88fca6d62472a0bcee9e0ac227b668e3ba576135c02bfba705794100914388c5

Analysis

max time kernel
2461958s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

88fca6d62472a0bcee9e0ac227b668e3ba576135c02bfba705794100914388c5.apk
Size

4.5MB
MD5

4edd16414c27f3cbcbb239a826bf41f6
SHA1

9c3c450efb6097ef8b8ecd4b48d15fa4c97fb385
SHA256

88fca6d62472a0bcee9e0ac227b668e3ba576135c02bfba705794100914388c5
SHA512

a360ebf573ea138e4465c790fd80ccaba35be85c0ef94fffff73b68d3b502e69b5f722af4bc97996b1fe3b9f93ac4140a24448a84c7c3d5b0cea1d00d315581a
SSDEEP

98304:2qc4BB5uoOkqwYLKaQJdD8PFDT6nZoT7h9FZPrGyu7NVlwwJM:tPBy0qwQKa5KZefZP6yuJVeZ

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.dcloud.ETKEHDSK
/system/bin/qemu-props	com.dcloud.ETKEHDSK
/system/lib/libc_malloc_debug_qemu.so	com.dcloud.ETKEHDSK:pushcore
/sys/qemu_trace	com.dcloud.ETKEHDSK:pushcore
/system/bin/qemu-props	com.dcloud.ETKEHDSK:pushcore
/system/lib/libc_malloc_debug_qemu.so	com.dcloud.ETKEHDSK

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.dcloud.ETKEHDSK
/dev/socket/qemud	com.dcloud.ETKEHDSK:pushcore
/dev/qemu_pipe	com.dcloud.ETKEHDSK:pushcore
/dev/socket/qemud	com.dcloud.ETKEHDSK

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dcloud.ETKEHDSK
Framework API call	javax.crypto.Cipher.doFinal	com.dcloud.ETKEHDSK:pushcore

com.dcloud.ETKEHDSK
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263
- getprop ro.product.cpu.abi
  2⤵
  PID:4384

com.dcloud.ETKEHDSK:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4453
- /system/bin/sh -c getprop
  2⤵
  PID:4611
- getprop
  2⤵
  PID:4611

com.dcloud.ETKEHDSK:multiprocess
1⤵
PID:4514

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dcloud.ETKEHDSK/app_crashrecord/1004

Filesize
227B

MD5
9f947a6bdea53c2725bbf6da60127800

SHA1
af50fff97e92e417d522695717296232859e4f70

SHA256
87f977edfb4f7752d108601f791f01d3d043701b3397ae91c784c8855ada639e

SHA512
6b76ef3c5c948665aa6a7a90f753ca765474b6a828b02c4ae2b10920259c9041c7446abbfde30de561cfa3902af6a1f074615e45fd397dcfa131a44bee0ef629

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_crashrecord/1004

Filesize
32KB

MD5
4e8994d4beda752e9d28c1d44f678185

SHA1
c358a00bc95882ef1d86ae8eceb90cc81a69ebae

SHA256
b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611

SHA512
e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_crashrecord/1004

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_crashrecord/1004

Filesize
512B

MD5
76277b82f7c6cf1be04798bd19d1bed0

SHA1
5215513d105eda811cf961b5caf7ffa518a03155

SHA256
eff445394fe5c4e0346f3b1c27f3f8565a90b0e07fec71c851655c4a82217cac

SHA512
4ecf8c918abc9ea4906cbc203da43f4a3d2558bc30814008e02fedb21a4f5d725809257127762f6177d39ec462fd95f1ae85ea5b17c49a53b03252136994916e

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_crashrecord/1004

Filesize
512B

MD5
cdf2acafd5fd8fa885a0b0b0b3ad01a9

SHA1
737a38df4893c75dd97fb90cad749691df823a59

SHA256
7b7d429dc08cf242ec1495f277bfb8594ca111343c534ce2b03046cae2c2a021

SHA512
af1d8fb71b7752d98426e99ec3abc73da4b92aaf3b54875b56fae45a8778b8bd3e66f617d342d0dbedb1a6abe0f64779a7c7f8392a8e63b18a75650ba5b50b09

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
6a75469fff2bb5ff4ddfcc5a3bf6b0e3

SHA1
c55d0bc10299cc55f8ea580819ce4da9b69c7d38

SHA256
c9041e85d1fbbe17dbef1788c3254bae52edcc4ff42c593c0ee763a5cf0dbb3a

SHA512
2973d7190c5193bc7f94879b7b2091611286c823e48c8eb2166c5fe2bdf1d74c5438b1090a00eabd88f2434e60a13528bad8fd2d1a4a3aa5abd411797dc20c03

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
a3120e969d87e054fa211be344a3e880

SHA1
eeaa2da8f837f7e0d01dd5f363d05f7e3c6e64ff

SHA256
d023b371cccc1d741f43365c497aa000960b6d28cbdd443c98212cfdfbe06819

SHA512
86b2bc33f3a01c7d0d0a1e2328f8e77ac60a7dd45a797a24bfc565c4fd60890e181c71c3b6014f8d42393a20e6b1799ce035ca331100887aefb9031df72d5051

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
df4fedb3384ed20a161f0b98905dd49e

SHA1
bcd66935e178ca408bfe258a5237814158c6b34d

SHA256
7f281ce6ddb900169413ea271f37aff2fa5dff0811043abb9bcfc53707943009

SHA512
f7de5538dcd597aa06e5648e5c4138d643294fcc5e7f24a9ccd1f7b9e9623f913a30986afd0a72d8bbdb35ac74529d6cb128ab8ee40cff05c47d2445d4134899

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
56B

MD5
2b23a6c64cf66b97de3ef1b17279ce4c

SHA1
c4f5493b7719cde4c1e1d8802a8d8da6829cce2c

SHA256
eb42988327238d5808b63fc59cf665bc3e9b6ae80d51e772de93b69de289c531

SHA512
2d74646b13722c85e96a9fe348b4d951621992c88420b2bd6e1f7702938ea300b818dc4e3257437f682e231ff54ed5e14d0c879babdbd37fa4ff5b6f4b9014f8

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
9KB

MD5
1c03acd8004063184b493bc0bec1e9dd

SHA1
ac94e08ab945877623b1ed77d502fa52c20c388f

SHA256
87e338762351865e3b027c7f48d39dab161e20c36c1aeb71782a9a4b73fc2915

SHA512
63b4f4c989af5dcf6d170ef3b508b42a824b873ce2f75f161932f9e93902b0e614fb443d22926ae73559ce24d58b2acc6662ec38b0b18162c9ae966c99c206b0

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
9KB

MD5
e1ac9f0a87d8e2636a76b5c7dd767561

SHA1
c61fe99206a0bed9069eb48a12cc6c756efe9775

SHA256
243969ab6075d77c5fbbdc36cbf066dd46eef6584251950055cecbe106d5451d

SHA512
f4682228058db255b441c435941454eee6289b96bc3d86c5aa23ac919d9e2ed03a771cd6a2b8c16427bee6598685613e2e4154f50a4508f8b459abf09f29a076

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
394969392937153a1291f124fdf6d197

SHA1
3263821a911eaadea693c22a12aa78f768260fa6

SHA256
8092e3db16508b31f2991082d10c6e362ad5a32fe31b16fc1ba63ced7b8d3617

SHA512
2d86cb5262ecd49a29cb362bf86942b1b5c4d027dd6ec316ed7488d568db027d48cdcfc142c64140d8ed09795213c4fe11c55c7ccddeef996aca7e94bf1ca764

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
6055b3d5477b10dafd25a95d7b23e8f9

