85f9e2b0ef6972b552ff110b6a242c5d90fe1914b0dfaa1bda812d06b0c3a8bd

Analysis

max time kernel
2465932s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85f9e2b0ef6972b552ff110b6a242c5d90fe1914b0dfaa1bda812d06b0c3a8bd.apk
Size

9.4MB
MD5

ce4d82fdc8974e685f40e04daa72087a
SHA1

44c82cbc50012bb9f71c45288ea3b57b38f7b3fb
SHA256

85f9e2b0ef6972b552ff110b6a242c5d90fe1914b0dfaa1bda812d06b0c3a8bd
SHA512

c8868a5dfdbc4e66af8029e8c90999ab7cf654863a2f5d334a1390e839ea312e760f68aba6d754e653d0e5fc38fdf6251f5303b105dee479672b8f9a2c0dc37f
SSDEEP

196608:Xf3O9GEji8/2+4q2XURsLf2/sVU2bUKUdHXuGaN3j8MD1NFE7wA:XmQU2zERsi/P2blU1cNDNFE7l

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.uzero.baimiao/mix.dex	4255	com.uzero.baimiao
/data/data/com.uzero.baimiao/mix.dex	4336	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.uzero.baimiao/mix.dex --output-vdex-fd=52 --oat-fd=54 --oat-location=/data/data/com.uzero.baimiao/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.uzero.baimiao/mix.dex	4255	com.uzero.baimiao

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.uzero.baimiao

com.uzero.baimiao
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4285
- sh -c getprop ro.yunos.version
  2⤵
  PID:4300
- getprop ro.yunos.version
  2⤵
  PID:4300
- getprop ro.board.platform
  2⤵
  PID:4285
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.uzero.baimiao/mix.dex --output-vdex-fd=52 --oat-fd=54 --oat-location=/data/data/com.uzero.baimiao/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.uzero.baimiao/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-journal

Filesize
512B

MD5
6bc3b5d37a55a061e1e2a396f176022a

SHA1
401446f4a598479dc66d135a5711fd99fcd74c5b

SHA256
443fc61d7865b36033d034a4a738ec111c40d9d65997a9c237e57356a2e7220f

SHA512
f48baa26b448a7d216914f560b0cc501db8396c4fa5b00bb018c1c962c7a75f257a509711745092c019bde158afe2b139f8cbd9375156ad0cbcaa2c6a6b61ccf

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-wal

Filesize
92KB

MD5
fb279d488604bb93142019f1a76e0429

SHA1
3c75627b361946d251a788f67d7549da2504d51c

SHA256
e4912e475ce151f11ce97ecea7e716c0326d9d59fff76a4992b8e3ef345206dd

SHA512
119af591162bad212b263796ebdd80145103d5a1994af9f3c19ac8348c5d793fd19dc86d7d0108b837a5517d6e57731e1dac4f5cb98c4c34b118da91fb3d8c9d

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-journal

Filesize
512B

MD5
9123a3c441c232f151ff5c85f5e5a2ca

SHA1
bbb5e2eb9e2ae8da1e8b13aa5efae26d57568a93

SHA256
8fb64be3249b15112d17e1778a22cf8e57a37c64b0c7c03464b24659b360ce14

SHA512
b0c5fccd5da4a03300a58614180d7e308ea1a6b75df6ca1f7b8f7e718ccb397eb18b20385b97c27fd56823c0ea6c233e356af450e6b1b2ffce9f88c9de986ace

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-wal

Filesize
16KB

MD5
13a105194d83cdfb5dd916f14d561a97

SHA1
2d4c5ae05962470e8f1aed565bee486edc4ee7d7

SHA256
44d962dad19d26740b43d2b4dbacfbf76a1302772c61c56326d41b7071549ffb

SHA512
3985b778b7792451f8c5f8553cedb29acfbd09bd3e3fd85c8908d9dd8c08a6f500c3d49ca809bd4a94f9c90cf1d1904373312f91ee0e4706292a4d49d2bcc2ab

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-wal

Filesize
16KB

MD5
78300e3c0c02670962a418c86c602d8f

SHA1
bb2fa260fdf25ec859fc3c36a0e43d6bf921e6c8

SHA256
bf8a45d2c36ad4b58294835de10485f3a96df59c34ff0c813e0c5446de7a6979

SHA512
f391228e80776a5f16500be6ac08d484396c1b1d0c7ff2888774951bf5555d4b5b7fbebdb0fe8596bab23f1b836642513043aad4dc32c99bc5c5b58ce96a0f12

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db

Filesize
32KB

MD5
e4fa07fe1475da89af989548bdfe4fe9

SHA1
c79b89bdab811521972cd657c86b7b30ebb7ce74

SHA256
1fcb70fe3c6c1590dd496f775551a33bae50edc149c7ff933e9d129d8d790710

SHA512
a780565b355e2611dd55b1d8015c7e7d02a4d4ffad686476728eb8a616b6caf787239da754d626b70d95ddc3c81df502e672bf4d548c4d436d6ff2a82398c31e

