72ef2956fe34ed61ad990cdc14d70d66b9c2465e0020f8aae8821334acf60300

Analysis

max time kernel
2332099s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72ef2956fe34ed61ad990cdc14d70d66b9c2465e0020f8aae8821334acf60300.apk
Size

2.8MB
MD5

0e46f442d9d5853ca9bdca515a435870
SHA1

7c17d94c2afeb0d446fa18c496136eb7ad77fe35
SHA256

72ef2956fe34ed61ad990cdc14d70d66b9c2465e0020f8aae8821334acf60300
SHA512

b4baa735665997e8daf919eeaf0f07053e5b12122b71e3fefc0114dd5c5b1c82fc14ace6c799d1bf7aca86c38c61a5d44cbc127096f35b27dd03b26925f0d6d6
SSDEEP

49152:Z/QDY+tv3jWe69TEIPJGhOucFsLSg2s3wvtSjxmdlIHmNvRFmfeT82lpgWYQgfr7:9QDp3SRzPJG7cF3o4SjxxH5eT82lbgff

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 9 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	cbffbgbjea.gbaecdehec.bfgecficec:Work
/sys/qemu_trace	cbffbgbjea.gbaecdehec.bfgecficec:Work
/system/bin/qemu-props	cbffbgbjea.gbaecdehec.bfgecficec:Work
/system/lib/libc_malloc_debug_qemu.so	cbffbgbjea.gbaecdehec.bfgecficec
/sys/qemu_trace	cbffbgbjea.gbaecdehec.bfgecficec
/system/bin/qemu-props	cbffbgbjea.gbaecdehec.bfgecficec
/system/lib/libc_malloc_debug_qemu.so	cbffbgbjea.gbaecdehec.bfgecficec:Daemon
/sys/qemu_trace	cbffbgbjea.gbaecdehec.bfgecficec:Daemon
/system/bin/qemu-props	cbffbgbjea.gbaecdehec.bfgecficec:Daemon

Checks known Qemu pipes. 6 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	cbffbgbjea.gbaecdehec.bfgecficec:Work
/dev/socket/qemud	cbffbgbjea.gbaecdehec.bfgecficec
/dev/qemu_pipe	cbffbgbjea.gbaecdehec.bfgecficec
/dev/socket/qemud	cbffbgbjea.gbaecdehec.bfgecficec:Daemon
/dev/qemu_pipe	cbffbgbjea.gbaecdehec.bfgecficec:Daemon
/dev/socket/qemud	cbffbgbjea.gbaecdehec.bfgecficec:Work

cbffbgbjea.gbaecdehec.bfgecficec
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
PID:4248
- /system/bin/sh -c getprop
  2⤵
  PID:4350
- getprop
  2⤵
  PID:4350

cbffbgbjea.gbaecdehec.bfgecficec:Work
1⤵
PID:4284

cbffbgbjea.gbaecdehec.bfgecficec:Daemon
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
PID:4498
- /system/bin/sh -c getprop
  2⤵
  PID:4564
- getprop
  2⤵
  PID:4564

cbffbgbjea.gbaecdehec.bfgecficec:Work
1⤵
PID:4795

cbffbgbjea.gbaecdehec.bfgecficec:Work
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
249B

MD5
c50d78bd46aa55d6bc89bdc92a97dd9e

SHA1
53ba0785c056446a72bc8f9830bc4ade76fbe6f0

SHA256
aa3e2f955556006bedc8c5216e993663884a697066d7a0222a7a1fcd9267774a

SHA512
b6d55d5de55617a2ce5b4b23e7eb8d84529bafe7e3710cd8224d66a2119760047b2657beaf9f31b5b3653e9b3214e9543971b564ec0d690cd7348a8d073f81ab

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
249B

MD5
6ebfd1668f62c68b1d3570208c78f9f5

SHA1
2bf3f995883b26a4bf06c0847430ae9c1923297a

SHA256
3eab75211225ac861ff700f70020bf72f39757402fdf9eb7c40509d09e1605a9

SHA512
397743589097518324edc67a4541d6246ba184a6ce6102b7d26515c390c6911d5121841d0e954738c4b48709624082bb0c57e482273ab38800966d4517477e00

