Analysis
-
max time kernel
2951605s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system -
submitted
25-11-2022 12:00
Static task
static1
Behavioral task
behavioral1
Sample
847bc07585f3e9427e9a47d1a06a644e6290a8d45c560f9727fa3251aee99c1e.apk
Resource
android-x86-arm-20220823-en
General
-
Target
847bc07585f3e9427e9a47d1a06a644e6290a8d45c560f9727fa3251aee99c1e.apk
-
Size
724KB
-
MD5
94a08b2ed11c553e65b4ace27bb08e44
-
SHA1
42139f9f5c9e8e7c7836802e72d05aede2b72dff
-
SHA256
847bc07585f3e9427e9a47d1a06a644e6290a8d45c560f9727fa3251aee99c1e
-
SHA512
088a719199338234fef0d9f8b572d580ee6655acbdef3178f92f6c670304b79c5eeed929a242c4ed812727df4442aa1ddfb6ba2cd0e3ed67b3d29260d463575d
-
SSDEEP
12288:28IbpO2X8zY0zRMqRjk39l4ZxB4YccpBWkkydYM86q3WN9FoNwouCaK:h1g88Ckf8CcpVuM8Rwmww7
Malware Config
Signatures
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.android.example:remotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.android.example:remote -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.android.example:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.android.example:remote
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.android.example/shared_prefs/pref_key.xmlFilesize
134B
MD512dec3641df9a4a6b033fdf1782c6aa9
SHA1eebc71628e43c2ef5bcef88b5e51ec8cbc1ee8d1
SHA256c2fe824a517a1ac38b5b34d638decb1767fce091068888fccc040eaebb402181
SHA512a349f98c79352b171c25b3415d002039fe149ede65c1d86f84ed380f7f8758394007bbec5ca8164e41b47155ce2304df34b5d571b995ae0b2ff255a8d64815a3
-
/storage/emulated/0/baidu/.cuidFilesize
89B
MD5191501757376168099d59cc106cb496b
SHA1094cd5e3ee5eef535a8d5ac250d33759f64abba2
SHA2569ad830de082c7faa7e45a9b3ac36ddd871114ef7c414dea1bd121f436506e582
SHA51266acaa826de6b8367df7b37d38deacc5d88d1309df5fd6cbea4229cfe995d647bdce034b0d6ecade8c44c1213829eb657cb29d0c423b22034185d9108e4d9f40
-
/storage/emulated/0/baidu/tempdata/con.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/baidu/tempdata/ls.dbMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
524B
MD59dd11c1aa74789ffecce4709a95ed06c
SHA17e9dc4f6c2381a9e5a524d952b29afcaa2196759
SHA256e7d211f503e865ac9f83f3832bb8eb65c2c860d2b34037add4f75e85014d56fd
SHA512dc067d7e248e8bcb4ff9bf75decafd2476aa8ec2448e316ab7ee68820540fb376ad740be03d384ae919c00e51dbf36685af4ed23c8dc14f7464f207aa5909611
-
/storage/emulated/0/baidu/tempdata/ls.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/storage/emulated/0/baidu/tempdata/ls.db-walFilesize
32KB
MD54692ab928158c4748905bbd23f72b3b9
SHA1f536d963b324b8c6624e23728bee1288d843b9f7
SHA256f934ead743d86bad1be226ad84e6dbfc83e4e4393d1b17d6fc86f3c9a2c67574
SHA51244390a96f2e846df516b74d62391cd9d40517e0be848bb9937a9acecff36fb0b8ce5d9456da0d4af96ae237324a5b0c647cf7f9088f54fea227484e79ed838e8