8a186f05007a6405f668798ab9bb6ad2271d40447ed2887e54dba0195d6e5e5c

Analysis

max time kernel
2367128s
max time network
171s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20/12/2023, 06:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a186f05007a6405f668798ab9bb6ad2271d40447ed2887e54dba0195d6e5e5c.apk
Size

24.7MB
MD5

b63f2386952c9dd71c7ebe113f12af80
SHA1

c517fc17987a87c17c94cf135f43014e04f831ed
SHA256

8a186f05007a6405f668798ab9bb6ad2271d40447ed2887e54dba0195d6e5e5c
SHA512

e8b7a1841c0f67706e77556be42beaf505f000f4bce2ce05ab3d1d84c3808fcd9a36ee9413b94629dd85ebfb90ba249ad0dbe9882f162ba609de43ed1e2e18bc
SSDEEP

393216:YqgQ0cMLY9Qw4TkCluKlupvSMw2Y/xWYXvBehSfORi0XoROkqCeWCd:Yg3MLY9QwMkuuof2Y/Tv4DiyoRbox

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.shuzizitianse

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shuzizitianse

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.shuzizitianse
/sys/qemu_trace	com.shuzizitianse
/system/bin/qemu-props	com.shuzizitianse

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.shuzizitianse
/dev/qemu_pipe	com.shuzizitianse

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shuzizitianse

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.shuzizitianse

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shuzizitianse

com.shuzizitianse
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4359

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.shuzizitianse/app_crashrecord/1004

Filesize
227B

MD5
4df1101939f1d8630dcfd2211580f696

SHA1
9ded6aaccb7a257b46fb906be1eeefb05924f4a1

SHA256
89117ed6697f176b7931f049ebe463393b9663318e4e3f0bfa9d050040b32bf4

SHA512
8e3b8d5261f920d15bcc4285472d8311dca78af4f5b8dfc8e364d9658ed973ac6e86f536876a65daa664ae598c3c21a848c5ce8a77fd3ba7b25cd9fac8bcb821

Download Submit
/data/user/0/com.shuzizitianse/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_-journal

Filesize
8KB

MD5
a9ae78679c25b143552f9947251718d6

SHA1
64287570d29c2d8faa26907d82824fff4a70f503

SHA256
b8bb229afae58717bbf0795614311bd02c06c1b6e59d16f757a53fd6670ce9b9

SHA512
fc6814411ebd1cd1cf3901d080ffd72ba96323dd9e171cf2dd2a579cc300908db5aa928ac1d34bd80384081533a43772bf222aef355883c6e0c2ca2c4a9c427d

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_-journal

Filesize
8KB

MD5
57938349b02f80779c3c3bc6f2d6633e

SHA1
2c909fe62a87112beb35d8f9d0d48bdc94be532f

SHA256
296ac9e28b890ad81cb19f639dd8d67697fa228925d58faa8e0291f66a65f770

SHA512
b00726682422eac82d872f1c3300a4fd5b031ccea7d4c98289b960ed175373250f22017b9d55b028fc85ea0d4daf21079d0f9fd3b4e816a64c31f6e51baec688

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_-journal

Filesize
8KB

MD5
78ba9394f7798efe98d5b267fba45c30

SHA1
30833b8d68fecd46b116c54c22ae12737aa2f601

SHA256
677b6a023fc0ced8553dce570231ad974ebf8340213bc933e473a1aabc442abd

SHA512
bc1954c0c43b9601540111e24209602fde8af0d628efd2a40df0501d76263e1dc69f0290ad1da3d30fb24185cc822b6b7f14b2021e513607dd346ab2cc75976e

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_-journal

Filesize
8KB

MD5
67b3b6a26d085f3a303aeb9ac17f904e

SHA1
0cf0d42bd7d64e11f2a7b07555bd7d6e4b7ff9eb

SHA256
0c3e121e21fec46e4e6be950a58710c5bdc606d72b21a43a23d7d4a156514351

SHA512
95aa5bc4721fa136cdbacf26786d42db20cbb6d269ccaa82f1d408d803895e83c94abcd2d64dcf7398d65e5b8dddf4260892d0d008b0f5f1fdf2d0af089b2d3f

Download Submit
/data/user/0/com.shuzizitianse/databases/bugly_db_-journal

Filesize
512B

MD5
23ff7484064aa2eb9c8f9cf5aa309a08

SHA1
80ebad188dd9c2fe84a16ed548cfa430bf4f3f24

SHA256
99cec34d5245173d45a0d8055ef90f910324eb00b3351fed916e30962c5f3434

SHA512
81668c41e18508aa42f15df76a346bb08517224bd5ec6ad8cd45e0a36cc32d5130ea3f16dd8b3845e5b1d9481d5b3b170c32dfcbbfe17aed009cbb1815df71d9

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db

Filesize
12KB

MD5
6d527da87c4c692e2091d953eacc7523

SHA1
1ff367e91ec7428668218c1bdc0dcb49541f40b8

SHA256
b78ed93c9a3f339ca2eeb511aa6d79e594931a0279815b239f7065dcb5f810fe

SHA512
5402292ce8d85214e91e24be0c314b41a9846e9dee8ad6ea405553bb04c2597084829a99cad810e6ca327f6fcb80bc99bd42c95f2f6a247d681eb19444d362b0

