5f78c2f536bff9ee5f83a259f3270e57aa89e751c2efd3bb1c704d98fb4c7c9d

Analysis

max time kernel
3075885s
max time network
156s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
26-11-2022 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f78c2f536bff9ee5f83a259f3270e57aa89e751c2efd3bb1c704d98fb4c7c9d.apk
Size

637KB
MD5

1ddc2b61b1ea2c5c830ca0bc29065f65
SHA1

ff070490ea4a9f6d1ca632c85097faf501e2f0df
SHA256

5f78c2f536bff9ee5f83a259f3270e57aa89e751c2efd3bb1c704d98fb4c7c9d
SHA512

a93715bdde01e16334d7924fae6a937bfe245e4675ce31ddbc4b46e54003d813d0c8b2069a8400f2e27e4b5ecc353a9f0281f9958b858be8b2c1a8b535216c4d
SSDEEP

12288:jgFKPs6PsPhTx8EkCOXTRdS02Q6XRSnn329Hfdcur1yBUcJHsxPDeH3coET:jgFAnscNXVdSDQ6BUn32d1Zr1yCcyDT

Score

8^/10

infostealer ransomware

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

com.qytc.mmxdy

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.qytc.mmxdy
Reads the content of SMS inbox messages. 1 IoCs
infostealer

Processes:

com.qytc.mmxdy

description ioc process

URI accessed for read content://sms/inbox com.qytc.mmxdy
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.qytc.mmxdy

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.qytc.mmxdy

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qytc.mmxdy

description	ioc	process
URI accessed for read	content://sms/inbox	com.qytc.mmxdy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.qytc.mmxdy

com.qytc.mmxdy
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4090

/system/bin/sh
2⤵
PID:4155

ls -l /sbin/su
3⤵
PID:4249

ls -l /system/sbin/su
3⤵
PID:4292

ls -l /system/bin/su
3⤵
PID:4320

ls -l /system/xbin/su
3⤵
PID:4338

ls -l /odm/bin/su
3⤵
PID:4358

ls -l /vendor/bin/su
3⤵
PID:4376

ls -l /vendor/xbin/su
3⤵
PID:4394

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.qytc.mmxdy/databases/DD.db
Filesize
24KB

MD5
b6e72c0aa36915aee5125aee6571ea57

SHA1
d67e6fa8999d98ad4b24ab4396226cb09889d0f2

SHA256
1e5595568d67754cc2be6dcc26146eba61250b62e637d377e6507ffa97fdd378

SHA512
06cb0872439e0773d0bc1ccb0bb54642f24fbcc0d01865c9e425394ed1a398b24a6d836f5c197d03220dff55b61844e3a95d0345f64114ece427379975c53f3f

Download Submit
/data/user/0/com.qytc.mmxdy/databases/DD.db-journal
Filesize
524B

MD5
dc95ed5649ec863f6180149502fa69b9

SHA1
78f33aace719ef0a5a874982ebad4c3c48e50001

SHA256
a60ee3f5018738dc739455839871339b6a102d2085cdef9e8b4479038c3961e7

SHA512
6bb337b8aedceae091aaa572018effdc091f3f00d9add6d1800ca222ce596f77bd62034f6f3c9fdb10365a18a694dbd11c85e5232c0134a50e27118fdabf27ba

Download Submit
/data/user/0/com.qytc.mmxdy/databases/DD.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.qytc.mmxdy/databases/DD.db-wal
Filesize
40KB

MD5
590cad3601d1d672c3192d7fa9f2b8cf

SHA1
0f964cbc378f6c80319a8bc0d8657c0e4fb9fd3e

SHA256
d8f4259fcced93c163395d6a7915b11d394a4a78e733e9fe1af12a975ac35ac7

SHA512
338f4c21599684fe9d76a5468a95002f3def0f12d405e595e7a93c6c9638ce036ae362302a033fe9e91e546f46606d8f3f8860da5c98fa4a1f50da327b7c40fd

