8a9a91610bb6134baf8bfd6b8b05c18ecca4128f51e19d26e956f9e9b356c4cd

Analysis

max time kernel
2370610s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a9a91610bb6134baf8bfd6b8b05c18ecca4128f51e19d26e956f9e9b356c4cd.apk
Size

6.0MB
MD5

f98a258bb4126046748c499933dbbf21
SHA1

172e8b6cbc3bd2dd97c81c71536e52bd0132c668
SHA256

8a9a91610bb6134baf8bfd6b8b05c18ecca4128f51e19d26e956f9e9b356c4cd
SHA512

ee3723067ddeb300d058f2900ab3c432d091ad6518d0c2737d15dda995ea762f47b5fda9354f86bc6fa9baa8f7f77ca542f3b4832166a14cebfaf428475a021b
SSDEEP

196608:v08ndkr6zVubCk10It7sV8cT3ufXoMtMmDtuciy:88dBcWk15s+cSw8MmDtuciy

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.qianlima.yfb/mix.dex	4604	com.qianlima.yfb
/data/data/com.qianlima.yfb/mix.dex	4604	com.qianlima.yfb

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qianlima.yfb

com.qianlima.yfb
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qianlima.yfb/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.qianlima.yfb/databases/bugly_db_legu

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.qianlima.yfb/databases/bugly_db_legu-journal

Filesize
512B

MD5
e187f0d0123ad2fcecc8ae6faddf039f

SHA1
a6e3d446ee3c6e6908a3f29f48f47496dd06ffce

SHA256
dceb4f66536c158b40ac6cb553bd448e6ec3db97b8f81bc220186a78d91279f9

SHA512
1a77260b7ab4172b8934b41505ec950a4f5da70290db8fc4ddfdc6909129a6b2c6f140e1139208d17e6675d9e8858944e43bfb3292d14c95cd0d81efb73593e3

Download Submit
/data/user/0/com.qianlima.yfb/databases/bugly_db_legu-journal

Filesize
8KB

MD5
a8228db529a62789d42ef81ef7a3bd02

SHA1
4514d214cd74b2a8ff7fe934685b7252b30e9b87

SHA256
b82290203f17641463c3d8ec0bce7cb816fa92237a5ffddda8967f608001c799

SHA512
d3a69eb49bfa176b1261522c15c8a467e41bcff39caac9108985538ef9512ca528e4e27870ea8b587976448c46f061ed6ec1fc7adabe9eb8f84806614cfa821c

Download Submit
/data/user/0/com.qianlima.yfb/databases/bugly_db_legu-journal

Filesize
8KB

MD5
64819fa7fa5e1ff854e575c09925e481

SHA1
8dec17c41f92afb2e7205f26f4b78d90cdb7ec1b

SHA256
b6266dcad581b942df4bc2fbed4c3f7b50b7457bf02ef8a4ea6274571c454b30

SHA512
29de8e1db9071dd3f9a09d6a6b14e2730215be936721b37dcca9d838e02c49537368fcf46f7e8c76407b522b72f6ab9d115577920b7dee92edb902f42c66c144

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads