e13d1444c231bd457e9ce36c57772b95f2096507c07

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/llk_game_info.xml

Filesize
194B

MD5
c172c631bc13667236f937851290fd90

SHA1
0f0ba0ff353aaf98c91f4fa824b503bc5f225b4d

SHA256
fffc0df00da093107a219d79ed5164fe0aaa97a31a57ebcc8b7f4345ddaf1d45

SHA512
ea544ea25052adf2bbe182ca6224dd3027fb3aa7f27a1b95cb6fc8da4930ca7ca1fc2430401b6f6cdcf2ae67b66569819a1c06e4b83a9fd41492e0dc3499ba65

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/px_cloud.xml

Filesize
110B

MD5
dfa6fa31acd3b4a52d84db0ed5fbcc41

SHA1
4bb5c5b088b196833bc8139f866d09b610e5333f

SHA256
bf50ac24c4b4ec3edb5de5a6f1a2f505e4bf889d0f6b19714ee8a18dbfd6598b

SHA512
c70f0a5e0ba5678d2d8b8174814535378b3ef163fba3ef304e6afbd9487341a0c686d4411c4c409b13132df5deacf6a2893de1cfe57e8882a0d62bf39c12b989

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/px_cloud.xml

Filesize
152B

MD5
edfc9a572c7cda18aa1e66c688c52b8e

SHA1
16d9a1242754ce9227c5bef5ec70f7065a7d6e77

SHA256
8a952b4c6fbb16473312ea0722d7bd180af462e356746398008f75a98de730d3

SHA512
90c9ac1b068619314361859982b7b7aec28fa5d3c180ab8866b4ef0f2c16767e0bc5a7c0b5d2b032a04199ef3dffd0bfc826694e7a5b617db40ed26949977918

Download Submit
/data/user/0/com.poxiao.standalone.llk/shared_prefs/px_cloud.xml

Filesize
209B

MD5
08f4ad7981a638b895eb33464484178c

SHA1
2afd4f008185c2a9ab2a5c108bc393ae4ca0ca0e

SHA256
dcad7b1df6c714c1e9db531cb23bee79c7ef8c6cf4401865dece8a1070bad918

SHA512
1c84b97ae556d87702463d754c44439ff314ff9495b5ec3b9a2a48d4a89c8e5d4fbe015631d389925751aa42b0c85a83a8a5c7dd9ad2f0ac992a0a9d0c36426e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_V2009.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk

Filesize
98KB

MD5
3a03192b24e28b0016574e4bb1feb4f4

SHA1
6ba26ee5414908ea1f8fa80efef3c88db47e90df

SHA256
b5de76754a308ea7ff60de40c2ea2b3dbc2e1565d7613c568ff62e7b11c5cf76

SHA512
39a44e2b43e769771aff38c5c1e798dc265e9faded5aaf14c3836045a6d7ee2280a6d83f7589071c53befa97ceeb9877f63c41079a9365ecf2055203781f8b4d

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk

Filesize
98KB

MD5
f1f3db1e81a2c9dc79f63913042a40ed

SHA1
86832d3f54586153c4fa3d6fcfc0a2984611b8da

SHA256
1377c3c99bacaee770e0cbc07d04d39d797b5c2f82758e50db4013f90ea55ed4

SHA512
f715a814d97c06c6e2412c0753f52ecdd0b01f7348a91c3bde496bcea7ade98d6c2389c8ebafc89119d6f6794df1c5aba72b000a45a609282d8f9f5e008f2eef

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/com.skymobi.pay.sprpush.apk.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/oat/x86/com.skymobi.pay.sprpush.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/Android/data/com.skymobi.push/plugins/oat/x86/com.skymobi.pay.sprpush.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit