6e1b307c219f133e5551328439ac48ed9e3f846bdde43cc7950a4fce6fb0cbb5

Analysis

max time kernel
2303428s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19/12/2023, 23:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e1b307c219f133e5551328439ac48ed9e3f846bdde43cc7950a4fce6fb0cbb5.apk
Size

2.5MB
MD5

d04b8b4841ee377b907681b220358155
SHA1

67ebf978139e6b1c2e0fea8af7c6a33015318bcc
SHA256

6e1b307c219f133e5551328439ac48ed9e3f846bdde43cc7950a4fce6fb0cbb5
SHA512

1cf189579ec71f49b7ce799a57976446061d881f5ef1ef31bf07627cba5dd3afabdecdb9de357c8560246d68b6b0a048a1ae12c70468311a25c8cbfed053a0c4
SSDEEP

49152:NSxsB2KNjNHmLlbrty23odJk5lXlivV3C4PqPbjfEbj7wKNvsz3aIe3oeYUcunYE:NDTNjZ8rA23omOC4P8fS2z33X3ziCG

Score

8^/10

evasion infostealer

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ssssdd.dddd

Reads the content of SMS inbox messages. 1 IoCs

infostealer

description	ioc	Process
URI accessed for read	content://sms/inbox	com.ssssdd.dddd

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ssssdd.dddd

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ssssdd.dddd

com.ssssdd.dddd
1⤵
- Requests cell location
- Reads the content of SMS inbox messages.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247

Network

DNS

e.angshuwl.com

Remote address:

1.1.1.1:53

Request

e.angshuwl.com

IN AAAA

Response
DNS

e.angshuwl.com

Remote address:

1.1.1.1:53

Request

e.angshuwl.com

IN A
DNS

e.angshuwl.com

Remote address:

1.1.1.1:53

Request

e.angshuwl.com

IN A
DNS

hxyt.yly0d.cn

Remote address:

1.1.1.1:53

Request

hxyt.yly0d.cn

IN A

Response
DNS

yueyoufw.ldtang.com

Remote address:

1.1.1.1:53

Request

yueyoufw.ldtang.com

IN A

Response
DNS

www.palmfunplay.cn

Remote address:

1.1.1.1:53

Request

www.palmfunplay.cn

IN A

Response
DNS

ajax.the-x.cn

Remote address:

1.1.1.1:53

Request

ajax.the-x.cn

IN A

Response

ajax.the-x.cn

IN CNAME

linux.the-x.cn

linux.the-x.cn

IN CNAME

linux3.the-x.cn

linux3.the-x.cn

IN A

120.24.177.17
DNS

plbslog.umeng.com

Remote address:

1.1.1.1:53

Request

plbslog.umeng.com

IN A

Response

plbslog.umeng.com

IN CNAME

plbslog.umeng.com.gds.alibabadns.com

plbslog.umeng.com.gds.alibabadns.com

IN A

36.156.202.75
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.169.14
DNS

e.angshuwl.com

Remote address:

1.1.1.1:53

Request

e.angshuwl.com

IN A

Response

e.angshuwl.com

IN A

168.76.254.205

47.111.5.162:9004

420 B
7
120.78.31.198:8030

420 B
7
120.24.177.17:1119

ajax.the-x.cn

420 B
7
36.156.202.75:443

plbslog.umeng.com

60 B
1
172.217.16.238:443

tls, https

858 B
40 B
1
1
172.217.169.14:443

android.apis.google.com

tls

4.7kB
8.9kB
15
23

224.0.0.251:5353

3.8kB
12
1.1.1.1:53

e.angshuwl.com

dns

60 B
110 B
1
1

DNS Request

e.angshuwl.com
1.1.1.1:53

e.angshuwl.com

dns

120 B
2

DNS Request

e.angshuwl.com

DNS Request

e.angshuwl.com
1.1.1.1:53

hxyt.yly0d.cn

dns

59 B
112 B
1
1

DNS Request

hxyt.yly0d.cn
1.1.1.1:53

yueyoufw.ldtang.com

dns

65 B
125 B
1
1

DNS Request

yueyoufw.ldtang.com
1.1.1.1:53

www.palmfunplay.cn

dns

64 B
117 B
1
1

DNS Request

www.palmfunplay.cn
1.1.1.1:53

ajax.the-x.cn

dns

59 B
116 B
1
1

DNS Request

ajax.the-x.cn

DNS Response

120.24.177.17
1.1.1.1:53

plbslog.umeng.com

dns

63 B
126 B
1
1

DNS Request

plbslog.umeng.com

DNS Response

36.156.202.75
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.169.14
1.1.1.1:53

e.angshuwl.com

dns

60 B
76 B
1
1

DNS Request

e.angshuwl.com

DNS Response

168.76.254.205

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ssssdd.dddd/app_jar/lpdf.jar

Filesize
35KB

MD5
e1ab911d4b585a26aae02d8540575013

SHA1
ac148f7bdf95edddc97d9224ff51a771f1070520

SHA256
8a71fab57b4a03f0b37095daa2eaa086ec6ed6c1c6166ca67c0e0a9e14cc85ca

SHA512
983ec12cde3cbfaffb414b8c8eb17c793bee558eb51b9d5e630f9bd5f312e0ce55622719aad6097a799286c25001212b26d7053e7e110a4918beace33d3bcbc4

Download Submit
/data/data/com.ssssdd.dddd/files/jiepayplugin.apk

Filesize
27KB

MD5
c67ff641314b7710fa8a4607f5c54cf2

SHA1
b1939b0230910611673ca286bb26b307afd0db30

SHA256
6715a6084c989c42dbc007f21084c4c907ebc78355f9b31c1071756eaf61625e

SHA512
9586077b529ea80cb546c342a5916e16fe8982aafad7eaddee0a6c1d1582a16962042133f617f48947e99fa10e1c0d9364d04dcdc60cd35ae3652dcfde44bf14

Download Submit
/data/data/com.ssssdd.dddd/files/yypyda.apk

Filesize
38KB

MD5
cc860a00cae01d4f2e88cfcbf05f06ff

SHA1
87778550a32109a679a2d28dec9ca4e6c0ca19fc

SHA256
494a419030f286fb05789ded096c05326a44fe2ff6708a0ad2e2c862c5d8d347

SHA512
dbe68454e053ff4d494ebf60daa52b856f64b393d37f89a8f91a0239c4ae799f51621b5bb791a497d93ff7b2e8194acfccd82994399f20166596275ccbb10057

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
5ce2b2607db695f19af7df34027ceee7

SHA1
abcd6ac52e47d99a7feca077ebe034858c051ec5

SHA256
62eeeda527bc94d0f143675c127cb0dcdc93e169594cd3d7ac3e90dd277f5390

SHA512
4cead14e9c07e34a6aecc436dc4fa50bdcc345c6312a259d215c75850a44cc59b73fd2a9839e2024a7baddd8c11e3eeef147cfce4328eaafd5c6ae9a9f06ee96

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
ba44db0e19c53dd5f87b2dd70d32d2a2

SHA1
d165977e5a18ae3300fc000c973149e0706e47b4

SHA256
2843acab7521100cfa5daea4df5ffd238fecd66e730ceecd866d617e65a2e54e

SHA512
0dda5722663223605d7ee7f10484a8a6ed3b55ebae4c9e3dc37846b08754045f9eb3b78fe3352742dd4c01973b9f39855bbc18ab514a67c62e0d8186ccb7361a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
4ac62045455108edf05ad089d83b9204

SHA1
8afb19069645767fd020a0ba474c12724faa632c

SHA256
1b1779bdda9b5271d56ec174b374040d9d53f877c1c36d11892da48fff0cff3f

SHA512
307481717f55605bf1b362948ff6eed391ed1c2ad077598dffb9e9b57eba2cc8999fc463fc477bbce900ab4b95b74ea3a0d1af91e20c38763c56d6dae835e2c0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
e723baddc4534e58048b2f86140c838a

SHA1
cd4cfea41b6de33753fa91f709c751e55459263c

SHA256
ab83cf78c8cf741df2dad9aec694dc03437a2b178c0222851b1f06e0d512f52d

SHA512
fe7b3b7a200cd6a9d46417b09ced8b1978c9660a8a5f53b9999a21bbfedbd32508afd5a8c61446de9e2b370a293b92b315585c4047f0578087cc7b751d8055e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.