Analysis
-
max time kernel
2947094s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system -
submitted
25-11-2022 11:11
Static task
static1
Behavioral task
behavioral1
Sample
46767c381bc7d78a1c3ac8b9deb9ddfd9e53acacfe313d52dfa2ec631421684b.apk
Resource
android-x86-arm-20220823-en
General
-
Target
46767c381bc7d78a1c3ac8b9deb9ddfd9e53acacfe313d52dfa2ec631421684b.apk
-
Size
2.1MB
-
MD5
9f6e87adedb51ad28c7235f8c3378632
-
SHA1
fed596d36a812b75d48ac684ecb44bb5fd8457f5
-
SHA256
46767c381bc7d78a1c3ac8b9deb9ddfd9e53acacfe313d52dfa2ec631421684b
-
SHA512
6dc1194a9578943dce53f152e0ccb66e4c57394ab275418cb76e8db8c12c97f0fa372e93e3d912eac374e5849083b4a6c708c97327f004e0b015d09b98785ba3
-
SSDEEP
49152:pFY0CuWtUTMTqOXuekB9W3/tuXLltI8zCHwAj:pi0CvtUTh9tB9yoXLTI8zCHwAj
Malware Config
Signatures
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=62 --oat-fd=68 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=&com.ly.tcmyioc pid process /data/user/0/com.ly.tcmy/files/plugin.apk 4491 /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=62 --oat-fd=68 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.ly.tcmy/files/plugin.apk 4098 com.ly.tcmy /data/user/0/com.ly.tcmy/files/plugin.apk 4098 com.ly.tcmy -
Requests dangerous framework permissions 5 IoCs
Processes:
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.ly.tcmydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ly.tcmy
Processes
-
com.ly.tcmy1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4098 -
getprop apps.customerservice.device2⤵PID:4230
-
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=62 --oat-fd=68 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4491
-
com.ly.tcmy:milipay_sms_v11⤵PID:4272
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.ly.tcmy/databases/DD.dbFilesize
24KB
MD53197faca0c97295b3739999fcb31bb5d
SHA142c2c61948389479894f08218d135686991b03a2
SHA256aebcba6e66a598e81e898c96405e68d2e8813f3ecc6e133e60ad3587f6a53275
SHA51273e2f0bd7c01068ea889762449eef1cfd4926648b7f8fc1c59a539fbde6589873556237ff97befda11835a8a5e98e42556d5ced1d94ca34b738b4bc7c9e25225
-
/data/user/0/com.ly.tcmy/databases/DD.db-journalFilesize
524B
MD5cb3f9042e519147b0d560f2588b45024
SHA1638fe2ad6512316b7f6e5b94e7c77f28e87037a7
SHA256577de8e09737bd16b3ea26cae8304693846f123088afeec33cb175970de4468c
SHA51299ece813af92ebad28e9677999a1fc9f658c097ea0598a686972f4a1da7bdb6aa200bcacc21450d0561eb237bb26421899f78ed8afcd42df3af3a102dfe078c5
-
/data/user/0/com.ly.tcmy/databases/DD.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/user/0/com.ly.tcmy/databases/DD.db-walFilesize
40KB
MD52e8427464607ad36bf97dae5b26fa579
SHA168ce4ae14bffb6f4ba8195ad61712ded2eb56b02
SHA256e80bd7df80dd01c5fbbd36862a5947aec2f7a3037193eb0eccc981fb90bd4d0a
SHA512c20972572d9c4eef273851c8f3dd8cf7141e558d8e201d2b273359462a9fffebfedafadfcbf1d2c620ee63eccef44ece57b9598cb5d7f1fb00894c68233e0343
-
/data/user/0/com.ly.tcmy/files/libdmsmsiap.soFilesize
38KB
MD58880f1724ef530eb6635ec6b51e800d0
SHA1398d6c6d3df2c4f2fce11103b1d2f52c7a728749
SHA25613bfb9dedc1b321ce557da5c338bcfbdcfc458fea8b290a1ef88319da9495aec
SHA5128735e03c227c37050ad4c727fca036dffbc1fbff5d9904d2a47cbe57041df60677b13159c5857402a6d96ed15103650ac3c0082810d54d4ebd40a90752e0dc80
-
/data/user/0/com.ly.tcmy/files/oat/plugin.apk.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/oat/x86/plugin.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
100KB
MD5cab9b8f770114d15ed02884c99dc35a0
SHA1348ceba3fee200e104808019253f887f896b384a
SHA256b6bb16a05d03986e24c3cf3fb5699e62c8b6f79ff87a1bfcf015ef44d6e1725c
SHA512f4a0fc739bedd590a3d566ef128437c7bec7c99bfefd395bd6a6c0289f984f260b5bc0cfc17da9b15d1e4c3de4226312e592f786d95e549b5be6bd7f443ae51a
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apk.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/plugin.apk.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/ypay_report_201.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/storage/emulated/0/com.s360.start.times/com.ly.tcmyMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e