Analysis
-
max time kernel
3019382s -
max time network
23s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
26-11-2022 00:59
Static task
static1
Behavioral task
behavioral1
Sample
71997511667292c0cb1614db0dfa5ee631162306caf111ce6b7cf481abced748.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
71997511667292c0cb1614db0dfa5ee631162306caf111ce6b7cf481abced748.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
71997511667292c0cb1614db0dfa5ee631162306caf111ce6b7cf481abced748.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
71997511667292c0cb1614db0dfa5ee631162306caf111ce6b7cf481abced748.apk
-
Size
1.3MB
-
MD5
33e0a5e137e49f2085da5d1f293e9739
-
SHA1
2f5ced3499135171c84e0841978d6a49d6674448
-
SHA256
71997511667292c0cb1614db0dfa5ee631162306caf111ce6b7cf481abced748
-
SHA512
340c9c007ed3795b6ea169ff02c2f873da4152b73b47cd16875e9c2d639b821d4bd06ad296022fe2b4305519243deb112b9148f4ea2d760415f25821addb914c
-
SSDEEP
24576:Gw8Ruk9AYGo+b+jj5Fju17Jf8i6CAyEH3Aq7K69kAU+QRoY4ml107Nm0:+Ruk2Y18etFWE9l3Aj69e+yaNf
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.yatv.sfhe.sfgkioc pid process /data/user/0/com.yatv.sfhe.sfgk/app_tjc/joy.jar 4362 com.yatv.sfhe.sfgk -
Requests dangerous framework permissions 9 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.yatv.sfhe.sfgkdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yatv.sfhe.sfgk
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.yatv.sfhe.sfgk/app_tjc/djoy.jarFilesize
66KB
MD58623c5b204f28d719f70171fc76a8f0a
SHA132d1adce6866129418e56d72ea2edf53ae89d809
SHA2563d8404eeab00b8dca0171ee2db094a148f20b60048ed649cbfe2679ea9d0c9f2
SHA512c4353dbd6c2bc2556a177433e13d496de04275c5f3d9cc3d5e2b2dc3cd7e5f18ebf78da7af25d5a74e75fae1504977245690c6e3f17477b29fc6f78d5f608baa
-
/data/user/0/com.yatv.sfhe.sfgk/app_tjc/joy.jarFilesize
135KB
MD505713d12a1ea98ea926d816abb1a9f1f
SHA1e3750af4088d00f89bb33f3e82913c70e6f7846d
SHA256df8365b4141e8a004bdb6811e7571146930e657778ef72ecf369d6489b6e8aa5
SHA51271e82be95ecff5c2feb5ba39089d635917d8ee91f80556c6c17b8f06b6f0d6e0f1e8fde8dcd83d3a02fa8859026fa3018f3cc43eabae57d833bf1505df571410
-
/data/user/0/com.yatv.sfhe.sfgk/app_tjc/oat/joy.jar.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.yatv.sfhe.sfgk/app_tjc/tjoy.jarFilesize
66KB
MD5d3af56566d5e3a332b90f519744814b0
SHA174631d6345651b363b1934358af1b3bdc54a25cb
SHA256a5484aa0aa4b943eb1577e670d425783fc6b345580d85605e8b81480e432a10b
SHA512debf6e14cef97968c8199cb04adfa6a2fbe937ee67f841d0751148230c60446addab000ab53e2f53a41eae1e6076b83ccc7c32aca235fd7abd9435424f1a0072
-
/data/user/0/com.yatv.sfhe.sfgk/shared_prefs/joyssp.xmlFilesize
303B
MD5d8de6910c0a6ae11c4a4a4bc31bd5314
SHA180a239b266d52073873f4f2b450f0e3b20ff6622
SHA2569894f6ac814212a02218e4448db53c3d4fc0a8f0a8936e2bf6e5464638fb47a9
SHA512a210bf5c796e9b5addfbb363ba3a636e7b29f3fd5d640a3c852ad0aa5528fc1b5da68eb3732a14191a1b9149940df0872781fd157bb22d42f50a8ec9541c5267
-
/storage/emulated/0/.cache/apk910Filesize
971KB
MD5d799110c8c99a6a675db399de5af9303
SHA1b751946e1859a230ebafd3d5d7ae4985c7c00f81
SHA2561bcae094958fa55a9b525e12429511055add9a19afd6361c0bf2930cf1eb3706
SHA5121b9acf871f240ff53af60fe3983599092a83395858d133576712b9bbb15fcabddb7d6488f82df48a025b27478a91303b180ad4fc6a9184ca9aefa7ac2952f382
-
/storage/emulated/0/.cache/meise_910.apkFilesize
971KB
MD5bbccb604ba0ddace07d546d51d4ccb43
SHA13bdaa64acd5e89d5a83f4bd5dfbef2f70be173bb
SHA256f4aaee4364330da8b373c6d0278e43ed2eb2ea3ca1eb61fca45bb08d2b76bdee
SHA5122fc10a5e7e7bd15a2cc7c876e3eb174a7e7e6553636fee49e12758789d7b6bea46fbc1460017a61ee1539dbde37174db2987ebb432777fc1a9bb796fc47a7926