Overview
overview
9Static
static
7YI_IoT_base.apk
android-9-x86
9ShareSDK.xml
windows7-x64
1ShareSDK.xml
windows10-2004-x64
1alibaba_pu...ld.otf
windows7-x64
3alibaba_pu...ld.otf
windows10-2004-x64
7alibaba_sa...ic.otf
windows7-x64
3alibaba_sa...ic.otf
windows10-2004-x64
7app.4df63c...87.css
windows7-x64
3app.4df63c...87.css
windows10-2004-x64
7bg-alarm-o...02.png
windows7-x64
3bg-alarm-o...02.png
windows10-2004-x64
3bg-alarm.d56d033.png
windows7-x64
3bg-alarm.d56d033.png
windows10-2004-x64
3bg-bind-su...17.png
windows7-x64
3bg-bind-su...17.png
windows10-2004-x64
3bg_w10_bin...83.png
windows7-x64
3bg_w10_bin...83.png
windows10-2004-x64
3bg_w10_bin...33.png
windows7-x64
3bg_w10_bin...33.png
windows10-2004-x64
3bg_w10_bin...9b.png
windows7-x64
3bg_w10_bin...9b.png
windows10-2004-x64
3bind-devic...60.png
windows7-x64
3bind-devic...60.png
windows10-2004-x64
3bind-devic...75.png
windows7-x64
3bind-devic...75.png
windows10-2004-x64
3bind-devic...97.png
windows7-x64
3bind-devic...97.png
windows10-2004-x64
3bind-fail.ee24f95.png
windows7-x64
3bind-fail.ee24f95.png
windows10-2004-x64
3bind-gate-...29.png
windows7-x64
3bind-gate-...29.png
windows10-2004-x64
3bind-gate-...b6.png
windows7-x64
3General
-
Target
YI_IoT_base.apk
-
Size
79.2MB
-
Sample
230707-khc19afh76
-
MD5
e7e442f7f42d61cdebfddc801f4b03dc
-
SHA1
3b16dbc84446cb30963b4886600b16b4cb545dd7
-
SHA256
1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64
-
SHA512
8a2e5d3ed3224835ace6ea0b932f07df9ed0dc82b9ae92e80387c65897f2185ca825197b6e660b6a34da5c0128afbd4b3993bd1517a3cc8addf74047e0892f2a
-
SSDEEP
1572864:msI0TvVxDAmVuEhwWpk5T3b2Sdj7JF2Al6ZpJLXHM4Zdsk6RPcIZ:mT0jVxkauEuW4bPj653M4wjPZ
Static task
static1
Behavioral task
behavioral1
Sample
YI_IoT_base.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
ShareSDK.xml
Resource
win7-20230703-en
Behavioral task
behavioral3
Sample
ShareSDK.xml
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
alibaba_puhuiyi_bold.otf
Resource
win7-20230703-en
Behavioral task
behavioral5
Sample
alibaba_puhuiyi_bold.otf
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
alibaba_sans_medium_italic.otf
Resource
win7-20230703-en
Behavioral task
behavioral7
Sample
alibaba_sans_medium_italic.otf
Resource
win10v2004-20230703-en
Behavioral task
behavioral8
Sample
app.4df63c69c64f6ef78419a0a528801587.css
Resource
win7-20230703-en
Behavioral task
behavioral9
Sample
app.4df63c69c64f6ef78419a0a528801587.css
Resource
win10v2004-20230703-en
Behavioral task
behavioral10
Sample
