8e8c7637c861921ce80950f19d8dba7791bbe9227fdd47058838ee0cd5c88321

Analysis

max time kernel
2522936s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 07:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e8c7637c861921ce80950f19d8dba7791bbe9227fdd47058838ee0cd5c88321.apk
Size

13.6MB
MD5

e78976414d5251a7b4bba41d146638ba
SHA1

5593d0c909628ac4743196f502e39180d0c093cc
SHA256

8e8c7637c861921ce80950f19d8dba7791bbe9227fdd47058838ee0cd5c88321
SHA512

2b3c55838b5ac27b5ecf179f884eb2625c0ba7086bf636e409f0b56f0bb022caa0e8b5a3266184810490569878d55111201f479de0d53abf3c1491e437550395
SSDEEP

196608:puSYBMwoBYj0EGe4lf0WBTHiQPLRrJbFmjqrhqq4PEzv1xsmjXZZLOt4fyXogEQn:peU25w0WBTCQP5mjyh748zvfqTVMJIH

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxxinglin.nes18760

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.nes18760

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.nes18760

com.yxxinglin.nes18760
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263

com.yxxinglin.nes18760:pushcore
1⤵
PID:4291

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.nes18760/databases/RKStorage-journal

Filesize
512B

MD5
dee464d82f6b3637e1b65f8f8ced7c84

SHA1
d1e694d2c61eb691e83622abec86400fcc06f221

SHA256
1d7a2d24306bb1f0e65417b6c53154fd53fda8c041c59a3aa0c08deb19bafbe1

SHA512
b68f55303a9a3840f9a663fde12e6d3139224d120e8fc045d6f9234d5bfcc2ca7b71a61075af1c261f41f69abd5cb0d22e2fe26e4b5388fd13e852b859d89e25

Download Submit
/data/data/com.yxxinglin.nes18760/databases/RKStorage-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yxxinglin.nes18760/databases/RKStorage-wal

Filesize
56KB

MD5
502482bef37449e67e0ad89d382edd60

SHA1
f0c3b31ec29ac65afc5fa556117de7046591b2bd

SHA256
6bca3ff5a80b570adf6bc6bcd09fb132870380e8b9f8561839b06f72b05679b4

SHA512
96c9a025481fc32c06b27f20478561c3efcca546a4a4a4be7c6d2ffeaea2705efdf955d50dc6f35c74e1361c00edc89aa62f0e3c9f38302c7d6eb7ba21a93ae8

Download Submit
/data/data/com.yxxinglin.nes18760/databases/ua.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.nes18760/databases/ua.db

Filesize
24KB

MD5
afd6e3463fb720e2456eb5bc4bfb9a45

SHA1
52e3084449561a4f80057b3f92723b7829783819

SHA256
490b626a7835b2a0edea3c8f1ff337eb462bfa7c4177e2658e1ca396e081d083

SHA512
42b08f2dd2cd5b8a3f3b488d3e6b38653d4254cc24946a4fe86b87d40ea0d86917e954e7feb63c5c5e5ff24491d37af3b45ff408a8c6505280f95181c59b3dfa

Download Submit
/data/data/com.yxxinglin.nes18760/databases/ua.db-journal

Filesize
512B

MD5
3fb497e21bbf05855a4eaba8cea5b03e

SHA1
95788793f349d6f9b51c3aa6949fe2820eee0d8d

SHA256
b8a1e387137eff10612f54e12de5368e34e874a3d0a45996f8fa705645f93113

SHA512
66662e5f2103f4d76369132bb94c676549d59a446b9df6e86a44f9ac0968ade8f3fdbac1a1fe35f1ffc8fc0b9c07cb11699e54150feed129608d192f493ec0e4

Download Submit
/data/data/com.yxxinglin.nes18760/databases/ua.db-wal

Filesize
48KB

MD5
118931ab55639dbae8627a5c818a5e72

SHA1
4b3f4995536d1ea4177509f87670a9982bb040c4

SHA256
2887c8b28c542bb1f58b120fac1a316ea861a8c546a441c991dc0c9ba9bedd9c

SHA512
34b77280bb08569a98a9e810eef225d225debc8124b343e1edcd788e3c26c360ad60e2fba0209b281409a370f62ccdde7f6ccdb699d8c3be39269b05e7a78a0d

Download Submit
/data/data/com.yxxinglin.nes18760/databases/ua.db-wal

Filesize
12KB

MD5
1a67ceee7be7121a1881092666e6e287

SHA1
e2058ab5420afdc5d792cd8c1cebe97702c36cef

SHA256
8875b519bb33a26da0a3dd365550892957ba4e63539f927e4cdae390b58b9d39

SHA512
b939af96b7addd7d6e998d826f7c6e26971d221430b72fa22a1bce223c2aefa1ebf21a81749711f7f31ba8aac9804c9d9f0fa0a077ab16e729b6f5ce04f25bd1

