871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384

Analysis

max time kernel
2474633s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384.apk
Size

6.7MB
MD5

f3e89fe885a5d803a0a8582046d2c3ae
SHA1

d80ad8835508f2c47e2d5ce238aa5e4fec6f002f
SHA256

871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384
SHA512

6a6daec5d853f180a6d584932cd8e1ac5215feba7c7cf4c5a955eb371a51d6c030b79720365d94258cb87942bb2abee2b99e82d8c631383adfb630b2ce8473fb
SSDEEP

98304:hMcF7IsL6zNbvyojV4ExKmdKh4PNUEmKjfNvbnK6VkEmyqooOpNMrbj0ex4mhxci:htvmqOVF1dc1H4VmFyfpN20e6m04FYQ

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.jason.cdwyh
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.jason.cdwyh:remote

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip	4355	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip --output-vdex-fd=112 --oat-fd=113 --oat-location=/storage/emulated/0/cache/com.jason.cdwyh/oat/x86/38b8083a72dabd8ece1fb57aa8321602.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip	4256	com.jason.cdwyh

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jason.cdwyh

com.jason.cdwyh
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip --output-vdex-fd=112 --oat-fd=113 --oat-location=/storage/emulated/0/cache/com.jason.cdwyh/oat/x86/38b8083a72dabd8ece1fb57aa8321602.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4355

com.jason.cdwyh:remote
1⤵
- Requests cell location
PID:4397

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jason.cdwyh/files/lldt/firll.dat

Filesize
76B

MD5
fd410dbf607019beddfa8acb14e9f747

SHA1
aae7432efff7136f886aef2b7c0daf682748f350

SHA256
e52405f476035f8e54ff17293da528d5e60ccfa71f9614cc7f905bb0d62fa9b1

SHA512
2c36a45a6b1c2a895e2a6fc22c610d1cf1cd966685c0f6c297d2001c00f76bd73a7b8c32352450767c946186dde30ca157f0aa687865aa2d5302a3872612dce1

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl.config

Filesize
235B

MD5
56294716216d3a77f427f64e2c910d1c

SHA1
031eda3a06d77525f49ec2bf42510e9a8b36eda2

SHA256
2fa646dd2eb5cdcb6febfc86cdc089660d4020e21840be3b5b88e0b66a080873

SHA512
1ac5b013007a39c061a29442682b05714b3caab620be08b842c955728046caa27e4505d8ff97501639344a70f5dbb4bbd098a8363e33347565ebd1f69064386f

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl_location.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
592475e0e951b73a8ab48d4f8d415df9

SHA1
8fcb3c4e5370e2e7f0997f0bb853384b6e83a8a6

SHA256
4434cd841b49d78852f64e91ac65438d8d96763f19cdda998ae4e7186a3193db

SHA512
01a573e2681855d8884572d18c32e4e6f565cb3b536a270a5754a7403eb5e655d4d4d2a12ab7125a778373b699cf41535c790dc319b53f59d74687d578afb17c

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
e9ee77f40971f17052f0976fd59161ef

SHA1
86bf4f34c0f192e9d48fcfa4de1aa84f885b8f87

SHA256
f569882ef9ef10a05d724f56c79950489ab2a56acc68dbbe7dc81124ebade543

SHA512
d28a4fd4b73beb45ebeef85075f5d6571a288f12b633d3ec6a6538ba86cc42dc447b5ce105a3a349da5605a4bc3f9b720aed183ac07abfb7549b6f3ecb107f9f

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
3866aa49871a31fdfd778d0aed41d171

SHA1
37808eff108915b619972a978b7bbd7a978c5568

SHA256
dcc039ab60e42249e9b1f70c2c56f8b973e69cdb8a8ed9bd395b512da70e3d7c

SHA512
e28bfb8ee9f9fad446fc2fa51617016e4d03da2eef6045c816cb7e862c290f6290fb32f19ab949a3f8cfd7414d700436dac19356a96273d620a096c0531a10d1

Download Submit
/data/data/com.jason.cdwyh/files/ofld/ofl_statistics.db-wal

Filesize
124KB

MD5
5f182177a9d4c10a62032e0986fc8b97

SHA1
60755730ac137660345447fb0f445ec707eaf965

SHA256
f57cc5428677fe5b40dc74e9734d231f7b4649d16c2d79d46bb9a2ab6e9d79f0

SHA512
cd8f77c73384228d2e5ac4f60f84f3ac2a47cdf51300c9c87d4bc8285aefae47e33f59c3b191c3afa742f127266a7c7ea3b6eb3a9b06c21c8d5947ac1dbcfa71

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/conlts.dat

Filesize
152B

MD5
2efc11e5712d95f75a04f5cd0a38277a

SHA1
6100822f1525beb2173b9f19eea9b4fa39adf005

SHA256
3c86ef8bfb5365213e04520411aca233b7b6d6d53627cccb74d0c17be7b4e111

SHA512
7efd716411b9ff9726bb64d42b4abb04068307b878311019cd043875bf2f5eae154a7f533d8681328b986caf0f57fc3cb3416bf3b34939133371427f95ca1cb5

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
438B

MD5
35ce7c8b76f0c41a1adc454689f3c9f2

SHA1
1aa518a29ab15cc07e27798b7ff4de9407054f1a

SHA256
cade0f7d554d11c1d8ea2942363e5cc39585385ad29075cd16bc4c036018298b

SHA512
d88ce7af493a6ea166b3cd0b0c3662120995d0dcd377b3de3cb301b0f1505281ce3090a5da95315b65b4aefb3bca4a87cedd26df64e28350c439d9c4d213af03

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
a30e63a1d25bb414928376dd1265d89b

SHA1
1ec530e6d0104e7fc58bcebf97e47b57d25c8194

SHA256
ab7cf2ea028634679bbcb4b3ad9f163665bcde9ba7c237da04d92e19c4359610

SHA512
7217dee35360abc1d19ebbdc4e074c5614b8900510cd99e5e837925b05db2e3e1604a7b80adecf67adcbfc6ec2caf659283b1e12e57129d7a7a417f75df6a49f

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
f9016da4bcf8e5988f9fb482d11b9c12

SHA1
a52daec4fcccb714e2b93066d852f301187b42d1

SHA256
3e5b63956fe6a358629b2a213b78f7d54f73d9da3ede2bb834a9fdca1c39de2e

SHA512
7af969e014e924f43a91840fa7ecd1c74e245997b265e8b92eb2762f127eb0e719127d5119f143cc0dd72a574e490ce8616298339dd96612da0206b9b289e8a9

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
3KB

MD5
35cb54e4bc17ff6b38a8ef598a0bf29c

SHA1
ac8d42b2f3e7175c61472bf9a6e42fafddef878e

SHA256
ed2b042e7ff19729bb30810fbf423281e84282ae8b8f0999c5e7bb3e1504ae75

SHA512
6045df568b926df5baebfca094bee5fd2d5e8ad2b35418a1b1baf67f0d2d90334c0f607e4f881505af164c09bc0a558aa3da83b2de328b4eabd18c7a9116ff07

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
c786a0aecca50ca6b2e6da54d50b17cd

SHA1
d5aea8369201b934cb42b4092fa1349ae9ed66db

SHA256
e651a9b8925fd70a336592aab7de58ea45ffdd2fa9a5aba76aa72f1e10c95e36

SHA512
55fdd1af73d4ef08f4c85a529066d1ab3e9047b6464acd753fcdff837973f5629218f5cf869331f85a61b5965f3f784b663b0bba8279b0a72ab7bca1b248c1a0

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
e54a81715b8b4e0b04c1fb22d1733013

SHA1
ccbddab5be95cca7f6bb147a2be1e41cd3de231d

SHA256
9f72e9a73aaf2232b95622f6f6f39dabbe70017b88ddb3bbebc2b36ef038dcf6

SHA512
ec5d47efe959c2c56bc7efbde3462cbc15423ad7de095584219afe9d1719c1258c1958cbfbb0b2c83667d73523402afb9dccf1fe797bd87685ee23b936cdd448

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
678KB

MD5
dd42f9f1d57c1854a2717b4a252c7025

SHA1
c35b1d3b2e7f1a63a69d9ff5ac7e4d3c387e9c69

SHA256
0df5cf63307e945287147503301ac7da8fc584a7753228a330fea767e5da324c

SHA512
5bcb5227ecf7e23ad8e47b42ff95dd392796630f370112c17e95e44af664001fd7120ca659d4d2875bcb05edb983ce496b041234530bf12d5155b0ffa4bae2ee

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
9d83ddf0e41464b2ceefb780c25d948b

SHA1
3d91b10cbdc8bea6db74ccb148e79c79a1f4132c

SHA256
66b1fbc39763271a8bdbf9377cc278119d697a398ebcc3b95c23d01fd989a38f

SHA512
5436995b187d7b298fa5bb2cd46d40a7eadeb664b448c6be0910116a71762de85fd847e849a824dada3929964caa6acfeb6eb5d2b79cebd0d5fe6433937e83d5

Download Submit
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip

Filesize
678KB

MD5
07762136f88e4d507d518adf4e67923b

SHA1
6bd2f23386530d41e099e2fc43ec12cfccd49bf4

SHA256
79f7af475aa5ae5815dfba4a4badc41b610a3fba687a66ebcaa79f47c399578e

SHA512
05a4dd5bb850453f94a0f92966124f160178b7809858691a04ff6c95f0e02626a78f0178e2c1a257072a2e1ea57bc5208bb2e13ed10c3e80dfed1c250ce0d6f7

Download Submit
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip

Filesize
163KB

MD5
1e3795232cc23bc089acfa024510936a

SHA1
b62c64f5c8eb6341fd1e5f745c68da35055b2b2f

SHA256
72a8c6b9b727d6eba79041c73c42ce1f39b0d4f0f7fbd3d4c8dd5ece1982780a

SHA512
9f18736ccbf3eaece28b03abf91eba788057ff34e4f55d2abf8b28022798bf47aaed9590ba1a661d8592451e99d4b9a40ce69b55bd3aba9e6659be68df1bd123

Download Submit
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip

Filesize
163KB

MD5
ebf5966f44c7114d51082aa1b2e119ad

SHA1
127e16b4a9a07c313d8ecb824867429fec7bef77

SHA256
13820335a1b2c3ab8fa7b16820f6ba14a26b4ef4bdbd74d59684363fbd245165

SHA512
baf0d4f6db881cb83d20bc153823b5abcb07b9993546d24faf6af64f3671f860b06faca91e5def10821472dbe477628ac2c9519ccdefbba4245439a5762d920e

Download Submit