81595c41f4093b4c057765385df51ccc99135a2b22f6b66fc4af1c46354794c1

Analysis

max time kernel
2430777s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

81595c41f4093b4c057765385df51ccc99135a2b22f6b66fc4af1c46354794c1.apk
Size

14.7MB
MD5

d15c00d2def458277568ade9645c44eb
SHA1

51b94c487abf3acc4327b8f02a5653410cdb5a5d
SHA256

81595c41f4093b4c057765385df51ccc99135a2b22f6b66fc4af1c46354794c1
SHA512

9f6aadca572d809016340e1e3e363378391459743d04645120d50aeac8e4ecb6ece9a6a86597b64b3f3256b25bf724b8abe582f822ab35cd4bb3819c0151278a
SSDEEP

393216:SdoN2Rpoj86YP6rj4l1vQRdlnb8I8WQFPmse2:Squpojxfj4lNM5KFPm8

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zd423zkk.apk19249

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zd423zkk.apk19249

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zd423zkk.apk19249:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.zd423zkk.apk19249

com.zd423zkk.apk19249
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4511
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4763
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4782

com.zd423zkk.apk19249:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zd423zkk.apk19249/databases/RKStorage

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zd423zkk.apk19249/databases/RKStorage-journal

Filesize
512B

MD5
3816e5a6015f305aa71117e6bb804b9c

SHA1
a84168841cee27de00c5342c5651691022deda79

SHA256
0cefd62740747e6798c1fbee1ce60d17e328cc6057527f21fb83152de93b103a

SHA512
0aeca40bf87ae7dcf6e37d0d0d1382242525221fae08d2a0fbbaf96d22a9ad0fe6b39f334f7a8c1415cde5c89646f3aa50b9d3b17f40090a391a56047a342f23

Download Submit
/data/data/com.zd423zkk.apk19249/databases/RKStorage-wal

Filesize
40KB

MD5
643094aeabf948e34e6c6b5f0e435c87

SHA1
a96c04940b0f72e7ed200461c8f49d87fef8d283

SHA256
4e47587483aeaf1f8767a4dbf276dd66116d14b5fa390c25312731a2d3ece30d

SHA512
14c3577362d294743fa3b4a915e2fdd7f8c7f9f4e83782b2bb2e307fbec67f6673a1c7101de6b8cddea9d20c05ca64d6ee2bf278ff25e5abd844e047304e54b9

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db

Filesize
24KB

MD5
b8df26587d1c746e7b86b07791df6d4b

SHA1
6d7e171b6abb016e5bdf9139324fbc7d79717a01

SHA256
e40b8e1e8692a6b488ad1808083d3d9e4c02d0b1cb3857c78c9995a473fefd02

SHA512
3dd8b1ee668b9cb7f43760314bb79dea70d1634574be81be36f275862490bc3ab996b03a77e71e291caeacce10a96ce20fd9bb77bc03b49d097f33b3fc58f6fe

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db-journal

Filesize
512B

MD5
b829d8f9ea753911fc76dd0c6d3a9078

SHA1
1c00e532d466936d9ec57d8942c7becafa848596

SHA256
88b6c7163a5bd474f88bd0b53ade2de438803f0848dcd6cee49c233d7ad5d282

SHA512
bae5174c4d132c7b1b155b367f823b7c9f49b74277c2a44d73f05a236fb3cd2e79751c646fb6c122e75979b1c56152446dd8abe64e65de95faeb64b8329b95da

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db-wal

Filesize
48KB

MD5
4919877e8d0567e8dbb8784b43df33f7

SHA1
75e8909192601baf42c06eb959ccf09e2e832674

SHA256
1034e0d83c05a1f1ee691b49f61669d5fa6b0e18d866d7dfc32a36422defced5

SHA512
7a1b870346a40905bc98897d69f2b98579ca71fd21ea146354528b3634cd651e18f2c8fefde27a3a867d27b1ac1074362d5c201b810df38d8ee8202bd75c2eea

Download Submit
/data/data/com.zd423zkk.apk19249/databases/ua.db-wal

Filesize
12KB

MD5
d0313d4249b52c3c3c605924168c7411

SHA1
e907ae74247f8f53239cbc1b2307a91bf5d743b5

SHA256
1b5407fc6418f1d99dcc080641b5d1a0adeee70689db644743037abd0eed19bb

SHA512
5db2adaf32474b7f650208036c96385afec8449defbb985ae579698e8841c76d301f2cf2a6fe929c6cbc442776cbafbb15d5288f397dca77907044f89ff8bc3d

Download Submit
/data/data/com.zd423zkk.apk19249/files/.envelope/i==1.2.0&&1.0.3_1703237690774_envelope.log

Filesize
2KB

MD5
9a540880f3a27e93a28e19867549970a

SHA1
32fd4f746ba7ccac5a78af380d2184ec508a8cb7

SHA256
6242c4fbc8cdac4df9f94e992a90b1b9408a11d947c528865aaff7e1a1eeb609

SHA512
bb38213f820a9e2af88e8105c0b6b979af4708257e0b1cec803df868596f469f8d8efaf0e0cf9ffe35dd78992076103f89d274b0961819bdfecf0e009c65ba45

Download Submit
/data/data/com.zd423zkk.apk19249/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f04ab7fa04b64cf5e1c565583f1b64dc

SHA1
13cf1b5eeeab53d821ac8d48c5f6fc5c69b6daab

SHA256
35c554ac13e711ea645090735b12c4a97c4f3a07a3a09b62ac7e681f397446ca

SHA512
7a2a0ffec9d76ef041d4fc9704784f02f3d559c61f4bc55da531362ef1aa4bb41760678e93f29d90386a10b61d76b486edab27d366e39258471e6ed32fe17b9a

Download Submit
/data/data/com.zd423zkk.apk19249/files/exid.dat

Filesize
67B

MD5
8fa0e820d3201657042d2081a928f2d2

SHA1
0ee4dbd35f8f962028669f498f6ff9f5fb5e1827

SHA256
d91d005bd5b9bd6c69e089316652a1414bb4596203cb72f348088054eb674c24

SHA512
f44ce7f6c194ddd185bd414ae9c1ab841be4872c83d3c19d2d3d8bb5e8c8f1f020f554025b2c78641e6d6f4edc13f8e701520952ab1c0639acbfea633bdf8038

Download Submit
/data/data/com.zd423zkk.apk19249/files/jpush_stat_history/active_user/nowrap/91243f13-71e5-427a-a9de-96c20a940e72

Filesize
159B

MD5
93ac9ecb3b88d26f1b91afe950e20ba3

SHA1
a9c39fd414e85dae7612a4df9cd012880b2b41b9

SHA256
28f6819203786c9f4baafdfe638b4dd58910b057ad7252068ffea72951f5bcc9

SHA512
99209785575ff4f8cb7db6a5af2a89fb72d3c00ba14f72be0578d64bdcaeb21704b57149b4e9d22fea2aae2d044e8596603e304eb275bfc6c9ffb565866bb988

Download Submit
/data/data/com.zd423zkk.apk19249/files/jpush_stat_history_pushcore/normal/nowrap/2fb8559d-afbc-4c64-9613-d9f5d35360be

Filesize
202B

MD5
ed4bd9a52aed7e3a76ea9d95edb6ebe6

SHA1
50ff784c4025a46fd490a341df945d6ef77c0004

SHA256
7b65732fd7351822b2bb627f5284ca8980ecd882210dee10cf8808f40bdb9e24

SHA512
5575ff962ac875be7ee3e6467315d5ff29d92d2917a6b65ac6406bd01bcbebbb0ad35db990bd6543bd84bb09c78ff95356018bc0024e7c0237de680fe6b0fd62

Download Submit
/data/data/com.zd423zkk.apk19249/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjM3Njg2NDQ5

Filesize
1KB

MD5
c96d01720eef24ba358c75bc6433caab

SHA1
a0eb00dbb019b3eaea923251a78883eb3c51cfe1

SHA256
78ae7a25ada29aba653da8268c93f4bbcabd72606b8e40f47ab7d996bebdfb55

SHA512
acbad7463abe45c95f9fb76edbd50ebf8637abd5551add1fe4479a5419f148a48fad4802b0f2dac199ba3d87fee9539f6594c9254ab741bb02588c48d0da6820

Download Submit
/data/data/com.zd423zkk.apk19249/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjM3NzE3MzY3

Filesize
1KB

MD5
b27e38b7d39453ac959e29b8ca091cd3

SHA1
b34a2af0ca1dcc0ec242ee7ce32504b847cad59e

SHA256
7134611402fa4573d7432302d7187fbf7e90d279473978476f0fc376b7855a35

SHA512
9005e184cb53ab55f512ac79f3a5cb22bd497473dacdbade311e8b6f4f1a6d0364b5772a4b5a78f0764a95a99b5c72756fd1d419d843ff32817b737e6c7dfef3

Download Submit
/data/data/com.zd423zkk.apk19249/files/umeng_it.cache

Filesize
415B

MD5
d2a6a0081b3d395a873149299b6cc66b

SHA1
30b691a7fb77bbc26907e14c5ae71db80012610d

SHA256
a18d2272768851b6c0914113d4fc1429e151fa28c18b00a53e0a7bfdb679db8a

SHA512
7332a5ea1d17e37287796b0bde84d17b8bba2c19c22051b359335867b27ce60ce1c3d5f99c7a35e61882f26879a866cf35b106fb2fb19c923a47121f5827273e

Download Submit
/data/data/com.zd423zkk.apk19249/lib-main/dso_deps

Filesize
148B

MD5
9760427681cb8a8836a0a2f35332e7bd

SHA1
d7f6bc9d0d7ce3d8bd3c99e33716de41b036b0e3

SHA256
4b67ebec146094ba8f9b63d6700688932e913c48eef84fd15bd6d2d3cdf459fa

SHA512
5e2900b854e7d309af417ee20599cbf20c440528b73d9a3faead1baeae37bbc4381d49d1358feae6de45afc8d4907d9d85f3bf312e8ec50677200a28cd5e071b

Download Submit
/data/data/com.zd423zkk.apk19249/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.zd423zkk.apk19249/lib-main/dso_state

Filesize
8B

MD5
18a78260114b3cf6cc7fc11cc55344b8

SHA1
b5696a282a78c81144a74e1da6dc49f14619bc9b

SHA256
f2b76bd4256f9ebf6e13619d7ac8bd6c06f54f2a8415696f18ef7eb62e2b838e

SHA512
b2e69aff41ea3017229014914978ade330442ef84c781fa8b93469c25b1a1b17a963d26939ddc6264969e31c8278fc230a683eb05171c14dcc3f8c364321cfc7

Download Submit
/data/data/com.zd423zkk.apk19249/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
f9438f005153d5b991098bbe85b4db35

SHA1
0ae01ca500eb5931a151b40bef8aa516669bb778

SHA256
b070c0852fc832478f1ee918d5e5f89b89efe5e192df712c35bd2e9bd464d4ce

SHA512
0b4f8214638b7e91b69446c6f3961dcec900df4c05d26192d14e2be6a0792974724b48c2d46f5f028f2d740a73d59d6daf92176225f3eeaec5fef1647e6c7da9

Download Submit