Download Submit
/data/data/com.yxxinglin.nes18760/files/.envelope/a==7.5.3&&1.0.0_1703329984559_envelope.log

Filesize
1KB

MD5
f7a92d81a2a85e066c343246964db72d

SHA1
a658f3d6d2808f81ab5b9fe033e667cfc591fdf6

SHA256
13677f419486c464f21529a4faaac8fd388c92250eef804c80b089921aeb148c

SHA512
71288035f3a7be6680e9df5f6e38809ae468725252d2c2d6881197d7e0c1ba9ce0ac823b6b535e2cd1e7003e25a4da063b4a2d8345d403a523b3a8e4c6ec76dd

Download Submit
/data/data/com.yxxinglin.nes18760/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
b8fc96422ab55127c4a1edaf2d2e933c

SHA1
cb8b505b1565a373dabb90f0d0e0f420c69ee987

SHA256
c89634a2a85b35e728326f98b3cd58a84cd7d95dd95baccdd406388b66c8748c

SHA512
60b4413587aba92b2c53c72fef9059f60cfa50012dcd7161d769bfce2daa9bd0d7ad8237af463e7c014d0dc6007723395dedb12af3cc62bd0c57b6cbf814b94d

Download Submit
/data/data/com.yxxinglin.nes18760/files/exid.dat

Filesize
67B

MD5
665dea1e6dede61cdb640bb2002a2078

SHA1
5a31386e6f8c275c823607836b27b64fce503db4

SHA256
4c2b6e7b5b9cccc6226f1388cb3c632cafb9fdf0087ec71d271e518437deebc5

SHA512
35f6aa16fb8bee760ae02c68d54993153ecfa739d2156572dd2c02abafeabdaf3a919d02c002dad57e94aa72822ee55c0c4fbf0908857c1cfc2a23c494f3e4fc

Download Submit
/data/data/com.yxxinglin.nes18760/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzI5OTgzNzA0

Filesize
1KB

MD5
b44ef18f01ddf8c51349a7ed3682dbb5

SHA1
aa7ff7b0166ecc8473edb2c2139d75b9e4898832

SHA256
aae4e8a45e4add84240082c1431b0a4589a611af06148e9fe7c3b71b139d2f27

SHA512
d8fd4892a117efdeb46810374d1effdc3faec4abf7fa304549d7563033e45620bb1a48d3d187893430c423737b3f8a727b55c6fe28fcd624f5fe006fb7fcca5c

Download Submit
/data/data/com.yxxinglin.nes18760/files/umeng_it.cache

Filesize
415B

MD5
c2f93be52c2a12e7be7c80bda6db0351

SHA1
4e1fb376a03e4b4a71495c4543af9a01c4089960

SHA256
aa991c93a2afd607756706b66c36f61e122615a58a1071fa74b7e00bcaa01859

SHA512
89da2f9505a0c59bd098e307a2b8f4e22275851261e14e81567ab4726efce412cf31f98b76e6818da000c0dbdcd29043f69a7e011af02367aebc9b2a5847786f

Download Submit
/data/data/com.yxxinglin.nes18760/lib-main/dso_deps

Filesize
152B

MD5
b060d210354910bd76ee60c95af2c128

SHA1
f61049c5d30af0f8340bb9bf12b44e92aec07030

SHA256
961a5f237640b73f4953705d261dec7998cce2cb92fd4cb8c4221b2e24db22c7

SHA512
8a79f40240ae5d8e2f677248309517578d4b8ff113cf6a9f918a818d722f4998f8222f55650f94219ee1de93ad279f5057b55d1edcf89c9fa06e4f9c9220dbc0

Download Submit
/data/data/com.yxxinglin.nes18760/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.yxxinglin.nes18760/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.yxxinglin.nes18760/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.nes18760

Filesize
9B

MD5
33445f78093dfc1305bcea16d842bb13

SHA1
f561b1bf42b618784c779c75cad63d4b23eefecf

SHA256
1082d20ff43ce9c14b76f4975471aab4bf15ab6ba7cc9d408fde4ac1135aecb4

SHA512
3bc1a71724465bb6a44d3005a2db205ee0394d1ca7f6b66ceb86864b0a31d26f357043102b9671e6dd7e10a62ce61919740ade99575db6e8ef8c926b82c05bb4

Download Submit