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db

Filesize
4KB

MD5
71b4dcaa103c26ef5f932ccd5898741b

SHA1
d879150ffe621ba774c1eaec31d27a745ef658ac

SHA256
5d6c9d231d519ed41db736acf725bb7c98a956618d501dcc4d8e6a5141f131aa

SHA512
fef69d51b110a823ae81cc502d887c84802f33eeefb89dd5bffb7c1cb023696a6aa7263e8242e3f7f27de9299237ac36769ae0bd5ad454dbb9e566dfb88e3abe

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db

Filesize
16KB

MD5
66737760436246f97552cedf89792e53

SHA1
b040ccfc95ed5a56f6c7e9e024a284cb3529250b

SHA256
8f504a5a095a2ef978c1dc32ee6f44c811b582c80e97864b2009655424d846f2

SHA512
2f1d3742694d586eb4166dfe0e691db8df2b197264692f23e6f1d5868cad3ab41888899b3a5b60ba9b48fb4e79382d08df3f35909e327ad2d22c9f94bb9e5dca

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db

Filesize
16KB

MD5
13a9b238a92e0708403f0ccc42d3e972

SHA1
ffb8023baf238f33d32ee0c73a7fde9f5949a5dc

SHA256
98af80969c909f0495c237acf6f9c6da3782edde2a4854099c81729cc7c938a3

SHA512
00eff7e31b4ee47666738e33b3dac715fffe6c51f92c5501942a36c481f590631500bbe6505b772243df652824c005ec9a37bafbd8c7dea2b807b17460488f1a

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
95cd54a2ba31318bdd7906d914033da9

SHA1
3b53ad8cd51365531561469fb03f6ed67c98b817

SHA256
cbc84e462b00024d4e6cdc896470b20606cabe438e86f0fd3d9c58d5ef9ac77b

SHA512
dfa366f6706cee3e1fe7b351ed45d5ca433ecbae5c87d9568c374331049499cfc4cd72ea10c0c868f9a3a5eaf722e81d035041f2127e6e78bfd9df87465c9d3a

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ac4b0c0dea961d1fd0b146e53de860c7

SHA1
75b591e5e9dcbd541075b3e57810f4007e13ee3b

SHA256
c6c1a5bf4fee586ea5145232aa67565addfd198886c0f028f4644e8be5e5cf2e

SHA512
58865c3832c043dc5909ef119c66476b27979536d3ff02ec9efd782136c5423c5f5272aaebfc614d838b2ac30f98df8d192c2c5d24c0fc58eeb960d1290349f4

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
05524b88ef0f235839cafcfe67009113

SHA1
ef6bbe1817684f20ab8bf6b424dea0aedd547ddd

SHA256
407940a962d0ebe9bcc22e5ec04a95c4da43d41aad00fe8fb628d6ece3ac7ff9

SHA512
7487f66605f0f397a8edcbc306af10b346a3cdd0ed68c0775ca2f5fa9af47b53606faacd87dc766fff2ea8c51323a4c204d6fd272450523970f8dc713c4316ab

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b53f9db5fabac4b8686c865150ffca13

SHA1
febdd2f26906404ce32ec5e81247f0741dd14017

SHA256
8c263c0879b405004d4709056deb0ffbe072dd769055ec66255acb7c03fbd22d

SHA512
a63004bb968bd62607f0bb5e07078fd43cf49cc2a9ef7975baf15cb5e76d52ade31a5c2bb225b645a5cafe069f967c94dd3c61e8f84b7c47aab5874405d49bbe

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a464775adc6bb694e8a650e3c9fa3b87

SHA1
2a6e9587a4a2798d067d1c357eaac12d9e78d554

SHA256
bba2dc56146688fd286f2794fb8a567d8be323e3af6aeceaecc255b254d46e4b

SHA512
8bdf7d237b468244def755ee792d9e6c0e55a5fa53eb22c3a6e780ae77fc42acb6eb914afb1725edd1057ee49163c25a74d4c7c72fb17e05723576268478213d

Download Submit
/data/user/0/com.shuzizitianse/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
45ce8ab3d30f6a76a49e442a24657a6e

SHA1
d351a1e77f03bc75bdcc6dd1bbf4267db6dd6d5a

SHA256
eab7c7fc0285c5f4ab2af4945ba78fe61218b06fa47cbb3d773b9ed6a4d315b8

SHA512
53f50acec4c5444ef39d2230b54acd7b83f657e5fc4c04f8baf0c7fd9e5a891728cee44e43f6186cc219b5c9792af620e127788d3153870ae00f61268191e329

Download Submit
/data/user/0/com.shuzizitianse/databases/pbn.db

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/user/0/com.shuzizitianse/databases/pbn.db-journal

