87c231a4557be49dacbec25c8128b567e58aab2017eea6b1ac595ea3b3b0e95a

Analysis

max time kernel
2238523s
max time network
50s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mark.apk
Size

50.2MB
MD5

8948899f922f1b0b6c864ba43031765d
SHA1

c85028e00745d6d1864d269f49a7ff260bb2d52e
SHA256

87c231a4557be49dacbec25c8128b567e58aab2017eea6b1ac595ea3b3b0e95a
SHA512

a40c31d6fe6e370b83ba816f0e3ce1128595996afb8c924242bb7162c3549bf36eb8b192f8b01eacbaedab8db9e00661c49cbb070d9ffd196f4990c957cf540d
SSDEEP

1572864:4wcJaKGCnaH+UaFha6QGDuPzuvUh0JrE5UrIfG51:NLyGaOluvU4ECIf21

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.hl.exam.mark

ioc pid process

Anonymous-DexFile@0xcda85000-0xcdb7f0a4 4206 com.hl.exam.mark
Anonymous-DexFile@0xcda55000-0xcda84fa4 4206 com.hl.exam.mark
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.hl.exam.mark

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.hl.exam.mark

ioc	pid	process
Anonymous-DexFile@0xcda85000-0xcdb7f0a4	4206	com.hl.exam.mark
Anonymous-DexFile@0xcda55000-0xcda84fa4	4206	com.hl.exam.mark

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.hl.exam.mark

com.hl.exam.mark
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4206

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hl.exam.mark/.1/.suuid
Filesize
628B

MD5
e19bc8a6a4c9c3b75f67ef36c30c8ae2

SHA1
99a815114eaede7055e595a07af8bc67c89bfd1f

SHA256
8fcffe83b1b1f91e7d05792195b267b114a4a9227fe2fca9322199f3a802c4e8

SHA512
5e176bf1028d9243bdf889a50e2722832c8444a84f34f9d8ffbe8e5662d50ff369012077d90cce35128343d2195e7beb2f0b72503f6c8fede1dd1d84dce99be1

Download Submit
/data/data/com.hl.exam.mark/app_xwalkcore/icudtl.dat
Filesize
3.1MB

MD5
b926dbde23df062939b9117c5624c210

SHA1
8799ed53526139d93617ba6a8ac3c8bd38152847

SHA256
fe57f88265f37175a65dba0bb49cb2e77f36cd1f7ea516c92bcd339fe67e16e1

SHA512
05d582c1a51673658e813622f56bf37b323df80faef77438923d26c2ca99d966fcc422185238337c60499914ff6e8ee7962be52614e605914ad8f1b39bc3830b

Download Submit
/data/data/com.hl.exam.mark/app_xwalkcore/paks/xwalk_100_percent.pak
Filesize
91KB

MD5
f9a8ea0f91b5ae46b68e17fe91f3189d

SHA1
a14aad55268273d014283779d55dd6e905e56488

SHA256
ac1e49aac50fe7dced6d9c651642326090f5e1fce4912f4cd96e225c486f199d

SHA512
a9756ad8de5eb00bcd3897d427076dd2dff7c12914e8ddc1e31b499c5c4fb7ca0a1e9cc22adf12743110208ef42177804ace58daee562c7bd9e00ed68793bb3e

Download Submit
/data/data/com.hl.exam.mark/cache/com.hl.exam.mark_rpt_cache
Filesize
577B

MD5
01897a11fd9fe6a2257533802c4a6304

SHA1
26691a3b83cb7fb5387339420e972b4e27993f29

SHA256
944733e1bdd59e0fa8f4494d2bfcad580c099073d52bbb4d0a6ced5391cd782f

SHA512
80337d8a3269dd89b234af5835502af75c5652ea576505e314d5820935adaec60323ac59f28edff6b8374b29eca873c2aca5fd1f8a1c29cd9ea14c9e9a73c425

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db
Filesize
24KB

MD5
36677e35d44b1b53c710fc6d6af32585

SHA1
4345ab467689c2fa5c7af32a768f089048bba519

SHA256
32dd8eece0c9301d7b1d11ec5633484fcb91c81290021b853e9eb78397c3e4ce

SHA512
fca206e4221e3b417bb36d171f67b73a1ab6d8bd924c736052ff790792ce8f502aa5073344d43a0f700b21645a660173d5b5f996343fb713331d0055be6683a7

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db
Filesize
32KB

MD5
982e46fdcbb54f80b0f19d5adbf70b7c

SHA1
24cd3496b0a3112c8318aefdd938e417718f9203

SHA256
a8bb14c4867d34e5af18bc908f6970b5db4af89ff6d0d8bb9bede2a988b3d8a1

SHA512
1d534b1ecaf0fb8581c80c424f084d91abe87f8925ebf6c6d624769765b0ac74ff4e5a1e481f29c8537090bd46fee7f263b426f01c883413cbe37977fe9209c5

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db
Filesize
36KB

MD5
3952c36ba3c93b4416365a3074428a80

SHA1
7dcbdb06e646dff16adde9bd4a688371f24039db

SHA256
4a77458be3e2406b65e8348578f5a3e71d01ce22ef9db8c41da9862685898117

SHA512
5534d18c5f5d3e2b680f9951a8998340a5ee8367b1c0daf06534c218b7fdf680c7b166b78099e50a5f70200f045aadd1df44613842cd2f52e7f0ea49f3a0efd8

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db-journal
Filesize
512B

MD5
656336f3bd733eb8ebffb1e6233a653e

SHA1
4e4fb548c6a3f78fdd2651773e417fe4d79471de

SHA256
4b69345e75182efe6960af8ab6bb5868f0a67bcdb45ab25c337357d9c5365d00

SHA512
54178810e0bf849792b6571d87f9bc1af44917ff4103598cefffcd8ffd146871d991653476e81935d0a1cc0f16dabed3b97f231d2c5768e357447bb1f7b998d1

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db-wal
Filesize
16KB

MD5
c424512d663b3d0bb51c83db57becaff

SHA1
2ec34863b915400e501c194a752392508728da24

SHA256
60b8f9c5a8a647fcdaea04c3b2f09c3fb3e4636f1e0ca7c99b5b17fc79825f52

SHA512
5a856a00e529927fac2d5a2bd83096aaa27244d2290e8b21d8fae0de7abcc7d1962c0be638531f788c80863bacf53875f65e53bc19618539395e13296c84b5ae

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db-wal
Filesize
12KB

MD5
861b6e7c14d7bc49b9b373e5f285489a

SHA1
0334ca57bcf4f83aa5219b2cada341e5a56fbcf3

SHA256
fad5ac697962ce57cec0b80eabce86a4bf474622b6f3ce468d8f0b93a68c2451

SHA512
f88dd5aeb886723472fec7e358a83d3db96bd26993101b631783d493aec2256a9781508ef08ef3c714434e9018e49a8613eee914e607f28f083570703a43e26e

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db-wal
Filesize
12KB

MD5
f4232bbe49072701dd8735154778b011

SHA1
42016641b820aaeb8c67dafed16201071087c30b

SHA256
23e3397de154912845234b02058a19cef1986932351dacf566eb1174483b3a0e

SHA512
b452f5aef4d15c19ef75b41623011ee78a80e3ade4fe8b92cb59f3882f2146e1567eecbc3045366783dc87311605bc7e305c66e030e3ec6e3dc8abd597a00b2d

Download Submit
/data/data/com.hl.exam.mark/databases/ua.db-wal
Filesize
4KB

MD5
53d9b5aeb80ba028beaafdfaee61e285

SHA1
96f84eff4fa06aed699b212da32b81182c127fc1

SHA256
cd99a9f790bc138f59983680717982018028cca444a791a875d40fb0ce9fe078

SHA512
d57b854ad9904410ce806fb0f18db1e6abd9abe819678fe1d707017c6155d57d00883e093ab9e315819ecd4e26feb3030f0caa7f4b0bd8003db3decb3933d38a

Download Submit
/data/data/com.hl.exam.mark/files/.envelope/z==1.2.0&&1.1_1703045570351_emNmZw== .log
Filesize
298B

MD5
86e3042cf67cbd3c10dc1b2f7a606838

SHA1
91f740142ac6c2c801eff9e251f4ada850f9893e

SHA256
8406d272120467046e87d9d077c2d89beea54bce334f05d481ae0e515cbf778e

SHA512
ff4b2ac5a88727f34366f1e6f8fa2758de80773e603140629b1532fc0ea4ab896b35b05cdba0d25c11cf64518c45a87ff9ce9082fff6e42a3e2acb215590e987

Download Submit
/data/data/com.hl.exam.mark/files/.imprint
Filesize
136B

MD5
df6d32870c3b77e079cae47178769c6b

SHA1
c1b3d35ab85e4c27510087fdf226ad2ee0dd4328

SHA256
a1dd372a0a0b64b51a243387ea529e82167206a6a5a9976fddc4ae2fcefcd58d

SHA512
371cbee92bd1efcf502d69932c28ea6bc30887362362b2e5e3d975b4eba2fcdc825eaa465b24e74f659f49b494062543512d0f8063f3217dd9db05991063a249

Download Submit
/data/data/com.hl.exam.mark/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
b1e9d73b8d514663448ba6fa569864c0

SHA1
093d9bd5369d91341f703eb9b2fef2fc63df4fc6

SHA256
af465b1ccbc73b20fe58f62b26bc9edcae818f6b6394bc232942da1d9f671194

SHA512
1b7c291f12b7eab9db9fe025a20ec788240b0aff47bade3b6dde40f85d9b9456d4781749e274a56f1cc300254b4a86dfee4747729644cd9ada0bc58f3b9135aa

Download Submit
/data/data/com.hl.exam.mark/files/exid.dat
Filesize
52B

MD5
b339b8f1cbe3b14a0daef974dbafd2d2

SHA1
b8222755154d287619cb6b8aa6033877e9ebf781

SHA256
3e0cbbbc0f1ebb518d2db2758040a4e460df0ef67c784508b75a3d9de97a9133

SHA512
c1c45da40036b04135166756a67b39485271e4c5283c1ed8d1c45a969038ae67f0e9ef55c8b4de736181458bbf7039508df083a2547dd3fc088855fc74cd5ab8

