Analysis
-
max time kernel
3019286s -
max time network
18s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
26-11-2022 00:59
Static task
static1
Behavioral task
behavioral1
Sample
5d360365f36b3bbfa01fff50708e0219c6917e06d4337244d8dbd89f4997a610.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
5d360365f36b3bbfa01fff50708e0219c6917e06d4337244d8dbd89f4997a610.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
5d360365f36b3bbfa01fff50708e0219c6917e06d4337244d8dbd89f4997a610.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
5d360365f36b3bbfa01fff50708e0219c6917e06d4337244d8dbd89f4997a610.apk
-
Size
1.4MB
-
MD5
89b5190c68bb9412604739432d1d8dbb
-
SHA1
0968a28059ba0c6675993ecc9e406ec771389054
-
SHA256
5d360365f36b3bbfa01fff50708e0219c6917e06d4337244d8dbd89f4997a610
-
SHA512
de0cba1bd44730436f71f2012a195ecca192295182830a2e5890295c73882ed9a7e3a60cb2bbeddf029f87bd9bff3ac3f8915c3ab047fae4ed8fa901578ec8a2
-
SSDEEP
24576:p2kg1PysH1IG/lJSrxmHM/joO66bxJhHQgBtTGb2UexfSXQ9A:ckOKG/TgxYojVbFrHQg+b2UEST
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.yiti.alzo.vqaqioc pid process /data/user/0/com.yiti.alzo.vqaq/app_tjc/joy.jar 4551 com.yiti.alzo.vqaq -
Requests dangerous framework permissions 9 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
com.yiti.alzo.vqaqdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yiti.alzo.vqaq
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66KB
MD53a5459e2588339ad9a58f7e01dd01bfd
SHA1caa5b321fa0af1088e89a45aff3ec22c56d0e23c
SHA25671aeba82d5a026045c1a948619f7e6eeda7aecd47adfdb5214a4dc88fc031b5f
SHA512259165b473484943621516961ec9210c5f47d5ddcee684dcf355b947da5cab9a1ea9ef66a31de6ccdc5bfe97793ea0d4b949e712f92b54ecef5ea54c90cc10e7
-
Filesize
136KB
MD5b56ad47fe9a822fe92f5c41dab5e7e00
SHA1515aefc139aba5cef4a3ca1d3b049d5fc5ef2756
SHA25645e8ca48d30254ab51f49ecfae7174eae077121ef85efe0dae766805703bace1
SHA512855555473bf35c97ecb97f15dd6f64022832e83267e83ff59ebd1ddb18955a9e50001281194764fe215677016bcacfa99181c4b795ba31a0e6829ccd937c46ca
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
66KB
MD59a12ee969415d644425658414bf1525c
SHA1e8056942689e5fda9efa763d4eb9facb570354b6
SHA25680507cb9b844d3593e1a644c2ffb22ffb9a8c05b1c3f8591dbc068ae3cf9d104
SHA51212c1975da15ed7b9e115dfbb1ebb2d372d4f58858992e6c62e8d6c798f41c900f15689ea521d0c4660b15bce8e7f43c4aa48ec89aa7060a7db7c47900aa308f4
-
Filesize
303B
MD5d8de6910c0a6ae11c4a4a4bc31bd5314
SHA180a239b266d52073873f4f2b450f0e3b20ff6622
SHA2569894f6ac814212a02218e4448db53c3d4fc0a8f0a8936e2bf6e5464638fb47a9
SHA512a210bf5c796e9b5addfbb363ba3a636e7b29f3fd5d640a3c852ad0aa5528fc1b5da68eb3732a14191a1b9149940df0872781fd157bb22d42f50a8ec9541c5267
-
Filesize
986KB
MD5d6deff5a2c12fa7a337f58fc1b79c317
SHA1fe5956fec18fd70e624d72169f104cbe2b6ad56c
SHA256f8cf79a0cf887b9f5ad395e37c4daf768d730511dd30f43c4c1c1bf4f47c69c7
SHA51289e59243a7d24918c02c0c04419057a987740ea47eb4d0556e27da49dc073a7c60e0af0b80ebca7d9e4d196740a28607dbc2e1c620d917ffc160c6dfd7839da1
-
Filesize
986KB
MD5da97c9da3461ffc5b3b7aa880819454e
SHA1c0b511844484f80d82f6d3a38db7bedabc08ae61
SHA256730a9f830778a061a7c874761048fc4c6e668998ac4a2c0f26e2e84b8a020970
SHA512b4d96d129d60bd49c21747422ac2d4c48c14d11e6adb6bff88055b8e63663693900e343b48a0f416cbd48a4328fda961a452952581867a933921841a37c0ee3d