756cbd2968723de9d5b6ebad42ee5b461d7040ca48bcc55c1bcf8f223dd0d859

Analysis

max time kernel
2291331s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 00:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

756cbd2968723de9d5b6ebad42ee5b461d7040ca48bcc55c1bcf8f223dd0d859.apk
Size

12.8MB
MD5

5fa2083c87cfde4b2d4ba8123a407fc6
SHA1

7d48a93efa5b20741ee94329f6513c0a89c78e91
SHA256

756cbd2968723de9d5b6ebad42ee5b461d7040ca48bcc55c1bcf8f223dd0d859
SHA512

84571c0887512c79041dfd6083dd76b22247eede2fdb0cd9db584382bf50de1595c6b388375a951974aafce71370dad4fde64a409e9a48939b02f1a8fa712ff4
SSDEEP

393216:CKDSmwmLRttR9CRh12FDMJ+Akc8h+rgy4l:bPwIFRoRn2FIJc+kp

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.snt.store.supply

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.snt.store.supply/mix.dex	4268	com.snt.store.supply
/data/data/com.snt.store.supply/mix.dex	4371	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.snt.store.supply/mix.dex --output-vdex-fd=51 --oat-fd=53 --oat-location=/data/data/com.snt.store.supply/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.snt.store.supply/mix.dex	4268	com.snt.store.supply
/data/data/com.snt.store.supply/mix.dex	4268	com.snt.store.supply
/data/data/com.snt.store.supply/mix.dex	4268	com.snt.store.supply

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.snt.store.supply

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.snt.store.supply

com.snt.store.supply
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4301
- sh -c getprop ro.yunos.version
  2⤵
  PID:4322
- getprop ro.board.platform
  2⤵
  PID:4301
- getprop ro.yunos.version
  2⤵
  PID:4322
- /system/bin/sh -c type su
  2⤵
  PID:4352
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.snt.store.supply/mix.dex --output-vdex-fd=51 --oat-fd=53 --oat-location=/data/data/com.snt.store.supply/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4371

com.snt.store.supply:core
1⤵
PID:4438
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4515
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4535
- getprop ro.board.platform
  2⤵
  PID:4515
- getprop ro.miui.ui.version.name
  2⤵
  PID:4535
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4589
- getprop ro.build.version.emui
  2⤵
  PID:4589
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4616
- getprop ro.lenovo.series
  2⤵
  PID:4616
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4641
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4641
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4669
- getprop ro.meizu.product.model
  2⤵
  PID:4669
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4693
- getprop ro.build.version.opporom
  2⤵
  PID:4693
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:4723
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:4723
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:4748
- getprop ro.aa.romver
  2⤵
  PID:4748
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:4772
- getprop ro.lewa.version
  2⤵
  PID:4772
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:4798
- getprop ro.gn.gnromvernumber
  2⤵
  PID:4798
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4823
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4823
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:4853
- getprop ro.build.fingerprint
  2⤵
  PID:4853
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:4877
- getprop ro.build.rom.id
  2⤵
  PID:4877

com.snt.store.supply:core
1⤵
PID:4970

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.snt.store.supply/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.snt.store.supply/databases/bugly_db_legu-journal

Filesize
512B

MD5
b3edaf61451fc4756111fc086a546aba

SHA1
59149f8634d88c422bb037e12e91672cf7e8e2e8

SHA256
0e8d5f055a7dab2bbd0ff00f4be75664dad6c90e4df14f9638776c726e6e0640

SHA512
89719f449bd37e13717f9258127e8dc8edfd603045b730585eae31793af9578257dd25ebd4ede1c1dd4929432857fe5e0c72765b3ae71f068ed90f92400086cf

Download Submit
/data/data/com.snt.store.supply/databases/bugly_db_legu-wal

Filesize
185KB

MD5
6223768d9120c07aa116271e101a66c5

SHA1
6d30caa1198d92d2133e070bbbddbce75fbf197c

SHA256
c6ec8436ec7826e5e2896b289428193a235f060bd6d3743bfc4f1b7745883fd1

SHA512
d3250461dfd974c165111f18d6ff9bf8269280d9eb49ea3cdcde9a3f38a2728199f7fcdd1fafaad43a12429aa6de0a627d0ac25f16fd03b4eb0d63b76307a281

Download Submit
/data/data/com.snt.store.supply/databases/bugly_db_legu-wal

Filesize
148KB

MD5
31db82160703f98f093675b735ad4cb0

SHA1
dd3344c399ae93a74815adeddf290c021387c350

SHA256
9fd5870a2e5308e64bff359ea16aff48cfb3b91473dd245cc65d2abb26c691e7

SHA512
3d7d3c34c6e183e165b9818c8584087086b6dc4aaeeaba275a3e72bf097ed3e4c748ef48f46c2caa4efe3f411b85fe9216e93b66c6a0b63c0854fc34a169ed1e

