40eaed1f1ef51246d127696f70240b9fa41877c12292459f4811069b7d8ef47a

Analysis

max time kernel
716927s
max time network
44s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
29/03/2023, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mi+True+Wireless+EBs+Basic+2+FOTA.apk
Size

5.7MB
MD5

bfdab4ab2c1c8929d60174e6aa9dddf5
SHA1

bf869e68a6c9381619bb577d937e7d0666dc6ba9
SHA256

40eaed1f1ef51246d127696f70240b9fa41877c12292459f4811069b7d8ef47a
SHA512

1f4b7d860ac452cd979a195581669005b5d62af4f72461526d38d6a15fc9ea576382778b743936b8241c8a700d4bbd82bb6aab14e18326017761cd1bc477c1ee
SSDEEP

98304:TH/mtWKbQN/9+eFQhn+IzH/+x702Zdv8BVUyexh2dt54HffrCPPNZ:LCbk++QpVCMK2eqZ

Score

7^/10

ransomware

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	rtk.xiaomi.apps.ota.t29.overseas
/sys/qemu_trace	rtk.xiaomi.apps.ota.t29.overseas
/system/bin/qemu-props	rtk.xiaomi.apps.ota.t29.overseas

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	rtk.xiaomi.apps.ota.t29.overseas
/dev/qemu_pipe	rtk.xiaomi.apps.ota.t29.overseas

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	rtk.xiaomi.apps.ota.t29.overseas

rtk.xiaomi.apps.ota.t29.overseas
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4707
- /system/bin/which su
  2⤵
  PID:4776
- logcat -f /storage/emulated/0/T29/saveLog/2023-03-29_02-18-51.logcat -v time
  2⤵
  PID:5095
- logcat -d -v threadtime
  2⤵
  PID:5133
- /system/bin/which su
  2⤵
  PID:5194

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/app_crashrecord/1004

Filesize
249B

MD5
ed0ecc0b3f09dccb67536c5f7ddd2263

SHA1
97c16267856a7213e86caa4ecfae2c7e47c0c20d

SHA256
82961aae3d5183d1e6efac05a77566149ba26b64cf146440af67cf7ba177a4ec

SHA512
adb92637df15057656ba9610e27e6c68ba09413e4d5a60ee650bb02c94bf47606493cfb0b82e4d5487b4a9198e2a7d31b822799cec74ab15b4783d5eb339ea8f

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_

Filesize
328KB

MD5
d55683d086a2b624375a9f5ae062fef1

SHA1
815079b449bf909be4432a4ee006766cf98cf227

SHA256
24bc10fec386c849c83bc7d248a6a85aead20868358a39ee9efeccc5e52a9c8f

SHA512
d63a474d634b17e7c0aa85333390a21794d32569801502cab8ff5761f4afd8b8b5b6a4979f8217c7149ad43dedf081760b6d14236db357c534dc4e6ff04683a6

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/databases/bugly_db_-journal

Filesize
1KB

MD5
c71261466949d4801a3cd545c2296671

SHA1
488eda80212f64c71c1045637e8c60e9f2a06cea

SHA256
49a2018af12954344b35a4ab062173123368c73b68573c3104055496181f45e0

SHA512
ac6cf6e810c8493ea2f998de88f7aa69f9abb7c67f366bb7766410cd1c5d0d251b0173d5f6d5cb9d0fa40d26f94dca8e52a1127bb14358991d6dc1c7545badb0

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/crashrecord.xml

Filesize
144B

MD5
113898ec1e4b332814f0ae638a8691b2

SHA1
74ed320457b13fa5b9f8f6d0ce4345048dbdb3be

SHA256
cd9284dae9e240b50474f2390e6997a3c21a6a2efcd31c01fc687fb0bb91eab1

SHA512
81c50f275c21bae7a5f96db90eb1629c03da2e537d1012da198d3f87f62b7083ddc443ba2145ea9fd8e9cea4e976ebe7bda89f1bd456873a60e69a088250c1f5

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk.xiaomi.apps.ota.t29.overseas_preferences.xml

Filesize
160B

MD5
fdcb91a31aec2773146f63930583b9e2

SHA1
3a269a1bb1d20bc6bc6e53ff53b74ddcf75eb857

SHA256
b17ecf012218b5ce18c69f9d3464e57490f5feaf6c6638422704058910688a33

SHA512
ddd0011cdd86347efcf44eb6ecbbf63e039d0a1035922034049ce53cefd1851a41787ebb25c5fead490db5859511c315eb4ccb509884f76c238652de5d28a212

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk.xiaomi.apps.ota.t29.overseas_preferences.xml

Filesize
2KB

MD5
1aed3ac205466de4dba892c4d27fc4ec

SHA1
c8398ee808fe30051d082d9f7b31f88d452698f1

SHA256
6b4289b08c2f233a0d9c2eb3ac6ab6342644d941433e1f522bfd102de752af02

SHA512
6d7f62c46004bc242865909de122758bdcedb54e9932e3b73bd13711a6331eab907a8a0d8ffc8d1ece533cbf723d82ded8f767cf1a67d87f56f549e19182c4d3

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk_preference.xml

Filesize
123B

MD5
99c00ab5a0de8a2933bb173ff990efd5

SHA1
8243fc6c3624dddf059907c559c93990892ae87b

SHA256
b0cb80e8f673989b71a2c42b32d86bd3c3311ed120c46b2d7a87df8c73d01fda

SHA512
a07ad9e3d08c190ecbcdf8313dc8b025dd2d48c9872a34eee5ec96c26e4d6f66e4db93fe62e4217165816fe8e5c22b1a454404168fa89e0abdc2eff9b6d879e7

Download Submit
/data/user/0/rtk.xiaomi.apps.ota.t29.overseas/shared_prefs/rtk_preference.xml

Filesize
396B

MD5
0845be4e56f05bb7196785a5687a3f3d

SHA1
ddeb7e10bea80374ae04c89f5065ccfdc73681b3

SHA256
eee189fad0a00dcad0fab3a0da09717804c2137c9cd8841292876e2cb579c7d1

SHA512
7a5cea76ca754b3605e4a954f8d6b6d6b26e08134cb28e21e935f94c6709e59d39ab690e8739e0f99df053de9747f14e8d2508fba9d4d191e928baa4cb2dbd48

Download Submit
/storage/emulated/0/T29/saveLog/2023-03-29_02-18-51.logcat

Filesize
1.1MB

MD5
a4037523aa21c6b8e487af1dd4671a03

SHA1
a834072e85011145489b21f9830109637024abf8

SHA256
38204e97a388937067a32d5b1b71c6d7258541893cf2a27c5c0862c7790d67ed

SHA512
b746420d0bd1a7d597b59909967525574dfcb0820360437666a243b5bfcababf34935704eb6d6cb982587e8e19e4a414d4ced5a86cb52ea5d0b169365e7efd8f

Download Submit