7fb862ec0d987deb067d840380bfa05e1196c8c80c5f239c84f4d984e3b91ff6

Analysis

max time kernel
2355379s
max time network
134s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fb862ec0d987deb067d840380bfa05e1196c8c80c5f239c84f4d984e3b91ff6.apk
Size

21.9MB
MD5

73dd7beba48b045e7a5b4e7e75dd7cc2
SHA1

768a7dd63d5de781cdfb791d982f0701980b33d3
SHA256

7fb862ec0d987deb067d840380bfa05e1196c8c80c5f239c84f4d984e3b91ff6
SHA512

b130feb30957f429953510e4f5a9ce8a4206538cbd15457f14bfa75837b243c40b0a4431148366b337ba772b0c16dab7d0f9abe8bbba253a84edae2fe379fdca
SSDEEP

393216:EL42cF4JQB53HSEEdXuugKvOPUXn4Go88zPWQ9fei+8udzy1cy8XlabZ6rz6wf5k:ELQ3HXu3F4GzjDbuwXT1fjWCHgTf

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.Liyang.Runner_mm/files/data.jar	4313	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.Liyang.Runner_mm/files/data.jar --output-vdex-fd=61 --oat-fd=64 --oat-location=/data/user/0/com.Liyang.Runner_mm/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.Liyang.Runner_mm/files/data.jar	4256	com.Liyang.Runner_mm

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.Liyang.Runner_mm

com.Liyang.Runner_mm
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.Liyang.Runner_mm/files/data.jar --output-vdex-fd=61 --oat-fd=64 --oat-location=/data/user/0/com.Liyang.Runner_mm/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4313

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Liyang.Runner_mm/files/iapSplash.dat

Filesize
3B

MD5
c6f057b86584942e415435ffb1fa93d4

SHA1
8aefb06c426e07a0a671a1e2488b4858d694a730

SHA256
2ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef

SHA512
bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12

Download Submit
/data/data/com.Liyang.Runner_mm/files/pay.data

Filesize
59KB

MD5
4a122a0ddf1ba6c61334a4c9b1d6ae6e

SHA1
db164296e1cfec72f852dde3b9e70c8b8f3b0b66

SHA256
fbccfb148ba71194551b036364ef51051e3cdb5f874f309a1d48d7060972a270

SHA512
5a206aec424c334765d5eb53d8fb2188293e714d4f71b68e4712f32041abda9228c9f31c2ad0a7325e4b6a603b3f0764bb6c07589eb036550a6775e10520d9f6

Download Submit
/data/user/0/com.Liyang.Runner_mm/files/data.jar

Filesize
194KB

MD5
4d441a2426319d8e17cba0ce2c3cb414

SHA1
1a9bb2cb0653937bba4014f265ecdcf2b3be5bca

SHA256
64a5fd319b9fd390f6f983bc2d15d77b379502a22ce00cdb7411ff69df5c28e9

SHA512
02cfb8f5cdd0cd6ef9432603addce73c801314840258209ae7d8f2673cb97976ca097cf92beb356344bb34bf33f70cd0e6eafa432f7e1e37e8d8ceaaeb06c81c

Download Submit
/data/user/0/com.Liyang.Runner_mm/files/data.jar

Filesize
194KB

MD5
36a4c915860dd7dd34af570645262f4b

SHA1
56b7be9c809f26b740d31bc0ca9ebd11229f582c

SHA256
c8e18f41c6baf9af60d3017b01c60ab0e0616375733677821300eeba37d39489

SHA512
949b0c4328e014ab51cddb58d5b3d99474e34aa64ac39d3d751474529ed5625899d8ad492fe2b0ee2ed95eec9e9041d49ec6a6d41ed3be4ea8394f4951dfaf8a

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
84B

MD5
e5f8ffec04d5b76023298a123be2f499

SHA1
5d1a466c9a6d76b7826489dc138fb5c27aaf2301

SHA256
18dfd3211acb3d541454fb420e994f37ea1bf90d548c17ccde10dcec296ef467

SHA512
d04f310fee5bcca9f5ada3bca99749ea8a767f2516b7687abce03450453360cbbde417f1f0b389eb82dea96a7b811b61f954f1e9b3ffe9558f8579994f8778ec

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
81B

MD5
5d6c4eece795c83b624a92f6d282c73d

SHA1
a652c569d56729e9934ab8a88eed2a2e09fd3c79

SHA256
24d726ca54d4396cbd23ee8c574310626eb4426c6bde283a644c71fc64de6625

SHA512
3cb4b3c0d35c7c17913d1136c0c6d0c5c369f819443cfd0cecc6c835a0e00bdc2255d6115bd5d64c2462ebd9472b3040a22518171ce352f2b27b454add2541a7

Download Submit
/storage/emulated/0/ktplay/d

Filesize
56B

MD5
a4bebfe4135e02ee21d4e93aff7ace7e

SHA1
c66b70e12ec3d66b150661b42730f0e3539ea1c4

SHA256
e372d02600aad60d936e14efa59f6f6f2d719cacdb65be3439e5751da0bcb572

SHA512
3851293cf980b31f725f78c49d23b5356caeff80cf6d96df5b7cb9e548907d7f6b14564417572daf02b61c8ce42e51edd6a9d0c0bc1b7ee94a554eb4424cd015

Download Submit