Analysis
-
max time kernel
2949913s -
max time network
134s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system -
submitted
25-11-2022 11:19
Static task
static1
Behavioral task
behavioral1
Sample
b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9.apk
Resource
android-x86-arm-20220823-en
General
-
Target
b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9.apk
-
Size
2.5MB
-
MD5
6c1f28063bbbf063c84122ac3238be1a
-
SHA1
6c4047f27e536f28f49867b15c419d3b26d5584d
-
SHA256
b400c984a30288fb9722e17de289414916eef25a77b06e0184e44928e27103a9
-
SHA512
c64347fed2624bf6e3ba427739db974a6d3d65883672fdbeb7c406d59ec76bbd79cb21d078ef117e1c9682165215541224a0e2f6fa762035c6f787f7a13eb629
-
SSDEEP
49152:+d/potxAIhtJ1npOV9JjQ4WylFnCS4gwqT8vCyDc6jiew38eEV3Q+I:y0xAIhtbng9JjrWgFnCSHWxwiiey8N1I
Malware Config
Signatures
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.main.gm30description ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.main.gm30 -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.main.gm30description ioc process Framework API call javax.crypto.Cipher.doFinal com.main.gm30 -
Listens for changes in the sensor environment (might be used to detect emulation). 1 IoCs
Processes:
com.main.gm30description ioc process Framework API call android.hardware.SensorManager.registerListener com.main.gm30
Processes
-
com.main.gm301⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data).
- Listens for changes in the sensor environment (might be used to detect emulation).
PID:4044 -
/system/bin/sh2⤵PID:4148
-
ls -l /sbin/su3⤵PID:4252
-
ls -l /system/sbin/su3⤵PID:4327
-
ls -l /system/bin/su3⤵PID:4358
-
ls -l /system/xbin/su3⤵PID:4385
-
ls -l /odm/bin/su3⤵PID:4415
-
ls -l /vendor/bin/su3⤵PID:4435
-
ls -l /vendor/xbin/su3⤵PID:4453
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.main.gm30/databases/mydataFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/user/0/com.main.gm30/databases/mydata-journalFilesize
524B
MD52187512b9e0b510ab9d12c4aef13f9f8
SHA19b054eb12f806ca46aba6a4606eda8afaac94fa4
SHA256f95b06f405bdb52bcfea28f093763d26205ca4b01ae011703e0d038300e07bc3
SHA5124a8108b7653a7eb856e6d62103c9d466451134fc42a5628e6381c70a1b726e097238ae177b4cc10010fca4b91b8c1d0841a65d284a7fcd3fb6eac665a815b3d8
-
/data/user/0/com.main.gm30/databases/mydata-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/user/0/com.main.gm30/databases/mydata-walFilesize
68KB
MD59947b6624624af911277c87ba4654e28
SHA18633682940e1f66e42a761a33508ac2c6ead6aea
SHA25660231f14893b6ec2a142ea6ca8bd339fb3fecb1ca2b08b0e576468cde57c66f8
SHA512d7b2631f177acd2026bb04f526ed3b578fb21a8a7404536fd3de65baa10a1a60f73d6a12377d78d32bc7c42e52581f7c901a232a5cf48001eccde979766c5c97
-
/data/user/0/com.main.gm30/files/.imprintFilesize
848B
MD5b6e611fd990792d1f101c43f5b12d52f
SHA1070297bbdd8e1e725ed6e11b84252f141b21a9f3
SHA256d3df5486b9ca5a718cfd8fc6f2f3c4ed9122637ec71123c1929781a363717cc7
SHA512267b6744ffba40ef0bd26e4bc89004f41df329d269fbde0d12c1e4524ce181ae7e837bfa5489b9e5ba48f2ff32409af34dbd0e21472fd02d3e3bdd59840fe29d
-
/data/user/0/com.main.gm30/files/umeng_it.cacheFilesize
211B
MD519cc878f56a28a0b524e713c08e1b570
SHA10b08f466c64da510b8f52e939eab98598af302dc
SHA25653e43a3a3e20d494f23d00f9ef968d7cbc0a1847b76fb87ea764e613eb006f13
SHA5126bbcf0ee869ec4c7cee72c09cac5242df4ea2c07040a38011433fd66371d42091435edb3db862d447c991660139641b2e3783ad1b5a888defa7593880234a422