Download Submit
/data/data/com.hl.exam.mark/files/tiny/uuid
Filesize
36B

MD5
c52b96c673322a62a9c136080b0c478d

SHA1
0bf103a46c490aba98d34bbdf219f440f2a4d67a

SHA256
5413933330c2fd9ac252064d0e4b213070cc6ab74d3b618e842074294be1d149

SHA512
fce7ec72a1211b7e28ae7df141043b3d216f25509f2e5dd05e8b1d9d4af0ba0603af0ac6b4be9f9442df5b3c12e1ac2f85edeeb8f988adc2d818609c1753b4f6

Download Submit
/data/data/com.hl.exam.mark/tvsafe/plugin
Filesize
28B

MD5
2d9a60ab677f1a52d01622d3c171117d

SHA1
1dc9db181427e9119bb33667cc42b9a65a9c0ade

SHA256
90f68bd843900c50af5623aa9e2f1b3ab0c087cb4d4a8ee1477f521046e811c0

SHA512
1fe8a31263b711943c875639ee6d1bda35731e762dcced255c94c7fe2670c89a7b7413caf33b5f7c7b5fe2ab504f6ee3bd597d83dcf839c99904ca6d3129b316

Download Submit
/data/data/com.hl.exam.mark/tvsafe/plugin
Filesize
52B

MD5
62ce2bcf2d06c635353d4e80d54c342d

SHA1
472e84354fe1950ef4302f0b31816487662dbbed

SHA256
65b96d88fe1ae9816aa4e9ef035730276318979174a0103db8c9b82cdd46068b

SHA512
ef7414424d9df96e89ee1018380cf83e2c7eb66299a185cf34ddf1af5029a298f120bd8723c1fc4d867a8d7f91d54249c71b6ce184bd5821c28d4e0411b06d69

Download Submit
/data/data/com.hl.exam.mark/tvsafe/plugin
Filesize
62B

MD5
ad6d477c15663912f4e614f2281af5df

SHA1
6ee828594a01d1e571e0c7b88b79cf929880b48c

SHA256
78adbf5d667f06162458b51b0e0dc8fddb46095bf6f3924342c58540a8d1f8ab

SHA512
1385fc63d870fc6636ba5ae374efa97f81ed3996df0ba39f45dcbda767f0c352bfe4c6979d0cb4d5199cffe681fb4d2f03f30d3d2204a7ce6247428cdb096bfc

Download Submit
/data/data/com.hl.exam.mark/tvsafe/roo_report_sp
Filesize
41B

MD5
b0e0e321039af610ec8e189b73331000

SHA1
df6cee1f2fe14a665501d72ac1df7d1e79c39c54

SHA256
7bba3908a434316e908236ad2ef9344a0d52fa3388a6254785b2fc9abd274b0d

SHA512
a68edb30a81fb62cc51bdd80808acb707688b8b5e221bfed693054e74a1e9cf93f6b5259e7493ecb43dea6b9cc98a225db86d7ba74d39c6ef4163d621518dae5

Download Submit
/data/data/com.hl.exam.mark/tvsafe/roo_report_sp
Filesize
22B

MD5
8328154f19bb650fea6e9b72e7e5d35d

SHA1
fd3259af2a1a2d746d13d426da2a3bf848bb9036

SHA256
3653b9a0cb49fa25811bf886193bb0b2858b7ab54bdf511873a574c94b5b5fa0

SHA512
4b1fb17ef942e705d1253723e77dced37598fbbbf7bdfc99c1d91644ac28d8ddd841d81fe32b872431fe8710726ea456235ecc86ccb7a3359bb3be08351c1c7f

Download Submit
Anonymous-DexFile@0xcda55000-0xcda84fa4
Filesize
191KB

MD5
be325a05ae0d658e9b0f548eb2949a68

SHA1
8733b0755b50537fb859c0ac2dbeb98acfd1989e

SHA256
58fdae9e118e95d48b334a094793608d4d848b630c72b26614cf3bbda6de82da

SHA512
5506ea7fda27cb1b81d084e83f0973f5d0765a62e03d96d098ebd03f47856e1c8ffa7cb4c9ac0ecae74a6dcad8290a9d0f344f07bbea9f4df71ca9101f0679a9

Download Submit
Anonymous-DexFile@0xcda85000-0xcdb7f0a4
Filesize
1000KB

MD5
c4597ecdfd68739b71c4eb91355744e2

SHA1
00350a604882fd55694c9779b3cd671abde9ca25

SHA256
0af56269f63cd71464773d813a0ecb74a90811a62dd82078a272d3e5db589601

SHA512
58c3f220e7f7a9c101fb3611bab61dda4cc9239aa852aa9db6e28456d5f1f52f143a42990cccbd93df692464d16af11cb59dfd128710a0976bb96b9530dca908

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads