78f9577fb67c8277f3aabf05e35fc121d3653ac51e2db38b6deef885ad99794c

Analysis

max time kernel
2317419s
max time network
138s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78f9577fb67c8277f3aabf05e35fc121d3653ac51e2db38b6deef885ad99794c.apk
Size

7.7MB
MD5

7f815ca67e62293a14a024ed5a766d21
SHA1

8a63afb6a5e279a07526f28bd6bcdbbe05427d8b
SHA256

78f9577fb67c8277f3aabf05e35fc121d3653ac51e2db38b6deef885ad99794c
SHA512

72303b5c9926212fda16080c0d835240434727d7be518daf65cf356e053cd90107df8f3e7448a51b14ed8d85643f05ff28c33171617642e2d74be3ac163d2330
SSDEEP

196608:3482RaCnTqnfRgxO6WJq/69jrVHVWdqciRViQuYFmeaGwXS:ERauwyEQ699ciRVijYYeaGD

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/me.javayhu.poetry/mix.dex	4235	me.javayhu.poetry
/data/data/me.javayhu.poetry/mix.dex	4337	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/me.javayhu.poetry/mix.dex --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/data/me.javayhu.poetry/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/me.javayhu.poetry/mix.dex	4235	me.javayhu.poetry

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	me.javayhu.poetry

me.javayhu.poetry
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4235
- sh -c getprop ro.yunos.version
  2⤵
  PID:4313
- getprop ro.yunos.version
  2⤵
  PID:4313
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/me.javayhu.poetry/mix.dex --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/data/me.javayhu.poetry/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4337
- /system/bin/sh -c getprop
  2⤵
  PID:4370
- /system/bin/sh -c type su
  2⤵
  PID:4392
- getprop
  2⤵
  PID:4370
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4425
- getprop ro.product.cpu.abi
  2⤵
  PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.javayhu.poetry/app_crashrecord/1002

Filesize
227B

MD5
eea999c98d1d8c5ce6a89041271f828c

SHA1
b2a10bf348a0ee225cec364ac44639e1d110d585

SHA256
101e84f3862ae9f96f2b630992fe092f63f9a9bce1d775a497cfb6956d400a08

SHA512
473d29ffd38cd94fe0eb7f3aaba1b2d0a8d43b026c2b6b8017a99f67942b77510ae33e5c2f6ce6fb84b44aab7eb507a53dd7fa62937aa4ae8edbd8a1b1e29b68

Download Submit
/data/data/me.javayhu.poetry/app_crashrecord/1004

Filesize
227B

MD5
324764285dbfe34d7af8a8a266d41194

SHA1
b573cc61f314ea4a2120ec61eed0b5f92808b282

SHA256
aec4d51a1749fa6e309a101f1be394376a28bde41c5b6e4a1fb6b17f16c18e19

SHA512
f4d9de72daca58d99e890b1ae04bf746195388eed05f83f15c3ef024e3cffdaa6f9b1b3daac0b904e6f0d0784d1446a8b100e410c4eb823c4ee27600be6048ad

Download Submit
/data/data/me.javayhu.poetry/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/me.javayhu.poetry/cache/CommandCache/a41235153638633971968661257f6795

Filesize
965B

MD5
2d611f1e6c0715d89f2f7d2f8c5d1073

SHA1
f5863687acc061db44b850f3ac6536c128cf896c

SHA256
076475dfa6d1208f309effa3eb42cde8e570fba26cf9a314104fd83feb25bb7e

SHA512
24a9785f8a0d7f80d182c01de6e7d182da1b7bf90281e42f3f2478340701c48d1eba3635ca728edf39fb44cc80122175fa2b07bb2e19843be99b22ae0ebb6994

Download Submit
/data/data/me.javayhu.poetry/cache/tomb.zip

Filesize
3KB

MD5
c66bbdffb72bed7567aa7606ac83aad0

SHA1
2b2e9eb5b61a9a56f1db2bbf27c0782519fc3f57

SHA256
c3196aa576918ad57e52b36d91e110e26bff446409efea8582be62b1ced99644

SHA512
101752e3f389fe47971292b75c04dc81997ec6fad133a45fa2284c8aefc1f8c88c37e4bccc9f8bcaf818bae6db6abdd71fc8470dafdd3d680615f462f3fef841

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_-journal

Filesize
512B

MD5
d07c39506adc595a578e46a1a11cc135

SHA1
a66a4e2d6c65fcb3dec5d0356009eed271b4c617

SHA256
bce9d860ede937e812dd748fb7dc2568b6644420afe5c89aa11fcd5da442a2cf

SHA512
e1f75333b573c45eb81a28710d7bb23aceb72bf7724e029f7fa284db6f2634cf2593caf2757b3fe61966becfeb9da0ed5bf45f4a2b420cd893ed3ca617be8b2c

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_-wal

Filesize
76KB

MD5
5095945096b63060c88295efec197340

SHA1
cc2933bba4d7d38f49d1279e04db18e9c4968d88

SHA256
1bb77b37664c7c5466c9bbea8f152f7c9ed56cfd9f9d7a3a8d84b146d80240b3

SHA512
ffd7edb6ff2f99f82d0235feadfa877e95d6f1247995cd3d2e0a5da0966cf7b81589011f1ce33d5e2f19c2d9c2dcaf0e5207d891074ef17361ccce4ca8a2a8d6

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_legu-journal

Filesize
512B

MD5
b0ecee393e2a3357525fa252d170f5d3

SHA1
05b7aa84b6b60d6b080d02441e5215837c1c75ee

SHA256
43372838849cbdec765e223f96bd70459afcab8da72bb81ea1d423698108c468

SHA512
5a867ad6de6cab254afb3e62584ecaf5a960b915a20be7cde108c3fd5086c17aca46fb5d1faada6de66d28c62bf106fcdd678af8aa08e12d78d25c6a3034935a

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/me.javayhu.poetry/databases/bugly_db_legu-wal

Filesize
76KB

MD5
61633c55e20c0ae5429e288f9c1c49af

SHA1
cdce00b707e2ec8c9ba09cec60891252db0a288a

SHA256
dd2f47ff21fccb0d31965ddd51a58819b03c7023161e3ee620aa06d5e16bf570

SHA512
1f8064f6aea04eeead1ae3bc3c2a5fa774934fa1a79544c00e770942b04dc6c60edea31c1a6ffe128ad62e10e91d333ea11603fa20600a537931a6bd3845d284

Download Submit
/data/data/me.javayhu.poetry/files/poetry.realm

Filesize
24B

MD5
a6574431b943e0bf47642c666f3fbbe7

SHA1
79191cabd86accd903f27c523c95ef19933c64d1

SHA256
60692d3a39b5fa2c7ea60c7be7014c2069f7c0a3fedafa269addd8143ec15f6d

SHA512
c438e1cda3bce0de04a34e3f53f17f7cdd235e80c656c31e43a21b37e77dfd90de14c17a5c6719b84a14899ff41107a75790b35306c7ecb1674d6f60de9bbbef

Download Submit
/data/data/me.javayhu.poetry/files/poetry.realm.lock

Filesize
1KB

MD5
a65194ed3bebbf0025723d9cf0501dd2

SHA1
c49046ea64fef2048ec09427e9208617c7224cc7

SHA256
fd9d4474451dab9b7fd75ec1a8b263ae8a125b4a200e069d83e60f8e21fb9470

SHA512
53de43a422adbc2190ab9f720633112ddaba07f2abe190b7e2f02706a24c6d78680e6903dedee3c6a80b05192d894975f35ee620f01ae27f652b6cfca1892553

Download Submit
/data/data/me.javayhu.poetry/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/storage/emulated/0/Android/data/me.javayhu.poetry/files/tbslog/tbslog.txt

Filesize
1KB

MD5
7a4a4a51ce3b49bd0fe66c029038d7bb

SHA1
134d543be5afee192236f87b64278c11c82de023

SHA256
af8d3c7fda439151d312346a6013b7e6b8f4b50282f1c0c8d3a060fd23c5359d

SHA512
be3356e1adcc085d4235a756e84d0163952f0a61653174f07919ba3af1fad0ad894a88665187078d4f5cea33c0f6888d420f939460c438ca6182cc40a47d03e8

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
3c5ad52979ace665b5245cd0375996c7

SHA1
d9959a042d7f55f90a77419c283c71dd67442b6d

SHA256
6dd76a72fd2a9ad65dea0918453c8dee2862f9659b09649a457260b662bd0fb0

SHA512
cfa5137a8e7b32cb45a25404061f71641167b589e7ecdd4077286e4db85442d78c3b3c4d369469e3f4422fd698945ea36885882d5cf3900b60d220ba94466c26

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads