78ca23c58021f20df2aa3f4feeb4f98d9b24dbe88b709899152b10bba0c6e684

Analysis

max time kernel
2367338s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78ca23c58021f20df2aa3f4feeb4f98d9b24dbe88b709899152b10bba0c6e684.apk
Size

19.9MB
MD5

1285ff62a13bd8ba63574bc9cbf311fe
SHA1

9196521818c08e1b323b1f3b062b7e74bd8ce4c2
SHA256

78ca23c58021f20df2aa3f4feeb4f98d9b24dbe88b709899152b10bba0c6e684
SHA512

5ac1b5408e8178651af518d7bbe13f7a68a5f87c641dab60f030d656dce221638855c8df7841f73983062d6590f83767c5f977acaa98d6a6d136c347720527ff
SSDEEP

393216:ndQa2PnK24wcQmdA5igzlyL2pL48AzmvKd048k9Wx7xOOMIl0VTBzV7ngP:nwnK24wc9A5byL8UjyvKqLFtKxNV7gP

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	app.gansuyunshi.com.gansuyunshiapp

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	app.gansuyunshi.com.gansuyunshiapp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	app.gansuyunshi.com.gansuyunshiapp:pushservice

app.gansuyunshi.com.gansuyunshiapp
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4258

app.gansuyunshi.com.gansuyunshiapp:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/gtc.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/gtc.db-journal

Filesize
512B

MD5
8beba454ef89afc1b9cb1f62fab5e113

SHA1
042a45f36c46ce4d16c4ff67d413e0fc9b41a982

SHA256
6b5f784db959631a20185a81abc11fbb97f045d09f90cd4b5036607fd443b66e

SHA512
4b85baa52c20c688c38da40490c047597df600fe629d2a6489fd6488d69da87a7884ff1b37adcbdee9617a9242a677cf67723b002066673145713fad1fd27874

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/gtc.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/gtc.db-wal

Filesize
16KB

MD5
865cfab1a004b3f85277b4ad9e4449f6

SHA1
03a70619b690c305119a080050f130fade8794b4

SHA256
2a49c583f4cd845f1c105f094db3d017ea4cbf08416c56d05d51a42dfab80460

SHA512
6c18a434d5347624ef5287dfbe81cd519bbab2fbcfc309ce3c8716235fb96e94713978147797114771fc2b2df919b492b48f0561c1fea0a91e69c692f2ec8bfc

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/ias.db-wal

Filesize
48KB

MD5
6be961a215a6adb051b912a74094c4b0

SHA1
127496a664288bc2ab9a2fad4407211456391916

SHA256
0f9a8ad083ca002da5e7b5fdacdef4e65e05d5533e5fdeb58b27ded07038085c

SHA512
1b1d4a0f5ea3719b0649e707349d4c8461b6b88121cb1d37de34eb9edd48d906489a93c323ea89ec22e3668438994eb26e481afc51c7b170005ef2b94b1ddc1a

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/pushsdk.db

Filesize
16KB

MD5
e6f41137143285a7e6ed699e6e44fd36

SHA1
3053b9819d0565ba695e4880555e687ef594b280

SHA256
de3cc1c3485f9ed65e7c9523c01b21a8d1c0c2e063ec8fdffe3cd06de58bb6a8

SHA512
e7dc0284fa0f0803c723529c06248ba2c24a795e3f71581f31d4a088a2d5bd518e8600f096b3cf0da27ae16d2ba755933bd1c3917b8cafe4ecf042d2531d5a79

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/pushsdk.db-journal

Filesize
512B

MD5
80efc872e6e52f7eb780dd372ad63648

SHA1
4f4c6c05cc19aa985f86fa8c278fcdfac4d0cb15

SHA256
58824feb71a4b773e22ecd440625d198749c4185e3b705f9c3af392e32510449

SHA512
a9644d3ed7f79c86acdd1bf405321f63cbf905bb93e15128228af4ae52a8cab0dc53616d1d5c1e67ebed87c3380e0a5d72fc0a42bd023ef30d967ebdb1a1124b

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/databases/pushsdk.db-wal

Filesize
60KB

MD5
38108be2088be717fda70751906ed482

SHA1
498cb92c3d501c29011d29738fa581e0dd6d5abb

SHA256
47cc5b100649ff6855e7946ba92f3ec7978016a1173418e9a26f4cfa340615f0

SHA512
aad524c6f73f0b9e09a4b5657fd926a25851d5d4901df3783a6d959170ce04f7955f17d77b930f23e769f618c00521a273a9cb95eae377219eb7404a62c8a276

Download Submit
/data/data/app.gansuyunshi.com.gansuyunshiapp/files/init_c1.pid

Filesize
4KB

MD5
c12b25759d3eea742c22905e562dd391

SHA1
4090e983e002a05bfa4ba62bf318263bd0218ad2

SHA256
b5e89ff453e7f79717c32ff1987fed342f6a6807dc44013fe1d08d16a4f0e4d0

SHA512
5a6058c586954e10c704a490d071b8fdb264a61ecb63c98b7f4dff451f11b8d398cb75c0db3487f466fcdfd02c129ee1adf969f31c7841f7b3b72578bc54f472

Download Submit