Overview

overview

8

Static

static

7

c6deab25b7...4c.apk

android-9-x86

8

c6deab25b7...4c.apk

android-11-x64

8

Analysis

  • max time kernel
    3145255s
  • max time network
    140s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    27/11/2022, 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6deab25b72e7336a8e96132a15b1cf0edd4b49ea00a4fa9f339cff6c259944c.apk

  • Size

    3.8MB

  • MD5

    9e0d944e41ee31422c1f83f8e90a76af

  • SHA1

    46df653ee466beccf39ee2a0b2e371a2a819ff63

  • SHA256

    c6deab25b72e7336a8e96132a15b1cf0edd4b49ea00a4fa9f339cff6c259944c

  • SHA512

    16bb92a880a5d5c05d10629ac9122a1a4815ff82ca59d0607c56280239b2970427887117f4e4d13d222367ada2fa230eaa54619619578fe0e170a3355113ff8e

  • SSDEEP

    98304:u9oQuZJb5A1Cydg2D5qAgoS6lzYQ8dhN/ShYwcRoyPg6x06:tQuZJbWkydzhoa0Q8dhN/aRc+Mg6x06

Score
8/10

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

Processes

  • com.poxiao.fish.zimon
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    PID:4098
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk --output-vdex-fd=54 --oat-fd=55 --oat-location=/storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/oat/x86/com.skymobi.pay.opplugin_v2021.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4185

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.poxiao.fish.zimon/cache/CommandCache/e0925f4379596524e21af2c6199475d5
    Filesize

    756B

    MD5

    f5a7a11dea2df9415365b76905b15746

    SHA1

    fd18de66e3349f063eb2d51ae335fed28f3ba07f

    SHA256

    f23f25e399154a0e033e4701712202a761992d156dee36243fc290c946c27801

    SHA512

    519cd12bdcb98350a1f084dba6560a10dfd9eba1b64d98267e910c0d26364ef508414016f68e47dbfbc0070b434c5a80a9a80724617875cc208d672c8acef313

    Download Submit

  • /data/user/0/com.poxiao.fish.zimon/files/classes.dex
    Filesize

    2.1MB

    MD5

    73bc769b956362d87993b9db69ded54d

    SHA1

    0312481277456a182b64d61423d99f0b7f66a21f

    SHA256

    69462c3f227c6f0da224a51d75a9647a577b486cd2cf12b9e4e23c31a8e95762

    SHA512

    5f9a4d9d68138123161e02fa42bfff8f9a551d801b1c224b7edf53e17dbf91066dc1f33c78f80fbbad1dcdee3afe8b499da2a265927bb6ce4c3d9e200b0c0246

    Download Submit

  • /data/user/0/com.poxiao.fish.zimon/shared_prefs/AVOSCloud-SDK.xml
    Filesize

    117B

    MD5

    6dc79ab0f87a05bf7567abe519743486

    SHA1

    d29301cc1f46d5d1612626517465ea8071879bb5

    SHA256

    9e0e964eb0a3c34f5b6c0f9aa545953f222332eac6ed841bf7c147c5d1cc7aef

    SHA512

    9d8bb4fcdc1cf5a00118d449ea7e0cd825ba1c5ab9f49195f65defc608764b994e28882938c63ec112e29a8c8d051a21af4bf1fb45e10a04874a5bf37d2f6910

    Download Submit

  • /data/user/0/com.poxiao.fish.zimon/shared_prefs/AV_CLOUD_API_VERSION_KEY_ZONE.xml
    Filesize

    123B

    MD5

    f3e930fd6f61a69a9720c35e282db1bd

    SHA1

    747d9ec1e652c30d152976da101680a86f18dd33

    SHA256

    e0c70ec0883b85cf892440de5d4dc3b58bb192eea1ac6412e66bcaf78a4f862b

    SHA512

    c0d29beec0648eb2efeb88353b1576dfb40082af781d45b5027ec65630ddfb10c4f0be73d9612d2800418590c41973982b357ba9ae97c8825f36eddbd93b4a28

    Download Submit

  • /storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk
    Filesize

    386KB

    MD5

    4a1fb248e672d39457f2cf9088c17880

    SHA1

    b500b2528ed6cee5929603b862b14a18655ac06d

    SHA256

    b2831dae43d2dc8daffc919456c244b17f15f5453dca097d665979e7254f8c23

    SHA512

    b434ee9348e7e2717b35c4f64bc71aa58aca634741045b91ec61eea5bdb536ece7449fe8d376f724bb0006cd2bc7976c9695bc3aa47a59a26ab6c6c09096279e

    Download Submit

  • /storage/emulated/0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_v2021.apk
    Filesize

    386KB

    MD5

    4a1fb248e672d39457f2cf9088c17880

    SHA1

    b500b2528ed6cee5929603b862b14a18655ac06d

    SHA256

    b2831dae43d2dc8daffc919456c244b17f15f5453dca097d665979e7254f8c23

    SHA512

    b434ee9348e7e2717b35c4f64bc71aa58aca634741045b91ec61eea5bdb536ece7449fe8d376f724bb0006cd2bc7976c9695bc3aa47a59a26ab6c6c09096279e

    Download Submit