87a3845edcf58b9daacb49a9b8d7a966ad6d1ccceff6d82b6b1e8db1486a9921

Analysis

max time kernel
2455193s
max time network
149s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87a3845edcf58b9daacb49a9b8d7a966ad6d1ccceff6d82b6b1e8db1486a9921.apk
Size

20.6MB
MD5

8b8c849a57c6f13fb4e714f0cc70f445
SHA1

9e3f144d520d59c63aec1df4206fb923afbb096c
SHA256

87a3845edcf58b9daacb49a9b8d7a966ad6d1ccceff6d82b6b1e8db1486a9921
SHA512

cdcf2e4047a5141654b4f4f5f4cef07c1af02febf334d6481469c84a5024fbcb5a3bf579348427981ba5de4e3dc948eabcecf4f8ae5c76f14702f21425f96dc6
SSDEEP

393216:GO73JysJA35z7A79L+Va51mbgafiubczZDbTT9i/zVN2I+TXeZWKpPbNiRSKcsSj:GSzJA35z7c5xvmbBffc9Dpi/zVN2IkOb

Score

8^/10

banker stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	cihb.hhsey

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4505	cihb.hhsey

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xc6405000-0xc6692be8	4505	cihb.hhsey
Anonymous-DexFile@0xc5ebe000-0xc5fdd044	4505	cihb.hhsey

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cihb.hhsey

Reads information about phone network operator.

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cihb.hhsey

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

cihb.hhsey
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Requests cell location
PID:4505
- su
  2⤵
  PID:4546

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cihb.hhsey/databases/SettingsDB

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB

Filesize
96KB

MD5
004a14ae933a1170650e56dcd0979ceb

SHA1
3cd213d5c89c6eb7accc3c9145d0d39a998b2034

SHA256
c7f6040d490a22d62a85401bbecce672da6c40252a32f3c3fa35f8ad2fd73433

SHA512
50cb4ff2adda06f6eea0a876f17fdd248b3a47e19e48450f17830af197e75e9cdaf7911a3208415997117b9099503529d317e07f60779ce13af62c9563cf7de6

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB

Filesize
52KB

MD5
b6815b344f6926d458cea05acd052cdd

SHA1
88f524aff1d4c5fee979a203dd952427871a7097

SHA256
028666f28ae0086b18fb740f792e8a80ad05547f0c7cb9d2dc8080e5125db366

SHA512
0431375f80e9c467d0abb042e43681a973bce455fe8354f5a138f19a3b28d3adc7eac3fe4c20bf44f085810749569b87a393185cd8f8bf2687f0923b8de4dade

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB

Filesize
96KB

MD5
c57c9622195c810c07e6824e27d507d5

SHA1
1ef66e208b70da73dfbd8090e6065d2ce79f1982

SHA256
cf34bad56a0051294c8a50229181f23fe2c1d17aae63de532086faf7af85a8c6

SHA512
7a1b204b9487bf2888bcab7198ad8315e0442c839822c20c46c9faf29edfeaafc536dc9ddf62ad1d66428cdc021d93b8775877824b7d3a880dd6f81dcea003bf

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB

Filesize
96KB

MD5
7df23d9c4be4fc48217525d0b8061a65

SHA1
6d4da706f1e0a8284801175f7fd2699a9e4ae7c5

SHA256
5ce9d281ddbc87e960e61c545f3334523e52ed9a7da0dca0aab5e15f23423c6e

SHA512
46241ce48125c719e7b390da4f44267e6bd282c42a30ba09b98aed486a681bf9a74b2d117e8b668dc30130cc043d98b2e69510573219f65f41e1ea44521c7b33

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB

Filesize
96KB

MD5
5cb6cb69635de01bbbb25323293eaa18

SHA1
37053c732da00925994e1dd6dde038328a8a3014

SHA256
0d0c7ce7b884587358b6c5234224b623bd79f67ff9d4d49135f96463c472f3a3

SHA512
8786f048a9a9e06858c05e6c110b929a432578371773ca603bc6812a6d029bed93c0534d75bcd9ecb8757cde3420e36b453ab1106be45a8ee76a49db11279a8f

