80a7996df74bf82d36cc6fd2830788c2328f2d3a90858666e63eaa4e3917d750

Analysis

max time kernel
2362011s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

80a7996df74bf82d36cc6fd2830788c2328f2d3a90858666e63eaa4e3917d750.apk
Size

25.6MB
MD5

cd71cdb0b3a83157b2a348d68a5da0b8
SHA1

f9e594efd6acb0f0b4f11bb1615e0adab09db268
SHA256

80a7996df74bf82d36cc6fd2830788c2328f2d3a90858666e63eaa4e3917d750
SHA512

e03646d4a37b1f11575fa1a798df42c7e0a9c2817044ec4c64df3376646cab288046c09cb4088e191887682937ff74fbfcfa198bde556ba0582981132da103df
SSDEEP

786432:JM8xh36buzTxlDQ6ZajzVXaKWDtt/iK5E4M5:JVh366TxlDQ6Zajz5WDWa+5

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yilian.yiyongche:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yilian.yiyongche
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yilian.yiyongche:remote

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yilian.yiyongche

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yilian.yiyongche:remote

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yilian.yiyongche
Framework API call	javax.crypto.Cipher.doFinal	com.yilian.yiyongche:remote

com.yilian.yiyongche
1⤵
- Requests cell location
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4234

com.yilian.yiyongche:remote
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yilian.yiyongche/files/libcuid.so

Filesize
129B

MD5
07cf23909c9e29634f35c4a371b44b03

SHA1
5f73ab319e46fc0f3f5f49fcf2b3592182156c51

SHA256
93f8bbfebe78eb9453002e16b6e1e7d6dc26bb6a4aa0f0afdd1552289800e28e

SHA512
1ba5ab66d09fd2134d53d4f4e6def1e3f7cdb030e113c8220674959fe42930bcb2c9a70fbd4d5df09694f1689038d1814326d79070e5e156e230e51c35070640

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/firll.dat

Filesize
16B

MD5
da37ba6fc6911eef1037918c9cc25454

SHA1
67995d811b1d7631435a4d0f90652c18928e65ae

SHA256
0963c73794836b56f3c38da88337aaec60af75a9bbbef0edf393f091e71f4628

SHA512
918f7512ee213ba0d381b33abc06226a00dd73115448d717586fde0f526c3dd930032df69356ebe60e04a2c82e5bf15f8762a57c9e657405db3939b92cf0660d

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/firll.dat

Filesize
16B

MD5
d2ec13b9c313ac37f9e69a4b9238ea0c

SHA1
202d3afbc748076d8594d3bfc5533d2d89ed338c

SHA256
7b6410963becc3b6e00840d9e7f1d3d6ae8c91a118b538a0d68b893d945eaaef

SHA512
2309fae65d455a9cff7dc738378c9ba9465dcd9a2cc4bf4289e1e2ad856ef5d12da2022c34d516a9c0ea979e8cef4ff8c18ef0543108dad73be55bdf92b282dd

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/gal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/gal.db-journal

Filesize
512B

MD5
ec53cb3091e41a7980f227439de2603f

SHA1
24fb529a730586ae87209778ce25ffbbf3c6bfa6

SHA256
2209725003ca528f402793c5de589999d0a97bce6b63663a003fa2eab54f317c

SHA512
7840674bc9a8b224664d0e96ffc35dd85a739dceb71d571f858130b1b2acada9354164d5cd3fdffb8ad13ddb3f46243cf37c0e2867b3275f69df1817e4a2eee1

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/gal.db-wal

Filesize
36KB

MD5
78148799cf512ac607d37fa3669c20a5

SHA1
664707a383bcb38052658f97257e1bd489d1658a

SHA256
6f974348c87101bc99c25c6eda32c31a741697a524334660ccdf80385a0890a1

SHA512
f07b40e06fd0841d634d68f170994c71aa4f5282652856477a7bff1d5714fb7f1860ff4661ce371269269521fac9621b1353d29b6b1fdb2409ba19f4aa5ea2b2

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/grtcfrsa.dat

Filesize
801B

MD5
7c366ea8f849e91e3f0f3093867b5c33

SHA1
88bb005e5643134f8719895233047017afe39800

SHA256
d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9

SHA512
4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Download Submit
/data/data/com.yilian.yiyongche/files/lldt/grtcfrsa.dat

Filesize
206B

MD5
6d613136def26031e18f3f404299bb7e

SHA1
14a7a4a3309b932512dad59dbdb35503845e60c0

SHA256
58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

SHA512
89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

Download Submit
/data/data/com.yilian.yiyongche/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
55c2ee9d59943b182465b347b6d3ae68

SHA1
6ed63d0db63c4b933b2d8a05df49bddfa788d013

SHA256
a84b3a3558ef315659491efd85d26dc851d339b0d65cbf1f6ea98ab6aad53184

SHA512
478ade75be173620b12fe6030cd1dcc1f3a41f44fd00acf648fbb613e7afd1ddf90973ef0ccae6e4ea114da3684a6996ffcbb6e2d80fc2fc984a5b31cc58c84a

Download Submit
/data/data/com.yilian.yiyongche/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
45dde2e1866751e641e830988b18cc84

SHA1
cf674ab5c8f5dc69de83c9061347e527958d4a6f

SHA256
b59cef38bdb3489e2ef1fb78f1969e3b124ffca73417b296250202be31d3a3ba

SHA512
626995e7269ffe4e86126b628c1c6a406a3a8d7dcf4b561d16266150179bf329774b9d6e24b7046961bfd05ee6f26af61d43ec978d6ad3b9336b5708bb22616c

Download Submit
/data/data/com.yilian.yiyongche/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
63c5ea0ce182754b0c77dda07b047dcc

SHA1
29e829ed9592e0b6a23c28b9c1067f93d2f07fe8

SHA256
46af8607bf8c3d56a9df8c8cafd590286ad8a40b0709d869266f328c43415ce3

SHA512
4388ce0a87374d6d1a5a36a8a7a92afbdd82ec7ff58c7bb6b06a04c2918dbdfb8ea882e792d6ae0fe3b81f523533b7fc600706c5a2b233ac921993a3a5462ea5

Download Submit
/data/data/com.yilian.yiyongche/files/ofld/ofl_statistics.db-wal

Filesize
64KB

MD5
1cd137a5d8633c5561431e334632a48a

SHA1
6ccf8c10f2366209c6eb565682128d7b0277abc7

SHA256
a5218705d434050be18bfce4ce17771974558082f92b6f64f97d97876bece7ee

SHA512
c604993d44a2b8732f24ea886789b86418f33daceed723b163e538de89ec7bf05cfd6e4b69aa2708550748d8b7063554b14aa4b9ec7d47c909f2bd64f763764f

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
781b0ab3e7a38a305e4439049e892751

SHA1
751a024060a74f062f7e072f6114528914726f6e

SHA256
77da380f5fc00199bcf0e29ac65a804e6d166ed7e2d5538e8fc5fa6f29e8b438

SHA512
b3bd00868e3f5b0b20ab1668430dd355b67bbc1492d8bdb67b2aaee1865a0027faebd996b379b1a4283b5d8b9c88ae53f55808ecf383b3cc8e1fd008516b8d3e

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
ad2d46bfa78fc3b9345f1e5e3ba98358

SHA1
fdac41bdae0b79c33661087bf9e502ffa46d2fbd

SHA256
ee3c876dd72589cc5edfff73b64b1ee51028cb3af91bb491f3d0e3f03b421f4e

SHA512
6b19f0bcd9f3770cc7fdf491dcd5faa44007d8fcdfaaa048ebdb205203f6f19d98c3d5d46f7169d93177d1d5e7cfd9cabe6616ef027e3b9093c88c5384403e29

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
e59df5a55beed14f90a447e84e103b16

SHA1
777b85c696e95886e02003c9f75d365efdd62d4e

SHA256
bfb67a9c22aefae22d64a86e8cfd0a60fedc763f5b7a99389b29491f62a22879

SHA512
9f70d6f1f95e67d12cfed117d1328f1ffe6998945e1c093bc31dcda908fb06584efd6c782ed7f274d8ef2d05443dcfcab8e628a2dcd4b8e7579d5c2066efda42

Download Submit