71f4f544d0e3516c8ab7bcaa6808c270f407140254155c78b7105a65571973d7

Analysis

max time kernel
2325283s
max time network
145s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71f4f544d0e3516c8ab7bcaa6808c270f407140254155c78b7105a65571973d7.apk
Size

8.3MB
MD5

aecda86eb27797080be91d386f661169
SHA1

f4f982caccf915d25e69fb677eab9ef7de585783
SHA256

71f4f544d0e3516c8ab7bcaa6808c270f407140254155c78b7105a65571973d7
SHA512

fdfda2b1011c4ceb70ba6a74245862206b19ebb35119fc2e022c6b554dbe11410b311527de72f31890202367d2e60600736b4160c9d973aec056440d5c97eb07
SSDEEP

196608:tjMA6XUWAtiSE0vno4IBtxhLDSNWAtiZSlRmw/vUcYCjEF7I1iF8La2:tAA67aitklRmwJyF7IMFEa2

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 9 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.appbyme.app144955:remote

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.appbyme.app144955:remote

Reads information about phone network operator.

com.appbyme.app144955
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4255

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4375

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4444

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4512

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4577

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4645

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4717

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4809

com.appbyme.app144955:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.appbyme.app144955/databases/dzForum.db-journal

Filesize
512B

MD5
ba9eda212c8942d1437a4032b77f6e8c

SHA1
3033da9436fddf8266a0c3ed20cc5bda407951cc

SHA256
3b51ca9909eccc665e3aae98eef131d74be0c42f45de27d2d06eef9126daa7d2

SHA512
c0a1620259d50c1b3b98cf1d4180483c577dcb029ff9ce8184babdc0d5fc74cfc1af8c494ffc132cb069deb6d32f2d800529f56e0aeacf5837597c7e9ef3706c

Download Submit
/data/data/com.appbyme.app144955/databases/dzForum.db-wal

Filesize
16KB

MD5
740e9fa41e17f6d003b0d123ede28619

SHA1
09bcbb50cac0d3f19e1bb08fdae27cd3d9eef5e4

SHA256
ae964e51dce736e804f49478da941d90e65600a1a8f6c8773529ea3068baaec6

SHA512
0752528399a7a637264bb7a3b5d06638ee2f69f605de0f726cd27118834b256deb419670cf2c3714ffe3c7f0ed2d76b9024866ff5b02c41a8269e3796459b457

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
20KB

MD5
80501478f3ab96c6fc2788fb0f662e9b

SHA1
6810e30e31e42672c9bbc7fa6dae5a701f043f86

SHA256
005da06aaf5715d91bab8b67b48314de7cd38b7d7af7f6ce9df71809ec1f7ecc

SHA512
728a0f03c9bb437e00ccf5d874312177987d33511e0ba837e3ba2062467dad278ec95d38c4ec48519e1ac7283bf6bdd3bfbc430f38644804cb7c5f1ca4df2c66

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
28KB

MD5
feaf6ca68c7c4a03992894c043df9a79

SHA1
a0d1b0882b77edbbfc3e1bcb13d7e7d763392f4c

SHA256
7fb9d5cc15695973be5059092e8d1df97de8b2844bc2bdc3d2807168a5e691e7

SHA512
891ccccd638463bf7d14be8144e52fa8f678f8c7017bee3ecba8721e7e51fedde953d5de0a9dba24bed85fce6428ed7f02fbdcf62b309ce50d55ecff11095be4

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
24KB

MD5
5a1d3c5845616b3ddff07eb40cd6b023

SHA1
49efdb46117d2b3d6fb2f61fc4e57a5c2997cdef

SHA256
611345bc803480c978ee460bf8013d3fb34a060d65959a4f06161ab1eb99eef3

SHA512
223a4d0a97f3be7e26e5795a41100646102da1d33823c506345dd5c24b25b30effffce25cb61fcd852292e2932601fa96f506fc19d478cb0914c9082efa2dbf4

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
24KB

MD5
cf9298641977e163a1236cc77fb099d8

SHA1
f5b7cc2d5bcda9e33f510835a3bad695af356346

SHA256
63108803572309884841d9186aa9a38e68a9720842c3ae73354bd4a9da5127d0

SHA512
c62c5158ccdc3ddde94f9132789129bfcf8bde229fa1d966898b4778276fbf41f0d4ef5dba8a1a6d1f583a10e0efdc546c42a0db8fff2dcca8c3b2a5fd55bac8

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db

Filesize
32KB

MD5
888b7c5915fb671ce0de0119b6346a04

SHA1
14a179a0aa859b4f46d671f788ff0d9ff43c8600

SHA256
c80a1a92ff92e2bae9dfbfeb321eecc863e04de51586aa24477b8ce8ac722295

SHA512
1e0a34a2c8928d7eace2bbabf7daba34a6e3b7bcfcfdbc1dee95a58c69d6f2fd339b588f6f923d4a62052bb80599cbd4af52e289e5e1566a990802b3c658d24a

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-journal

Filesize
512B

MD5
f7ccaf374f83627b9b9d53fe8fc86f02

SHA1
9c92c31c0350036cc72efbbf60a404c33fb06c07

SHA256
85b0a53bfa5a2f18d7f357d1b73b97aafcf8be226dd4b677c56d28527893a3f7

SHA512
85e75dc94cceb564a8307d86d8eafdad5fa553dd3617e67270bbbbf5d8865b6a2690646836eb6a1a549ed9d5978321f49da7b4e91007b859ada339007c4f20f8

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-shm

Filesize
28KB

MD5
d37dcf38275993284e45ce331275af1a

SHA1
669062d985d279ed5081efa5b5fdd6d7c1793ad2

SHA256
ce06f827ba1ddb859a2c63553401898e5d8c93778e9251e4a3655929d5419a88

SHA512
e142506b6b5d5f6cfc25c410ea4434a41940288b252a84533429aa5fd8b8430230a44424b7b078108c3a5e2a44093283d6f4f1139d9cb01e8d810e1e55ed0f1d

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-wal

Filesize
8KB

MD5
d12b581131fb39ccdbb0681edb5ac7f2

SHA1
515f2ec1a96a90a14d00bea18e8c3605ac5b7b30

SHA256
cfe146c955ffed21df002283447f7013ef1a9d9fb2f483a4c5798cff9815658c

SHA512
8cacf9e407fd81fa6f34ab5d0b4fb7928a10ba069ac92b6f9fe058e75c2a96aa3847b46642c8ab4f99cbcd3155a32a686f00fe11b854a849b3b87fbc52e86ab0

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-wal

Filesize
8KB

MD5
63605bafce01aaacc0d58abe421a51d5

SHA1
213de7b604976456511284d707f78aa2fbe0b66b

SHA256
9c01206544918e75d1e20c85fed7fa90999b40b475ffd01c59fae5f955e3ab2f

SHA512
c62da97875f52b20c0f061f425da72af79b31d35df3470d643f8a637c35613f2ffdd88e7fa08563734961b14b22836f981d261b30dc9932a256ec818a77a883c

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-wal

Filesize
72KB

MD5
df4d6436a89c4f344a52a23d4edca4f2

SHA1
af385b5eb1b272b04d50b5b8af2774c6ef1e17bb

SHA256
9e0629ec4afb990342b9f58cbf20e06ba27bb15c8734fba8eb45e0b46ffb038a

SHA512
01b4b7c4971a3bbb81266aeb3919f816b3d1ccb2550b7193426277bf15f546b96437d7cd6e02cedb88d46c2c70ccf6217998411b679063d3064f1270be1d4f70

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-wal

Filesize
8KB

MD5
2a9c4fa423bb2040b74474fd9a2758de

SHA1
080220eafe352f61636f668ffd070f1ea08e2a43

SHA256
13a95439ea28031f744add580c670bbe1695fb1ec781acfde38edf298e93d391

SHA512
388fca62672f50f9393f89b8ce106073f908b3e2aa6ab1ea1a4fa7eeb952163705ffbb5ede243de33942b392a711e485fb2771ac75458a02cabfffe571f8a2b6

Download Submit
/data/data/com.appbyme.app144955/files/TDtcagent.db-wal

Filesize
8KB

MD5
53d7eb0307755e23fcb668d22755097b

SHA1
c2ec014ce0c9f5c7ad6965610042ccc24ef2c483

SHA256
08459e650b7ab233a72f9a104b84d34ccc4c5a77f9244ec6344cd22d0ba03800

SHA512
b5ad3ff22101cb40323a2ba06c060bbbfbf3ce87243f11e472da24b7126a60f16dea3e31b8594859e1bb9d8d4da1dca55140fe16e779699c9e3d9627174b7775

Download Submit
/storage/emulated/0/Android/data/com.appbyme.app144955/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat

Filesize
28KB

MD5
f285f0866037c420be0ef4ea822bcbed

SHA1
38431531e748cbebada201e0203a6432310dedd3

SHA256
d1e80cdaa2b97f48bb123d5db89db28b300090242128852185956651cc545fd0

SHA512
402992bf0858ade4dc7405eb6bbf956508741e6f4ad7c184d9f1fc183ed32031ed538a810ca27fbd52d02ad8fc07bd5fb307d78e3a721e5454722c127ecd6d18

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat

Filesize
4KB

MD5
c7c6a9cc04e201cc4a15828951ec2fcf

SHA1
f1ac8bcda11e174368dc27ee1d0f22d2031c22c0

SHA256
4b50f86da94b7a24119a8ba54448c239d5912cacef5be09aac619cc4d6f63f7f

SHA512
e3c158b93f7ff48102f46d5fa3b090304724d751459ac507e3f0400c2fba7897ba94f3b8497c757dddfc01118b0940c430650d451969569ce4f7dc2af1876a2d

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
32KB

MD5
f89987220d4bb0bd9045ef8211f905db

SHA1
b420d428b18645bd736ea7854394b07c8c14555f

SHA256
b49e81391bc36fd27891a694ef170adc14ac6c0f2af5ce9a823eee29fcc499b3

SHA512
bac4a5d29ace8a507b32333e15bdc646e8d30193a903e886db7fc7974453194eb0639fc0d527d42cebbcb2371bb9bc234357cd7a5238271d770da0431ee2c8cf

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
b94c39f281bee3c39d14148b05ad671e

SHA1
1deda14a05b698431a57a57ed9dae9c2175fa87c

SHA256
6f50854d48268c334d45f55a51590d0d5ef691de26e33816111e75d847d40693

SHA512
90f9e3cea70992806bc58bf8e73ec514a2de345902b4e3224ce1c52d06c4aa09ed9d33b84bb0f3bba43446f35ef827323df84e116b63e14378e22c394680dc96

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
72KB

MD5
d57d34f9eadb95c3238a04e5b1e10916

SHA1
38dc1e073ad695631fc82e04a4bf2b03c8a92836

SHA256
136a5e49238e8264de9232c0dd24db2f4ad946b56fa0b981bd73be90a75c9946

SHA512
ec3bb2537e5472b0b696b6a4d71a71f0d20ef292f0133cf8e643fb66f29b234b8d2f9613208d6fc0f72796edad6d0bd0b6a0dd77310b5dfd9acff6d1c5ff2c17

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
32KB

MD5
6ccff6e8ce3e10c44fce1d5fba7400ac

SHA1
369bed9a9b9e4dec61ab0b4c172a5d3368dda0d6

SHA256
9b7bdba6daf53fee12f85e6fba312c5389c2fcbf4dde49d00f39816bd3865fb9

SHA512
2b99a82c14827f21207a0f1ed18dd4259e04410996b84abcbd62745b10df5f0c5d5e86e3d698a21ce9a9b9051bf711fb9e1e1ecb55d13691a85a54f60ac59d12

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
120KB

MD5
4667b2aec98993ab571209e83535e033

SHA1
948b93943d4939d2dfc4b45e776a32f50d650a5c

SHA256
9f0b8effa6de990774f93c5aea67a39ac0eab5b26d7fdf1e574cd0d04d468512

SHA512
67e6491d7358e804662125c53f163be857f321f8a39812521a2b110513404283a4f7d449c3d8fad5e7d5619b1d805648088bcbd97d1c798f8dab58c109fb2d5c

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/baidu/tempdata/yol.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yol.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/yom.dat

Filesize
24KB

MD5
7fa89a648f8694a75281da7271200e35

SHA1
213366552a50daaf99490ddb93109d9fb4a8d1c7

SHA256
c6796656713974fedfa2fd48191062656946259ff2186edbd00415e2d6b7c2f6

SHA512
3d9d81f888a949379e8a8a76e765e168bb3803684ebd5c3b2c45cbd3faf5d6fb2150b04f0b602a544084930b0b277b2e4f7b095a42a94342f70efc3ff2731e50

Download Submit
/storage/emulated/0/baidu/tempdata/yom.dat

Filesize
8KB

MD5
5c0bd1ab5b38ab150b507cbdd0df9a75

SHA1
8941f47f3bebb11fdcef340d41a0b2eb3cf81fa4

SHA256
a43d9affd287ee54d288955953eada663b4023283dce75e917dd13ad03ff66d1

SHA512
3387c4f4cecee7f13ae2c795cc2321d6fe2c8cc94258c27c9fef7d2b65560a0a27f894670f95e61f232698bac4f7bf44b7bfe9d2aea5a0cf0dece132ecd36c5d

Download Submit