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
124KB

MD5
0cff70c60fd60ac062742758f1985183

SHA1
297e678d2ca3c7377271c3024aa8bd5207c3ba3f

SHA256
70a0b75da3541987d0b473fc4aba4a7fe3d5356f5b236e9acf6fdfb3d7b2abfe

SHA512
33852c8987470972a0bc9972de4d41321eefc0eb68a82b77409010b4a7b69ef77ad42ca697af02664204d96a7c959ca1a0e750eb6676d2427f7fcff965aa092c

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
80KB

MD5
67cc505170a1d90ece55246c03de0d0c

SHA1
74d07e9049c41d0991110cd73a17b4501133a45e

SHA256
641ba7d0bd38379660e0f4ae3650e66c141cac8489d7af37504c2e6604a0a872

SHA512
399f24c57bfe36c470e0ac6f5c46e3957b2949dab207b9d764375d6e8224970176e71afc490194b50b85e0bf7edc18104ce0d1d6c6dc83b98306c2b205a92b6d

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
260B

MD5
c7e3a5ae2b9adfd42e447ce66e46ac7e

SHA1
1e9d2d09b06e8911a5b140ea1d03fd1bdf4dc275

SHA256
5c092cb83fd61147a2d8d7ea5d65913851a5965fa6d9e1c6a065dcc367fa4157

SHA512
4c5dd2cbebad2aea18797b0add170eeeacdf64c69082a5e1cdf69c8a6b632d18a13d1bea4f0a3871ce7b2638a5c87e175f7a9924eb0ddfe30a49a8050d7a2f9a

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
260B

MD5
53c5e4e0273d56e8c2c2956cabdbfca8

SHA1
ce984cea53217d65edec646d3c13be27f4dfbad7

SHA256
13bf3bf0d09170a4b6a4bce15bc8cc6263d7ad7ea01fafbf91db7549d55defb4

SHA512
07537ca24a4fa2e221fdfcd3d87aede1bb900fe6eb45c898bcc421bacf29054851d1b77932616568dae1d662d38109a4f7acee54e82e79f8104fb89a229d4b41

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
260B

MD5
8c2226d19370ca8731477e959186f5ef

SHA1
1e80c911a93f5637e9fdd528358467b2d4e366d1

SHA256
21a61557eeb1cdbb1b329986a76659a3fa7fe3fac4206d3f1ce6e60d518a7e87

SHA512
26ac7fff80b6c01dc0388c72d2f80aad9f2b76ecf9b1c4b00b1d41f7c9c14e1e46f006308df7b0f73499381e5d6572d0795c2479eaeabc9b3728ae1b942c57d2

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
260B

MD5
d93054045c69bd38fafe0964e82a9452

SHA1
254740ef7788a43a9e0b90651957a7023c0fa165

SHA256
82fbd1e779bd53ef7123525c7a02fbff5fffc5d90f14d5efb88853d0b3ab9873

SHA512
8b13326285c1740a8efa915f5502f3975a0829acd058282e42a627c48b3433eed9d117cb78824afe11a52214cdae7c00ccb7b582b78b9118047adb5aaaf9802e

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/app_crashrecord/1004

Filesize
261KB

MD5
db8f0b0e972e6f410369a85f3e4956f8

SHA1
3853b85d8ecd527a8126611f1b88d770fb0816c8

SHA256
bc36ff5f3839e9374d96d72fb2e66f73019ae12f5d13b284244f16094896d03b

SHA512
af8b6d74203c94f9bba09e16ae1469aa433e06b9df68870d718b196a96d6094f4f85b64445c0ceaf3afb8900e2206f96d9b367649361e807df283005411aee7e

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/cache/tomb.zip

Filesize
72KB

MD5
5660ce1b3ee738602b66fa0af9472c76

SHA1
5a3f53311caa443cbb635d82ff228337c3f8f5c2

SHA256
225e4d0f4de0f72a873306d2d2a627e81aaef245198fd055ce07eab8aabfe561

SHA512
193e80352c9bcc13eab5b76d46ed0180efb0673aae4876d32a678dcaeeb443fb18df4b6cb5c7c792241d22706fe9725a84e6c64e59ef05dfa421222a6738e2d0

