Overview

overview

7

Static

static

6

mark.apk

android-9-x86

7

mark.apk

android-13-x64

baiduprotect1.i.apk

android-9-x86

baiduprotect1.i.apk

android-10-x64

baiduprotect1.i.apk

android-11-x64

baiduprotect2.i.apk

android-9-x86

baiduprotect2.i.apk

android-10-x64

baiduprotect2.i.apk

android-11-x64

Analysis

  • max time kernel
    2238523s
  • max time network
    50s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20-12-2023 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mark.apk

  • Size

    50.2MB

  • MD5

    8948899f922f1b0b6c864ba43031765d

  • SHA1

    c85028e00745d6d1864d269f49a7ff260bb2d52e

  • SHA256

    87c231a4557be49dacbec25c8128b567e58aab2017eea6b1ac595ea3b3b0e95a

  • SHA512

    a40c31d6fe6e370b83ba816f0e3ce1128595996afb8c924242bb7162c3549bf36eb8b192f8b01eacbaedab8db9e00661c49cbb070d9ffd196f4990c957cf540d

  • SSDEEP

    1572864:4wcJaKGCnaH+UaFha6QGDuPzuvUh0JrE5UrIfG51:NLyGaOluvU4ECIf21

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Checks the presence of a debugger
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.hl.exam.mark
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4206

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hl.exam.mark/.1/.suuid
    Filesize

    628B

    MD5

    e19bc8a6a4c9c3b75f67ef36c30c8ae2

    SHA1

    99a815114eaede7055e595a07af8bc67c89bfd1f

    SHA256

    8fcffe83b1b1f91e7d05792195b267b114a4a9227fe2fca9322199f3a802c4e8

    SHA512

    5e176bf1028d9243bdf889a50e2722832c8444a84f34f9d8ffbe8e5662d50ff369012077d90cce35128343d2195e7beb2f0b72503f6c8fede1dd1d84dce99be1

    Download Submit

  • /data/data/com.hl.exam.mark/app_xwalkcore/icudtl.dat
    Filesize

    3.1MB

    MD5

    b926dbde23df062939b9117c5624c210

    SHA1

    8799ed53526139d93617ba6a8ac3c8bd38152847

    SHA256

    fe57f88265f37175a65dba0bb49cb2e77f36cd1f7ea516c92bcd339fe67e16e1

    SHA512

    05d582c1a51673658e813622f56bf37b323df80faef77438923d26c2ca99d966fcc422185238337c60499914ff6e8ee7962be52614e605914ad8f1b39bc3830b

    Download Submit

  • /data/data/com.hl.exam.mark/app_xwalkcore/paks/xwalk_100_percent.pak
    Filesize

    91KB

    MD5

    f9a8ea0f91b5ae46b68e17fe91f3189d

    SHA1

    a14aad55268273d014283779d55dd6e905e56488

    SHA256

    ac1e49aac50fe7dced6d9c651642326090f5e1fce4912f4cd96e225c486f199d

    SHA512

    a9756ad8de5eb00bcd3897d427076dd2dff7c12914e8ddc1e31b499c5c4fb7ca0a1e9cc22adf12743110208ef42177804ace58daee562c7bd9e00ed68793bb3e

    Download Submit

  • /data/data/com.hl.exam.mark/cache/com.hl.exam.mark_rpt_cache
    Filesize

    577B

    MD5

    01897a11fd9fe6a2257533802c4a6304

    SHA1

    26691a3b83cb7fb5387339420e972b4e27993f29

    SHA256

    944733e1bdd59e0fa8f4494d2bfcad580c099073d52bbb4d0a6ced5391cd782f

    SHA512

    80337d8a3269dd89b234af5835502af75c5652ea576505e314d5820935adaec60323ac59f28edff6b8374b29eca873c2aca5fd1f8a1c29cd9ea14c9e9a73c425