Filesize
512B

MD5
d782d53dfc93d2d97c05d29afda1314b

SHA1
62dc335e957d87eb8cc2d377ccf8439b9257bf03

SHA256
627d92b456a6cc4e0d09c2f40d4a2e49691948f221ed126bcf8e84a55463b2b1

SHA512
8560f992d851cf714a8644d2f7f9ea70edfec76876b214fd20594c6d14bc76c9cd61b75b6354d12a238b2a30ba15e2597deef84e023ccfa59ae6a9cdcdbf7c5c

Download Submit
/data/user/0/com.shuzizitianse/databases/pbn.db-wal

Filesize
16KB

MD5
c574b12d920519c84de1c9b5f1556eb8

SHA1
25010a9f66a4c96fb69049722cc853a422eed96c

SHA256
84d6624f77177fb1e5f8866326f3a3aefabde630666b26e5fa444d8a9cd35bab

SHA512
f2cc59c717c00a31f5f1c281ec772be6d0c641f1825e37592d1b74467cc536c17d318ef99398b253e43f334c5fc25605fe168eb8892f31beb059064dcaff61ad

Download Submit
/data/user/0/com.shuzizitianse/databases/pbn.db-wal

Filesize
20KB

MD5
9945370a6711131150324d65316c74c9

SHA1
d9098a2b2d61a9b69bf0d4dd04b8aaa057595f93

SHA256
42502ae55122e85614684762a2f9ca3715bc9bb44a9ad42461adef6b227b8fc9

SHA512
d5f7ce972c5d95fc56acbda90fa7af88d22271567c79c88535fb3bb51e495738e1b685f150472f547f03f0fb21f57e2654f1d45f6384266345be186bc073f32a

Download Submit
/data/user/0/com.shuzizitianse/databases/ua.db

Filesize
16KB

MD5
9405796e65c3d4dfab756bc786309801

SHA1
08ea4cc5b89fbd2adedc01fbb8a27731119cfc9e

SHA256
b4424066f6d96c3e4de403ac065acbed4243d32aeea13582d0349c3a458ed2d2

SHA512
e188d7926e52115bad0fe5fcf7212f6c259a7bf7c99388880fe9b01e241364b85dd2918493289e17526e7013304d36aa2d59645ff5259e81616386166404e7cd

Download Submit
/data/user/0/com.shuzizitianse/databases/ua.db-journal

Filesize
8KB

MD5
08e2a4daa565f43cb1eb95bb4fc091ad

SHA1
ffecd7a34dfc2a0b71ce49dd7c100947930e7667

SHA256
74986827d3fe0e6c797a194ff0b33f77c77933d1126c8509f0461f91aa6a37c8

SHA512
470173b400d21d6b43ca105c25c4d9aa2c5284c83fea518126d889158c26757725f1c14e742806a6352f00dc692d860971897b1bce827b276ffcb38daac1eea9

Download Submit
/data/user/0/com.shuzizitianse/files/AppEventsLogger.persistedevents

Filesize
402B

MD5
a26c4375b41459f9e5c5e78293ce5a7d

SHA1
5d5800062c7ca1a2a3805f80bfde290d2e380b30

SHA256
47ba84bf7e27ec839095280b009d2a5e9f6aee851271e52cf878ff3ee12dab33

SHA512
6193dbbcac12e524e6f7a0c68a2c1bd3e5402d6dad3e2f56d817474617450d13faca2238632b40a710f5a2556cdcb5ada54bb473e6ffa8bb04ff96145bfa7982

Download Submit
/data/user/0/com.shuzizitianse/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTc0MDMzMzU3

Filesize
1KB

MD5
38077a67ac86de0f875db592c17f7d7d

SHA1
1d1cb3d3e1b465cfdbe92d988c5f6b70edecc42f

SHA256
7c70cb8788339bd6dde66f7fd3438586306a5659b6ed18e3582fb8bec5ea8b5b

SHA512
e4d73af47cfe95e9c5b2199a789131312e239130eb0171a3f7fcba63f061c3c5e27ecd2d65e05ae337be46e11eedf449c106ea53cbafb41fc6006f50ee3021ce

Download Submit
/data/user/0/com.shuzizitianse/files/umeng_it.cache

Filesize
350B

MD5
edba57ec216e4fdc438f9134790a8b34

SHA1
a23ffbdac801b36aa05862db60c26c256f7db307

SHA256
e7898618937bb6ec9fb7e6ccb0891506e82c4edeaa910737091af5b34afacc9e

SHA512
4b16bb2f4098468ee3befc000f8e96e8d296ae152045459191541db03602b023b02e9ccf69c59440d66d60673ec5c9dd8b2b552f22322bca96a00a4d793650fa

Download Submit
/data/user/0/com.shuzizitianse/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
c66ee5fd8efbe928dded797674673cbb

SHA1
6d0c631a9e08e5c3ebc8c3771de87879270f871c

SHA256
59937281abc303016795de8f9b5ba362d6b621f97c5a8405b5eab6736f0fef8f

SHA512
d1415d4bb8280abbe09483fd584121c1ad73d2afaf69e80cba7065938f20403ddc9d0557b555275ee52dff59eed3a23bc89d1671293a41185ad3c23bb636696d

Download Submit