871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384

Analysis

max time kernel
2365409s
max time network
161s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20/12/2023, 05:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384.apk
Size

6.7MB
MD5

f3e89fe885a5d803a0a8582046d2c3ae
SHA1

d80ad8835508f2c47e2d5ce238aa5e4fec6f002f
SHA256

871be9242b5db2f3db63e0081c7ca32145574330d4d62dd932ee4591c1a4c384
SHA512

6a6daec5d853f180a6d584932cd8e1ac5215feba7c7cf4c5a955eb371a51d6c030b79720365d94258cb87942bb2abee2b99e82d8c631383adfb630b2ce8473fb
SSDEEP

98304:hMcF7IsL6zNbvyojV4ExKmdKh4PNUEmKjfNvbnK6VkEmyqooOpNMrbj0ex4mhxci:htvmqOVF1dc1H4VmFyfpN20e6m04FYQ

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.jason.cdwyh:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.jason.cdwyh

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip	4195	com.jason.cdwyh

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jason.cdwyh

com.jason.cdwyh
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4195

com.jason.cdwyh:remote
1⤵
- Requests cell location
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jason.cdwyh/files/lldt/firll.dat

Filesize
76B

MD5
839b29e2fd2329f0299c9cfc3644e8c1

SHA1
3027506f336cba364d636f79d98d0f3054ea4881

SHA256
b56a1ab78c3a4cfff016581313d553a7d7e286029338bdfe057b91929a2882d7

SHA512
45363ff146261b462d374db57ce3adc485a6f0ff2f6d6d783ca9e67d0edd7a26a9afbf2cf8fe2b4dfa332d8dca458334de190bda7e419667a06e64b69f943281

Download Submit
/data/user/0/com.jason.cdwyh/files/ofld/ofl.config

Filesize
235B

MD5
4352ca2e7aeaa5f60c6c370f72a487ca

SHA1
2613681310fe811b4be4438a0f430f58adf217c0

SHA256
97e51f47ef7bf3d95e26fdcc3ed1eeffc0c360e059b504b035569210c348a9c9

SHA512
356e3e300a0d793b1edbcb29880934c1ee408a979e97c3dd931be5067d5aa5ff3244ac5c05e45e1817651afe9cab9d9431d86c4b7e94ed42a7dedaaecd06f122

Download Submit
/data/user/0/com.jason.cdwyh/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
d436570277d8dc3c77cdce4c11231539

SHA1
2280c537ead872811ec55f3c1ecd6963cf053097

SHA256
143313f17477fd957697edff6e23f78c0fa7caae1a927fd7978c6cf1f0bbcbc6

SHA512
896fdca9e059a35ac5118dc0cc14ba091f6783d7ae310924582c4bd888478a42b9761cf15a1b0ac3c02dd19f83d446b423182270e780bd857c0472d1729035a7

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/conlts.dat

Filesize
152B

MD5
2efc11e5712d95f75a04f5cd0a38277a

SHA1
6100822f1525beb2173b9f19eea9b4fa39adf005

SHA256
3c86ef8bfb5365213e04520411aca233b7b6d6d53627cccb74d0c17be7b4e111

SHA512
7efd716411b9ff9726bb64d42b4abb04068307b878311019cd043875bf2f5eae154a7f533d8681328b986caf0f57fc3cb3416bf3b34939133371427f95ca1cb5

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
426B

MD5
5946b841efb31da04b6972dd73ec717d

SHA1
ae85147aeb51fcb785b134bcc31ec92f43262676

SHA256
49f1749f2fccf6a5a785ca671e9c53d412b59a06258760d1942d4986612312be

SHA512
ef04e4cd67346e8e5cf8dda3fb600cebdd66b91d1029cd864acffdec7ff6be2bb5161e54541dcfee3dee48d99cdc51eda5c8a70e6de0fc08b577eb84b4d5303a

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
7287e1e371765620338cc50b93b48331

SHA1
9f8e709766f9d6d083206d4604522c0064ca7ea2

SHA256
2495b2581c5654e75ac0f8b1b0da1ea28aeeacfc707a621b15b1eeed52fa8c05

SHA512
069bebac5b326dbcd208f1fc97caf924c821be00f97fd26250e8ad7f2ef5d7845d524fb89d8547b3358b7f51cc9337f102ca31810c0afcde156cd0768f5f3001

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
3KB

MD5
bf06795c730bb512ec6222ac3e3de2b1

SHA1
ddc2ada574c3eb30db5fa1dfc55eb4c8e4ee9031

SHA256
874edafdc10f658f222f08abfd0a41be7e6ea6440a9e8277602e9a1fe991c61a

SHA512
ba39a6cdccfa449b5d60462059c5c9704d7b4d987c4d352494ca45cc9d3bd7d63513f597b555fd8494dfc0454efe9a1b8f5355c55fb04fc9fca672bb2df3f1b1

Download Submit
/storage/emulated/0/Android/data/com.jason.cdwyh/files/baidu/tempdata/llg.dat

Filesize
4KB

MD5
e5f569109df508ce44262aff9c2320fa

SHA1
b05b55e0b01147d9ba32b8312332d8c68a0a45de

SHA256
8bdea22bd46e6db7d4799b79258ce71248b9ac3c2f80bf85e7ed6f31e2a7b7e4

SHA512
4684622381675e92c14a93422677f2b350c2cfee71567a0f7efc90998a4eb4bdaeafd4a0fcaa6cfaa1d8b7c94aa4d110ca91ed0ec6af3fc186a239d2ab07dea1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
12KB

MD5
d89acee9fbf356695093f2724f643ac8

SHA1
22d2f857dfd38f9df961569715333e53fe64ee36

SHA256
4e1313b40c676cdc9653aecd74da0f6212f5d84ef960e1e8bc249811bdeb5783

SHA512
66448f754e7932dfeb98d20cddef9fe318b3a3aff17c2c47d065db78c5f830208febed67faf30a41977bc62cbd5c7a6e8205da054ff296843a75ca1b463f420d

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
32bca5686a14ff50e00d7cccd26fba82

SHA1
f78f5b4152ecf84c9ec5f798b353743cd92438c3

SHA256
2db1174f9bf4dcfb6695619ac93c7c12c1361785c79caea63c592c67dbd7b6e2

SHA512
61bd1ca85ccc4ac2f02a15401bcb08993748a026980047e15bf845be868ab41763d88d42d348e3ebb1f736a307f52481f6eeec17b4c571a6ba9021f71364adea

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
160b58b0332daadc01c1822afbaf72e5

SHA1
797823c6cda7c08536e2f44448f410002342a98e

SHA256
ef61bd6856af3a2ee76d4535c8ea45aee8c48e678523f825cc00d3d32205f39f

SHA512
d75b47a3806129d06ce6231405e990e18502a01789e7b2f3dfb350b68c70cd35ca437f543e9281cdfa843adeb24982fc25cacf636ecde4809a223f245e849c14

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
c3bd35f948da951f37c73fd0345e3f39

SHA1
2c8bf009994dee7d5f822cbe63333c1c018daea9

SHA256
7e2109ce6c4ca0ff289f82829140fe8c69fd6b900b1b19236e77b3617e772fa6

SHA512
e6a52ddb9127b98b65ef10f71cec1f1d3d7c68f856c82fb1ad762b0dfeb5763846877b936dfacf74c20f52c7a8ab76346f3248b26284bb9076074d7f9599ea01

Download Submit
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip

Filesize
678KB

MD5
07762136f88e4d507d518adf4e67923b

SHA1
6bd2f23386530d41e099e2fc43ec12cfccd49bf4

SHA256
79f7af475aa5ae5815dfba4a4badc41b610a3fba687a66ebcaa79f47c399578e

SHA512
05a4dd5bb850453f94a0f92966124f160178b7809858691a04ff6c95f0e02626a78f0178e2c1a257072a2e1ea57bc5208bb2e13ed10c3e80dfed1c250ce0d6f7

Download Submit
/storage/emulated/0/cache/com.jason.cdwyh/38b8083a72dabd8ece1fb57aa8321602.zip

Filesize
163KB

MD5
ebf5966f44c7114d51082aa1b2e119ad

SHA1
127e16b4a9a07c313d8ecb824867429fec7bef77

SHA256
13820335a1b2c3ab8fa7b16820f6ba14a26b4ef4bdbd74d59684363fbd245165

SHA512
baf0d4f6db881cb83d20bc153823b5abcb07b9993546d24faf6af64f3671f860b06faca91e5def10821472dbe477628ac2c9519ccdefbba4245439a5762d920e

Download Submit