Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

90504d4a55...19.apk

android-9-x86

7

Analysis

  • max time kernel
    2514993s
  • max time network
    143s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90504d4a559d92a145a15dd2251fa4d22b46a204b1d7001e67093732749e5419.apk

  • Size

    5.9MB

  • MD5

    d5907818dcee5ea2ff8cf59e7ee20952

  • SHA1

    c0b9efc036accbc592a8d12f1de6b18fda4ffe5e

  • SHA256

    90504d4a559d92a145a15dd2251fa4d22b46a204b1d7001e67093732749e5419

  • SHA512

    888de6798ffc4478397e640ae1df6f3bac623d8ec8b3e9e9426f07a1a19a84c6aba3345bee6ccf36032721d2cf17fbe40af181c53d6ea82396f0a831d5c31173

  • SSDEEP

    98304:8sKqIXdLbg88T0eNtS37Nsf9Qk+Kz9Duqpam7k+wcVTKD8XdKtX7dU5yu9g:8sQt/gDS37NsfyVuDZg+w2T+8XQuyX

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.ys.ylsgz2.guopan
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4243
    • chmod 777 /data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/lib/lib39285EFA.so
      2⤵
        PID:4440
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/classes.dex --output-vdex-fd=81 --oat-fd=121 --oat-location=/data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.ys.ylsgz2.guopan/app_crashrecord/1004
      Filesize

      229B

      MD5

      c910717c8fab6b940b280abb568b7b9e

      SHA1

      8b1cd1e861d46afbea3621293b712b9665365b47

      SHA256

      5fc7fd17d83f699b38b34b6e42aaa8e1f006a1bc771da83f4893ca0af96353b9

      SHA512

      878e2804b74453f559960cef597cc35cb28c3f4af23f17dcf89a7af69af62f56c8c9a7b383dbbf4dc84bbe81d37948184708c10b424b5fefd09c0ec5f030ba82

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/app_crashrecord/1004
      Filesize

      58B

      MD5

      0d210bfb2a0e1f1b4c082a6a0f79de07

      SHA1

      bb8ed9e364db79d1d9f2fcde3f15091893222faa

      SHA256

      988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

      SHA512

      536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/databases/bugly_db_
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/databases/bugly_db_-journal
      Filesize

      512B

      MD5

      c9958394c82a448abe7953eac14c8775

      SHA1

      49355f37d17f0a1138542811f03c28833ea31807

      SHA256

      38593114136493d9e9fe8564acbe60d683f1668b917e0783ebc9d9c0eea0eac8

      SHA512

      f226cdeb231a811017b9a03be3b57ee2957b1b3b3715d95b9ef1f7f1ed4c838477db947018909497faec741ad9eae99063227f539f5deec83b8323018fc1c93e

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/databases/bugly_db_-shm
      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/databases/bugly_db_-wal
      Filesize

      68KB

      MD5

      e0c8b6860157818e8d0f3dc0417b7c60

      SHA1

      a53b7af0d53e4f40ab43dc275eef8fc62124281c

      SHA256

      68aa9496c5fa8af5e198430672287bb45096783782434c019d7f270c00e2f675

      SHA512

      b72bb79101626fc99b48eda0db68c41ab46b5436b666ebf2989bb77b0c59bd57ffedd94eeb3ea4590f0fdb4f4c48b7b88905ab3d50e4d2c350af7b34774eeccc

      Download Submit

    • /data/data/com.ys.ylsgz2.guopan/guopan/sdk/plugin/gp_sdk_plugin.apk.temp
      Filesize

      46KB

      MD5

      acc13aa9f5e5b139ae847d104f877b7e

      SHA1

      11f6255ad9bc26fc17489d666584cd45d84a3a36

      SHA256

      4c400fa604e2cf8767d4296242e0ae51cdfffe64f3430fbb79e9859817a86ed7

      SHA512

      6930849ca310788a233d05ed1e5fb59ae107c5b2bce4c7cdc35e2d0b993f4c9bc546ca784802df4360b81191843f75d9a5e90396c240da37aa1de3748a84e68f

      Download Submit

    • /data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/classes.dex
      Filesize

      3.5MB

      MD5

      1697c255c1d0676c618200b438420cc9

      SHA1

      c95fb86a41a90203038b739b25f76bc13f524cab

      SHA256

      c22ae3436f33becb2b060765f43cf4cdc97836b3e2a85887483f88bbc39cfeb4

      SHA512

      cf336e26e4aa5875b47a89f1390faff0f53d51127776d94f8684c445d726797dc98bafa4b505ddb4024b6e5c5320692ffc7a41dffe7cf42c9c9037e28ac24939

      Download Submit

    • /data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/classes.dex
      Filesize

      3.5MB

      MD5

      4c46176bf5ef8c90a534898bfbc70e46

      SHA1

      e49183ae714f10328fa66007e05468bc28074179

      SHA256

      5861f45d1e6731cc7f43201fa62cec8d8ef34a380a1e6adbe03ef70b7a127db3

      SHA512

      adabd43e44859beb545f45dfce2eb5a801fb342c986a029841566b0a1e05af9b68e5b46ae0eaf0a8190c006a28211b948604a2e5cdce825514d9debf1e567cd0

      Download Submit

    • /data/user/0/com.ys.ylsgz2.guopan/guopan/sdk/plugin/dex/classes4.dex
      Filesize

      44KB

      MD5

      f7e9ddef98968335a2d241da71d19492

      SHA1

      1e3dc6883b9505d06e1316d4d9035f32dabd7da8

      SHA256

      762993750e0dcb550a33c3e955d364068c48e9953bdf75b10e9ebb5d1f7ba24f

      SHA512

      c0d74b605f4d64424bb68bb7faf5f2c279178a2f33daf4d3ffc792420885b7e305981a2a040a773c6fa51273a97ce52630cb66569e91f88883b83273bd13189d

      Download Submit

    • /storage/emulated/0/.flamingo/device/device.config
      Filesize

      108B

      MD5

      d1704a109b37870d49b69d1b34897764

      SHA1

      b19645b33508d4790d245de9799369cd2274c19b

      SHA256

      9d4b509bf71a0d0627a8ed4ed4534ce38a0127044f589498c6f243587d09ecc0

      SHA512

      80762b093c87218087c1a34c8bc52bb9bf6c32fb8962cf8d86ea79c0bc787d1b1086c193653f38edacbceb6fb91b8fc0756b2342c37810b86f6a7f562556eac3

      Download Submit

    • /storage/emulated/0/UcQkDir/qk.dvid.txt
      Filesize

      65B

      MD5

      b0f0ca76c45c56a509660b0e270a0d0c

      SHA1

      554e8b5839f02a8376b7d39f3fdde04259730993

      SHA256

      8f6923fac7638d9adc31625d9abe00017a2153a5b139896fc026c8a9092e339e

      SHA512

      5363899573324c96c16ae0ecef3f78fa69e2eceff077ae0402439ccbc417026bd42d41d790d0d97c648267853b9f1e25e5655bca3e2c13e6a60ec79aca4f2e21

      Download Submit