Analysis
-
max time kernel
3174821s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system -
submitted
27-11-2022 12:01
Static task
static1
Behavioral task
behavioral1
Sample
d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75.apk
Resource
android-x86-arm-20220823-en
General
-
Target
d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75.apk
-
Size
1.6MB
-
MD5
0eb9c30c2e441378a238fcbcb0806284
-
SHA1
de537b784be0a049bfccd7cba16bea4e19eea129
-
SHA256
d2184259736beae96e622b742e8e01e6e9fb5a4a61f23497a83fcd0c8c492d75
-
SHA512
694ca8f8b59a5ca407b4f1d6c80606aabc2e18263634095756b86890dfb412c024e157573e5cb454348c0135f0c296dd2b6ab8187db66474cf0ef83bc603b2d9
-
SSDEEP
49152:VN2BysmpE0mzjao/oM3K2YJzsIKodKOOxhn3vxOkeKLhRPPrZDyUVaxVO3Xn/W3P:VNKyNeTQM3K2Y9dKN1AkeKbPPrZDyU/+
Malware Config
Signatures
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
org.gsan.medie.zwdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation org.gsan.medie.zw -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes:
org.gsan.medie.zwdescription ioc process Framework API call javax.crypto.Cipher.doFinal org.gsan.medie.zw
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/org.gsan.medie.zw/databases/access.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/user/0/org.gsan.medie.zw/databases/access.db-journalFilesize
524B
MD544ef2d25c0e4b4dd891ddee15223eb8c
SHA159ed4a7440d0c39ce17366201c28a0e0b7a9b3a0
SHA2563bbb22a5db66b909adee61c79dd74d6fb0dd9777c7336a3160a5c8ce24ec1da0
SHA512b1bf5650c02c94bbcf0fcd37ffb45ef92e7386db90be76af1934be453c0e32d44e5e008a6d595179e2ef4e207ccb25e471886f032f479601e8f04dd926d7fa00
-
/data/user/0/org.gsan.medie.zw/databases/access.db-shmFilesize
8B
MD57dea362b3fac8e00956a4952a3d4f474
SHA105fe405753166f125559e7c9ac558654f107c7e9
SHA256af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA5121b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
-
/data/user/0/org.gsan.medie.zw/databases/access.db-walFilesize
32KB
MD5a9196488977beeb7676ca3020b7f209c
SHA1d127c385d928216f60559e49d4b5618fa8734914
SHA25661f83d77e63e0b7d02d664cef96a326731226d841b7f50e9221bc1677376a2d3
SHA512a1fea3c8fa3a80267ee0631dfef80f191a4204949803009e91a5c09909f00e4a9a538a0cbfc32caf58bf5029216e66f03e6a12a91415e438c7c30389c9eaa6ca
-
/data/user/0/org.gsan.medie.zw/files/__local_stat_cache.jsonFilesize
25B
MD52d805b13f2f28dc3ca9bbcc000f49bb5
SHA19eac165b4d81258fd3967cde5cc53b53b1dabcb1
SHA256c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19
SHA5125db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0
-
/data/user/0/org.gsan.medie.zw/shared_prefs/pay_xml.xmlFilesize
119B
MD556be6b759e25d6f84fad17cf6f0af4a0
SHA1769b9b85217158e11ad1ac346537143f3b291384
SHA256742af9555a7b1c52ff65092c7809add85e5f66dc01b337c7994b10149e9dfcc2
SHA512591ab4bf27cf5b08b3cd5690e1c290f487d7e787f03c25e120f63aefa53d31de5df7a47ee342db5c2784da71fcdb862ad74eb68416e3fd54da9db5c4217ddf5d
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
89B
MD57660af1c82048335faf5653c262ae56c
SHA17545f05cc9021e5ba41ab72618e12af197f3eb90
SHA256653d2f0a260cb69caf9605e912b807f7eff135f8358bae90ea6761958dee36b3
SHA5126b0e48de7ebd03c916dde96f74d00955d9da7185914da547e1fe9a1b1bddf83bd20a62d5be44ade4754aad3e077607baeb1afb660bebd02b3a72e398e69c4d30