SHA1
f6760affc2275f99618b55cd5180f8ebc08771f0

SHA256
c84a6b3383c4a94d29381ceb6c21dae12b0d59d44e526aadfd6209c450571f92

SHA512
679b4af56de54d11dc336b32d5ee07245d3d684e06d45b83fa3431fefbf5243ee12bcdab7aa9631d6ed2d5e8b8426ac42c430e4ade15613ff537c90b42bbce99

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
56B

MD5
8d8885ff794a328c9b42813e284294db

SHA1
90d16d09557bb87340a77d45f5ae0c003c56651f

SHA256
a67d024eb59e0340fc453017afb45f638cb3c47fdc1a39f0abbc2e375e5703df

SHA512
8995b6dca9f69ec3934df15e574009bcec1acfba9196dffa3a36cf3617d9798030a4a8da8d2b065be75282898e53d5e4f17beae7548e3654478e9d135bb2a61f

Download Submit
/data/data/com.dcloud.ETKEHDSK/app_tbs/core_private/download_upload

Filesize
84B

MD5
0babe75c123102db8d27c5349db305c3

SHA1
28df5350b5ad7d0cba3deb324816681fb558bc65

SHA256
0b1460558fecc2f3a6469ee32017443bf87e2cb434b310821fd24b838023c43c

SHA512
aa638dfd4bf21d6ad0ca29fc464d0534ac9f6425c932d23de292a950f521291a0dfea0838601d675987657ced15bb0131dfcd40e16b730e2ddd7f0e3ff542f46

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/bugly_db_-journal

Filesize
512B

MD5
26c704b72026e53d2131a25bb9d671fd

SHA1
d41763f38000643180ac16ab928054308b5e0456

SHA256
d7bb70667dcb67fb8170a62b9f9c9ff6c27b2ef32a69e038de4f088341584162

SHA512
29a5b18bd18f77d901dfc4ec7c161d2383317ec2413444719a4c0293460cd60d63e6f00ee4ea399e4ad9680f01e7b4a1ee41c115eaba7a3f0e74610a739d3374

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/bugly_db_-wal

Filesize
16KB

MD5
9050470eb4749e2e6fde967f3500a5b3

SHA1
72f89a14bb82d515a84cb77958824187b8d773ef

SHA256
e93fbac16139ff5aa667b91244df2b0c24f5185fa4ccc8685e60083d32557360

SHA512
2d97941ca93356637fa4f67c018ee5ae5988352a5db2b928e186d48d46d63d39b749b2ec27d76b801f6c77d515a7f482d92747804c5ba37ad6100968216ce416

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/bugly_db_-wal

Filesize
104KB

MD5
d96fe5a0e6f2716c4536b5d7d20a6bde

SHA1
77e1f7b1f661063e56d94589d7134075b11d9007

SHA256
bcc57b21ef358bd51d159eff9917d37229af0f3f9b345a19d9370497466ebf53

SHA512
f58c7bc31f235c5f6ab598153607fc6358b64e948eaaf9c6200deeb2b3ae065aadeb4d0df252b259061bd82ecfd92e98e551ac7359108b6f2e083a599fd44f45

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/bugly_db_-wal

Filesize
116KB

MD5
2f880145c438e3b8c0ed2eb5c917e305

SHA1
2e7ee41faaf9e2e6457261b00f1a8db0f8ac560a

SHA256
e6423b5b57e4c376ce88634274e44ba29402bb6c25525fbd79607b5e8b67b3c1

SHA512
c2e6bbef98e7f212f4f8f63d144c83da3a489336e7495783cf4058e6971d29292158b09c967a7936c358a3d7c735657459ef51fd47f2252c2f92e7b4b7ae1010

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/ua.db-journal

Filesize
512B

MD5
04ef430c1317e82096ff5ccd232ef7c0

SHA1
ec0ca66c03e1d07959cdb1935f9a9a88cd19e216

SHA256
3c22a923a0996bbc565ae8ca66f6e521d1f95cba1ce44daadf002dfe34c30aa6

SHA512
eb07a9a151d9092d183f25e07562621974361ceb19e32e2449bd322c086309f1a7e810b7d9e8a44dbfab3f30eda216118177d442342fae7a69231beed8faaff3

Download Submit
/data/data/com.dcloud.ETKEHDSK/databases/ua.db-wal

Filesize
16KB

MD5
c2218da6772ae650c9ff02561c195c12

SHA1
c1ba2dcd8fca9ffbab894e43f45dfb593baabddc

SHA256
71d7914728d355c97fef44ab0f8c7651f82dc7eb098c96a20e4ea82fba14d2d0

SHA512
68063e61a4eeebb848a801185ebf417895e89c4512d1e468afeeb9746949c7ebb33dfcc67b59c25540dec0e0890bed4c98ccf5d8cd79ea2d247bf6879a959e21

Download Submit
/data/data/com.dcloud.ETKEHDSK/files/jpush_stat_history/active_user/nowrap/17289c47-2cda-479d-9c6f-e0dcb467c2e2

Filesize
159B

MD5
399776d34b3cf89c0c70ae9c879c3a74

SHA1
230e6cfd4379349ce00f4f20dafb9eb63ba2fdb5

SHA256
9b33b636c5273e4b8e5c019913ca864c806fc8da00a65f33a2ab9e9081b5a6ec

SHA512
8048b688cc5c5503bfd401821719e7cc6a380c9758a4e2ade6b89fd75d5763b489b5a8b5afed3c2d12bfcb1ff666a389c51efcf9e89d7238e2dc691d6948656d

Download Submit
/storage/emulated/0/Android/data/com.dcloud.ETKEHDSK/files/tbslog/tbslog.txt

Filesize
11KB

MD5
e46187b320ed994a134869c2665cf58f

SHA1
af6ca3f2430fac2687fd4c7567aa4f1df8c9e403

SHA256
b81dc6e1327c92ecfb3bd9a65498f487a7d8fdf0b3dcf40c1169418718e555d1

SHA512
54a8ab74020a8e676b9608521086f7173b5aab6f7465b6d359e29e6b362b8dbcbc1291b877bd80c89d0826287ad107711d82163851a6b38de9e6a1860740e8c7

Download Submit
/storage/emulated/0/Android/data/com.dcloud.ETKEHDSK/files/tbslog/tbslog.txt

Filesize
12KB

MD5
80a313d30048bdaeb94e42c821334ab0

SHA1
cc6486bc6f2e708e7f3e1465b3c69833356b32a8

SHA256
794e730698f515c9025ee5d7f4b9832f7f496489c91ef5ec61b8da00e743d090

SHA512
59623b0023efbd241536ebea9a6c3839fcf7a2d9239040d195e2ddd75e9ca0d383ab450bb25ab2fa74b24b3d1ad60f54b6028ada865dae163fe262e0a62867dd

Download Submit
/storage/emulated/0/Android/data/com.dcloud.ETKEHDSK/files/tbslog/tbslog.txt

Filesize
3KB

MD5
b9543370849c9cc5a4fc74cfa6cf1de7

SHA1
f8d7853885b18f7cd5b351156446e153745c11d8

SHA256
825bb15aeab72b2e7d8ee9b1f7dba86c5ea765c51e1a3a6a14caca58f7ea33be

SHA512
22b6ae11206a93a7fbca397b18fa785c39cfdd408d8b572fd93ea235422938ff070fd225590b35419e1e83fbcb21718174ccb94f4b25915ac79d10c7dcbdd3e9

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
dde7fc305bb4b295638421e488b66de4

SHA1
8b2784e1a0add0c664107f401057a670b99057f4

SHA256
368591cd56f3e2dca093209275642828949e73d01de9a8caa5c4496ada2cd583

SHA512
208ca970586de2b8a0fcdaf72b87db9ad13afe939750468e0013caccb1ea2007402d0f5db28a1bb334acca136029694d591eee128faef161172a7d01a6b01599

Download Submit