85fcdbd5be9eaf7e038e5a0b122380d61321611580840bda9159e54cc29938a8

Analysis

max time kernel
2443519s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 05:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

85fcdbd5be9eaf7e038e5a0b122380d61321611580840bda9159e54cc29938a8.apk
Size

15.4MB
MD5

e322bf8e6cb59bfbd2e128dc7d8091f2
SHA1

b28f348a4f11fc65870dcb9b8a5e1439ac22649a
SHA256

85fcdbd5be9eaf7e038e5a0b122380d61321611580840bda9159e54cc29938a8
SHA512

a59785f3f61053c7f4fa5b13cb41d29374c7727361f6f72136d1ed0849c878b567f115fe8094a7cfcd511d0bb62354b5263fd609ba755259bd15b2ae1f67aee4
SSDEEP

393216:vyiWn8C70S3iV76vJTOUDm5COMs+gpi+O+dXtOo4xqXRP1UE5:pK8CY6vdO7COMs+gw+O+XtkxqXjF

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.balatoo.client/mix.dex	4250	com.balatoo.client
/data/data/com.balatoo.client/mix.dex	4321	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.balatoo.client/mix.dex --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/data/com.balatoo.client/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.balatoo.client/mix.dex	4250	com.balatoo.client

com.balatoo.client
1⤵
- Loads dropped Dex/Jar
PID:4250
- sh -c getprop ro.yunos.version
  2⤵
  PID:4295
- getprop ro.yunos.version
  2⤵
  PID:4295
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.balatoo.client/mix.dex --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/data/com.balatoo.client/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4321
- logcat -d -v threadtime
  2⤵
  PID:4388
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4414
- getprop ro.miui.ui.version.name
  2⤵
  PID:4414
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4438
- getprop ro.build.version.emui
  2⤵
  PID:4438
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4462
- getprop ro.lenovo.series
  2⤵
  PID:4462
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4487
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4487
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4512
- getprop ro.meizu.product.model
  2⤵
  PID:4512
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4539
- getprop ro.build.version.opporom
  2⤵
  PID:4539
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:4563
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:4563
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:4588
- getprop ro.aa.romver
  2⤵
  PID:4588
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:4612
- getprop ro.lewa.version
  2⤵
  PID:4612
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:4637
- getprop ro.gn.gnromvernumber
  2⤵
  PID:4637
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4662
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4662
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:4686
- getprop ro.build.fingerprint
  2⤵
  PID:4686
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:4716
- getprop ro.build.rom.id
  2⤵
  PID:4716
- /system/bin/sh -c type su
  2⤵
  PID:4741

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.balatoo.client/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.balatoo.client/databases/bugly_db_legu-journal

Filesize
512B

MD5
7e7c7bc630763057758a68b6cc9f0e52

SHA1
a3062f50466e999ebd55491fd78489a1666abc5b

SHA256
46226a1a95e2fb8494357321a17b9bb0780588bd5f7aea6f4a4722ec57b0bb2c

SHA512
241b7a10fd427abec0f7fe40af1ffb03ce62f67f9ae62f7731726ed83603fc114a3bae07b1783c50edd5dcbd2175c5fbdad6d8883034e73aeb9e35250e9d86db

Download Submit
/data/data/com.balatoo.client/databases/bugly_db_legu-wal

Filesize
16KB

MD5
e3d96908f468fff30c7c0d27dd129c67

SHA1
6ce709a361dfee85314efbed877149a805a3753a

SHA256
9b4f92a963d7c0167028c3e52e0e381d7e6a88af25627715fdc30996b3894bc1

SHA512
d51e265eac4235bca321d77948bd4c67b84a7c4a8b20dbf229a64f0d68fefef0282a6a1492e9ca99c2343b831124b14acbf697cb1177204a2d2b4ccf16e712ef

Download Submit
/data/data/com.balatoo.client/files/realm-object-server/io.realm.object-server-utility/metadata/sync_metadata.realm

Filesize
4KB

MD5
6254469ee7c013378b88a5ebe948de0a

SHA1
1908ce3b378e475d880ef201036165e226962265

SHA256
46cdb298382695da9fca0276bdc8e65d38ef414ad1853f6f57899711e38f7295

SHA512
de120c30ca13f3ad069f37a3d83f50fa82d3e68d7eb6912879e06e28ccd08835830d157462ca602ca8d82f616152ac137dcaddc10924a2679d1f4d2ba0e71ffe

Download Submit
/data/data/com.balatoo.client/files/realm-object-server/io.realm.object-server-utility/metadata/sync_metadata.realm.lock

Filesize
1KB

MD5
f22d17ec898e5ea052a09517ea0e3190

SHA1
5ed49b734f5fd0a986ad35f5e015384c1852d229

SHA256
d0be9e4963d7b27d1e138c17b2c1726169bfd5d450dc9c06df167a9c8b535ade

SHA512
2447ee6592950b91eeca9be2445fe6115d99a162afbf69073c213b63aee9ee65086b907f8e59fa8a7db22f4b3902e10516824381260d39febf364599f6aa1cdd

Download Submit
/data/data/com.balatoo.client/lib-main/dso_deps

Filesize
288B

MD5
a10175e13ae17c55c81771677a05200b

SHA1
22198eafb86293c1923b9bf616cd5a18e479d3b6

SHA256
b2037f5426b44308b5d7ffe935689b2b1326fb8c2ea7f1c1b76e17aeaa6c3c03

SHA512
5cd93bf53531779a8eab718590bc775ec923f0e12839c3ec1c1df5b8da3980fccf1ea5c7d713000e64ccfdabd767ff15ce02da86e9a52548b27c440c23472d9f

Download Submit
/data/data/com.balatoo.client/lib-main/dso_manifest

Filesize
107B

MD5
0faaa23b4b977673f5a91382d1943da4

SHA1
03973df0ac6806cce25f8e5533dde0bd9d5ec0a3

SHA256
b489997abc76591455e6982648a366cb20a2f1961440d5dc9db09424bc42380d

SHA512
be301ec4c06f9708c2705745ced17864e6d5e539bc6d7156187019e674bb60c077293f65728ad775b5305cf0daf8a9c0be790a763505a9406956798c0bbf0fde

Download Submit
/data/data/com.balatoo.client/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.balatoo.client/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.balatoo.client/lib-main/libshella-2.9.1.2.so

Filesize
100KB

MD5
087700c3f0c53c2283fc04aa93a19e38

SHA1
9eb91a9d681f0b8acc355b9a2a65ceecd0cacda9

SHA256
0d286a328d7bfeb8263852ed591958b3824393c07b445e2a9016e557969511fe

SHA512
b5b4a7aaa50232a5addfa8f9ccd00b297eda106b50f251f38b0b504e8e4552104f1ae79b3333a072db2efd41b21d1dbc85b0cadc29dc7a4dc1668d4472efd599

Download Submit
/data/data/com.balatoo.client/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads