Analysis

  • max time kernel
    2512031s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20-12-2023 06:46

General

  • Target

    8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990.apk

  • Size

    3.5MB

  • MD5

    6ddae0bb705c150cfeea682d43710bf1

  • SHA1

    3610672b0e1d45030bb3267d3ffdda2122554cb0

  • SHA256

    8cb2a5f48784b95958a5dc8a6bb97a65916e7ad4ee43e874d50eabe7c5e88990

  • SHA512

    b9203a91abcb2859f3dc785190c86207f76c47c5cf39ce2fef429950473acba31a6b53b126e04ae87deb7eee3843c5aab9d5adf5cde3af60e0461abd8ea812e7

  • SSDEEP

    49152:4/NUzSHe5UQtHy1fffEcy317sc1x7B3l0ZL7ZhJqqwVSvsEFP2R7QBub9e3g5zpH:mqU6efffnRcj7jGPJq8kVQI5Dhpdns3O

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.

Processes

  • ir.shz.shzkisi
    1⤵
    • Acquires the wake lock
    PID:4505
    • ping -c 2 -W 10 -v google.com
      2⤵
        PID:4550

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/ir.shz.shzkisi/cache/~test.test

      Filesize

      4B

      MD5

      098f6bcd4621d373cade4e832627b4f6

      SHA1

      a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

      SHA256

      9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

      SHA512

      ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      2fe4f04aad631cb5d6b0657a4d36a037

      SHA1

      5201ab2b6b8b5a785d024685612cb798e5d98c2f

      SHA256

      e7299ade2ecd86572beb7afd3b5df654448e92a6ff5245df7cb3fa260ff7518e

      SHA512

      22fe43d6bc485d4fcb4a3a6f989e64bf54884d8c47fcc4284ace6cab0ec3258aecf5703699c1661fd20e4e867ed3a90bcfe5e052a9333bd8aeb6d81fab0c6e0a

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      56787d42e4bba2ba6e98fa5b8a7510f3

      SHA1

      227099b9204a2ac6db122fe6c5b1eeaf21df6ca3

      SHA256

      125ae8c7b1cdd5a47fc66431e24e8a9f09cdc7b7df8718351745bcf7710d5470

      SHA512

      ff8686a58de951e0d6f7428bd6423af49594f47b363549060220f93d9ef5abe400961444f06849cdca6edea6b272d63d267c624c290925bc23412080de26077a

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      b69cb23db679f584efc0e742b5774e31

      SHA1

      6f6ebe90b031708fa704803c8005284f9cd9d6e2

      SHA256

      9691e77370a0c1e9db567a5c86237c00db5c0e4566e6befe549189ce733870bf

      SHA512

      01fcfb6cef2ee1bcfb4a58e30ce0536240a748407137217ddbd62bd5a416fa37fd637ea9a4c714394100af9cf0295f7180cc024e603d62ab99f562d62228948b

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db

      Filesize

      16KB

      MD5

      7237409e0640cfab7bdbd429bf821a3b

      SHA1

      4c3da934842f8d4835dfe2a9c275a300e5123309

      SHA256

      5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

      SHA512

      c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-journal

      Filesize

      512B

      MD5

      5f5d1fb7b07f05d6698ae727778e5eee

      SHA1

      3cd58643e33ed5500868b6f00de2cb85dfe29607

      SHA256

      0ba35865a02834d3a145a7e9444a19bdecf8fac56525baaf145d02ab4b4674f0

      SHA512

      f668e7dd3777f8881d20fb1b0421f69ebfa08bb1085ffdd6ed2c3fe5f7dd9260be0923d4a78166330c5e49251f713e7e2749bd489141edb1f30022bfbefec242

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      74196eaf5b8c54309e4ba8e8a6a86bd2

      SHA1

      5bb9e51773764673de4a774ea1bd9629ae636c79

      SHA256

      3a7a3382594dfc64793b3e5d81f71c241e634c278ccdc7376a3abbc7b3123754

      SHA512

      8e7717710b6d0d1d0a5db3adbdf8f14a6c4206ba6018165a68fd616a4d9215f9d08b2e546d5151f5e16b6426b54594c7ce5d09ae332663be0b21781987ba8109

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      eddcf64d9abebd82a471515a317585e7

      SHA1

      7018841d702600d01624a5a38fb0324b062e6e2d

      SHA256

      eb6d2fa31ff8a63d28d5ec97d88c7f27811f27852c86636ea517756053c88336

      SHA512

      f531b9c54ca05b625e598f7b8b09aae18c8ceeffbec8f3db855d2c4cf7665bd015d66ab097108a7993d738c80e9fe8c642dd8f5a00fe19042461caaa0261846a

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      4KB

      MD5

      3d109c133cc9e06ee73f37e361601bb6

      SHA1

      c35197d6ca380a15689b210c616547d713661a49

      SHA256

      4a716349caf9d51b5c5abcf863752fb094fc3a8206730cbe915dbc875f3ba8f3

      SHA512

      01e5a540480c4b4ea2eab92bf6c055917dffd9b6071bc3a709f98d82505789bb0cdf359c2137f0daf3f4e92105017e4c4e8cadfb731fdd48ba7e0c4ba01ab259

    • /data/data/ir.shz.shzkisi/databases/google_app_measurement_local.db-wal

      Filesize

      36KB

      MD5

      c14b792ced952432ad9d74473381734a

      SHA1

      4bc9a472c2997f4709afefa95dffaae5945bc1da

      SHA256

      afc150cb9a4143e9bfc107176da42f764101c2d9a900481dcfd068ae63f7d652

      SHA512

      4333a43944c73c4486f65818635bb240fb0e638c97082dac0b8faadde75445a7ad00ce14362b2dc52ccadad39c560b29be0515adae26b270e9e82bfacdafa938

    • /data/data/ir.shz.shzkisi/files/PersistedInstallation4313644926923906061tmp

      Filesize

      569B

      MD5

      c59d0761272c6a174b33ec248419de2f

      SHA1

      b1dbfc771f5cce3045fbbf98bdf6195c1b4efd02

      SHA256

      704c72dcaee86953adcc8169049ed87de9552daaa59d11482a9ed3a08363b148

      SHA512

      5431ed33e8eef3be3686479612117da30e44fb010cfd3edff4c7f9b7c37a3bef3d6e679fec70b32ab031a2d20352bf1719ee2de5336c9562c80a87fd3d6feff4

    • /data/data/ir.shz.shzkisi/files/PersistedInstallation6415174178960562362tmp

      Filesize

      90B

      MD5

      2d55c9f3c6a7f34f3f41dbd6b35a1053

      SHA1

      4657dd63c4f4280ca75378aef329a1c1952cb9da

      SHA256

      28a385becabf28e67f7bd07a7cc49240e9769e74b41d808a9fb4c4ecaaeca87d

      SHA512

      6b94e6b2d1da377bea2b03d5e03693679743263f3d38c7641ba473abdc292b9f99df42f5a8f4ea44e3176493be676137553d683ceb035a46c881e2ea929a14c7