Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

7e324b12d9...dd.apk

android-9-x86

8

Analysis

  • max time kernel
    2344812s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e324b12d9d7df9be779a04ff3b9d25d706b0e3925b755cf8b2bbe2b76d265dd.apk

  • Size

    3.8MB

  • MD5

    315adad2c170a2560201551dc1f1eb34

  • SHA1

    eae1c8b8a65b20016156d48384219d9113479b1e

  • SHA256

    7e324b12d9d7df9be779a04ff3b9d25d706b0e3925b755cf8b2bbe2b76d265dd

  • SHA512

    70bb187a947a5301efd89b12181877e9a8bdcf7a00ff7a904e039707f4603d339ea29fc2525418bbd034949636dc7dd1354697c2fce90c8873a4d89c45cad41b

  • SSDEEP

    98304:xZ4xxig0vlpDnGbqubhtSH1vQF9RxFd1BZNz6h:xZAofGh6uFdLZdu

Score
8/10
evasion

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes

  • com.duoduosoft.signalservo
    1⤵
    • Requests cell location
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4501
  • com.duoduosoft.signalservo:remotemainform
    1⤵
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.duoduosoft.signalservo/databases/SignalLog_db
    Filesize

    28KB

    MD5

    2130ad29d2303587beed8ed7f198dbec

    SHA1

    06e0f81419ff38ecdff3e84795d0aa13628bc201

    SHA256

    8c67dbbdf6854adbafad00b1af5183c64fe70b6c098cc402d1c13c0143be1d0d

    SHA512

    04ca90e750e9f39f2813f214d65f0e7aa6de780e5ea893b2a6a23a9cdde7bf433b82cb8e9f4b14fb10f8d6dbaad46e0cc8b87f77f5df31d1fb7efbc96de7165b

    Download Submit

  • /data/data/com.duoduosoft.signalservo/databases/SignalLog_db-journal
    Filesize

    512B

    MD5

    27734fc3e9a4f49930fce6c216eb8ec3

    SHA1

    d24fd93343dd82ff422ca926a8fbaf9dafdacf0f

    SHA256

    fca7c197a4707ff37ad610fe1dd09cbda376f5a358a1e8b2c5cf27063133db7c

    SHA512

    dde9fe256f403df23449d711868fb7cbf4f9002dad48f4dd59b358c9bcca23fb0b3dca43d59169cbcee401683f6209141c09dc879715889b888b0ec5690bf2d2

    Download Submit

  • /data/data/com.duoduosoft.signalservo/databases/SignalLog_db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.duoduosoft.signalservo/databases/SignalLog_db-wal
    Filesize

    40KB

    MD5

    7b8fa6b200400d672809d46209240813

    SHA1

    c9a018122c2476d8577b378b2ed9e19f7191d5a1

    SHA256

    9c723b86a415bbe983abd7593bda6d32897cc3ff6cc777d3b8d1a9ff6801fdaf

    SHA512

    7ff3ba3cac735537a5a6517c512d29cae4087ef3eae5c93f3648148cb3d1922caa27258e4a6378694cbe654d9dbca4b731666e1062bfe7383442b8a6c5b71ea1

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/__local_last_session.json
    Filesize

    512B

    MD5

    47e1d177b35137591ad42790862fa109

    SHA1

    f4c31391cd95af64204d9381a9aaafdb93f2ec2d

    SHA256

    2647f88b72655386c3c563aa70ef56891076e4ffb4ad48ad59baec4a3edc43ec

    SHA512

    3ef9e3ee2bde9a40c3dbe745072921b819a47c1d0c2972823505c72f08982a2931848b70caf4ade73e7df77d83278335a4d747655f64eff6fdf114869a6d4d02

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/__local_stat_cache.json
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/libcuid.so
    Filesize

    129B

    MD5

    8c31544d7306a7cc7912161ac95aba79

    SHA1

    02a77354bc1ebd75b8b592fc59bdbf029bbae39f

    SHA256

    6147af47eb92e3565e6b4b29f91f2c37ffefcd4bcd594e2f8896ddf5c061a8f5

    SHA512

    27be35ce1855af6ddfcacab312ae0ad9188bc74ea53712cbeb304dc5dd08ff52f39c9fb22719b9d17270636f7e04f5a379b84e0dad040a0add07bf05c0418065

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/lldt/firll.dat
    Filesize

    76B

    MD5

    31589f5d3c91dc18ce3d2fee2b6aa08d

    SHA1

    ee856daa60eb2f12b30c378b8d170a53897b3626

    SHA256

    c428a20b1b1bf433046994a0931a83a61bcabebd69aabeee90ff2d91cb2fcd7a

    SHA512

    41153b426306087d87c56cc3a03a5d1031655b7a0b337637540c8fbc7b39115a57836bf2864070210138415a26867b1c99083794c90af2204554966cd82c7f16

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/ofld/ofl.config
    Filesize

    235B

    MD5

    131e0a56e5a85c00f3244dfa8b043c20

    SHA1

    48b0e3065adf040065e08bedef49e4151a63468b

    SHA256

    7099ae66550edca15bcff3dd60e65e1b150cd4eb386e442e18aac3246a4b798e

    SHA512

    6e1ec55e07283ee4d260ce43001e81c8754c2303d48e5d7e844bea886922dde1d6294406caf63dd33d13ab58e1626654932749341668d3efd36520535fb3ab27

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/ofld/ofl_location.db-journal
    Filesize

    512B

    MD5

    865f6bc1aba76aa4b94f32a446b9225c

    SHA1

    094ca02523baadd56bc2c89f4bef03fe9c49303d

    SHA256

    69f26513715125c9b509b54d5c53df145f1b869800fabaa0a4b04b3688557f35

    SHA512

    b02c0fc05644fe39ade9bf88add187cfd0b993ee3cca5c5b0d77e7428d33609a299c6e48d9003f42172e945700202371528212832613a26cb387739b667b3e31

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/ofld/ofl_location.db-wal
    Filesize

    48KB

    MD5

    c77168ac2264ba7a7aeee163d736ac20

    SHA1

    8e417e4a619d8d76445acec9c374e010888132b4

    SHA256

    ac47db6da85797a2ec1aafb300050da1415f16be15a047dbf5350ed6cc685353

    SHA512

    a536f6b3be7fb66dad0acc04765e3ce814d5ff4d7b10f6aff0e924cc0d0117f50b70f152806d64da395b60f2f2dd2fe52effc32934bfbd9a012dfdf069ea9a08

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    0298d39d4f329abc513d630ce0d7fe14

    SHA1

    2b326a71a1a74c6ffde56d1a175566f55976ad57

    SHA256

    71b3ba429f4da6b04756ed5f07f559a499de5eb13bde1a55c1a69510729ef6e2

    SHA512

    f68b48291d058b4f0855fb215e8aacb3edfbb586bd0727b69aee1a5d8f3c2649dc132f016499a92f94af60c3308e16e6a0dcd822f4ef2b02daa10ef95e593358

    Download Submit

  • /data/data/com.duoduosoft.signalservo/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    78d13eba8322d27e7f4b1b87f627c3a1

    SHA1

    b289e00bf8f2fefcf17460418a24b9c0e1b2a6b1

    SHA256

    8e9c6c4730a956646db9d92f1ca9d782f5161e561afe94e21a2f7b769646176b

    SHA512

    88a04831676536a0f80b864d5b8d6a8a8d3f89119aeffc636adc1d24b7292daa37d8f1ffb87eb15f822d1e1bc92f0f548218d44ba04482ca48daf36d726ded26

    Download Submit

  • /storage/emulated/0/Android/data/com.duoduosoft.signalservo/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

    Download Submit

  • /storage/emulated/0/Android/data/com.duoduosoft.signalservo/files/baidu/tempdata/conlts.dat
    Filesize

    163B

    MD5

    755309dd096cc4fa3e65467f6b15c6d8

    SHA1

    af97298a4a1c79847db942e01d0fbe2a61cc2bfa

    SHA256

    82043d5598abbca1c85c99ce1ee411086e036d7706ecc67ebf7dca656fad24d6

    SHA512

    49a3e7357b7372158bbcb8c51f520529f70b357009b539450308a9fc558a0e190861ad1a67ff35b8fab5c8f11413d30465253cf2abb1f0febc489a9f3769b148

    Download Submit

  • /storage/emulated/0/Android/data/com.duoduosoft.signalservo/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

    Download Submit

  • /storage/emulated/0/Android/data/com.duoduosoft.signalservo/files/baidu/tempdata/llg.dat
    Filesize

    534B

    MD5

    ac15bd7c22da3a8a132b5c09f439e30c

    SHA1

    a9bc42ad0cb8e6600e9c97635fb3527fb68868f9

    SHA256

    c480df1b7a16c4296f9d84e20ed8a86e3bc8713a397b967aeba840e12f13f10a

    SHA512

    8e4024846d5d3acd5abee64a9b8244e1fddc3d86962768efc7e467ee5870df3df01ffeb3128d457442ba94af1d1b79b78923380d66ede0cf064fda6a339aee49

    Download Submit

  • /storage/emulated/0/backups/.SystemConfig/.cuid
    Filesize

    89B

    MD5

    23a0945fb04a3fff9beb46b7c2e3f66f

    SHA1

    9e63f56ae6dea3bc9c058e5341fb1a1c4ee2ae80

    SHA256

    959b47c9eaf47a643312128d458d57f1dc5cc6bfd7d01bd74306406959261f51

    SHA512

    b5369a66bab2677d2c8a14b06d98ca6ea594d8a84af5280f8dfc5b3ddda94a20563e55e66c1211ab94bb65c425551f81f552c4933435dfb71106ddfa6c97edef

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    7af2df4faa127bcaabf9980840045141

    SHA1

    7271521182a3a550fc2264c09c0b9e5df42b24db

    SHA256

    09756b68c9ac11989aab1eddac9aefd2e0251ce8d115ca261b886370b050fc74

    SHA512

    b32d9844b1d825ef6c380792e22e92647a543a6316d3868c4dd179ba5da3a08e5b2ad6ee01944a1a4dddea3d115677500d9acaa22f8de2a17c7038a332da9440

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-wal
    Filesize

    48KB

    MD5

    bfc575f68fea6a06085faf0ca60222ec

    SHA1

    e25c9335218b00a2d6d33302119aa64a1ed8d585

    SHA256

    a1fadd551010f10defdae1dd7be863ad2d30dc115d778eda929901be063b6e92

    SHA512

    70904823f22bb557a417de94b2eaa30d02038481462f19c9687c21aa431a386297f06ea7de7f5117c362478e9827c4d0bcf44e1eca44f285da9c73300f7231b4

    Download Submit