873da0986cba2db8d92b730f356a81286b95dd7d5b893e3195b84c8a740681ee

Analysis

max time kernel
2453277s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

873da0986cba2db8d92b730f356a81286b95dd7d5b893e3195b84c8a740681ee.apk
Size

15.8MB
MD5

ca2f0dd53b6ffa9bffc1ab8421e05a73
SHA1

f65ca26161be93193008ca022787041c74a4d8b6
SHA256

873da0986cba2db8d92b730f356a81286b95dd7d5b893e3195b84c8a740681ee
SHA512

4da98a6980c2b6e31015f14fb8f0b8751c217624ea356c3a2f0fc4d569af80e22ed62528f10d1c2befe4950de9efb8be2a2deb6fd38b0247d82c8817a449df3d
SSDEEP

393216:GPAy4vkadlBoJneQdG1iJrw+S7F7We8zWyDsYKcoqJt8/nYxI:Y+/dfQd42rwH7Ae8z+YKcW/YK

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.gamemakersrd.BubblePepePig.dbzq.m
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.gamemakersrd.BubblePepePig.dbzq.m

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar	4308	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar	4241	com.gamemakersrd.BubblePepePig.dbzq.m

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gamemakersrd.BubblePepePig.dbzq.m

com.gamemakersrd.BubblePepePig.dbzq.m
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4308
- getprop ro.board.platform
  2⤵
  PID:4352
- getprop ro.mediatek.platform
  2⤵
  PID:4374
- getprop ro.board.platform
  2⤵
  PID:4441
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4460
- getprop ro.mediatek.platform
  2⤵
  PID:4480
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4498
- getprop ro.board.platform
  2⤵
  PID:4548
- getprop ro.mediatek.platform
  2⤵
  PID:4567

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db-journal

Filesize
512B

MD5
1ae1b295ff566d79ab116bd44d1e643f

SHA1
08981be20f883dc10f9d2a275f1a2eff7819e119

SHA256
5aa5f8f917690b2ece253fa3a56605646fd465b15fd47a592b81b7a9f69974eb

SHA512
85e59c4b733874b5da147a77a432848857a886d72efc0653e17742b0778ea1556e82b59202bc7872c8028fb6340692cf29640b60b6f76328d30e0dc92c0f052a

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db-wal

Filesize
32KB

MD5
e59465223f0cdc59a1e02f359def583f

SHA1
b6206c7b52b28577427607ee3f94cfd2dc026772

SHA256
fef5dd789f33f4a0b14c9e89910824b0df0e8c6cbb379dc851f44aaf5b678e73

SHA512
27eb0d159f0b77fd6ff197f71bfd531688ef5d8488780966dcab28ea72e0b9ea72bd4ee4cae57901edf818b9b8b4642f8bcb6737829e2ba9728df0dae938825e

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/ownad-journal

Filesize
512B

MD5
c4f89d8279c6a0b2828558e4aee3ee03

SHA1
0d16af26d9731e99f5c7fc18b64ab6c20a4cd306

SHA256
73a40337faa3ed564ab0159e420c0f06199f777bd31887fe43ab9493d74cd8ae

SHA512
ddc68203ff005806d38cd73a67016c440884ed07801631f65660c431991fb808e229fbdf8fcfc1efc7f8b087cc7d486f67c0922c2958ebf09794a810f4bd273d

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/ownad-wal

Filesize
28KB

MD5
1e5a1f02b7e2a1cceeb868749b5c8209

SHA1
eb64056a67ee4c0b910cb3b0f7946595e4f416fe

SHA256
358c24f780a95677452d813987a19e8fc5fa210287636f5d8fd0f646cc92e045

SHA512
66683df47283866e0f6b558bec69c1fe848bf1761d690cead28bfa29b2b376e9463c633518d76977e9bce6ac1882805fbcc8cb84fb7e906fa7714cf07f4fb18b

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/pri_tencent_analysis.db_com.gamemakersrd.BubblePepePig.dbzq.m-journal

Filesize
512B

MD5
06b2708952f7874364662a4c8fa180fc

SHA1
adc12cc6a3b8567fed0db5f423b896ee77de8c81

SHA256
a5b8293a2657158e79d5987d5ad039d2d71dc931385d304dd821f0fdfb742d49

SHA512
cfe9661a67338b5bef1e8e4cb00b0f92ddcc82cd17c6557b2e049fd7fb3f8aaee537a8839686b80e7c5d20442c44b4b7d20f0246854174ecb09b0cc8d90828a8

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/pri_tencent_analysis.db_com.gamemakersrd.BubblePepePig.dbzq.m-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/pri_tencent_analysis.db_com.gamemakersrd.BubblePepePig.dbzq.m-wal

Filesize
52KB

MD5
395e3b23f1acd9d2d5361ae806ae12bc

SHA1
4b302470d8e346d349c23a5b22edf5ce9caae067

SHA256
da9a1748dbef77cc086064f2cc9172584ed5ea3aa87e08fe993512360f110eab

SHA512
5fafe3dd98a7ac27d22942003dd7c7fd0928a537493a08532ca8908286c9245fa94557ee8583b5cbbbdd95a30f7a5db5fae6e37c071628fa6a7f8f0ac53be120

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/tencent_analysis.db_com.gamemakersrd.BubblePepePig.dbzq.m-journal

