Analysis
-
max time kernel
2950814s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system -
submitted
25-11-2022 11:29
Static task
static1
Behavioral task
behavioral1
Sample
97a6b7d322e57a659adfd7537c5e420a61ba63a1ccc59a9c41e43d7b0a0bd51d.apk
Resource
android-x86-arm-20220823-en
General
-
Target
97a6b7d322e57a659adfd7537c5e420a61ba63a1ccc59a9c41e43d7b0a0bd51d.apk
-
Size
2.4MB
-
MD5
996daa175d11b5f0c4ef3c368510c0ed
-
SHA1
d571d20fdcb7093d8de6a24368a816413219b459
-
SHA256
97a6b7d322e57a659adfd7537c5e420a61ba63a1ccc59a9c41e43d7b0a0bd51d
-
SHA512
02bf1efb3a459c52b9c2ef53c9989458704834028788bed9ad69acc52fcbf7c02185e9725adbb677100a92dd5e242037474f8976bb61db3f8e25c7e6b430e82d
-
SSDEEP
49152:6wJFY0VVzQNups9t8u+rmHiEmVG6w5PjAsTMXkbrJD:9Ji0Xsv+6HMmJjAsT5b9D
Malware Config
Signatures
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=&com.ly.tcmyioc pid process /data/user/0/com.ly.tcmy/files/plugin.apk 4345 /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.ly.tcmy/files/plugin.apk 4058 com.ly.tcmy /data/user/0/com.ly.tcmy/files/plugin.apk 4058 com.ly.tcmy -
Requests dangerous framework permissions 5 IoCs
Processes:
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.ly.tcmydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ly.tcmy
Processes
-
com.ly.tcmy1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4058 -
getprop apps.customerservice.device2⤵PID:4180
-
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.ly.tcmy/files/plugin.apk --output-vdex-fd=53 --oat-fd=54 --oat-location=/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4345
-
com.ly.tcmy:milipay_sms_v11⤵PID:4213
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.ly.tcmy/databases/DD.dbFilesize
24KB
MD53197faca0c97295b3739999fcb31bb5d
SHA142c2c61948389479894f08218d135686991b03a2
SHA256aebcba6e66a598e81e898c96405e68d2e8813f3ecc6e133e60ad3587f6a53275
SHA51273e2f0bd7c01068ea889762449eef1cfd4926648b7f8fc1c59a539fbde6589873556237ff97befda11835a8a5e98e42556d5ced1d94ca34b738b4bc7c9e25225
-
/data/user/0/com.ly.tcmy/databases/DD.db-journalFilesize
524B
MD53fef30366a87e5d3fcc3c76cca6f85ef
SHA1b10e0f25453f7afc22491e20ffe738865a349b08
SHA2568f37ba06bbc3b1e4e2baf33e7d37c23440d448c8f828bc3bae8b9ad4b12ea6d6
SHA512b27787a15ff166c78d0f33703d1c731353e344d97528fc774a627ee94c86cf6483dafc54b168d95bbce244a4f4d9160cdd69b01919ece44ea847ce93dcdf019d
-
/data/user/0/com.ly.tcmy/databases/DD.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/user/0/com.ly.tcmy/databases/DD.db-walFilesize
40KB
MD530609ab4ae3fa8fc8c8beb3b1a786fd4
SHA13808eb59aaf9860f055ae8a6b0c037edb0144bdf
SHA2560bc9d81b6ad78143a7a8114c787d541a5171f5f54092162e2fca1ca5fd60c07d
SHA5129b32f91c4ce89221f29e4c269160c7a971a3274f595629a8bc6f48c578662ca07161b4caf91d513019ee867f5615c23b43511950dc20dc649a651a5c74f643c3
-
/data/user/0/com.ly.tcmy/files/libdmsmsiap.soFilesize
38KB
MD58880f1724ef530eb6635ec6b51e800d0
SHA1398d6c6d3df2c4f2fce11103b1d2f52c7a728749
SHA25613bfb9dedc1b321ce557da5c338bcfbdcfc458fea8b290a1ef88319da9495aec
SHA5128735e03c227c37050ad4c727fca036dffbc1fbff5d9904d2a47cbe57041df60677b13159c5857402a6d96ed15103650ac3c0082810d54d4ebd40a90752e0dc80
-
/data/user/0/com.ly.tcmy/files/oat/plugin.apk.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/oat/x86/plugin.odexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/oat/x86/plugin.vdexMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
100KB
MD5cab9b8f770114d15ed02884c99dc35a0
SHA1348ceba3fee200e104808019253f887f896b384a
SHA256b6bb16a05d03986e24c3cf3fb5699e62c8b6f79ff87a1bfcf015ef44d6e1725c
SHA512f4a0fc739bedd590a3d566ef128437c7bec7c99bfefd395bd6a6c0289f984f260b5bc0cfc17da9b15d1e4c3de4226312e592f786d95e549b5be6bd7f443ae51a
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apkFilesize
163KB
MD581e64540848fb2409160838dba7e4e78
SHA193fa0283da753581f6bfedb9ec6e2c43597a72d4
SHA25626bbbc7fe2b7ccfebc15c5ba9f6d6497f9446e9a802ef46c0e770b52bfb8cb4d
SHA512fb2565eaf7d417dc9f62ffb266eab2ed5a4031d010f950603774fe696a3c73b63203f0fb714c9a045101ff13631a2305695204a4c0cb05e47ca4bc5a863e93c9
-
/data/user/0/com.ly.tcmy/files/plugin.apk.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/plugin.apk.x86.flockMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/files/ypay_report_201.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.ly.tcmy/shared_prefs/r.times.xmlFilesize
101B
MD5e1ef566249ba7c829ebda3149f605e76
SHA1505f2a0c7c6a3375f586ce4a2135c1f954bd85b4
SHA256072eca118e60a7a559d36431f0492232d1ed8753c0654c95910b9180bdbb66ab
SHA5125c836ada1dac78f358354876635e58890a9ad2152842ae4190b362a549d23b0a8913168529a948202120bb9883544d901eded1f28739e899c35bdccbd53e8e35
-
/storage/emulated/0/com.s360.start.times/com.ly.tcmyMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e