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db
    Filesize

    24KB

    MD5

    36677e35d44b1b53c710fc6d6af32585

    SHA1

    4345ab467689c2fa5c7af32a768f089048bba519

    SHA256

    32dd8eece0c9301d7b1d11ec5633484fcb91c81290021b853e9eb78397c3e4ce

    SHA512

    fca206e4221e3b417bb36d171f67b73a1ab6d8bd924c736052ff790792ce8f502aa5073344d43a0f700b21645a660173d5b5f996343fb713331d0055be6683a7

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db
    Filesize

    32KB

    MD5

    982e46fdcbb54f80b0f19d5adbf70b7c

    SHA1

    24cd3496b0a3112c8318aefdd938e417718f9203

    SHA256

    a8bb14c4867d34e5af18bc908f6970b5db4af89ff6d0d8bb9bede2a988b3d8a1

    SHA512

    1d534b1ecaf0fb8581c80c424f084d91abe87f8925ebf6c6d624769765b0ac74ff4e5a1e481f29c8537090bd46fee7f263b426f01c883413cbe37977fe9209c5

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db
    Filesize

    36KB

    MD5

    3952c36ba3c93b4416365a3074428a80

    SHA1

    7dcbdb06e646dff16adde9bd4a688371f24039db

    SHA256

    4a77458be3e2406b65e8348578f5a3e71d01ce22ef9db8c41da9862685898117

    SHA512

    5534d18c5f5d3e2b680f9951a8998340a5ee8367b1c0daf06534c218b7fdf680c7b166b78099e50a5f70200f045aadd1df44613842cd2f52e7f0ea49f3a0efd8

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db-journal
    Filesize

    512B

    MD5

    656336f3bd733eb8ebffb1e6233a653e

    SHA1

    4e4fb548c6a3f78fdd2651773e417fe4d79471de

    SHA256

    4b69345e75182efe6960af8ab6bb5868f0a67bcdb45ab25c337357d9c5365d00

    SHA512

    54178810e0bf849792b6571d87f9bc1af44917ff4103598cefffcd8ffd146871d991653476e81935d0a1cc0f16dabed3b97f231d2c5768e357447bb1f7b998d1

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db-wal
    Filesize

    16KB

    MD5

    c424512d663b3d0bb51c83db57becaff

    SHA1

    2ec34863b915400e501c194a752392508728da24

    SHA256

    60b8f9c5a8a647fcdaea04c3b2f09c3fb3e4636f1e0ca7c99b5b17fc79825f52

    SHA512

    5a856a00e529927fac2d5a2bd83096aaa27244d2290e8b21d8fae0de7abcc7d1962c0be638531f788c80863bacf53875f65e53bc19618539395e13296c84b5ae

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db-wal
    Filesize

    12KB

    MD5

    861b6e7c14d7bc49b9b373e5f285489a

    SHA1

    0334ca57bcf4f83aa5219b2cada341e5a56fbcf3

    SHA256

    fad5ac697962ce57cec0b80eabce86a4bf474622b6f3ce468d8f0b93a68c2451

    SHA512

    f88dd5aeb886723472fec7e358a83d3db96bd26993101b631783d493aec2256a9781508ef08ef3c714434e9018e49a8613eee914e607f28f083570703a43e26e

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db-wal
    Filesize

    12KB

    MD5

    f4232bbe49072701dd8735154778b011

    SHA1

    42016641b820aaeb8c67dafed16201071087c30b

    SHA256

    23e3397de154912845234b02058a19cef1986932351dacf566eb1174483b3a0e

    SHA512

    b452f5aef4d15c19ef75b41623011ee78a80e3ade4fe8b92cb59f3882f2146e1567eecbc3045366783dc87311605bc7e305c66e030e3ec6e3dc8abd597a00b2d

    Download Submit

  • /data/data/com.hl.exam.mark/databases/ua.db-wal
    Filesize

    4KB

    MD5

    53d9b5aeb80ba028beaafdfaee61e285

    SHA1

    96f84eff4fa06aed699b212da32b81182c127fc1

    SHA256

    cd99a9f790bc138f59983680717982018028cca444a791a875d40fb0ce9fe078

    SHA512

    d57b854ad9904410ce806fb0f18db1e6abd9abe819678fe1d707017c6155d57d00883e093ab9e315819ecd4e26feb3030f0caa7f4b0bd8003db3decb3933d38a

    Download Submit

  • /data/data/com.hl.exam.mark/files/.envelope/z==1.2.0&&1.1_1703045570351_emNmZw== .log
    Filesize

    298B

    MD5

    86e3042cf67cbd3c10dc1b2f7a606838

    SHA1

    91f740142ac6c2c801eff9e251f4ada850f9893e

    SHA256

    8406d272120467046e87d9d077c2d89beea54bce334f05d481ae0e515cbf778e

    SHA512

    ff4b2ac5a88727f34366f1e6f8fa2758de80773e603140629b1532fc0ea4ab896b35b05cdba0d25c11cf64518c45a87ff9ce9082fff6e42a3e2acb215590e987

    Download Submit

  • /data/data/com.hl.exam.mark/files/.imprint
    Filesize

    136B

    MD5

    df6d32870c3b77e079cae47178769c6b

    SHA1

    c1b3d35ab85e4c27510087fdf226ad2ee0dd4328

    SHA256

    a1dd372a0a0b64b51a243387ea529e82167206a6a5a9976fddc4ae2fcefcd58d

    SHA512

    371cbee92bd1efcf502d69932c28ea6bc30887362362b2e5e3d975b4eba2fcdc825eaa465b24e74f659f49b494062543512d0f8063f3217dd9db05991063a249

    Download Submit

  • /data/data/com.hl.exam.mark/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    b1e9d73b8d514663448ba6fa569864c0

    SHA1

    093d9bd5369d91341f703eb9b2fef2fc63df4fc6

    SHA256

    af465b1ccbc73b20fe58f62b26bc9edcae818f6b6394bc232942da1d9f671194

    SHA512

    1b7c291f12b7eab9db9fe025a20ec788240b0aff47bade3b6dde40f85d9b9456d4781749e274a56f1cc300254b4a86dfee4747729644cd9ada0bc58f3b9135aa

    Download Submit

  • /data/data/com.hl.exam.mark/files/exid.dat
    Filesize

    52B

    MD5

    b339b8f1cbe3b14a0daef974dbafd2d2

    SHA1

    b8222755154d287619cb6b8aa6033877e9ebf781

    SHA256

    3e0cbbbc0f1ebb518d2db2758040a4e460df0ef67c784508b75a3d9de97a9133

    SHA512

    c1c45da40036b04135166756a67b39485271e4c5283c1ed8d1c45a969038ae67f0e9ef55c8b4de736181458bbf7039508df083a2547dd3fc088855fc74cd5ab8

    Download Submit

  • /data/data/com.hl.exam.mark/files/tiny/uuid
    Filesize

    36B

    MD5

    c52b96c673322a62a9c136080b0c478d

    SHA1

    0bf103a46c490aba98d34bbdf219f440f2a4d67a

    SHA256

    5413933330c2fd9ac252064d0e4b213070cc6ab74d3b618e842074294be1d149

    SHA512

    fce7ec72a1211b7e28ae7df141043b3d216f25509f2e5dd05e8b1d9d4af0ba0603af0ac6b4be9f9442df5b3c12e1ac2f85edeeb8f988adc2d818609c1753b4f6

    Download Submit

  • /data/data/com.hl.exam.mark/tvsafe/plugin
    Filesize

    28B

    MD5

    2d9a60ab677f1a52d01622d3c171117d

    SHA1

    1dc9db181427e9119bb33667cc42b9a65a9c0ade

    SHA256

    90f68bd843900c50af5623aa9e2f1b3ab0c087cb4d4a8ee1477f521046e811c0

    SHA512

    1fe8a31263b711943c875639ee6d1bda35731e762dcced255c94c7fe2670c89a7b7413caf33b5f7c7b5fe2ab504f6ee3bd597d83dcf839c99904ca6d3129b316