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-journal

Filesize
512B

MD5
8dace6a0730d2cade72a3eb57edd129c

SHA1
caae7c82a97f42010684d41fde3dbb81e3508c87

SHA256
e68e444c12f8261edf952d17af89cc97e7cdb9f87c3deb3c12a1351735ddf554

SHA512
41140f5b088368fa47c5fbb59c843462804f2e7123da61cdd8d3789db7d0a020ea0eb47a31908992b679d04a43431b259708662adfbfbdebcd9f136911256501

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
104KB

MD5
07161acaea4416e2d0d1dfa507f672b9

SHA1
1c0f6b63ab39510e69a99c667d5fbf2b287e6499

SHA256
f07364c7b9b0a0921fe9a549f3978223e87211f4865b0deabb62a5bea057d53c

SHA512
30721e0b8867cdc11e46a3ccffff2f61ef9110b9d7923b8224a4f1441d5e5f4c0699f774f758c2c8ddd0238f78bfb17fc928cd59418a85f9e85a5aab0bc4a0da

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
8KB

MD5
f96be39a7aa886a65064b8de4ee20c52

SHA1
8f07ee9e007eac41bff088ce7b200d8c60883c43

SHA256
ce94478ad26a79d2d957f546b268b5ae179e198f316f813d61101caad55ebb5d

SHA512
8d4ca42b5a09e1fc9ec160fa08561557894846b9e97fde824f2302f4014abd65ca0426df05368cdb538743c8774c28c70d6fc7fa8cc63b2974fc4978c0ae7132

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
4KB

MD5
9da936418d0b3dde0e0a902119053a2e

SHA1
c99f423f90876df13f69a8d38d21515b641600ac

SHA256
b3e83ec8d2e40265d4d15532f7dd0eb21a7d7f9bd9c97d5f979b444434a97a1e

SHA512
a691d35cdc118e948410ecd17a266eb3df9958baebca3e2c04a64badd343edc672e6b16f4ea9e9e5fa70c3563e9c22ec78b3232df840a14c0efeb185ab658469

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
8KB

MD5
a646cc4c5e0deb1ddfa26fc7aed9a062

SHA1
d13f23cad923ba96d128024cbadae1c43962c613

SHA256
33096c82c12c55fba34b316f44ddb9d0aafc945c2358fef8416e2abb66412853

SHA512
b77179e2e6c480518383368ccfa3615dec556bc2825405c8b2a6da2cd903808f236104a1caa26823dfa03cda2d6c466dc0e5e38481a0402e69a282c972afd422

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
8KB

MD5
d2659ec3f0aa0d36602fae4c5048fe66

SHA1
0104e42f4dba2cbe759f81c06fea01ca341278ea

SHA256
2ffe2a71f8a7cfb0dd28fef9bb39fb7bd1938af81c71b57a92f94c3b62649af2

SHA512
0df7e1171032b5b1d39547b1f3d46312bf8a4f2bbe0e5a3164640c67be5d46aede8e46d62b8aebc8d5546935d8e7ea1ddf10ea9b5dcfb73140802dcc77cdcac1

Download Submit
/data/data/cihb.hhsey/databases/SettingsDB-wal

Filesize
8KB

MD5
da008c75e613400513d315fcbcbfa171

SHA1
a0abb354343c1c02eadbd3180a401d0ad57f7141

SHA256
938e252a990959e8a26ee96b0e785e67b4d525c34598255c6d6b62ae169f1bc2

SHA512
f6df2733794bea164231d19d358a3ec42d7ce305c281799b0931e4257adbb9971d64312fb026ee4dea6b9bd5f2c987a90a06efb8d26c1d3bd85637fcfdfbd20c

Download Submit
/storage/emulated/0/.am/dm/md/main.md

Filesize
85KB

MD5
f1eb9832d3d6db67136e164efc273846

SHA1
4c5da5944698439d0bd28b8a494149a76bec11e5

SHA256
ad1f8636b9e2af11662839eef1b42887c6d80531518ba9ce53cb69df1ed5197d

SHA512
06226a1101b057abaaf0c4441ca9cae2461acf33cd6fec701912555b0f158dbfafc86559ff15203805c0b7234502a51849ccd971e2f9ba3c402146d22ceb8aa9

Download Submit
/storage/emulated/0/.am/dm/md/main_tools.md

Filesize
1.1MB

MD5
1fe00742fa33e342b615aed5f9aca8e8

SHA1
ff0fa37046a3550ed7c29c1434224eae620d7bbd

SHA256
a4eeb9a0d5b4244debe042bb9208748c36855659ce53b89092e6f1d7a86ed137

SHA512
dacb5feb55dac2fbb1cab6d1bcae6205e04fc70123f2dd3adda1ecc75fd29a5967bf2a982cd255ddcded4d6ca890b1a5e70f3c1d91432cba3b7e0acc65c12467

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
61B

MD5
72a34d133480791b1e2b5ca1e57c026f

SHA1
4c077091dc99b7f7b5b62febab4153e01790b618

SHA256
1066cbd9cdab84dabd7506dfe3a299d999369575fee31692a613df2d22290dc6

SHA512
5e38a1ed313635bb4f6f9166dda6e6db98e010633c92fef8f8df1cc33ccbaa2a842690c716001c6713821b3c3dcf1533d55299e1eae92196f720d6bd9f6e4828

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
69B

MD5
07aa29a7778a990e8c23ba8710c0b1d4

SHA1
36c8d1833b96a411d750013e03902d440d1a1bc4

SHA256
0ae68ad97027aa697f280ed1f31ecd7b82b42b95b5343e9deeb32ce78ad0421e

SHA512
e79dd1777dd2b723e93f595e74aa351a47668c1a1a4d059de14a3802de0d6957a82b39b2dcd31bc680c7e91c783bfcfbb7f2dfe505d758c7b6f4f777fae80d05

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
146B

MD5
5d9afce2f4a1fc362aac06158d7baacb

SHA1
9266f9302e8abcf26848768920ec7ba00022dc8f

SHA256
1305ffe9ebb0caeb5cc8b74b7f0ea05d196c634d6b6a0798ef29a8e656e89254

SHA512
9a4e6f8c52286ac1b1e086b5a9b9c9628d6c5b64deef4b341ae5ed47c8b63999069e776cc1e1005488b324758b0dd55b2f62208530e7f760981ee7eac79d5082

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
124B

MD5
2367eb4bfd284f53f2aefb44f46bc5c6

SHA1
18d997efaa546157cfd64993d275e9a6212aaaf0

SHA256
d0a6206cd6fb4a597814e77c0eb2fdffdf1879aff825f164951cdf64abfc4551

SHA512
660ec301261126f3d261019324a70126a29ae127e0cef43de704f6095a89bcf4014575e51c6891752fdaa3b0e9400792ebdaa50dd75d7d8afbd8fecd09147a7f

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
170B

MD5
e1420171bfa7ff0dae331ed92952aac6

SHA1
83442c8e80ad2139aea09f4e76d7827359e7bf9e

SHA256
d056410332ffa602881ca92edf188ea768f051ac544021c344b98e1267fde504

SHA512
b8c44b339d3cf5a01a6cd0b94c1e52e0472e7ad65787a172c8dc639ad59c1b831985482736af2f437005700a686af7f011f9b8d4de3765512225ed0a36ff60a9

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
149B

MD5
4cbc2cd72af5b0f3977b149c2aa444c7

SHA1
1daa414efffb1cb33d23437fabe6ac96e3073842

SHA256
adbc216b54dadacb3f218b56829035baf9623fd31d1db1f9d29497513b0fd361

SHA512
d23f9762d2289370cde44fc9136b0aaac5ea9be2087273e77c0d3b6ad9158049a829abab2753b6e38798f7ae61b6bdfc609cbd937f3d0c425a0e7a7390287f26

Download Submit
/storage/emulated/0/.am/log.txt

Filesize
130B

MD5
691250e63ab2e23a5dab9ac1f4968eb9

SHA1
c99ca6368adcf877f3934dcaa33f3d9d496b0382

SHA256
db612ed55c29eb4d9a8cdb1aeda792a0af12a2dc603afb3df076cf1c1cfecc33

SHA512
3dd246e65a260de6ce2b01e8030678be64af7e70c0d3a417c43e23d14326871d36964ba2ebb2fee263fe10ed85812788ba0615e6cf179f4767563552fddafe56

Download Submit
/storage/emulated/0/.am/log_.txt

Filesize
24KB

MD5
d725764444dd24150f47223b16f8620f

SHA1
3d880e16de9082b16361edb1eb841236f70d04fd

SHA256
b86a388295b806860aece2000c63a35956edb0ee7b500c90b69266da69625385

SHA512
9d4c13c06b4e79c0cf1bf50d8c95345a1384b828b53e19c3ec46c5d841d0708d3e97398964c936db6a8d36533c6c558f49f370191a39ec6d5b5a1018b7e97998

Download Submit
/storage/emulated/0/.am/log_.txt.zip

Filesize
6KB

MD5
8c893a2b64ae8876547dc755df56246f

SHA1
fba69a22c0c7af6b5b8738ec83eb9877b903458a

SHA256
f7d664ac83b11fe122a6762d20dfb96abcf237db05d340ddf75efe233b49274f

SHA512
ce0b452e43f56241bd543ac1c5a6ec0eff3e2017ea987875e6d36cfef2e38082cf2bc3df9ed51849c55b2fa2d1e16e0f1ab317ced38d820a4de2812ae7738ab5

Download Submit
/storage/emulated/0/.am/log_1703262105972.txt.zip

Filesize
217B

MD5
80a12b10e792faca8cd6dd7234309c6b

SHA1
6b4d0b36d921f6439f756f3af53965a3e6c60fd0

SHA256
6e585949f38b23bcb7d0729471f9097f00303f43ad920d0c85329097d03357fa

SHA512
1f1ecd1a15b4fb88b7a6a09e50e717957fdbf15247bd895975e55ee5cacfc126feb7db9fe1e4e8d77216fe55dcab4cf126e0606912fb28abd3b0825ae81b906a

Download Submit
/storage/emulated/0/.am/prog_class.name

Filesize
63B

MD5
8b226bda6f459013c5d7b62baa015f83

SHA1
bc52bbf63e0dd212423e617378473a3bcd2de93a

SHA256
5ef6bf9d4875fdf2d32e5c20a42701eaf1b94cb0219af1860b22f015d797a797

SHA512
48ac4a4ab40eaad427c8fd06fbad359b98f832285bbf60bb9af64f4e5589fc79d00e2ae0acdbe420025682fc91287cbbf1e5fbeda7b8a88d19b0934a8420522c

Download Submit
/storage/emulated/0/Android/data/cihb.hhsey/files/Download/mch.apk

Filesize
64KB

MD5
13684d2547f64dabfe299d1c6553a05f

SHA1
b000477d2cb51e917f2ebce3a8c53745ba7e0fd0

SHA256
3cf935d3101700253aa86e9d233201e587cfdd71b44491414b9d0f8f351febc0

SHA512
e75a7c2d43b9223cbb58cf21640ed86a1df77fbeab56d9f7904748898feac40aa6a372dfdfd44c93ea8480dad2f9889684bf37b85549d4bf8e2a2c7c79172217

Download Submit
Anonymous-DexFile@0xc5ebe000-0xc5fdd044

Filesize
1.1MB

MD5
ad5ae33d62fa2ad03600f3f967c3c700

SHA1
a870d474111f7b75ce8296bd0e9b99b88e5043d5

SHA256
9da1b581c166901960789c59e4256666e3b57ebe7d813ac4cdf4ab43fd9d7d2a

SHA512
7ca1f0afccd88cbe2c46c1900b6014e08837ca57cce9ad0d42760a04c5766a22ba7c571ac7f3e046b26c2809af0b272c3d545480f7550179d6074c83f139a554

Download Submit
Anonymous-DexFile@0xc6405000-0xc6692be8

Filesize
2.6MB

MD5
6990f29525c40fdd3d7b8291796a4785

SHA1
a9037e7471e1f7d7438cb2a17e32251f5f8714d3

SHA256
ac6756f1801986a57d28c24a6ddc41e4a3afcbfe87c63b28575420ea47c65e00

SHA512
28b0b89ba000d83efe204311256e634e15d48de61e367f24f61ff4df782cf1d791e483e62cc77616b55f142c65d87c3135a09b128fc5ffdf4f62e12495765e0f

Download Submit