Download Submit
/data/user/0/com.qytc.mmxdy/databases/mmdy.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.qytc.mmxdy/databases/mmdy.db-journal
Filesize
524B

MD5
558f16831474cacdc1d9b7a4f0a8aaa6

SHA1
41ca95e382290e1dddf873178e5679f48ef60e59

SHA256
531230171e4b7b6269632e338d72b363ee9849346326e6988cd0545a31643074

SHA512
27a8b2b45b9d37f31aaf11de86d8460e6cef003c87ff579d62e56cfa1f5699b2701c315b5e62270f04f32dcfa5f5f4e1b1cf708677d7706f7f2542c05b20538a

Download Submit
/data/user/0/com.qytc.mmxdy/databases/mmdy.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.qytc.mmxdy/databases/mmdy.db-wal
Filesize
36KB

MD5
c2b9dbbb752b6db9df8f6dc222112925

SHA1
68e4a6b8dad8cf2db936413d6859ea4e99789bca

SHA256
dddc1192427dd6a161f57d2074c3069967dbf77df24c4ceb4a4430fa88d48809

SHA512
11f661e9a83380f403db86c45f1c1fddce36b315da573b709d0de04910451403edcba09deb3afa53b6ffde77fa19f8662c0533fa4053adfed8f1260a3e1876e8

Download Submit
/data/user/0/com.qytc.mmxdy/databases/qy_db_pay
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.qytc.mmxdy/databases/qy_db_pay-journal
Filesize
524B

MD5
a1092de5390e4847220574bc10efc7d9

SHA1
5e0acedc2c418e60083a1afe42299ccf22177d32

SHA256
f191ac65635e7c377f74e0fca78bb7838680cfde55e18e7d29fae30202828c0b

SHA512
8b2ed9641c92673ab6c8e77aeb6828879bde1e2fc3732045cc288cd50b07dca0b5cb0a8024500256139715a53a6f6d2d2c79307d56c488ae930a09785e11e4a4

Download Submit
/data/user/0/com.qytc.mmxdy/databases/qy_db_pay-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.qytc.mmxdy/databases/qy_db_pay-wal
Filesize
64KB

MD5
70bcaadc8126a393bf6b21791f9dbcd6

SHA1
5b7d64963869ba753c8e641f14b3b1de2e137633

SHA256
8ff05f17d89806e6d04ec2db07cbe08b50ffa6f41889282967126c77d2756a84

SHA512
fd9440c32181a8da609c7e0a0bc633fa971de603dfa007eb4dbaece94b2a1e70365d9769e11cc777003a1633abd620318b7ba7d626aa8defb951dde993a0dd35

Download Submit
/data/user/0/com.qytc.mmxdy/files/.imprint
Filesize
850B

MD5
699ea241f2404d393dda5dfd2b78eeff

SHA1
af904713b73a889ee26a4a63cab93be45bcdeafc

SHA256
5c7b0174f69402ffb2f4b1b1c57f67be487a014f288d898bb29a6a0446df78d6

SHA512
08a8abbb1d0d43616561c6e1c97174b7a4f4fc9458797dd1b902193122774518463ee1702a88b79967bff2cde4217c7664576f8bb63f1ac8b534cb8826b40ba5

Download Submit
/data/user/0/com.qytc.mmxdy/files/umeng_it.cache
Filesize
211B

MD5
f20f0dff63d61f35ce723d0e244cdeb0

SHA1
3df128fa5e552a0b157f6c169a4419e021356099

SHA256
ef1f90cd16fd57a9c87068be2a29d08c5a4621d6800249a17be04a9485d5f3ba

SHA512
bb3f1bb90cd9971c54850d987c37e6e4b6d2273936edc3a5bb55024a9fb3c2e1545dcc9b2e0873d02c51459cf57edac63f5181edd459e80f7a31dfdb01c2e733

Download Submit
/storage/emulated/0/cache/user_cache_mmdy
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/storage/emulated/0/com.qytc.mmxdy.start.times/com.qytc.mmxdy
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads