7b24d27c9cede2fdc2a4b7707c2065082bbc1b039770234fb21096812b0e346c

Analysis

max time kernel
2323662s
max time network
192s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b24d27c9cede2fdc2a4b7707c2065082bbc1b039770234fb21096812b0e346c.apk
Size

28.3MB
MD5

c43501e33bdfc1784c800eb1413e2615
SHA1

39cfff621197b4df2fc2adce911591b0191e4244
SHA256

7b24d27c9cede2fdc2a4b7707c2065082bbc1b039770234fb21096812b0e346c
SHA512

f91b19c40463f8b7499b8ed1878048ad485085ee54fab041e491183649efbdff83aa1b48a246c661a1013e09feecf0b7b84a795f59088327989bb87fb432c84e
SSDEEP

393216:kVIN4X0ytqhi24tPypiGYNNieT4XCZzmEtElTARkh21EdP9420zicqHsz3rSwN3p:cIN4X0UzjG8JGGu4SFc2cqMz3rfgm

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.myj.takeout.merchant

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.myj.takeout.merchant:pushservice
/sys/qemu_trace	com.myj.takeout.merchant:pushservice
/system/bin/qemu-props	com.myj.takeout.merchant:pushservice
/system/lib/libc_malloc_debug_qemu.so	com.myj.takeout.merchant:pushcore
/sys/qemu_trace	com.myj.takeout.merchant:pushcore
/system/bin/qemu-props	com.myj.takeout.merchant:pushcore

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.myj.takeout.merchant:pushcore
/dev/socket/qemud	com.myj.takeout.merchant:pushservice
/dev/qemu_pipe	com.myj.takeout.merchant:pushservice
/dev/socket/qemud	com.myj.takeout.merchant:pushcore

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.myj.takeout.merchant

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.myj.takeout.merchant
Framework API call	javax.crypto.Cipher.doFinal	com.myj.takeout.merchant:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.myj.takeout.merchant:pushservice

com.myj.takeout.merchant
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270

com.myj.takeout.merchant:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4317

com.myj.takeout.merchant:pushservice
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4429

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
246B

MD5
9c2a05f81ed24280c041c37d8c487361

SHA1
3af2d7e9ee4756e796b9b2b7d32109bea7e2d6b0

SHA256
fa72d22679ffeccee2818372e3f295f72a40bb876566da4aff314a57ff05943a

SHA512
77f734b5641823a96060e5564481a74afe0fda4f8b9d9eac7623f9c3152bd6f68297036ca552870aa891baa37ac86ee908a4b4ceda823489e11d32081ff65c34

Download Submit
/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
234B

MD5
4d809ab000adc838afa6783c6c0d7b03

SHA1
59b412fb28138aa82f39255caa36e1da829c473c

SHA256
3ba8f7865044a213578c154f83ecb61a75cb8ef8176a42baad545d5b9da65cd0

SHA512
5d92656df83a00fd59d2879ad774a2b0311fd6233b5d8b0103ec9e6d88ec0743ac78493a1b403183ce8c62ae916c8b5ef97502292be0ff006a0943407dde0082

Download Submit
/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
234B

MD5
0ce76a566d8802ead63a076ce736a222

SHA1
dfbb34fbf5f90a9eecd15146b594c72ebc64618b

SHA256
934495aa9743668da06839ff9ee753f6f9c913c075d0eaec7c7fd130f879811d

SHA512
b0a1c1cff55ac80a5cfb49ab66f1a464b185c6ec094aca1a0c84ef0df438f64d6177076f7a8ad9c5225192ef3cee46efa368adb8594d002422eb8ea0761642f8

Download Submit
/data/data/com.myj.takeout.merchant/app_crashrecord/1004

Filesize
243B

MD5
8c7ade652c09c4d87552e9ea358b0634

SHA1
67f76568173f6f0a19af118bac87cb322a65081b

SHA256
f4134b6d3c77d8bcfcefed8784f8a10c4baed317cb87fc1c486583849460961f

SHA512
88f77130834aefcd26f0e364c602cff129ed3a2d3edaf3288617086e679c2a9e73faa4f3ffc2728cad230f31ea312750f1feb12e969bfc800503fd6f20ede622

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_-journal

Filesize
512B

MD5
9bc1cca7e62e252b9f7fe649b05466bf

SHA1
6c9538f65369ebbcc73dda9aa0261ec4f8cb6b2a

SHA256
bc21030eb977a5324123637d2572fac0ea54d220151bc2695da78f875958ec0c

SHA512
1432da0f0603503b17fd13a404577ec5c916c7ed7048d597fd81defd8231c42927adc84eba9358cba8ce5b917f3c1a345be22e6873597a61c95ff326c229893f

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_-wal

Filesize
80KB

MD5
f812cc8460c579440711a288ab27dc55

SHA1
a6429d673db25808b642b19afa5606c9a157147d

SHA256
11c46c5dc920dc861449d6da148d4193e1227d878bb1d671df8b915c86b8e352

SHA512
15f9352e423e5e818856d20734f1529b2f5bb57852773d06451233b71563909015f68c74b0666eaa8643e7276f533e22ea783855237726875e94337f64c33e2f

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_-wal

Filesize
16KB

MD5
4a3ad222d849519744f8a6e8c8b95061

SHA1
52c2a7028d100650ae1fccdb766e1d1ac93b147d

SHA256
1408a567811299de23d44765309be512aa4476658a5be340cdcc9b9ff404ce6b

SHA512
d391be57f905a108946f54e6076e530c585e1e87c99d14d4ad193a60bba67cc629d89244a27cf2fb00e0a49ef819ce7487c3e5317a710922e1004238e70b2e86

Download Submit
/data/data/com.myj.takeout.merchant/databases/bugly_db_-wal

Filesize
88KB

MD5
097326f9d4bbdc59b748bdc2d63a94c9

SHA1
4ea344d098ba3ee7151ac1b01ac3c82da32c8c72

SHA256
412ec6dd33ec6ca7da170f2577cfa6acabe1e9fa4bb9b55947c6baa43f4bd7bd

SHA512
fab5c299dfb4df296afe7339ce4eb767ca77da9b6f0f0293f141d73ef4d3c56eb853c7c6ec266efadcfdfe12e8be68137f47043bec493fe65f578728f8d5cd20

Download Submit
/data/data/com.myj.takeout.merchant/databases/sdgpush.db

Filesize
28KB

MD5
670d8bc46551c40a1fb9ff8ec4b72092

SHA1
82253b089122b4d8c7ae61dbbeabd9d037ddd49c

SHA256
ca2684e4da544d08c906c70f147d8dbc91da3a7972d255e6a00e1c99419f78e2

SHA512
4977d35230c533e26162cb0e4da38345a23a87ff41510685e755a52152fc78d0b027e8e8942fe10ae28fe332b16bb9a7ba0c0644ec0efd635d579515c3d5df67

Download Submit
/data/data/com.myj.takeout.merchant/databases/sdgpush.db-journal

Filesize
512B

MD5
76a83a912cd655b622052c35054777a0

SHA1
bf002877ccb3ea3d0f3d1cb414e56ce056342651

SHA256
777b26907b5826f8621c1b557ab3aced7694a4d995175b802fe42ea844ed5867

SHA512
091411f6143939ffcf1367e41beb750c86ea24dbff03c00cbc47aa14be2b8f1d03596dbb7ba43b4004c8bc3d74f6e3446d360c95f9c8a063eeeb149822f9b671

Download Submit
/data/data/com.myj.takeout.merchant/databases/sdgpush.db-shm

Filesize
28KB

MD5
93d6502c5bd4872e4fc102d0f1a0aafc

SHA1
c7f8933a46a2cdda7ea74daa920c59578f4e2dff

SHA256
03d0ee770a23517ca6dcd013e1e70d090945d1b13356749982ea57b65e839124

SHA512
9cbdd08dab58809a2503af9e6c101c67345aafdf7d0952a23a8ed5d00b62ea793a6a8127287a141f82a2ca6a523d5a48218ea3d09ed335206318d5d297e513e0

Download Submit
/data/data/com.myj.takeout.merchant/databases/sdgpush.db-wal

Filesize
36KB

MD5
d97b3f89581a9649c1c3766cb24dda30

SHA1
a6ee074ee4d16a003949f51f6b2638662da100a4

SHA256
d4a77835cffd6b243e80cf1f724e8d18ba034ce8c5230c1f8cba30e804939f82

SHA512
5ca77479763b315e7a3d6aefaf949d2e7ceeb47121791a66060f824e3ea32c4914aceee69f1d8ecc2c83de78de85585485f621de510b6e1a306ed3172bb32d48

Download Submit
/data/data/com.myj.takeout.merchant/files/jpush_stat_history_pushcore/67a33a788ab681c96589e868/active_user/nowrap/c3588b07-d0fc-4df7-8cd8-8fdcb116119a

Filesize
159B

MD5
cdce19eef36ed5d0b86674cc8c29936e

SHA1
567933764168bfb1b562724b5ff656b1c323d6cb

SHA256
bc9cf3d651f110508c7bb7122f197b83c7ece62511afb0f46fdf65f5887004db

SHA512
bdfd83699c4ac33fca8e1a91262c6a76cdd681f08a116313d0a1075e78a3e2254af85c98251dd8a80b97f5b58ce345e0844844759727ddef2734004465de8446

Download Submit
/data/data/com.myj.takeout.merchant/files/jpush_stat_history_pushcore/67a33a788ab681c96589e868/normal/nowrap/9c99b133-ac04-42fe-a446-4d34dfbc7757

Filesize
170B

MD5
ed2e2e56520c18b907f53f890c60eb5b

SHA1
3fcb9fd8211287a66b1a908cea098579e06c8864

SHA256
e19ea423aff32f7284caf07d881a26ff39f9fd8be0e88dcdc9ecfead1da5b377

SHA512
0730a7f4e62a888b089973fce81b937e8fb30efe1e391f12d20fb07aacd148740456248331c156da03112f4cb8f71d0405443e766611fd10fd663c0e920a15ad

Download Submit
/data/data/com.myj.takeout.merchant/files/jpush_stat_history_pushcore/67a33a788ab681c96589e868/normal/nowrap/f53c01e9-cb93-4570-b01b-2347b2434fb8

Filesize
73B

MD5
14f9558645097c542feee93c439ebd7e

SHA1
9e6508e08920084a8a5484451ea36ea2f1d5e0c6

SHA256
cf863717bbc0b328776ef92097b51fc7cb92cec541a052b239594b33f31060d7

SHA512
c1b69bbed8b485682062a047da8ab3452ff24cb390c4cb681032ba4c3210622c9f3dd481c98b4c0f35de0aa5ab489e47987d9d40db51253de9f0ba96916be1cf

Download Submit
/data/data/com.myj.takeout.merchant/files/jpush_stat_history_pushcore/67a33a788ab681c96589e868/normal/nowrap/ffb43ee8-112d-42bf-ba3d-1da1e39917bf

Filesize
129B

MD5
d9937b0eb77fc797a9dd50b3ec36e909

SHA1
dde577c4083119994fbfa9202accb9ab81374777

SHA256
f2451baa97b87099fa8c20278304383d774b366b31ebcb35532b8f7ca5804e6c

SHA512
a3e9ded07003a605b4f5abdf49ae7ff6947d447c7f0a78901854e0b0e07e94c782e7a22c67f4d831fa69c9c48b9610fbadba4a443fdbb99b3bc3fedde48bda95

Download Submit
/data/data/com.myj.takeout.merchant/files/libcuid.so

Filesize
129B

MD5
54add7e0133a393281d28478fde232c9

SHA1
a7eca7e7f3344eddf9817b987d79e2ccd2cb6e9a

SHA256
edd3356c06295d3dd7078b5a244ef0d2da268f3757a90c0c93fff95d1786a1da

SHA512
647a7dc8802b59a5224a19712589a9373002e6d2f3a1b58c318cbe52a807ad468cd091d0d0e4df8bf9843bb87f4cd28aaad2ebe08758d238b5c9b804a117273a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
80KB

MD5
b241b3f5b3454a52c6a8330997293592

SHA1
87cbe79b03003380ac2163952cb030b71b4afd2b

SHA256
692aa734c48cf68e8dedfe954eee1125cc704d7acf0357e1bfca3746fcbe3cba

SHA512
692445a7c26a3c9fe4ce4d6b2e34c37da7d3d09c3c323f31f447be8f2a8c45bd11dca8945779eb1bff29dad721444fe875be8a6eceaefb9830e5d217c0788b1f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
8ac5b21f2e848ebdfbaa23c29e78d75e

SHA1
b39bb1d9914be91bca60b3250917892a26cd1930

SHA256
ec4e524a9a289f8c80745b8506efd915fa5153145b337d54ff14971c6dd22301

SHA512
07ee9a9c19e23d72759cec9fe4a13d5955c2ef664fd4ef1b006e978e4bb9dcf15944d98561ece41bf48a633ed80974bf279738c684eff336844b6e0e3b6afbc6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
381B

MD5
512205825a4de6fa551d27a7e608c2b4

SHA1
0ffc2a1be4693c8339fd110803a9f4c1d314f9e4

SHA256
a157a6c4d08baa58f55e2091ffe9c9400b1a486820b254028069e83358a40526

SHA512
5b39278e07e61eac253ffc95c2c20ea7cf8dee45b9fe013b6a284b0bd4a52d872d9c6a658966763ac1df42bf13b7f049fbef8a5c660b69ab09e51dfdab9107b8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
84KB

MD5
a78771b21cffa08f6509f812febd5553

SHA1
68d33648d6a7543223bad5477b325b75702c6f70

SHA256
e34e37e67e6873d8f4f82a399b8aa374f09111a8949f9f1a38be3f2930f7d7b4

SHA512
f646d21be80d9f9156255e29e26c389f3b1c1aee9934f404623658f30e37296df0690b2e8da6c9e763e259ab5627f1edf657e261a60a56f39c7ae8b19ebc419f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
28KB

MD5
2523153a7d678f5e376afd05298c11e4

SHA1
9eb9a60b670eb844d7ce317ea48d09040537fcc9

SHA256
2b634533f2f29f5e68462f740ecb9c73fa2ed70c85d351d981fa08e41bda2ed2

SHA512
8c9066b92fe220f5c0a23cde6563bf77b33acf21c7b1d67d5db02b652c7958ccd7fb4aab8af3bb455b6cdfb90220e6a188da1cd1e8cce0112ea492774749ec83

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
c555744bb2af1575d6c5be8e64e5de59

SHA1
5da2577a6244c3595bbe48d10cb4e767d99abaf2

SHA256
34e5b2cc31156174388ea969eef61cb6dc1e19332d705a74c5c015df1ebce700

SHA512
86a9a529e93707e9ccba36e05415ee538e49289ed95549a67058245b462675748bad540d34827eafe31f80fafedb47e7d521aaa810d9d9cfdfce3b8d77fa1390

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
22bd072efd549fcbfc1c02aed91f446a

SHA1
929f9b124adf2268872139f4890ff3de1515fb90

SHA256
df7eb21cf409dbe3d8a35f91756734ba4c62fa0e3c5f55a2efd2cbea1b496e7f

SHA512
791ad634357e1461298b2f4a71a0f5b04a3aa0effb86b50df6c0a44fcdff89fc88566d90d283e743257aff87a8b0af62076366b928bb4a85f19d2a6fb7ab442f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
4ccb773a0c06d1e71146d09501898a34

SHA1
ebeac213c4eca87466160bf87be780a40d76bfd9

SHA256
9e85c8d344beeb74478c525339a55d1b48b61c66bcbda192fce8d260f5614bb3

SHA512
43e8c89844b90df81183ba8c43d8c95f0169aae1f6a0f01859298f175313e7aab429fa2b7d90f756cc1aab11dfd78087e02620963f5d16c7a4887930cdd2c237

Download Submit
/storage/emulated/0/Android/data/com.myj.takeout.merchant/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
512B

MD5
f7b56331e5bc79d6d450a984ebe5b2eb

SHA1
bb85f2d2f4219049c8823d197f72b7805a1ef78b

SHA256
262aa581f419b02d8cb04e9173f6daa81270e3187b1c91f39229d3e50009d94f

SHA512
7fe70baf14f17e13256880b39c92e5453abbe5caa7ea1a313f7ce4b9242fd1cf5316a6f3c564452ba904a11f0f34b6b1e65ccd67bcec1faab1d1dc4a568c56e5

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
36KB

MD5
4e3e8b1458a182f916a3f14091de971e

SHA1
46dec614efdf0385057578dce340141220cbcddb

SHA256
9c0646c55a7fc0551dd4e659bc88d06dc090575a29556f2545fbd23682f5c36a

SHA512
1386e0a6e8bfc804159e7e6be73cfcf94323b9684f99e6ec40c9e1b4e41f792050b17e3b908c8f43651e666d76da7eadf5c0ce9d0ae41f0b74222567787561c6

Download Submit