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-journal

Filesize
512B

MD5
c24ef037d25dc0d4d318f920a9718b52

SHA1
d74e8c2fce047e9a61b6e9a768d588778ed53b33

SHA256
13a812a739906f256100b3b13482c471d06ed72c29158b6516684d528505d13a

SHA512
c899c1235a6ce9a85fae3b945ae557f3dbb266d43ae3458db012c34fb7329ef1a4d09efcd1b73a8bc83aae932acce9d67aca223a7eec890882df5921f29928da

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-wal

Filesize
56KB

MD5
eb950dbeb10ef4198ad700b9100fee2e

SHA1
52a5dc705d8b278423eb4eb02be666c82fd46f3f

SHA256
d3663487a34f2c666da7867a93fac25bb72eed5df61d832f6a455eb665c561d0

SHA512
765153ef7cd03bc09927ba340a6cbe5886cf5945abfbeccad85a8489b444d94b8273a07c877839e1b6fa686edb60a405b96542d41aba0bedf874cd34ab215c78

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-wal

Filesize
3KB

MD5
68c45f62c53cdbfe2ab30140376dc262

SHA1
4beecdcff669b3b3f7d303fd50d97476e5515f83

SHA256
621eca020423fa4d8159c730f1c29ba0f8943c2de870e164aad4117559d8dd8f

SHA512
a1f51eba85c98824ad20c0687bae5af45b0349634f7e3ccc7868c1576bbdf7ccf70d9adeaa9eca6b3bb645cae18e07cd713853fcb5e0416f48da381f90f8ad62

Download Submit
/data/data/com.uzero.baimiao/files/.imprint

Filesize
995B

MD5
8162df3a3dbd075be9cbc689de6537e8

SHA1
eb1402ba0c8db0533857fa033fab1b5c7bd72ef0

SHA256
48fee2ccc2c79fa9a7b6c88b2ecc4b0f8f30625ca03bad03470541fe81aa5cb7

SHA512
0eb5f31474452096f13c36905b1d0ddb7cc29e774e5daaf2b99da8418a9a036a6c3a5da3f766223824eab76beb865548e713a3b52b8044c66947e3bd7da8bb0e

Download Submit
/data/data/com.uzero.baimiao/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0f93ef26b3bb338f305bf7539c7db853

SHA1
c078bc44e96bf14718f49022968d6c3b716afbae

SHA256
27e6636bde9d4b9ba0166720ecb7bf1ad5e8253e641183bfff962b310a828a32

SHA512
444fdf6e3ba426684c802425c295dd0ae34fcc7f290069fb508d1299256e5cbaf34cb87fcc96704303e9bc7fcf7e852b670031f5e3c181c96f5a770a51b6cf85

Download Submit
/data/data/com.uzero.baimiao/files/exid.dat

Filesize
55B

MD5
2b51bc48e596108536518efb8663e19d

SHA1
5619fb7b9e0f267a159ccf0e38dc5ea41a9e968f

SHA256
ba522b9a0a8727b51a47b4e040a8e9a2ab2336a9709a8761ad0f33b5d2bad8db

SHA512
d2b33ad2a3ac6beb0f803aa784be5053d2a14da74c3154122f61fb55b287759cc17b1cc20af5b8a2622f46c03f9d2a82e3e292a82c3566304c59aed397a1ffdf

Download Submit
/data/data/com.uzero.baimiao/files/umeng_it.cache

Filesize
415B

MD5
5bf4ba8ed711e15e43f116d0ec7bb4f2

SHA1
1bff4f43d592dd59ad60c368d51590b91124eee6

SHA256
c82f4cc0ce9ffe60556089dd3136870876a62b160df53a9b711d63a13b0226c0

SHA512
887fdc85e8f49730d653b30994edcfb476ce603d57c0b673e6ee944a6102682de4d16ff678488d910392033c1ab4ab2179fe5c8da04b428b5a549f1ec6c5ee2f

Download Submit
/data/data/com.uzero.baimiao/files/umeng_it.cache

Filesize
211B

MD5
f1a2f64714057b3ff45ff07d4d976013

SHA1
e2f014ee51bd6fc830bd7f9fac8e3d35214b4d91

SHA256
ef727fb5682e6623f6e67534ccd24bfe72fa7730389d62d2052869f0dcba400a

SHA512
a2250f827afb233d2c3e431ade9e49564f2134ff3d23fb16ac6472d76f397411c49984f336ab8215cc3176bfa7dc44fb0d09e82c607eb2d8bf139fe54e3d88ee

Download Submit
/data/data/com.uzero.baimiao/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads