6cf66e31c3464f54b9c448e6a8e5eb055e64c6c43001dc5905e88a7c220737ca

Analysis

max time kernel
2296302s
max time network
135s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19/12/2023, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cf66e31c3464f54b9c448e6a8e5eb055e64c6c43001dc5905e88a7c220737ca.apk
Size

25.7MB
MD5

807ad5a07bc2ede6ead78d7bdec6bc76
SHA1

27d3c844c1c68a91d87a2108985727225e2db7e3
SHA256

6cf66e31c3464f54b9c448e6a8e5eb055e64c6c43001dc5905e88a7c220737ca
SHA512

7dd77bdada4dd50cfbf3d79e154cb69a5646775e10174f9649686898a60e25ee03a176ec46329f513f81fb9de2199384379ef4528bd2aec60c7cd7187b53198c
SSDEEP

786432:Z+Q59uV5CiFM80Zc0fTrSQkBH4M7gB8Ouov/AX:ky9uvPK80Zc0PS7H4MgB8OPv/G

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.d3.allstrikezh/files/data.jar	4285	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.d3.allstrikezh/files/data.jar --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/com.d3.allstrikezh/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.d3.allstrikezh/files/data.jar	4248	com.d3.allstrikezh

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.d3.allstrikezh

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.d3.allstrikezh

com.d3.allstrikezh
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4248
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.d3.allstrikezh/files/data.jar --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/com.d3.allstrikezh/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4285

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.d3.allstrikezh/databases/license_data.db

Filesize
32KB

MD5
ca2bcc7a502ebe854deae37d6952b481

SHA1
29d9cacf79b5eaea6db50402bdb19fd17454ad1f

SHA256
b8c2639c6e290d8880b1ecc74cd61838439860efa104c9d68c578d8fa3da85d2

SHA512
0a6b1cb290da5bfc7641cf4df4df4a6b332f0cfc9db45a8bfe36379c8dbfb06ed6267792ef397be193d601e472b8607f441035e9a05b85546b626b90346443f5

Download Submit
/data/data/com.d3.allstrikezh/databases/license_data.db-journal

Filesize
512B

MD5
3c688827d3eac15c281312d88f679645

SHA1
62c1be49f6e1e0d40cc7a121b753c1255dc15745

SHA256
1cb30344a92d4d1eb6cde686593aeba60974040cfaf2c07472475500f86ac432

SHA512
8819abe19025336e37bdb3d26a7b300ea6178e833239252949e2d0794845bbade930a6015f38b91d16c556cd60ef778945f773bd3dc88813c761f2a88555d09b

Download Submit
/data/data/com.d3.allstrikezh/databases/license_data.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.d3.allstrikezh/databases/license_data.db-wal

Filesize
44KB

MD5
09e9e5667d984724aaa44122b4116538

SHA1
872b31838e794d8633992fd23055a3477af85c87

SHA256
4aa9984af42dc0fafaa1fc33f58c1fb215e873531fbcbd2f3a860f4376a90e6b

SHA512
a4df9e168a92b9b534cb17790bcc9e613711fa17dcfb5ab5a660508aca0de505f72a5312c6d918652184562b28723b973ea2ca1d6276c5c5ab191401510f9c28

Download Submit
/data/data/com.d3.allstrikezh/files/actlxd0

Filesize
135B

MD5
d4921acd23f9f59394df6800a4204500

SHA1
7f54e9d6b251dd6394a1ff11fbe02c2b76c85af9

SHA256
35366f170f0062fc5e9ca364710e98a24468c9bf41fa0f9fac7032ecaf7f7aa0

SHA512
d82f0abc1c4fdaa254c9da25307e4b312d3feb67d9de03893eef264485521c56fb77ec8425b816dcf5fc9bae6c3c2602b3087c1591237d71d196d064d7919056

Download Submit
/data/data/com.d3.allstrikezh/files/data.jar

Filesize
97KB

MD5
43aa6e671437df7e21ada10b9ca9c76e

SHA1
21603addc58ee1aacd36fc5a065a6c28d8348957

SHA256
bfb16339a70adf336c93d4eff1854ce69ec2f23e8473743721bb83e6c2816bc4

SHA512
42e9caa35a717e4522bc4f2c69db219762338d66ae68d3b413e1c369952e9d05e5651d9b7c52e13f4beccb597c909c4d71884ec8cdb36323094cbeada9cf05e6

Download Submit
/data/data/com.d3.allstrikezh/files/iapSplash.dat

Filesize
3B

MD5
c6f057b86584942e415435ffb1fa93d4

SHA1
8aefb06c426e07a0a671a1e2488b4858d694a730

SHA256
2ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef

SHA512
bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12

Download Submit
/data/data/com.d3.allstrikezh/files/mobclick_agent_cached_com.d3.allstrikezh

