8a22a10a04cad1175c8100b4c93eaf8af2d9e274434ee5c1219243bcc65cf1fc

Analysis

max time kernel
2367430s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a22a10a04cad1175c8100b4c93eaf8af2d9e274434ee5c1219243bcc65cf1fc.apk
Size

3.3MB
MD5

9a952386b4fcf7380232dfbee97674f1
SHA1

d1db16cead43aa626fba18da11487fa81d953ef9
SHA256

8a22a10a04cad1175c8100b4c93eaf8af2d9e274434ee5c1219243bcc65cf1fc
SHA512

d90b5f907ffe84b940822ae78ece62a09bf234f13610b29a4642df33e9fd7f91fd2bc40d774a8d1c653ee82ee427f35464c2ddfc03bff60be4645defc55c2ffd
SSDEEP

98304:HImHA8NjiFrCzGB6VCKB8dscYWDH5MbN5zOEHpxCt8uHRV:omg4jArCzG9dscYYAN5zpwt8uHRV

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.ylyh.youai.yisou
/sys/qemu_trace	com.ylyh.youai.yisou
/system/bin/qemu-props	com.ylyh.youai.yisou

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.ylyh.youai.yisou
/dev/qemu_pipe	com.ylyh.youai.yisou

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ylyh.youai.yisou

com.ylyh.youai.yisou
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ylyh.youai.yisou/app_crashrecord/1004

Filesize
229B

MD5
70d8e3025ca2ad2019b97bcea6c04e43

SHA1
15813499544ca3ba9d4d8da0956968e65c4c6279

SHA256
bd9236fdddc8b0d092caa8da4a2ac395c4ab737316c15edbd7ec1e28ebd0c7f8

SHA512
94f6fc6bdfec7e437a3922792cc80dd6a71038593057dfe39fedc3e4171ede1c854127c5ab22441dcd1342c9c6aeef79847736ce08b0d7a4c39ccb9cd1a3c471

Download Submit
/data/user/0/com.ylyh.youai.yisou/databases/bugly_db_

Filesize
4KB

MD5
6fa8fbe3cbd1fc593b8bf7bc5ea6d839

SHA1
24f8374e0281de1bdf51176550b8745259bbe644

SHA256
5aa118f147ad6deb1c13d5d2e18528082fa05236b2e01c5cf62e2af32758002f

SHA512
0b2982a068a5568af28b6209e369f56832d5e79df0bdfb469f4c66c04bae32b19bd7e666e30c8c85759c316a884900bfed07d835a55abbf161ec5d1f36332eb1

Download Submit
/data/user/0/com.ylyh.youai.yisou/databases/bugly_db_-journal

Filesize
12KB

MD5
13340ee906224a5b0eb4b9a7d0495d46

SHA1
6c4bc8f87263d695abf504381958c2953573ce22

SHA256
43e46cad0623f5920d3c5ebd896facac00681d05d467e62d144fe657fc98d860

SHA512
318e68fb401f93dc5fc7e8c7bdb88a6d7713f43de8393366a6993df5e366ca5e9ce116d3904d5319fc2337b151455693493de009bcd45d496febd82d483e0837

Download Submit
/data/user/0/com.ylyh.youai.yisou/databases/bugly_db_-journal

Filesize
512B

MD5
50a5a74a6c6f0b23ad16a8103355c40a

SHA1
f3c5bc88660ca097df520a8f03ce64a6396f51ec

SHA256
6601191cec3e6e835ead0a810d715dfdc09ae2cf808dd24ddea7ef56718408bb

SHA512
ab2b0b6f6b9ba36077db0280ec07f7ba4a97b956a3131ed470041c83678cd7936e92c3e84b143dd2555c2db4b0a39fdb511df49040f88fc6195a574e667df2bf

Download Submit
/data/user/0/com.ylyh.youai.yisou/databases/bugly_db_-journal

Filesize
4KB

MD5
cb9988375e18d12486a15352a67d9010

SHA1
33e7d1d384660b2ff8881da3560f56c334569443

SHA256
6d9266ae708291e202ceede50a514b22e438a7a13e6785502fa2b05438c0ffca

SHA512
4a94460ce19b3a550fc3c119d508a7c230a1a69ba96ce0155284523360589bf5aae723bfb1e2034bb50eeb47d13f1577be4924cf8c2a104739ae9f84968b803f

Download Submit