bg-alarm-other.932c602.png
Resource
win7-20230703-en
Behavioral task
behavioral11
Sample
bg-alarm-other.932c602.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral12
Sample
bg-alarm.d56d033.png
Resource
win7-20230703-en
Behavioral task
behavioral13
Sample
bg-alarm.d56d033.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral14
Sample
bg-bind-success.e7c5c17.png
Resource
win7-20230703-en
Behavioral task
behavioral15
Sample
bg-bind-success.e7c5c17.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral16
Sample
bg_w10_bind_one.41d7983.png
Resource
win7-20230703-en
Behavioral task
behavioral17
Sample
bg_w10_bind_one.41d7983.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral18
Sample
bg_w10_bind_three.35c6433.png
Resource
win7-20230703-en
Behavioral task
behavioral19
Sample
bg_w10_bind_three.35c6433.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral20
Sample
bg_w10_bind_two.62f969b.png
Resource
win7-20230703-en
Behavioral task
behavioral21
Sample
bg_w10_bind_two.62f969b.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral22
Sample
bind-device-W10.7a5b360.png
Resource
win7-20230703-en
Behavioral task
behavioral23
Sample
bind-device-W10.7a5b360.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral24
Sample
bind-device-gate.46bb475.png
Resource
win7-20230703-en
Behavioral task
behavioral25
Sample
bind-device-gate.46bb475.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral26
Sample
bind-device-sensor.694c397.png
Resource
win7-20230703-en
Behavioral task
behavioral27
Sample
bind-device-sensor.694c397.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral28
Sample
bind-fail.ee24f95.png
Resource
win7-20230705-en
Behavioral task
behavioral29
Sample
bind-fail.ee24f95.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral30
Sample
bind-gate-guide-first.8538f29.png
Resource
win7-20230703-en
Behavioral task
behavioral31
Sample
bind-gate-guide-first.8538f29.png
Resource
win10v2004-20230703-en
Behavioral task
behavioral32
Sample
bind-gate-guide-second.2ac19b6.png
Resource
win7-20230703-en
Malware Config
Targets
-
-
Target
YI_IoT_base.apk
-
Size
79.2MB
-
MD5
e7e442f7f42d61cdebfddc801f4b03dc
-
SHA1
3b16dbc84446cb30963b4886600b16b4cb545dd7
-
SHA256
1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64
-
SHA512
8a2e5d3ed3224835ace6ea0b932f07df9ed0dc82b9ae92e80387c65897f2185ca825197b6e660b6a34da5c0128afbd4b3993bd1517a3cc8addf74047e0892f2a
-
SSDEEP
1572864:msI0TvVxDAmVuEhwWpk5T3b2Sdj7JF2Al6ZpJLXHM4Zdsk6RPcIZ:mT0jVxkauEuW4bPj653M4wjPZ
Score9/10-
Renames multiple (108) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Acquires the wake lock.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data).
-
-
-
Target
ShareSDK.xml
-
Size
5KB
-
MD5
9473cb9f9598f194f6cc90ba35b3228a
-
SHA1
92e9e2c577c66bb6bc9f806f9a50ff507c3747bd
-
SHA256
ad326658da76bde096bad76b4921f3b566fb0b31328cb317d248d2706c0a108f
-
SHA512
89f3eec02d1f68d5efa557724bda22680fc70449289695364d0bb88be4f7ed93a4aa1e03283aade83944c50bcf6a4d784c36259a41035b65915d191b151f0ea8
-
SSDEEP
96:AE6acIJF6PNlqe+Kj5KHgSiX/79rvHVergb8LT:AE6alX6P7d5oQ79rMT
Score1/10 -
-
-
Target
alibaba_puhuiyi_bold.otf
-
Size
96KB
-
MD5
b88269075f30e1d116f4b31a37f172ee
-
SHA1
7db7fbc9b3a761cf114d6d96ebcf47c0009ed9f2
-
SHA256
3766116b78b74d07079158f2071a569fc2cfae21bd3a322af16ee841f5c5fb86
-
SHA512
8ba586d884507c00e8e73f0ffe6ae057deec35f469fcadc9c37a8a412bdcfedadf77efa816f8e7cad9f7103d97a83261100c95250759b32ffdabb982b442b1cb
-
SSDEEP
1536:GFqxFDEZ/eR6bdEF9aCI99xwgO131LXg/QIyVsEj80wzgwIe7z2qWuJQAg:GFWOZ/ekbdEF9F1g/S80oITJuJQAg
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
alibaba_sans_medium_italic.otf
-
Size
93KB
-
MD5
dfe44df8baf34c76858bf0561b370218
-
SHA1
0b44827a23d7bde4f4983b42ae0a49e2a60fcf17
-
SHA256
1d7a7f75e96a5c4677873aa4b8bba69c5b60153c43d2f9673aa4e5922fc99670
-
SHA512
d3754d3cf5e6b12703e842dde5bd7ba42035d612249099099ba705d7e007eadc3db7c481f80243e74b6981d36a107e5cae9d925c16277d266aeebb0b867c5b2a
-
SSDEEP
1536:IZj8EfEgyqmB7PxG5miLSC+HSaHDXms5blHKS91MQQX/K:ogkEgduDxgFaHt5blHKS9o/K
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
app.4df63c69c64f6ef78419a0a528801587.css
-
Size
35KB
-
MD5
c5948e2082976d1d298eb03bca6b21ee
-
SHA1
c8aa44c79e4f6198890ea7d60110536b490fdb48
-
SHA256
d87a84fb7978b6804f9e9bf292e4e06638904e46254297504bf7fe6914d2228e
-
SHA512
b61b9760bbf387179c9eb33d44176423aea1f03519655da0009b6e19ad1ed391c88e0ee1aae4ba994c694d227a3833fac371a02b4333aef6b2268be40f1b41e1
-
SSDEEP
384:IG/kmhKTze8ykyI4hv20Vn5TLz7d151HVXZCuVeo8W8W3fqknoV6Ij+1dot2x2T3:tNoYy
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
bg-alarm-other.932c602.png
-
Size
75KB
-
MD5
94514526a83bbd564c72c295c295caab
-
SHA1
9cc9e47b855af12f191b57c95fb10d1defc34f17
-
SHA256
cd7ab3c50a7be9be3d33e54a1b2d3b7f5b98b83c5259c427cbee2b7e7cdd2a8d
-
SHA512
69d07754370cbd907352bed6967fbb4fcb90d878797bf54ad4a3eaf19d79275aec185f152b913ceb86600398634dc9c18bf4d0c81ec7aa061b07c1b68083e2b1
-
SSDEEP
1536:qEi79530Qz3QFF2nVqhtBYu+LLlmdagzzBHfAcNJRLm:Q53GFF2QhtBYu6LlfMztHJ0
Score3/10 -
-
-
Target
bg-alarm.d56d033.png
-
Size
31KB
-
MD5
9ebf65accddbbc45cb0b5ab92a736993
-
SHA1
57c4e18e1c6d425dc7de123bdd0aee29fee5e22d
-
SHA256
eaf6f49358c9c832bcb09451191f50e8658ffaa72f686289ca8b70f3ad28fd3d
-
SHA512
beee42bc9fde2b80c1bb51a871a03875ffe930156db21bcce8af278b15f10320454c6ce538ba962e3846b96357eeda87537a9d421d0afac6ca492c29693dc451
-
SSDEEP
768:7s6sXYNDjp7yvYO1P9lJVw2ZvLWE2dCwNpCPxKJ4R+yQ:g+7yw8bJJSfHWKiR+yQ
Score3/10 -
-
-
Target
bg-bind-success.e7c5c17.png
-
Size
33KB
-
MD5
56781b833b6bde147db66d3420ee609a
-
SHA1
bf5e05a2be5b53599ded970214cebd21f8f786e8
-
SHA256
0f34a2b5fc254b0e110093ec53d62f657f6d938a6c1b0d309aaf0496d1799f24
-
SHA512
8477459a51a226d2560ab49e215c38f8eb3c8224b8a99b9b9fbd368ee9dfddd7127489d979db76d85ef288e6007e8422679180dbadd7a6d44c521145d5caaf0d
-
SSDEEP
768:ToFD5R4bXElcQn7HizbxLk0xZQiKl90+mSG5X3TJyomCJlzq/:kBX4bUlNnK6wK+5PJlzq/
Score3/10 -
-
-
Target
bg_w10_bind_one.41d7983.png
-
Size
88KB
-
MD5
41d7983c97c6516ff2548cbd071420ab
-
SHA1
d3787c6ed2b3e39cdcca932595be0bc697bd210b
-
SHA256
29b15d7bbb8900e633dd5cfbc1d9043565d12fb5b5370aa5c8f63c3dcc4f4498
-
SHA512
074e7359ca8d2ffb0767539d6a71c08925c2f6e6f9175584f8b842f392c80c75333a162e97580d43194550afdaa098ac9e7a537a1415f642a5a6611ebb9b43c4
-
SSDEEP
1536:bonZbKtI82LyyuE5MOiJoUBoZrDQ9Tpw/WOAudEjLH7xbmAy1c3pkEQEzAL:bonZHLcuMR22oZfK+AudEPJm1H9EzAL
Score3/10 -
-
-
Target
bg_w10_bind_three.35c6433.png
-
Size
57KB
-
MD5
78084ff9eb0c54b2ac74e4680441cebe
-
SHA1
948e8328b7e0f585bbfc77c773ce8d934be10d8e
-
SHA256
a2ce9be21bd2991f67ad29f500793994ab6c9b96144b8e34d186187c3aff1f32
-
SHA512
ea2231be266d6da0d9d14e5eb014bb0ab9b97b67f5de4f6c2fa9d7f406be9c043cf12e0ae2e7966c22526794291ce37dd56005aafddfd81702a1f8a7f749aacf
-
SSDEEP
1536:WQogyeUabXJ6rItoaymzlcJ4GTRvYFVnVSJfwXXaD3wcpn:aeP6faymzlc3lYFaJfwXXaDF5
Score3/10 -
-
-
Target
bg_w10_bind_two.62f969b.png
-
Size
49KB
-
MD5
1bada24be56de5d8cac20de2d783524b
-
SHA1
5467e6dce135bb8652d4ff45e2023952c0aeb936
-
SHA256
36c958646ab147ad2dbe274a1f9e963e972202dd8220b4d37434a149e9dcad0c
-
SHA512
51125f7c3f21a66f17523456862b58cd34f775d8a4c6e52f071a7f20560c664162e5f26deaa4bee4135935a548fdb9d81e05c175aec798808a87a3b01dd962b7
-
SSDEEP
1536:XEK7AUpu4+1JCUjqH+oReT+z7QauIcqtMetTzT2h:XEK7dpu4+HCUXoReCQazcqtMe/S
Score3/10 -
-
-
Target
bind-device-W10.7a5b360.png
-
Size
43KB
-
MD5
071ae271cc51a6693b489b4c8884c1f2
-
SHA1
f7db900d63970d436a211d69f8d21dbfcd2407b9
-
SHA256
fb5d72d1997d9d5c5aa930f50a84a3f7e9b71a9f85bff549a9577573235f87fc
-
SHA512
649035e65d2ab574723163e5bcec9cf53b3b7c2ef3bc22972a8c328686ef8ea197f80e0865815d983a435e520cb35bf1e1a727bc8b3dfac9c5cc69451a800a4a
-
SSDEEP
768:PGAqmhPhOcKCM+43PjWifMqjH0emU3ij0KL7BaIevkq9qxMbSHrGhNYqW1Q3Nx/S:+wPhObCMz3Aox3eU7kqqxkYrqJHxECC9
Score3/10 -
-
-
Target
bind-device-gate.46bb475.png
-
Size
17KB
-
MD5
5c943f50c4b1884ce4df164a7f755734
-
SHA1
e0cfacd6f4ee3e0e9e3bf12a1b478fced7164a7e
-
SHA256
b1c40e460b266125ed6acdd5d4704957071b2291fb0b213e9b03912b1f3c42b6
-
SHA512
0bf31a56568b48cd239ee18f3089e080d74bfb835f98141797f42bd5eadb073a7c3803f3dad7a0892c77edec91e6fa1bb2538596287f501a4d1c004115f2f44f
-
SSDEEP
384:WspwGJ6li+vNYagGGWs9UXbWYW3U+hEIoaS+pFsF:XwG0PvNYad/s9FzESeaZF0
Score3/10 -
-
-
Target
bind-device-sensor.694c397.png
-
Size
42KB
-
MD5
70a908ec8634ef57b48d871256a1fc1f
-
SHA1
ee987dfa72b6aa1e14625171fce443cf4a631d01
-
SHA256
a0f7cb7ede8642b8cb7c965e8f60b654320a07eff8f5c7c08c4bf0cd634d3e34
-
SHA512
69da0a79e4c9ed68fffe26da07df6298d91c35ac14bc41ed291611fad7cf0889f8d6084c39d07b973e8e2eafa992684c508110fd3858a016b92c724d369bcd07
-
SSDEEP
768:R/Ws7JOBqhL6vzi+ghjb9rTbz9im0KFXqxq3DkX/CL0M80Z6Hysivbh+22tNTx/O:R/F7J6wL6vQjbpi2Z6UhIFHkvgTTZtc
Score3/10 -
-
-
Target
bind-fail.ee24f95.png
-
Size
8KB
-
MD5
234002c0d39d8ec08f75654bfa0d87fb
-
SHA1
53506b11ecb0b20c800b8d07c1d2c6c31b97aceb
-
SHA256
b1383f0f85b56c07418a709a484cf49c5fff315faf9381b450e083bd5f40727e
-
SHA512
e7419d7e10daa2abd0c09bbf0d5962d67205b16a5a162c3188cfcfce665c8b04a76a6a2856b6490eecd64a42bf8bae5648823fec9323bda02f0eebef0059d686
-
SSDEEP
192:N1jJfYtyjHisHcwv/BHNeh5s6fSnR8ornkuG5U19AFrvieklMvnZoiN:j2QjBcM1wSxR8orkNUXQTieqM/Zo0
Score3/10 -
-
-
Target
bind-gate-guide-first.8538f29.png
-
Size
124KB
-
MD5
995a8cc81c727a3fd5b71f2ca24037a4
-
SHA1
d724f2b4a9da080e9fd2224b13569810de8ffb5c
-
SHA256
62ebd452f03dde06a1c213a6db2e875b4d655eaf4745d022ac485bc02441a80c
-
SHA512
20e787d4c1728519709bf6b2bd1ec948046e3333e73ef21c3f7d4a191c3577852ebd0cb0a42305a790d1a47aebac25e4dd3681a6f9b5d9ff6b1ff501012e0328
-
SSDEEP
3072:lld333iwYBu16OEJwwIvu8+4Uc9In9o/RF:lldH3Cu16vcvSPcW9o/RF
Score3/10 -
-
-
Target
bind-gate-guide-second.2ac19b6.png
-
Size
117KB
-
MD5
2dee0572f4b8f32a09abbd0aa453c2b6
-
SHA1
6d64db848a447cdcbccc961936af4d563b703d2e
-
SHA256
96c0c324c3cc718b4980dd09a31dce7d3a17c2f347249c9b538dbc7b4b7e53f1
-
SHA512
1c8240a3270e35bae4c8fee589670f885e66b358970f54db37389220612d03b3ac242c3745ad0cd319985064bdae4a04f6043ebfb38fed257a45740b92cbfde5
-
SSDEEP
3072:SwYwjWun8zd+RISWmZdBftm1X63X+fBZznPC6Ps:SwYwaunEd++/mZdBA1Xl7jU
Score3/10 -