75a4783797359dbea416f44f392ddf3349a927d8f56d3a99e7b67fd3bd28a854

Analysis

max time kernel
2276958s
max time network
162s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75a4783797359dbea416f44f392ddf3349a927d8f56d3a99e7b67fd3bd28a854.apk
Size

18.4MB
MD5

18ef13f8bc0166932798862cc9c5857c
SHA1

2bc500c9383e4b2c54d282d9b9b6458e6120794c
SHA256

75a4783797359dbea416f44f392ddf3349a927d8f56d3a99e7b67fd3bd28a854
SHA512

5220c66c5e271dc7ff50b748cd9adf7fea9abe0890a0f9ca2d92864f617a9a1bddb08b80a46674996e268ff4e783172fdac3bc10a44ab726ba1d3a38cba396a4
SSDEEP

393216:eDiIPoYEph3QpaKL/ybzj7bKPnuj32Z/gGCu06Qv8X3WaD47q7sAU+BQb:OiIbCh3WKn7bPYPCufX318CQb

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 2 IoCs

description	ioc	Process
Accessed system property	key: ro.hardware	cn.com.nbd.nbdmobile
Accessed system property	key: ro.hardware	cn.com.nbd.nbdmobile:cmf

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/cn.com.nbd.nbdmobile/app_dex/Letv_Ads.apk	4603	cn.com.nbd.nbdmobile
/data/user/0/cn.com.nbd.nbdmobile/files/cmf_plugins/apks/cmf-native.apk	4603	cn.com.nbd.nbdmobile
/data/user/0/cn.com.nbd.nbdmobile/files/cmf_plugins/apks/cmf-native.apk	4712	cn.com.nbd.nbdmobile:cmf

Reads information about phone network operator.

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION

cn.com.nbd.nbdmobile
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4603

cn.com.nbd.nbdmobile:cmf
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

Filesize
512B

MD5
4ce79253cfc3d4d1ce6456f2991c5305

SHA1
79986647a9993ea829b3724dc03125b83d028d88

SHA256
20c0228eb95a5b23205f085be98a99c19efa29181892ff31320565bc1656d0f6

SHA512
83d3214b8ef4aff2ddf074e28e554e8915e66bd0816218e480c3293eadfde43bc8b07549549bf1dbc9a3ba671c7c83bc83b551af535fcfa7e4fd90e05fb0c906

Download Submit
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

Filesize
8KB

MD5
c2906968d50c90b65fb4b6dc3f71f9c6

SHA1
2ed896c176b4291cd1ae58d0c2eb303ffbf38a54

SHA256
6f64e8a316fcf945bc31351c2452fd1eedd0fe029ca7c37fecdbe044f24edf46

SHA512
a5fb742125fb65d5f364b2dc30ceb110028db92edac29caa330abe962c97bd5a289d516a942ef24f57d20fe5f3d011932fec8405cf199b1c9a135dcd1a8d8ac9

Download Submit
/data/data/cn.com.nbd.nbdmobile/databases/cc/cc.db-journal

Filesize
8KB

MD5
c2c909b6497e344771153849dcd9324f

SHA1
9ade6726c222ebb9e1ccc59c28d792fda229720a

SHA256
70c1c480f6f175c623ec61efac9b16da3cb9c42736ab2ea86be0b61e047564ff

SHA512
d33c939ab1cffef16eb374d391bd9e3aae57e01dfbed4b96ca59efabf6539a6ea6c8b6652e2fe4978be1f4ad763f7c090fc69c35d9b47ca577eee8e0f7c1040b

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/app_dex/Letv_Ads.apk

Filesize
128KB

MD5
315c061bed457196cb76eea4b2ac0377

SHA1
af1ccae589339471e25f6d2fa4341c2671b2f6cb

SHA256
1ec6000b8ee7018270020980060b57f6bf802a90dba3808a6a670fde772224ae

SHA512
770aefe2405af127cdb1dcdea1ed8e3bce70f6b30ae7b554333e1444430a4c347b6b81e0b545c671ed69c3ecb9df1e9c5c06021195d67de228737da225b122fd

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/app_dex/Letv_Ads.apk

Filesize
155KB

MD5
4adb46da94a4556f2e1a54a695a00738

SHA1
00487bd51f7afe5322935197ddb584bb6b093145

SHA256
3b69815ca341f5466798bfda4d13e569917bc675af0a4b16a59df9c431b52b59

SHA512
e173bd13c91b85c2a4c7203dd42bc36b5a19b721937863dff6e8246acdb2829f12a586f2e95be1d5bed97d6f16faf3ab5e222e2dc64b92722d09b6fb5143ae24

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/files/.um/um_cache_1703083925025.env

Filesize
1KB

MD5
f720625bdd396b2b99fd216f5f27a1f0

SHA1
8092b1eb445e05a375b22cd6393091416ce7c182

SHA256
1a15875bca2c857e80882d3bfac8ebac308e594f594a6a5ea23d9d7962221aa7

SHA512
22220bea53fe133f04c90d208d1e0b24d0e6205e351978a0f3461b45249a4bda6286e42d48e318a1853331ab6840635995bdc586b9c43a37082dd8165622d98c

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/files/cmf_plugins/apks/cmf-native.apk

Filesize
226KB

MD5
a330fe81bde46ab1a1fa8fc566a04453

SHA1
f3a8aca2dd6cb836b0ad73db8720d4d3adefbe73

SHA256
5dae4d61ccc4bf7b20dad475ada1c0826416ef5fe771a55d5bc5d08635171811

SHA512
e579c2e1119c41cb236f994ccae6fba5e6a2a7a160804f1c889f072c8a9d0cc96f2a06eac53c72fa6043085bd486e9a5637eac63b69de9f9b3d3a0ea59a56c44

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/files/cmf_plugins/apks/cmf-native.apk.temp

Filesize
1.1MB

MD5
ff14f8e72feb91fffb935582b68c2ab3

SHA1
c05248f6432ae51f8c31bfa964259d12714c54f5

SHA256
b9bc2b12c1927c90e2b57f818c830e8f2aa769657a562d0bbc72eb13d22a8e6c

SHA512
46bb53f06c3c00f5a19d3f1e810d285e4a60176aa930658b5adf928e402618a78f3a7db56eedd08d5c42f59f9625a5aaf1b0a99b2338438bd683c256744d9dc1

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/files/cmf_plugins/libs/libcde.so.temp

Filesize
11.8MB

MD5
c9de75d995825cf440294141dd2b6b76

SHA1
e73b4ac2b6f22eb184b48fca70c5ee167129cab2

SHA256
7d45c9f6f35bc726775780d132fbaffcdbd9fcca0f2d483e4e0132e843e57208

SHA512
ac13dfa3b2ce19edd2185003318e3f39383628e5e31ed8cf4723bf25aed6ee7ec837184e57904081ef577cdc6491290511e5d6322a8d28d47cacdecfab447350

Download Submit
/data/user/0/cn.com.nbd.nbdmobile/files/mobclick_agent_cached_cn.com.nbd.nbdmobile53

Filesize
2KB

MD5
2c1b72e16f95df8b243b071fe38bc75f

SHA1
5144770aef25c195c7e269c4178868c0d4728a69

SHA256
0e32900d347ded2bc42c724f4d18746edb2ec0a9e6bba9cb948ed9890e2a3a9e

SHA512
4b53d7ad9dd22e2f46f1c627b5f284455a71380f232c532bf6ca16df8c60255319f2ec83f9a58f5b4ac2c30ab5032cf4f99c58847a2630e8f137bb1d697f8680

Download Submit
/storage/emulated/0/Android/data/cn.com.nbd.nbdmobile/files/cmf_plugins/playLogs/cmf.log (deleted)

Filesize
584B

MD5
b7fd229d9fbef79ad8ac5f5d19eef107

SHA1
d219f0910a100a07875dd17519fda910ba9a1bb3

SHA256
2c7d31ad830f57e7016a185f9fbf77e6b67c9ef76f05f15f3659e8991b660759

SHA512
844db08e3459632eadb777334e9d85bd5fc380ea2db1c4ab6191c50d238f597a596000fa5b1682d5090e629e36593f3f3b86769fdeec708ba7d9a19746f45528

Download Submit
/storage/emulated/0/Android/data/cn.com.nbd.nbdmobile/files/cmf_plugins/playLogs/cmfbg.log (deleted)

Filesize
12KB

MD5
35a21b12d5f4d3fb0a9da08a8a410627

SHA1
7dd9d24939d5a97b3ef881e437dc97ca246e3bec

SHA256
25da115b716ee3588a106e9bc25645cdbf029f64aa3f53a6e2698b71b614dfbb

SHA512
78b5aa409ac3ff9a33fb9bf0d03112a235ba651dffad507a6c0e6ea1143930c275432b2512994016241d0a58e2d241cbb4b0cf199e1e9b63e1e7d8dddb33a8d5

Download Submit