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-journal

Filesize
512B

MD5
25912f5fd3e5b19cdc46e882a6fa6210

SHA1
6f52b61a32d633c32b297bb5fdf2ce0e0be48127

SHA256
fcf5f482d0e09dee1ad8c11489c7e7def7379fadfcc0d0e6b2e79fb16f86fedf

SHA512
8cd0996f5c180016c6c004cf017d585272ba68a726e22cad0cf8efde38556737de8fc5c13623de0de6eb0c410fba0044a0f640bcaf1f62d3b61290039d5fd38d

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-wal

Filesize
76KB

MD5
6f380ea2ceaacbaabbefc2f8311d0eac

SHA1
58380d3df9a8a4294e4991d9dd6c79ceb15d120b

SHA256
cb6c4c7ae4da7ab9d876c28fb73f9699731c1a4fbdc1ebb0b71322391c7c84b7

SHA512
8ed0c0e7aab68899831342d287ed4cd5273bfe00f2dc26fe5c689fa19a88a53d78c2e04ca2cf1c2f6626689a70c5d3c46e318fdab3eef9899541322c883a1b3c

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-wal

Filesize
84KB

MD5
abb76ac2c536f2c5468a76f83491abf2

SHA1
ba67125d8005431c80523816c027e9919827d85c

SHA256
811c5d0d0e05358bd5b6b448b5d93b502f9a22f8a0d9c360a6fdb2c91a82680c

SHA512
193148c700bf64b91fcbf5dbf75a1ebe50ea9da7fb99a41dfca74f1e78cf189fc3cc5012abadf14c7f02239a1d00e9116d5495d90ae7dec245841b96168c4ad3

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-wal

Filesize
140KB

MD5
49be4c95ec04deeb65bb12cb58f02f05

SHA1
75309301d72949e23123a0a339714c5d9d5484c1

SHA256
cf7247704a149a4fcf2e3b403b4324c694f63d87659384939b7e920026050408

SHA512
f913d7a25de6a834f0016003a486ce6d468702f0c95c0c248aa4e33e31a8784ff3a47fb58601f4cb837d1ce508a654993042c84e408715f5c7a4a824051fbbd1

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-wal

Filesize
265KB

MD5
21171ce258e7cb50f1499e3c68049117

SHA1
96c34a857692bdc458043511eebea1a4d6bc35c9

SHA256
5e2683dbd8f5192eb5a3430648e554bf1f63a31dafa2ebe479d2a1c08aff4566

SHA512
b80005992017d7f2788d6c563b6c951b17c83ddddc741740b13b60ec6130f599b9816e07b37496cb92a3e89df0d1d7d0448e0a40dcf41300aed6b105327df492

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/bugly_db_-wal

Filesize
277KB

MD5
dc7f00438d68fa708ae84eb496b9ff59

SHA1
53dcc08de7e6e06022022b5bfbbcb54d76531955

SHA256
c44c2b82cff9444dde3ce85e05204ddcc6ce6d8071beef3560d66d23db860ce9

SHA512
36a347f6c25ec79624e1c8ab5cd145aa53995670295f3e6214cf8b075d5f5fdedf8ab32a9d81f9ba52f7aee4fe70ca4c9c30c52a60b873856535a65c51d744c1

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/tray.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/tray.db-journal

Filesize
512B

MD5
f77010d2c1328ef0d82ab2861924d7b0

SHA1
a1d3f7549296689665a1645c6af47e8c424c4819

SHA256
5c7367cf786f9ae5d721a6c80db64f234510c1d369146d8898687775f19d9503

SHA512
6c9823f06fdc3aa5dd5280993e4032fd6d64ed5e63b5e24fd89db448865bbba5aa627ba8e9b4d2293df4d4a2920da5dd4ed84ad76089e8e5d97388b94b1eaf3b

Download Submit
/data/data/cbffbgbjea.gbaecdehec.bfgecficec/databases/tray.db-wal

Filesize
56KB

MD5
f1701aace2296e91841f39f3e53c8948

SHA1
81d52383c5e386e5f4a1ac6a56094bc168bbfb06

SHA256
27b1d81bfa63a51436ca60fc07f97aa4a757cc0d85501eef8e03989940bc6347

SHA512
8bc7fcab513efff717858775407ea479a0704edcc5ce70688377390c2d70f8f7ee5d6afc386ca9c53c4148b78da3609adee8ba146f274dd075396d7567e7985f

Download Submit