dfd47aa123635cce905c17847f2ebd6365d2cbaecb3b4419c8adb81d68bb4faa

Analysis

max time kernel
305614s
max time network
130s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
02-02-2023 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e968537b34c1810f097d765c18bdd55f6509b61.apk
Size

3.0MB
MD5

c995e8ebe3df4247920f4b65af9e6e59
SHA1

6e968537b34c1810f097d765c18bdd55f6509b61
SHA256

dfd47aa123635cce905c17847f2ebd6365d2cbaecb3b4419c8adb81d68bb4faa
SHA512

d939c1b0820ce0b33be574efbadd5ba7f59aaaf9dd0625cf46b0a899428128776b548584d94e411c5b4fb52f64a1588f05b5fcc19e573106036944ac35f06176
SSDEEP

98304:f7O2qP9PivrPEDPPJPh0c0PDPAWsIb5CbAt4nfskRcYTwrRTc:RnobAa

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.

Processes:

ikey.yang.google

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation ikey.yang.google

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ikey.yang.google

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_oouj/kkl.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/ikey.yang.google/app_oouj/oat/x86/kkl.odex --compiler-filter=quicken --class-loader-context=&ikey.yang.google/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/ikey.yang.google/app_zxlk/oat/x86/bvfg.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/ikey.yang.google/app_oouj/kkl.jar	4143	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_oouj/kkl.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/ikey.yang.google/app_oouj/oat/x86/kkl.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ikey.yang.google/app_oouj/kkl.jar	4034	ikey.yang.google
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip	4240	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/ikey.yang.google/app_zxlk/oat/x86/bvfg.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip	4034	ikey.yang.google

Reads information about phone network operator.

ikey.yang.google
1⤵
- Requests cell location
- Loads dropped Dex/Jar
PID:4034

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_oouj/kkl.jar --output-vdex-fd=55 --oat-fd=56 --oat-location=/data/user/0/ikey.yang.google/app_oouj/oat/x86/kkl.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4143

/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/ikey.yang.google/app_zxlk/oat/x86/bvfg.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ikey.yang.google/app_oouj/kkl.jar
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_oouj/kkl.jar
Filesize
249KB

MD5
8de49340f3a3e2b4a26a752db9cfc501

SHA1
3042d702a9d41555db3cb3bece25a43cf239bc9f

SHA256
045a4117f34d2f15efd34e2e365af3a52181d8dafdc857a14cc200e327565748

SHA512
6e949b28dbe5e899e155fd4c635d6ce703fe359b12ac720834c6ee62da1d5a52792ba7cbb16bab28d96512f567a35f25ba4cede9558fc877e371da1e2f3aa09d

Download Submit
/data/user/0/ikey.yang.google/app_oouj/kkl.jar
Filesize
249KB

MD5
8de49340f3a3e2b4a26a752db9cfc501

SHA1
3042d702a9d41555db3cb3bece25a43cf239bc9f

SHA256
045a4117f34d2f15efd34e2e365af3a52181d8dafdc857a14cc200e327565748

SHA512
6e949b28dbe5e899e155fd4c635d6ce703fe359b12ac720834c6ee62da1d5a52792ba7cbb16bab28d96512f567a35f25ba4cede9558fc877e371da1e2f3aa09d

Download Submit
/data/user/0/ikey.yang.google/app_oouj/kkl.jar.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_oouj/oat/kkl.jar.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_oouj/oat/x86/kkl.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_oouj/oat/x86/kkl.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip
Filesize
175KB

MD5
8626ba1999b4824c5af0ee03738c087c

SHA1
167eaeae1b1672c0b9c8422d07f17e9ba83447e8

SHA256
ffa0eda060308365824416efc5cbb421c5a36686c98ab507c5e939d1bc3d094a

SHA512
3ced469a9173834fb89b79243c4bdd5f6e4d9765e9f7a11509ec707b59dc6323773904db7c6e009fd6fa053efa9d31e0fe690c2209c94e153c0fe6cf3a12beea

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip
Filesize
175KB

MD5
8626ba1999b4824c5af0ee03738c087c

SHA1
167eaeae1b1672c0b9c8422d07f17e9ba83447e8

SHA256
ffa0eda060308365824416efc5cbb421c5a36686c98ab507c5e939d1bc3d094a

SHA512
3ced469a9173834fb89b79243c4bdd5f6e4d9765e9f7a11509ec707b59dc6323773904db7c6e009fd6fa053efa9d31e0fe690c2209c94e153c0fe6cf3a12beea

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/bvfg.zip.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/oat/bvfg.zip.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/oat/x86/bvfg.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/app_zxlk/oat/x86/bvfg.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/databases/mzw_new_downloads.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/ikey.yang.google/databases/mzw_new_downloads.db-journal
Filesize
524B

MD5
06d7a9d571fb074b2e869acf6fe68da6

SHA1
fbfbfc3fb5541ed66bd62585e5528228fb045f30

SHA256
6742f67755f9ec74042d59fc8f19efc579f660978af7bf7fcecb3f16bdca4d34

SHA512
803bd68ab8ef7b484baa74bc220d4b6910d42a341519df9fd2a0cdf79490a64f2a5024958ddcaebe24e63224cf55a5c363ed89466d61b882fb1320404e4a8355

Download Submit
/data/user/0/ikey.yang.google/databases/mzw_new_downloads.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/ikey.yang.google/databases/mzw_new_downloads.db-wal
Filesize
32KB

MD5
63c6d476f8c1628776b0488e46a91896

SHA1
8342715a8ebf29a0fd7f2e90948030c5ffc1e1a7

SHA256
07468e17f0f33948385af74a76fa3657331085137e5f7a2463dd5a891cb1a8de

SHA512
8042e4d75445ec389e7e10ff6df81940cafb1f2788a42270f24ef5a0123d5ef142666e55544801442fc501f51672424ab8f0d17dea3e229bbbccf25ec7818579

Download Submit
/data/user/0/ikey.yang.google/files/.imprint
Filesize
858B

MD5
18ac72df990c79101f5f6db0883ddcfb

SHA1
c39822fcf67155859b74f21558dbb6808e9bea6c

SHA256
98dd06dad1eb06d2d98b8287fa6d1f793194980b64026a1e5269c8c04798dc96

SHA512
d37b6f8e1b43a01dda8dbaa80a1aab43351356e1b3bbd29d1df0fdb92e252498043c9bc855ae714e975034050fbfdaea51f71d45f569ff927295132506974693

Download Submit
/data/user/0/ikey.yang.google/files/mzw.rom.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/files/mzw.rom.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/ikey.yang.google/files/umeng_it.cache
Filesize
211B

MD5
ad5d5d05327a912753155e6c552e496b

SHA1
be767addf37740cd70fddc41cf5d4bbb40b2f40c

SHA256
cc35c29782e8a5eb1b13ab9980ef8a529a6f8174ae578def1709d64b8a681a33

SHA512
174e717b54919ac26b9b24c4fc20abe81ce4a53c7657e30230831c1f94376a4e397a317fceb24cd54be07ca9714641f046f593f8c529a586932a9f484eb6eb41

Download Submit
/storage/emulated/0/Android/data/com.muzhiwan.gsfinstaller/db/mzw_local.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/Android/data/com.muzhiwan.gsfinstaller/db/mzw_local.db-journal
Filesize
524B

MD5
e7bac82f294a2f5bd00516e14e79d394

SHA1
63b6d71b931f8af709733da0d59f2efa6aa5336d

SHA256
9a1098175bca363516dd62441e691fb265189a9f848406a70064adc5902bda28

SHA512
fda818cd85f175725309a92bd2f64d82e378fd820da27bcbf4f35dd3bb9bf1ec0717aa583699700fdebe2be21bc9c8dab12e31e2071d094ef61058493cde89f4

Download Submit
/storage/emulated/0/Android/data/com.muzhiwan.gsfinstaller/db/mzw_local.db-shm
Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/storage/emulated/0/Android/data/com.muzhiwan.gsfinstaller/db/mzw_local.db-wal
Filesize
16KB

MD5
244d03f6c0b5531af8e24fa37efd7e21

SHA1
46b2c9bd820585bbd250c9d7582a8dc92790fa27

SHA256
a70926aaa9e430f8b84879bc123da662c301e7aae46e81f61c3e3eb84e1027a3

SHA512
1794c81ed3aa76c6b92357087fcde3001c7e26d234fdfb97e8f7770e073b2fdf94cb385c011d1a74d9dc7ed96f5813812f51cbf4c09f670c271a2c51f121ba92

Download Submit
/storage/emulated/0/ddad/log/ikey.yang.google.txt
Filesize
94B

MD5
730612df8e1376c8a2b275dc4a5cadcc

SHA1
9f2ebb8e29571f2b8d86f77da6ab0656ed37455a

SHA256
3238c32809eda6d4739f48b506d4a45784ff281b0c7121af5122aab15c0e19f0

SHA512
856b6c82b5ea3d364de3bfe76f26f63018fb9e40015476258f88f1ba97556854fa2f92332d78028e10171d601d8d589843427180e521168acb32f6d3feafa54a

Download Submit