Overview

overview

7

Static

static

7

Mi+True+Wi...TA.apk

android-9-x86

7

Mi+True+Wi...TA.apk

android-10-x64

7

Analysis

  • max time kernel
    716948s
  • max time network
    38s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    29-03-2023 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mi+True+Wireless+EBs+Basic+2+FOTA.apk

  • Size

    5.7MB

  • MD5

    bfdab4ab2c1c8929d60174e6aa9dddf5

  • SHA1

    bf869e68a6c9381619bb577d937e7d0666dc6ba9

  • SHA256

    40eaed1f1ef51246d127696f70240b9fa41877c12292459f4811069b7d8ef47a

  • SHA512

    1f4b7d860ac452cd979a195581669005b5d62af4f72461526d38d6a15fc9ea576382778b743936b8241c8a700d4bbd82bb6aab14e18326017761cd1bc477c1ee

  • SSDEEP

    98304:TH/mtWKbQN/9+eFQhn+IzH/+x702Zdv8BVUyexh2dt54HffrCPPNZ:LCbk++QpVCMK2eqZ

Score
7/10
ransomware

Malware Config

Signatures

  • Checks known Qemu files. 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • rtk.xiaomi.apps.ota.t29.overseas
    1⤵
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4098
    • /system/bin/which su
      2⤵
        PID:4136
      • logcat -f /storage/emulated/0/T29/saveLog/2023-03-29_02-18-52.logcat -v time
        2⤵
          PID:4266
        • logcat -d -v threadtime
          2⤵
            PID:4303
          • /system/bin/which su
            2⤵
              PID:4352

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/app_crashrecord/1004
            Filesize

            243B

            MD5

            1426c6a03c70c0cde9b00c8ee8c42d65

            SHA1

            37c70c1b144fa3b36bdc766f10b7af7a09ca101d

            SHA256

            91e788bb82c98102530bcccf30e514d0b636b921105a709f34961cb0528e2a7c

            SHA512

            f977132205c40ffb01863542f994e0a2266b6ec5583634906781de7504a344537a4057df51d14414d2066777955d2c622830ea5c9658fa20aa2f860966bd8927

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_
            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_-journal
            Filesize

            524B

            MD5

            2958bb283adee49a298414136f1ba1f0

            SHA1

            64b18105b809d02655cd0260a6acca08e2503ecc

            SHA256

            d635071e5dc9c9aba4437ffafc55f6a5f01534a2514c1e3f39eede31bef2b7f6

            SHA512

            4a6a918828d5a8a482bc59da240199aa503996c205eb9e8f9e972080329a48e08a4d267e08f5ed83b4940af63c36041b28f67fb73534d1083963e8fe79fe9c6c

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_-shm
            Filesize

            8B

            MD5

            7dea362b3fac8e00956a4952a3d4f474

            SHA1

            05fe405753166f125559e7c9ac558654f107c7e9

            SHA256

            af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

            SHA512

            1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_-wal
            Filesize

            148KB

            MD5

            4bebec6650e93ab0856dd6109d62e5a3

            SHA1

            67c1cbe38b334ac2d496549dfe7817aede66a7ec

            SHA256

            9fda1dda25ab9b93b80389d9d6a841237ccdbf25c9f8c8a11fc77ff47943c3a9

            SHA512

            d1957b66330a92f525302762de87d89376e81aa3abb9870283dd906df6b6073f75c9df2af0471250ed9b9d59e6727450e963dee84cf69a9a94776a6c7295362e

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/crashrecord.xml
            Filesize

            144B

            MD5

            113898ec1e4b332814f0ae638a8691b2

            SHA1

            74ed320457b13fa5b9f8f6d0ce4345048dbdb3be

            SHA256

            cd9284dae9e240b50474f2390e6997a3c21a6a2efcd31c01fc687fb0bb91eab1

            SHA512

            81c50f275c21bae7a5f96db90eb1629c03da2e537d1012da198d3f87f62b7083ddc443ba2145ea9fd8e9cea4e976ebe7bda89f1bd456873a60e69a088250c1f5

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk.xiaomi.apps.ota.t29.overseas_preferences.xml
            Filesize

            160B

            MD5

            fdcb91a31aec2773146f63930583b9e2

            SHA1

            3a269a1bb1d20bc6bc6e53ff53b74ddcf75eb857

            SHA256

            b17ecf012218b5ce18c69f9d3464e57490f5feaf6c6638422704058910688a33

            SHA512

            ddd0011cdd86347efcf44eb6ecbbf63e039d0a1035922034049ce53cefd1851a41787ebb25c5fead490db5859511c315eb4ccb509884f76c238652de5d28a212

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk.xiaomi.apps.ota.t29.overseas_preferences.xml
            Filesize

            2KB

            MD5

            1aed3ac205466de4dba892c4d27fc4ec

            SHA1

            c8398ee808fe30051d082d9f7b31f88d452698f1

            SHA256

            6b4289b08c2f233a0d9c2eb3ac6ab6342644d941433e1f522bfd102de752af02

            SHA512

            6d7f62c46004bc242865909de122758bdcedb54e9932e3b73bd13711a6331eab907a8a0d8ffc8d1ece533cbf723d82ded8f767cf1a67d87f56f549e19182c4d3

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk_preference.xml
            Filesize

            123B

            MD5

            99c00ab5a0de8a2933bb173ff990efd5

            SHA1

            8243fc6c3624dddf059907c559c93990892ae87b

            SHA256

            b0cb80e8f673989b71a2c42b32d86bd3c3311ed120c46b2d7a87df8c73d01fda

            SHA512

            a07ad9e3d08c190ecbcdf8313dc8b025dd2d48c9872a34eee5ec96c26e4d6f66e4db93fe62e4217165816fe8e5c22b1a454404168fa89e0abdc2eff9b6d879e7

            Download Submit

          • /data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk_preference.xml
            Filesize

            396B

            MD5

            0845be4e56f05bb7196785a5687a3f3d

            SHA1

            ddeb7e10bea80374ae04c89f5065ccfdc73681b3

            SHA256

            eee189fad0a00dcad0fab3a0da09717804c2137c9cd8841292876e2cb579c7d1

            SHA512

            7a5cea76ca754b3605e4a954f8d6b6d6b26e08134cb28e21e935f94c6709e59d39ab690e8739e0f99df053de9747f14e8d2508fba9d4d191e928baa4cb2dbd48

            Download Submit

          • /storage/emulated/0/T29/saveLog/2023-03-29_02-18-52.logcat
            Filesize

            582KB

            MD5

            d2eee616dc1a6def11bc64f8df0f1e35

            SHA1

            0e2f4eb0bf3668cca5619de64e8749524d942c8e

            SHA256

            4403c7ac24f30cb4b38362ea6d708f988289397d618f8ec57d65bc1306f477d1

            SHA512

            17fb65703e5c143534c5325cb99d9f3470a3ade2edc29402ad316fed824ff2253ba8c455547c4b29b9c93ef359be86451a9fb486f9450cd6dfc493f84d6d27c0

            Download Submit