Filesize
512B

MD5
5a8d9e8d67954244c83a70769596be53

SHA1
70043813a8d03f89771ed1570b16bd2b41ff8354

SHA256
afabc1cc0f7598fac5741bd21c920320021e691be42c5e90e700e684d4b3ed32

SHA512
3c2246d5b7a3eb758f1c6f501b1e6257476570f53e57f585f590d03bce24646617980a3c1267fceb03769e7af91a5e3c42c210d4461a23a8618ec54bec337758

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/databases/tencent_analysis.db_com.gamemakersrd.BubblePepePig.dbzq.m-wal

Filesize
60KB

MD5
3b58196d919264b4f611300699429458

SHA1
f1ab2e564875a8c9640cbe23a07685bfd4dfb876

SHA256
e98d9b2ceb5170cfa4b143c7a7801011517b84c5067abcfa033f318596a5a9cd

SHA512
a538ba1f98dcf423529a1868161322b8812fd8761395977a76ef52b1c4f4ab78e260cb40f2d7e84e53842241aea380786a4554ea253ef5afb95cccc31b42c2a5

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar

Filesize
21KB

MD5
2d5096a88e525ceb47064170d06394e3

SHA1
e0f8b48a35fb17dfccc1a7a88d744033446c06ad

SHA256
c1c7559182aec6f54aece49eb182a07af68d016e6f0e16550445d8e4416fae70

SHA512
372b759034b52350b39c928445e334d3d088292a78fe924d3e382024ae3980c9371904c5fc4e39899d9859d959e56b787def5d0a5f0b226a102c87e9989672b5

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/1373/md5

Filesize
32B

MD5
d84a0f5b7eccf3885a9fc37c261411cc

SHA1
2d0476800ac8e5fbe2281771e2a19ca1855b7dc5

SHA256
6e5c6cedc85412a460d6f2a8d6b17052da81cc3c54c28450c50b232db7c19698

SHA512
12f0e4832cc28df3d632fbf34c4fd71589399424a6337cd9307286911a1dfa7591af74eaf742dca0fe1819eb99ab25b10ac80a84207978bd3ba270f41e753d94

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/1373/update

Filesize
105KB

MD5
6b8b47e5b799d738d9cb624aa4ce69b8

SHA1
d48536a061594084ee17f5413d6662374a739c47

SHA256
0d8639341791b59afd9d384e866b3a91f3984bc3b6e865f1e219e26055fa1a19

SHA512
b18cdad3e6549fa2f28635bcafd38b74f427a9b386f305baa34cc3d6021ff1866a600119361d8e632f5c8dcad38e6841476fe63a056875332ecc2aff844b421a

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/version

Filesize
10B

MD5
48c74e8887ba6df187a43116dd6a1f0a

SHA1
8ec15d5e7169355c2323908d116774fc42c4acc9

SHA256
e6749a5ce17e271899c3d503b20557589fc2b495006d30e52a4793dcee17587e

SHA512
ed25c0bd6750198e6db304f0e33a24f662cb3219ccc7038fbfe69b35c50f7277538340c510c3151a0c6f1e3850a068710ae7d41f613d4645ca582d2473ac31f6

Download Submit
/data/data/com.gamemakersrd.BubblePepePig.dbzq.m/files/libtencentloca.so

Filesize
27KB

MD5
664a8f4aec092c313998423b1f16ae12

SHA1
2edc986adf07cea216ad43ffeb44b766e4593cce

SHA256
020db36dac22ab91f5e6112bc3278e4dfe0d42833c898a14138a12b3e44e4f38

SHA512
0124dec4b1b5c1c1855e0402f28df6897b7bbb3723450e5f069fe6af25c57e1c524a8a4d6487c7c9caf8f1f7135e88b27694b089fec8e9ad74beebf7d4a4d3d0

Download Submit
/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar

Filesize
4.3MB

MD5
d06b3db55374ad4f8bb717de1c0ad981

SHA1
7c5000ae6f95725ab4413ff3305757e49cab22b2

SHA256
066683035c3e4b0bc15c1dbc24c37f7d9f1dd1ec6c04c4008b2ce3b0fe4a2333

SHA512
4e049093fbbe16488462663e170d2c74e66d29028b8bf1faef7bf92db8f783110d5367491408645a193bc99c97d9b9781578938aaebc57df23f8a2abe09b76a8

Download Submit
/data/user/0/com.gamemakersrd.BubblePepePig.dbzq.m/files/kuaiyouxi/datas/res/1373/dex.jar

Filesize
4.3MB

MD5
0388c8b2258e3166f01337f7c8794e04

SHA1
3020cbf485811b0793db324b53f766cbade49fb4

SHA256
febf2c0ba8fbeb0f5e6187697532816a97e54a3dfd577ffe19b53b97627880af

SHA512
b837760382f74bb3ca4b68ddfe25ea65a5b76968105fa768a7b76bb999334342d8084e5c2eea0d5b5b84f6388f678a983ba19b20ee3cccd406b9bbe967119c11

Download Submit
/storage/emulated/0/.rwtest

Filesize
1B

MD5
13c8ffd977013703a701cf8e11deac65

SHA1
067d5096f219c64b53bb1c7d5e3754285b565a47

SHA256
e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6

SHA512
527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153

Download Submit