    Download Submit

  • /data/data/com.hl.exam.mark/tvsafe/plugin
    Filesize

    52B

    MD5

    62ce2bcf2d06c635353d4e80d54c342d

    SHA1

    472e84354fe1950ef4302f0b31816487662dbbed

    SHA256

    65b96d88fe1ae9816aa4e9ef035730276318979174a0103db8c9b82cdd46068b

    SHA512

    ef7414424d9df96e89ee1018380cf83e2c7eb66299a185cf34ddf1af5029a298f120bd8723c1fc4d867a8d7f91d54249c71b6ce184bd5821c28d4e0411b06d69

    Download Submit

  • /data/data/com.hl.exam.mark/tvsafe/plugin
    Filesize

    62B

    MD5

    ad6d477c15663912f4e614f2281af5df

    SHA1

    6ee828594a01d1e571e0c7b88b79cf929880b48c

    SHA256

    78adbf5d667f06162458b51b0e0dc8fddb46095bf6f3924342c58540a8d1f8ab

    SHA512

    1385fc63d870fc6636ba5ae374efa97f81ed3996df0ba39f45dcbda767f0c352bfe4c6979d0cb4d5199cffe681fb4d2f03f30d3d2204a7ce6247428cdb096bfc

    Download Submit

  • /data/data/com.hl.exam.mark/tvsafe/roo_report_sp
    Filesize

    41B

    MD5

    b0e0e321039af610ec8e189b73331000

    SHA1

    df6cee1f2fe14a665501d72ac1df7d1e79c39c54

    SHA256

    7bba3908a434316e908236ad2ef9344a0d52fa3388a6254785b2fc9abd274b0d

    SHA512

    a68edb30a81fb62cc51bdd80808acb707688b8b5e221bfed693054e74a1e9cf93f6b5259e7493ecb43dea6b9cc98a225db86d7ba74d39c6ef4163d621518dae5

    Download Submit

  • /data/data/com.hl.exam.mark/tvsafe/roo_report_sp
    Filesize

    22B

    MD5

    8328154f19bb650fea6e9b72e7e5d35d

    SHA1

    fd3259af2a1a2d746d13d426da2a3bf848bb9036

    SHA256

    3653b9a0cb49fa25811bf886193bb0b2858b7ab54bdf511873a574c94b5b5fa0

    SHA512

    4b1fb17ef942e705d1253723e77dced37598fbbbf7bdfc99c1d91644ac28d8ddd841d81fe32b872431fe8710726ea456235ecc86ccb7a3359bb3be08351c1c7f

    Download Submit

  • Anonymous-DexFile@0xcda55000-0xcda84fa4
    Filesize

    191KB

    MD5

    be325a05ae0d658e9b0f548eb2949a68

    SHA1

    8733b0755b50537fb859c0ac2dbeb98acfd1989e

    SHA256

    58fdae9e118e95d48b334a094793608d4d848b630c72b26614cf3bbda6de82da

    SHA512

    5506ea7fda27cb1b81d084e83f0973f5d0765a62e03d96d098ebd03f47856e1c8ffa7cb4c9ac0ecae74a6dcad8290a9d0f344f07bbea9f4df71ca9101f0679a9

    Download Submit

  • Anonymous-DexFile@0xcda85000-0xcdb7f0a4
    Filesize

    1000KB

    MD5

    c4597ecdfd68739b71c4eb91355744e2

    SHA1

    00350a604882fd55694c9779b3cd671abde9ca25

    SHA256

    0af56269f63cd71464773d813a0ecb74a90811a62dd82078a272d3e5db589601

    SHA512

    58c3f220e7f7a9c101fb3611bab61dda4cc9239aa852aa9db6e28456d5f1f52f143a42990cccbd93df692464d16af11cb59dfd128710a0976bb96b9530dca908

    Download Submit