Filesize
120B

MD5
d073d5b2dd182514e5ed50562985b36c

SHA1
743e7962bf3190c9e0649cc891aa0ca4022dbaef

SHA256
168de25387e79d57fe56c8fc7d34c1e7e6eae6cedb61219d309e46dc86bd3976

SHA512
6ac74bb537b825d3ebd79f3a76516f97fbee0a6e9528185c7393ef0c6c0cad5b3396fcec7ddbe265dd2c78147c0fe766dcce8a23a8a6ed0c8dd43ed352be5025

Download Submit
/data/data/com.d3.allstrikezh/files/pay.data

Filesize
97KB

MD5
b3318d0f9efefa37d789745f55ec3b6a

SHA1
62794c6e107c5d6bd248fd1c883a5ab02da2d7df

SHA256
62e0bdbf50e5684c6ebf48c10491b662f1662d26c9594e852c34849bcaec856a

SHA512
bbbb19ed4c7f427e1399c2d18a4e104812514feea1bbdcda927c593e9d9d987a72051e133c94fe4c3d15d24716299dae53f172eb32b02c79f0d3c885fe748f1d

Download Submit
/data/data/com.d3.allstrikezh/files/syslxd1

Filesize
527B

MD5
fd604b32e2b77489fe3db538b4ddbe67

SHA1
5dc87605726c8f621b8e61d2287f50ef56cbbc0a

SHA256
318b407c35d246a098c93cbf453e07cf68d6a8dcc92c003f8a70977eb627f8c6

SHA512
c7d4d97307104f9af8759332fffc6b736e72b1af7e0611ed3505d77b6cc9d35b6727440d79a415a3e847cec9f3a580345c408540f37121016312463ba31613ea

Download Submit
/data/user/0/com.d3.allstrikezh/files/data.jar

Filesize
238KB

MD5
7b77931bfeb2f5c8b0337fbba9a8b528

SHA1
0e6906a326f3921beedd676f7f0bd7c3eabaf2c2

SHA256
92b9752d6ae65eeb948653cf5f27ab83438b787d5601845974c976f492df21d0

SHA512
c97a3e2063c68103a5298a1a5d8c740f6ec44b60e836092438fe6295964955d2c99d1e4a113d3dfab7eff2fb8c4caca09cca6ea516f0be20b02c57e51767c900

Download Submit
/data/user/0/com.d3.allstrikezh/files/data.jar

Filesize
238KB

MD5
1cc8518346734dd6224a76390abdcc47

SHA1
6b008b0bfaeb1f96b7e146cf90e6d5cdea251405

SHA256
f57bd8ca4cd7c881b8c304dad6e2530613bb287296888f5ffe1bdd39ad1d4f1d

SHA512
7c824d52c4ef673f437811315d2e2aab4fa9c84050a5814cba780eeca21ed2a82759e88d9bd36f9a402a53f64188ada8c78718d26919f14a8954624e9e939248

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
91B

MD5
5affb3059ea38ced1da6ec9a5cefd3f5

SHA1
4acb0cde17263d5799735784b8997913b77ce1c7

SHA256
57af658b77e240bb36306f6818c7cac6180d7f4d812a10308803d701ffc22655

SHA512
038ca745a188a866d2c00cbe1828b5eb3b3332c23b6532fbf0b6ce9b4873a7dfdc273835563e62c3e141833ca4bb882ffde4b0ea1f76b5dc8f4d0a4dd9d75ea6

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
84B

MD5
207ffaf622e3f9bcb66adc0b6e5c1733

SHA1
8d6b20af170858f1325fcbb42d9a44e97899fbf2

SHA256
de5e743b5eb4188cea490b0d1cbe7dc3423e36d8171519e0ee5bcea12ea4ee9e

SHA512
5e33b0021174a33ef0298afd8e7ca8e8cf9b7ccb66b4d37c40ebfb541959503367bf8103b8d6d3ee22a0e31c6f5da6f05d3643a77298d598013e6ccb5268598c

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
81B

MD5
f37263deb824594e2856d3c549da5af7

SHA1
3644abd2be7b57bc71491aa82bf3cdb0a32bcaeb

SHA256
6e879d58140e60b3737c2c890d32300956d8bf03a26c15e5b543c5601e14e2fb

SHA512
e41782ffa3cce6ad4dc78292ee1b384c7a8601ab04e8aadff41715822e9300c5b87ed41a7d372a5efc2956f0400fc4c03f3452ee8bba9a685c04a0d073cd14f2

Download Submit