83d76a13a973c7a37c27b5974163bce0c7c78c708110feb27083f26b3f56c956

Analysis

max time kernel
2346206s
max time network
153s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
20/12/2023, 04:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83d76a13a973c7a37c27b5974163bce0c7c78c708110feb27083f26b3f56c956.apk
Size

10.9MB
MD5

dd07fdbbfbf68903b75883c3f4222d96
SHA1

27aeb4017e95d70d9c4227a81f96c4dcfd294ce3
SHA256

83d76a13a973c7a37c27b5974163bce0c7c78c708110feb27083f26b3f56c956
SHA512

ff10f1a923bd5fc7ab909006fcbfb3bf8913bfa9f9bef265b79b1b1da17d254f9750735ae51d8ddb04e78b4a862d283db9cbae97d33c45c3339fab258b9e7feb
SSDEEP

196608:ahb37wuonqaQINrI6KHEBgDtpH84PQ9A3rFqJsNeQjI51JbN+5VJOksZRYMpy:ahbEuoqwZIEBg5pUAbqsNecq1Jb05Vd/

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nkmpmhmenpmhmjmhnk.ptwanxiang

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/AdDex.3.0.1.dex	4958	com.nkmpmhmenpmhmjmhnk.ptwanxiang
/data/user/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/AdDex.3.0.1.dex	4958	com.nkmpmhmenpmhmjmhnk.ptwanxiang

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.nkmpmhmenpmhmjmhnk.ptwanxiang

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nkmpmhmenpmhmjmhnk.ptwanxiang

com.nkmpmhmenpmhmjmhnk.ptwanxiang
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4958

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/app_model/TinyCnnModel

Filesize
987KB

MD5
f97413f4f666085c652d8d3d2a8846b3

SHA1
9b6de4999ceec83f5f2a688419dda596858dda2f

SHA256
c370451dfbc29ad910c14696fe96400f0a363311612db775e444c303319dc11b

SHA512
0c32d0ae404113f631c488215520ce8a9c281b8a02d5b7b92fd1671b8e33f49a948a5ccff467550d10c962975bc01a0ba3d5460f44206e26f752db0aaac10be2

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db

Filesize
36KB

MD5
b7036131b84bdf2b66c67fde18d62308

SHA1
18b1e5a358d68c846495cab5cfef7c6679659093

SHA256
c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

SHA512
256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db

Filesize
24KB

MD5
dee6d058a7fa9e58e9982a8136df769d

SHA1
b01c15c93dba978ead9afe23bf2c3b5f2e5f5f35

SHA256
8f05a9b84164184adf9923e364444f8e800b860d664ef724253ec77dc877042a

SHA512
7f78f2c1abd083e8cabac234211e07ffa5a956239c9e37d208ccf5c24af4e67c10ceb735bfed3f6b4f1ac0b02682bbc416de4a2f7d0320057cf98d6c5a43ae6a

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db-journal

Filesize
512B

MD5
45967ec1a88b481734814bb3333b149e

SHA1
eeb81d94767ab28a4e0bf754803b61e60fc5b777

SHA256
26ad92fb827d75d6d71ee078b0491bc83b22613bc0ef4b8e890f61d0a495c007

SHA512
32e21166d6fca2bf8457304531fcf98762f29712dc0fcabb01f024cb08f744e4d1d8f1dd56534d72c21be0212ad4f0d128a99425f4eb4c39c51dc7ac1e17f86b

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db-journal

Filesize
8KB

MD5
084656d6384f77bd96c62bc74cb6bfd7

SHA1
cee5c90c13f5951f669072533ae65b03d499bca8

SHA256
2cca5a8ba08c79a94993ad3363d832d38f43a24afa280c7d68720bede5c13365

SHA512
c8614e27dc80f360e13f50bf4d2847d4839f5ac18b6006bbf9e7387481b9d7aec01912f2db01aa0c7ad448818b42212ff3489da4bff034e355a8fcc6d61f211e

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db-journal

Filesize
8KB

MD5
a05c608d32791f4659da0f003a8ffdf3

SHA1
798813dfadce22ae38638520ab6bb504a9352426

SHA256
c65752021d8989e2462bd58dbc8b4db773f71b9ec80109810dbc05253cd324b2

SHA512
05658cde617e1068a1e75370d4b9b2c32c41b0ecf13974511ed61f31c69b17d896de4ae566bde6390df755484b194a383f17541a2d4ed32601047d8b24f53b86

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/databases/ua.db-journal

Filesize
16KB

MD5
1e86f7ab04f9721537beadf3e4afe873

SHA1
6710915afcf987975350d0fd36cbea1d1793c6f4

SHA256
54628e5141dd8752fb3929e3f77f921b4479bc66f6b02f6337519ec071d7d825

SHA512
4ec18f21cbeb48e3d9bdc3b4e0df98174d5b25fdecb279f608a1e94e5d3d7035d856c852159074f121d47e3cb325cda500019a698e559c5702e8ac192e24c3bb

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/.envelope/a==7.3.2&&1.3.8_1703153136705_envelope.log

Filesize
1KB

MD5
5e973f5e3174c9a83b0d14a911df2a32

SHA1
5ccf0c66c9540dae2d06f1f40cd51fa55fb0f528

SHA256
387c8673b15f8d3fabf754039ea52ac664fc87a7684eee9f97552561abd805f9

SHA512
11179d1936e457034363c65c50bb2a5575995d9328942df6e7878d123ba22f1daa4979928777e4825f9858379749bb3e5160ecb04a16247bb31a15932d6e66e7

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/.envelope/i==1.2.0&&1.3.8_1703153134004_envelope.log

Filesize
2KB

MD5
f888383f961f7d29ca023e5cfd0d850e

SHA1
ba64c683fa6db141098d0de8c03f6b74f35267c5

SHA256
49f73cdbde58676b26f097a07ff129aedf908b056aa183759cfee0528dd9eb8c

SHA512
f0ea6bf2172385a2ea9b1a6d5638a691395bc26f058921f3029b5a62c8738031ad760c2160043d3a2fee8c5486969c534c108b4b7221f3fd3d90f86ace74f989

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
2600750fab550176d764a8fe757fb5c0

SHA1
34faac52f217e2fbb462861fe0d1b806bfebad33

SHA256
4cfda6c07a8c0cc71f737146c8b0e4dca695e565f1e1cf1e3b8a13c3ac1232f0

SHA512
a882eb50052e675acafe02ff67aefea665cf90ee2119da5a05b98cf8765a6ec1d62d7688ab885cd09c168d3ec1d3f9ad2bdcc37419ce042cc6503eabd6e585f8

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/AdDex.3.0.1.dex

Filesize
152KB

MD5
2e4955e53555341dbda9c6fc0edce515

SHA1
ed84d44471ed72bdacddeb11573589a33ab4d132

SHA256
1b5da8a48052894d5810326084b0006b53e8ccaa4efb0be3388d178c375d261a

SHA512
1b4f53db35fbce25678773e26fa932965314d153fb791c19a1fcbf4a6bb21532cd3503261e1b2ea82a56816e31e6f77d0a475ab51291ecaee846ffae79b850c7

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/elfinject

Filesize
13KB

MD5
a97746c2dc86397304dbe4668597c507

SHA1
9e73822b093d3ebb0a1c8c69be0e77fd4a70dcac

SHA256
7104fcc3b76277826095e036f20b5a9378fb73a20127bc8982b4d10683523888

SHA512
90fa7439d2d0de19c3a4e002b19779c4398903ddfa7aa31954d820f53c2eaa5cdda140dd6c7f4ea9dcc712366896cb99a6b28d4e4857d79fe5ba1b25cbf54b58

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/exid.dat

Filesize
55B

MD5
3221e990699ab6b68dbf4cb41d5ba57b

SHA1
7d7d029358389b17dff7b942adbd8e29344d4241

SHA256
9d0c9d665eab6867ad71fec795a74b878d0e68ee6d20102427c6d4b0d745141f

SHA512
53887fa66c50210ccff5f312d39f80c742b4a32449bc6dd7b58cff7581e9d7dd4f832160f2c7f8079c24571dbbe9de7e9515df702bbb9cfa7d415bc69350076f

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMTMzOTA0

Filesize
1KB

MD5
b587cf4981d3a45da92abd596722ab53

SHA1
b6c527662208e2c4d95bf463995d123c8a152b65

SHA256
38c0779043b8b55e307f24dc725550bae30c2cfdd6ad6c0285d6f81e312a6ee7

SHA512
6eedf04fa758ca707e04414c2de5c2e384af24a2a062c71a0ef0b57ca43d7f7ef1c1280af2664eb9326e1d23d6701313d6536b0c1b113bf44ea2ca2014bb5025

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMTMzOTIw

Filesize
1KB

MD5
41c47298e4d6211b1d34701d8f09add6

SHA1
b6ce368daa480eaeb9d28538051999095304e3d9

SHA256
5d64081f09a54bcd6c981025fbf03aacd433847436abe9459464c7e49cdd1d40

SHA512
a19d21f8e6ab8cc259aaa14faada51b78e03b5291b83436fdb9e48d99b7cd2780a16890c00645950fe4f98ef016e823c352c3966347be3c1a8f75eb92226b0c3

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMTY0NTc5

Filesize
1KB

MD5
4d88f6227fa0eeef3f04316b5ece629e

SHA1
71796815897170865b9a03d8c82c3ea780efb85f

SHA256
4aff7373dde91cc95016a4b4cb30f5eec70e4b04160453a7f1cd89db4a844bde

SHA512
c9aeb6d81bd1add3efd4d3cfdf86ebd3e66dec8ee1e5746b72b62ce5d08056dd04d842aee715ea166547a066ae9b4a26ec3196921342450a604c47d29bf1ceda

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMTk0OTc0

Filesize
1KB

MD5
4c79e4f8928937e7987bcb54abea9c72

SHA1
24d925266b0d3b9686abbcf5c1ab6c86b4744dcf

SHA256
cb5665bf7b2ce0fe8810332db5cc17bb72767d01c69c16b3ffb460ed336e7951

SHA512
735252e25aaa365d8ed310610c33bb104b217ab1193e1326d393b38a59cff62581f11df7dfcbd23980634b3b63a465ef84490c15d5ac88180a49eb88947057e3

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMjI1MjQ1

Filesize
1KB

MD5
8d719ed7d48c63603801d21a78f25c34

SHA1
a4872ea022c241b8561ce6167f27aea4d070863b

SHA256
0e87fa16377437fcd236f830e4f57b9597c63a87e7337eb8aea8821616fac4e3

SHA512
c54acbcf7bbd0c2767e4856e8c3d0cdf79ca16c5e19ca51a59fb28048d418ddc2fe685d80b92b6271260f7a81eab5474b8b29c0c1d01ac4170409ba3086e0ab5

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTUzMjU1NDQ5

Filesize
1KB

MD5
b5b504fc4f998c42c9454d197fbaf963

SHA1
5eed4876ff6b623f8cbc8419957c9536d1b9fdda

SHA256
e23bfb9c6a89d1e119f6b8ade236a4f497bf3138206299ff3388a5f1f28ded94

SHA512
ffeefbf366927d4046b2d18ab2e7ee7cd7f453a14ae875e68140c4cee3d4ef0b3a945c8ddf04bd10bb30eb775386aed3cd5fe8056b4005d59f724973132f3460

Download Submit
/data/data/com.nkmpmhmenpmhmjmhnk.ptwanxiang/files/umeng_it.cache

Filesize
433B

MD5
3b60d1bcd0e0a69c8ff19fd5021eea51

SHA1
e09d21b8f18e6505078b6af42ccc7a5f0cb0b566

SHA256
aba4831476bb1ed7136ae1e5bbf4b4874fe67a6708db0dc8242e23453346d156

SHA512
2e038e2f1cb982723ed15ec07c20238e4c2328ce196d66ebff035ad38547ef945636b7a423fff5aab2a391c3a7dc2fa3ec85f9868a0ccc0136aa964ab38d28da

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
ecbcf129fa50e2d457cc7533ccc1fd0a

SHA1
3fd82d3b37d3cdaadfd9264a8c7749de17a0e76a

SHA256
583dd52759dad52a9c8725800085cd769750c81aa299c1e90ebcc520316f68a3

SHA512
17024a51d3f2d73bd9877be2fecfd3cbe6a7b1d3e8c2f223c9193f404d8009dcb9b404976ad64e880c8437336766f290f175f4f9a30c3d89c4e6190b963d5dbb

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
7761d336d423740a1084fee4c384eb06

SHA1
7ec58366749a46c41886a5a7f5cbbaaa2b9a5ea3

SHA256
a1e5e7ae116819be721c9f3358a592d857fb6caade64f7cb20ba32e7e05f5fc5

SHA512
7403562d49ca81ce4d129a54463125247c22b6c1e30a5de5efa1afddf96dc86fb04d929fdb73c28e03cdb8982689e95d9b148be352b7ccd095f9bf374e49a34c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
f168d63b05809588d51e3994ebe858a4

SHA1
f9a6540e9490a7e322344acd397a0d03d04172e4

SHA256
53b2c953bf9e0d9cd65b676ead676afefae4fd801f301a09dd149e015bc89698

SHA512
ac837080f6c64b223ea7da0a6ec846d8a3df1612ad42e107cfaa29d60c7e88267bf95511e733f6f73cf212e86a7a0be275a2a2dead75be3d41790ca950068d24

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
253d406638e50c508a9af8f78c91751a

SHA1
c1e87d036e27646be3f6684d480056bfe698a7a1

SHA256
dfb90f01e2584a5634c972093ee29acc9249992afc240e953c64dbd457bb3a79

SHA512
5880e5759e98fc0a0f6d3b21d9da0c63fa9bc31afb4c082ba75fe3e6115f3c56987b1989bda1adcf95cdca97909ab214d8bb2c74ec76fce1116b1416fa8560ac

Download Submit
/storage/emulated/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/NetworkMessage/NetworkReqLog.txt

Filesize
414B

MD5
6b725a9aa541195562d9a7829d556553

SHA1
141260df8f7f2b9c631a1520bfa220ea7433b1b2

SHA256
214a0209cad01e659875213bb7c1be82d75ba035213f762e52e51884a90f7164

SHA512
27d9cc4b361e702b67e704730b7270a879f4601ffe6180667cbf5b9909994de30ec2c516ef0fe8058b28e6d7424cdebc4c92022d2ea9fd119b25e885e68a55a1

Download Submit
/storage/emulated/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/NetworkMessage/NetworkReqLog.txt

Filesize
414B

MD5
8e0277d86c7d3f8313670f6e9512c445

SHA1
cda92bcb609e2b0296eb0bda3c1c4d1473de6ac7

SHA256
83e5d3f2e1283d006d2d59f958723378d0bc6ecd0c676fd05387b282c468f0e5

SHA512
569b683257f497cda7469217a22b21cdf7faa8bf50b6adce1e79fd910a044c187593f918f1068c739fb1cfc41eed9e59ad52fcda8f7dfa787a3d205697186fdf

Download Submit
/storage/emulated/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/NetworkMessage/NetworkReqLog.txt

Filesize
414B

MD5
3fbe0a94e969034e9ba90a7404b89725

SHA1
efab00d1551966066f9226cc295973e75021bb99

SHA256
321369bb619aea56ccf79e155b4fd893260eeb031ffccc6f874121e225cba054

SHA512
03baf25a3aaf6befb99f041e3a17afc4c3dea7d83ea280626bc326e45b8268de107dd31f26d61400414a3d97d913ac9c91981e4445157e7f98a338fd2215795b

Download Submit
/storage/emulated/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/NetworkMessage/NetworkReqLog.txt

Filesize
414B

MD5
d384dac48f6cd17fdd4f45cbae70840f

SHA1
851b8a4fd31711511abec2064cd3a5da650a7144

SHA256
b3beb961d8115f799cf324dfc05858808d0ab3192b3ea9dc4e20aa735102733e

SHA512
04448584fa031350303aa6690cc74aa7bb0146ba6152b3290c9d12e5cc7ede39f4a082668b514da86ab1545e0ec9f06b481a640ed0ed9f20b3508fdf88431d58

Download Submit
/storage/emulated/0/com.nkmpmhmenpmhmjmhnk.ptwanxiang/NetworkMessage/NetworkReqLog.txt

Filesize
414B

MD5
54a0c4104bfe18c0a4fa4449eb804c0e

SHA1
7a354da803b9a0d0233042cee6fbd3da95740cdc

SHA256
78e41489fb7380a229629e290a4c79a8dcefb22a604abf942ec1dfb1c0e1c036

SHA512
da1a5168b1dfba2cad1bf5480af3cebe836cae7cc3b9186f66f4bd83290555c4eef5d9c678deb27bb99de3817deccd2b75378f5e2f5a3268920823411e6c29a6

Download Submit