Download Submit
/data/data/com.snt.store.supply/databases/bugly_db_legu-wal

Filesize
92KB

MD5
39b492b52a0c777c98e78065f7583445

SHA1
b864985757157e39a1ce27b48f892de32598bc15

SHA256
bcc1723636cdfa82fbc632717d9afe792a1894d9398821287bf44248203d5252

SHA512
432ef0e4490347a422457990d2db227e5f626347c96f6d585d9465db094a967dd134671c33e8faf5c0e696a7dacd0608039528851e13fa9d649dcd8886325593

Download Submit
/data/data/com.snt.store.supply/databases/ut.db

Filesize
20KB

MD5
38616785cca0600a03205f84fe330b4b

SHA1
6ac41a6bdcae297d56dac5fdde70be5faccf0832

SHA256
b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8

SHA512
7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

Download Submit
/data/data/com.snt.store.supply/databases/ut.db

Filesize
20KB

MD5
032abb97c02688545e25b4451e7d25af

SHA1
15f8e8010db623d0ac4c9cde6da15ef965a55a57

SHA256
22eeebebd92e66805f52cd59bd57018c4ea856116d38a23c428fa5093f70d2ac

SHA512
7a467b4abe8b428685c40821f8e2c3e481e4064e5cef036b23e389a83e53b66cbc5bde00244bac9c713a45e86319e6afca901701a6d717977ff0070df83bb142

Download Submit
/data/data/com.snt.store.supply/databases/ut.db

Filesize
20KB

MD5
6c78ef1c2484812cb0ab13ba2d73bca1

SHA1
9e6f2d6dfe1fd3c90bb1ed24f2c479ad5e464e50

SHA256
872b69fbfc22635028ebecb035eb0c64bbbb1ee8e8a40392925da6559665fe08

SHA512
627a81aababae61be65abb66d5a6551a8fa0d27332401a42404b236fc506547563110554ac7ddaab672ab0b4f7ecacdf857324aa220618c71da98e2c2c8ef739

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-journal

Filesize
512B

MD5
1f75cf03a2368845fdbd4adfc879f733

SHA1
3a361a4c5891b3063ceae6dadde27855a3e4667a

SHA256
2f8223e1dea6a0627a23c28667ee65c4b50853eedd09c63641b2a81cf88d0252

SHA512
43283980212aa1238de05256229a5df010584f65307d1844f8c6a7a65edfcde878a4126a1ca945cf7cb05b79ff97d8d307703c91c3cbf33dd552e92a77b451fe

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-wal

Filesize
32KB

MD5
0b863dd1c4ce01a77a1920b3adfee029

SHA1
3ac0b5dd6dbe0576f49aa77368b0de0c8d84dfbd

SHA256
b8a04cfbf441dfd6f7b0cdcaae5957fa61e51652cc5b79413515a28c874454ce

SHA512
ec6f11ab325a646c8243a30bbf2f552a66e8cc1372aae9c6b39141ec588a38a81294890b08d1cef73c34a4ed5f3e685e308a00617df143793368fb373fcfc95e

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-wal

Filesize
8KB

MD5
4eb3bec1a4025deb70065818e3bb1c4b

SHA1
efe74ef625fe5adc1ac6080ece74eda42329fc11

SHA256
b286e6710a6bab5c0b088c4f11aa8c1a37424444dc9856be0a451abc6ae1f6ff

SHA512
5153b323c6ca41332004203f9074e9c7cb83e03357238733f36cc32102a4e3f29f4279797905cbbc1a5772808d4d09baf63d3566495ab7bead1e1d728545d1c4

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-wal

Filesize
8KB

MD5
89c24f4fee309fb0f95a05cf009af889

SHA1
422b19682a074d24614eede4912d4874ef0f8b92

SHA256
63462c91d90d1a00975a9fda24a06683ffcd58728f72a9d6d4fc20273cc56ff2

SHA512
f91ec77224b03e83ae29255651276199e2a664e98928a4e909ca877a688e27f9e6abcd640ec217e94411cd3f9770cc0d63daddb5c8dcc15422a5b141e3e71ff8

Download Submit
/data/data/com.snt.store.supply/databases/ut.db-wal

Filesize
3KB

MD5
f9746ba1e475628a6e2378f75646febc

SHA1
8dcad901dbcbc44b79b0137b91861852073ae5e5

SHA256
f7b7c0c6e2d7aa53dc466e2711d28f779498d030f06921d514789c8b84b6094e

SHA512
e887e79e4e1ce83ded873a9423a4ec336b2f8248b79d10cdbc661db662ddb340b79bfc4467530239b89e521ce1fc49913291d47f1f36f9af219a8014ac19fd9b

Download Submit
/data/data/com.snt.store.supply/files/com_alibaba_aliyun_crash_defend_sdk_info

Filesize
222B

MD5
89f8026df0cc2879b62141ee83b45c20

SHA1
51863e2845d7fe465893aedba6a003e194bd0a35

SHA256
c138015ca8765d260512bc4fd03f1c7c114ae183fe73a706dd215c542b6bc1d7

SHA512
09a53fb5d5509a3a67380977abc6e20a0970a0dc387f6ecf4646e9df837124838dd552a54cef2e016fc05ebb1e3510d229038b17f5b48a632356e2b12d538e36

Download Submit
/data/data/com.snt.store.supply/files/com_alibaba_aliyun_crash_defend_sdk_info

Filesize
222B

MD5
df21b227deba040cf0b040d0e65e4440

SHA1
a83676d8341a2ecbf72a0081329e0cb17776c1ce

SHA256
5b01d57011d37b1696b648854a857864d6458647e7f80c30ac580deaf6128007

SHA512
9703d6f599af75e19ac4542e4ade16b8fabb637477cdbd671dfda039364e649e41eba967ee5aef0c2a0055e70e5281fd9dab6f164c124b9a96ebda0f27b89a40

Download Submit
/data/data/com.snt.store.supply/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMDk4MjM5Njgx

Filesize
1KB

MD5
82c7751cf48046cc79a4b12d847dc7bc

SHA1
e3ec23b06eb1524bcc3fcfb5891e928cd096ebaf

SHA256
677f0a6623e3d25dbc2b73873a42c61e526d843fe33fb870124e1ba6619ec8aa

SHA512
49d6af315a51c0f908ea64d2c7e5aa5885ee364c25a51327c8646002b62ace18e826ebf08a83d3a6e133275ff7d099fbf5edc011a7366895967fc6d6e1901e74

Download Submit
/data/data/com.snt.store.supply/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMDk4MjcwMjIy

Filesize
1KB

MD5
c85016e42d3cd333d8faaea5853b2c45

SHA1
47e42e96bf8c22fbac795f5ed7cfa72e1022ef1a

SHA256
8c39ad4babe71e55811c354fe2c97d8cab47ada94218ad0a7a7c3e09bf225380

SHA512
86348b6cf90149a7990890579505b05c2ce65fbb9315ca5d0104a48b9517964470c58a228dde81c729db4efb92f60427b03ba68df46759aad587e1b316869f0e

Download Submit
/data/data/com.snt.store.supply/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/data/com.snt.store.supply/unicorn#cheese#

Filesize
677B

MD5
30a7e4b49958cf5d668b865b749009a6

SHA1
d4275f039e2aa64b3d9a15a88c377d2cb45d874b

SHA256
188839f0dd7516659790fd15427d648946a6da43cfc15a92981b720c74089396

SHA512
3bec332e8a0a71f57211523bb9bd69f1211e80a79e743c98e57d3e76b56fdef41e5f967f31918452605b78fdc5646a831b8a6ebefb87d80035212d2a27e14437

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
7c81fa8c7ff950dbbc577582af1a0cad

SHA1
4557b38cc3261259f7b2a04f71420378593b9cd5

SHA256
15a3b389d33bb34f3d2c175411d6301f319593c861229f03b8bdba1693c39ee6

SHA512
f3c9c1391b8bc91c23c3501496e921337638a5f180112a3f3166a19df74a558009795a458ecb03e30e38b438e26210058775ee23f0774856e04a3208001b0505

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
2c28ce765790a15aa5ee019cf423fc0e

SHA1
916c19358cca9682f55ee6a737cf8dc90c38b8c6

SHA256
0443a032607de0ae7fda8cd13d70e8772884b12585481f731f4397b6c7b94e4f

SHA512
e0b006b7241b5140d6c8fcc41145074db997d0fdc85680ec3a70904e4a2a36afaa8ac8e88d2961eb3a944b29f6e76cd35c78d4c259ca981575097b445d4e79ce

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1bf39887768f58e2bca1ccf2e2836a8b

SHA1
217b9aeca0bf955b0850dc41a9c4332a89d4b728

SHA256
ec4389b94062760bdf6679a72b1d71b6ff18d91e1484a8aa7b81474f40b4266b

SHA512
4d0f1f1499083245d2c80fc743ae59546aca80fa7addb1a10b20352e1d13189cb29d287d841ec671c8afc8ebec04ea0e318b6c7e87de5d417896560917a94aa6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
8d7bec097e69fc8af5db6695662bfa43

SHA1
ae59ab3118f33d1b85724c7d5215438533e810e2

SHA256
183c06423a533a040a7c1f1c576ea8bbbbc64110f2ce951d3488cb5fcc82e126

SHA512
767d0a0b2af51b216cbe7c29d97d7408a2c46646133c26412d6ac2b237a531dfe1a5b8f69a73a6c1c465e4bee665a8e6cbe20b7c390cd61e3c971a4ac2f4746b

Download Submit
/storage/emulated/0/Android/data/com.snt.store.supply/files/com.qiyukf.unicorn/log/tmp_u_20231220

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit