8e5be68ebd42fb140e4ff270adb9a0e3819520359305a0fb19a8f513a841dcf3

Analysis

max time kernel
2520803s
max time network
154s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e5be68ebd42fb140e4ff270adb9a0e3819520359305a0fb19a8f513a841dcf3.apk
Size

6.5MB
MD5

6f27a3b9446b08cb1ec72421c7037c48
SHA1

659b030196eca53609278d840e9dbcecea94071c
SHA256

8e5be68ebd42fb140e4ff270adb9a0e3819520359305a0fb19a8f513a841dcf3
SHA512

21a37672d6c3eb882504924b171807cb5b823b29abc3787bd6325a8e2e7daa89130f5b22141179cb2fb8afcb22d4631aed0614056eb2d768e80677f1bf490bb0
SSDEEP

196608:NpmvKpma/8Pa9Ct5zaUU9GOcLmI0yN8K9cA:NkmfMReUU9RLK9cA

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 6 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.joyme.wiki:pushcore
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.talkingdata.sdk.TDAntiCheatingService
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.joyme.wiki
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.joyme.wiki
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.joyme.wiki:pushcore
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.talkingdata.sdk.TDAntiCheatingService

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.joyme.wiki

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.joyme.wiki
Framework API call	javax.crypto.Cipher.doFinal	com.joyme.wiki:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.talkingdata.sdk.TDAntiCheatingService

com.joyme.wiki
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270
- su
  2⤵
  PID:4344

com.joyme.wiki:pushcore
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4317

com.talkingdata.sdk.TDAntiCheatingService
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.joyme.wiki/files/AntiCheatingLock

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.joyme.wiki/files/td_database0TalkingData/1703327716184_4270

Filesize
4B

MD5
a35d50611451112c86a3945e78df71f4

SHA1
bdd00858ae2bd0a29d8f0f366f3f11ceec4ef14c

SHA256
626933b6177cd37cd85496219be1a879a34785bdaa0aabe200da270ab1b5be67

SHA512
cba440e35eb25b8b49cc7f5727c833b2cc3b946cad3dbf7dfdf33de9d76a18d33a51a1c0a289e2acfd48e86d9b2f374d81c11d7d5d70001dea8703b549861f90

Download Submit
/data/data/com.joyme.wiki/files/td_database0TalkingData/1703327716184_4270

Filesize
2KB

MD5
398e67993b01637c5cb7a36e420f7aa4

SHA1
a5f237f822eac2999912591202f4a69610ba7355

SHA256
6582b05e30a8047ee4abbe209120769e764a9dadbc874fe9085a2c40247c6f32

SHA512
f43320e6c59f5f860692742ee2d4a901db7fb492df6ee4bc91ea29872c9e6237e7db0e5e0106a4fa1f4439ee3dfbbd509482a66362bdbd63e2f6978929898e5d

Download Submit
/data/data/com.joyme.wiki/files/td_database0TalkingData/1703327717333_4270

Filesize
2KB

MD5
5085d11cf5c2aef0250b69fe8f81b2bf

SHA1
ad5f2de10e24e724690034f18a2862f7415212a4

SHA256
05e750ecbc0933199bfed28249ee8072eda713a6d30e8dda380f32cb847304f8

SHA512
6af1fdbea6aca17e73a40bed6cc322e18d4ad1e1e91e0938a5b6d629a86cd380da95ce0dd0d4a00d4aedcdacd7dcb36e1492b69c02673cf9f026e428ce25d65b

Download Submit
/data/data/com.joyme.wiki/files/td_database0TalkingData/1703327717570_4317

Filesize
2KB

MD5
4856358d65361f30f5b489c3d344398e

SHA1
f87d44069744f5b0ff4934e8b776d1adce6d7815

SHA256
9f500887d2d1932c215a6b72839a49c2db4b64f404e00c0de2a641a2074afb93

SHA512
7a8966c0416e797f7b232910b60703be122b88e54aafcca8c29b6bbd99b078045fee9586c39a021be1c62c05f1bfc822af4f136417473dd55c8e4a86f3c3bdc7

Download Submit
/data/data/com.joyme.wiki/files/td_database0TalkingData/1703327722050_4473

Filesize
2KB

MD5
8374681e48a3515fc48de5a5ea75b334

SHA1
54fb81ab1fa39a5c23b8ae5b5093744b6d176d6c

SHA256
610e4afd259af7ca5ea1cce76aa6a676eb786d1d0815ae1da9f2516453aca009

SHA512
0bc950b15a133044bbae656f762ddd247ae0bea99d447c76aaa76c82823c5cf2ff76c651b4da6451f52e755a34a24580984d779772b7fa6c46ab7c510fba9757

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327715954_4270

Filesize
2KB

MD5
e2c7b7acc5004d6bafb7e7a5a9d961f0

SHA1
2a04ca5b56a35c49fa68437811311c8bf66e51dd

SHA256
113ebd8f3023607d0918fa6bd2aea4abc1ed8df3038f174cf1832398365ca265

SHA512
4f6818515fff856a5b36c814c2d79dccce858c2eb8f188c0ae72a568ec9b37546e870c1a6e87c685fb0535906c46066c2ea234aa99439f00e4555750972de16a

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327717018_4270

Filesize
2KB

MD5
44fe0987944215da1c6cd821a58e6231

SHA1
c3890b5c8495bfef4fc646fbc99e965eb77044f6

SHA256
15b64f65d4b1285874a6c37df0a202c0a0b84e52b2f04444de53d5ec7dacd823

SHA512
8d3a1a719b5d0a52befca2b5364035debc5e3e335c97044c9d1a5e7b6b32dfe6164c75152d0ed2a2fd94a0c03a4ec5899a930eaac4652508d4ec9bfc7de22749

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327717374_4317

Filesize
2KB

MD5
40d604216ecdeee2a9d479245258fdae

SHA1
b3a170a21167011283dc65daeacd92bc986dbd50

SHA256
bbbfdf2a365acab15d5d69b5643a60870f4f0aec432d9f5de2b9f97ae0914c35

SHA512
79d5dd339220e3f5e6a759423172c77be35dfdc54052183e8a937f9fdd697aed82da4fac951086ebc80b7d6d2924f935726aac7a7aa27c786543b691a842145d

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327717515_4270

Filesize
2KB

MD5
833ef269063ebdd0b0c4de037a37ae05

SHA1
7a8c9f3e40a2bd7e2e1c3309c7e4ccc845f89d61

SHA256
767432bca12be7b44574380aebd4272f7094f686192b15c25c9adfbfbb43e596

SHA512
0f6d1433ce39cf5aff81e218f03ce5795e3ebf86018d953e7af7ed4d405070d7b2a3259603f7a743d929e9ff4123b19864f3b11d70451dab3a11b5d8f1c13685

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327717904_4317

Filesize
2KB

MD5
9402ed51b340f50653d5114faebc905c

SHA1
0de3acf7b5c8a1c04e0fbd80489327d07d99d0db

SHA256
7930f79abf1250666aa4ee61f8292dc3632a2a3c8f05931743835232d2736c47

SHA512
33cfe2e0934e2b5c66bf17d54bc8847d58184502daefb445aa3ffbca3899823a7dd063482500f86068fa2ca2a4f62c8e116940318dbd2ecec0bc241703a1ef4d

Download Submit
/data/data/com.joyme.wiki/files/td_database2TalkingData/1703327721937_4473

Filesize
2KB

MD5
7e0b5287782825103247ba99e6524c4d

SHA1
7017ef9017b2cb0061c88b5c9a352b20d777f2b5

SHA256
a73bf8a75b5af7fa31c7dd220ca43a300f1d93b607317510110e7eb2ab3f8502

SHA512
6a77ebdea4903817fc4cd11f659883994c11b9fafb0ea4bc61c89e05a43ae8b214220a620888cf3a01490c48d77251544a989a3fc2a34b5a4587b7c507103c23

Download Submit
/storage/emulated/0/.tcookieid

Filesize
33B

MD5
3f080cbdc0d4dde342ea8b6b264c995e

SHA1
266a1800c8ab9baf32bc463a7657d2aea129c531

SHA256
1d22562a763350a6d273fded3281654b93b566e74e016441bba1f2782a2758e2

SHA512
525d696f98e6103622055302efae2bc7f0ae3587e543c1746ca78c96a6b78bbbd8b5ab36e542703658c1ad5aed57cafa50c3ed96e6590878c55b4ff6eaa92d2f

Download Submit
/storage/emulated/0/Android/data/com.joyme.wiki/cache/disk_cache/journal.tmp

Filesize
35B

MD5
dc5f87cca8411bfea7857458fec688ed

SHA1
bd664f044681feb4cdb1617e65281c987c6fe2db

SHA256
b7c3b6523954d4cadc5c8bbad2f3b1aa2193dd8f59eb1d10fde5fd4ad56fdcc7

SHA512
dc40d93ad1b2d842c6bd7c63bf835d9b098eba48b560a32b9316b822f4f503d6d7e7ed260a1402a88ff4c1697dc5f7df54c12025abd16fd2b7fa9b8c6823c696

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
02ff10eed7183113a57e5d75ee3d412f

SHA1
173c1c803534444ffab80a669cfec67f9d8f2f2a

SHA256
c0df47af3ac825ab796cce3077ffab5f9bd7f7129549158f56e6b3b21e1f8478

SHA512
274df3eb570d59d161982504f46b29f53fc09f3d111b61ac1d9d7c5b00dc1acfb2e012e7ff1a3d1e020b607c9621b045ab8a33eb66fd378471ece3f18206a33d

Download Submit