91d44f2f0fb11dc93a06f1a9c085d0d03d8e6dd45e463297a4a032ff544f2218

Analysis

max time kernel
2523013s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91d44f2f0fb11dc93a06f1a9c085d0d03d8e6dd45e463297a4a032ff544f2218.apk
Size

28.2MB
MD5

1847a72a3d66c637f4820268d85106bf
SHA1

0c45e7d8f29fc27a376dbb439739fdf4e44646d1
SHA256

91d44f2f0fb11dc93a06f1a9c085d0d03d8e6dd45e463297a4a032ff544f2218
SHA512

1e5fab9cc8836b029f49f1af1ea8115e8df52b43ca8dc271defea929d0dee8fd7ee9458f8b3ebbb86024c60eb0633e12072fcf84c56599d9c5a6db196d72460f
SSDEEP

786432:kfwnAx3gtWgULzhdrAddfmxY2G9hlEri8bmUvzS/WRHcW:kfwa3Y49eddfmyfWriULR8W

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 3 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.fenglin.xiaozi
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.fenglin.xiaozi:push
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.fenglin.xiaozi:player

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.fenglin.xiaozi

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 3 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.fenglin.xiaozi
Framework API call	android.hardware.SensorManager.registerListener	com.fenglin.xiaozi:push
Framework API call	android.hardware.SensorManager.registerListener	com.fenglin.xiaozi:player

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fenglin.xiaozi
Framework API call	javax.crypto.Cipher.doFinal	com.fenglin.xiaozi:push
Framework API call	javax.crypto.Cipher.doFinal	com.fenglin.xiaozi:player

com.fenglin.xiaozi
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271

com.fenglin.xiaozi:push
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4369
- /system/bin/ndk_translation_program_runner_binfmt_misc /data/data/com.fenglin.xiaozi/lib/libdaemon.so /data/data/com.fenglin.xiaozi/lib/libdaemon.so com.fenglin.xiaozi/com.igexin.sdk.PushService com.fenglin.xiaozi:push &
  2⤵
  PID:4440

com.fenglin.xiaozi:player
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fenglin.xiaozi/databases/_ire

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fenglin.xiaozi/databases/_ire-journal

Filesize
512B

MD5
9dd2e60baf3223c0cf45dcab17d20993

SHA1
62d1235bf846a47d74817cdedce3b73b7038b810

SHA256
48361d01df9915484301b493497a279b1e7360e72fbcc348eb2c46ab866293de

SHA512
92a34cc790c05e653110e9dc431e4ad85c56cd3cf8b40b01519713d19b77ef4d8d69385d9b6d2abdb938308a5eeeca5d6110cd3e1634f13a985cbb7271c66113

Download Submit
/data/data/com.fenglin.xiaozi/databases/_ire-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fenglin.xiaozi/databases/_ire-wal

Filesize
20KB

MD5
d7889d5d39fdcdd691a2dce6bbc95408

SHA1
845597d41450aa7efc90d9f93cd336edb7286aee

SHA256
f219ea5e4cd0809d3b4a3b2de86c9853c532bb943d24d3ca0e76536a4f4233c9

SHA512
6b6b5b4fea4cc180e0b106e8a81491f8bf794f293e057543f3e6e943f6c416cb3b6b4837e587de8d40309988eaf0a79e6b23b96c5032348ccc6401b19d348f33

Download Submit
/data/data/com.fenglin.xiaozi/files/LizhiFM/LizhiFM.db-wal

Filesize
366KB

MD5
49889140c78fb18d3658911804fd2c89

SHA1
0d0a805a4a0e2c8a545577b40f219ccc38607ac6

SHA256
affafedd88708bae519fa93c0aacada9c9241fd7d4880306bb838c30e4a7ae22

SHA512
64127e7d1a0c1691d4ca415e0bef97164d7061830f3a236f15a74f0388e6604d635e8fa07035a0e4c722065f97f2ef7b8c149f7efcbf3d16f1ff3a027d4d7c3e

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db

Filesize
32KB

MD5
0fcb31920c258bcb52a89d3acddf2d4a

SHA1
dd764d611e087ef4e43f0a5cd3f3be85e062eb17

SHA256
b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828

SHA512
009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db

Filesize
12KB

MD5
7366a3e11c5eaa3441e4e78a64712e86

SHA1
4a7e92d798ae5d76234a19e0e0c871288cd7f477

SHA256
2aa5673088289df1ff391ea642e190eba49775dc9d0f34cea8e60813427f63ca

SHA512
2d7c1ab2d44c945360a2450cf5974ba24acd7676db102ac37aff96dba5365a42c9767d2aeaff32c49d2c8612453feeb3868653c72a923c0a13408c98a23e903d

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db

Filesize
12KB

MD5
536abd4cc74a3673d14efe28253d512b

SHA1
2b851eb74d43748ce10cffd93ee40809ff8261aa

SHA256
19754108c0f8924c62c2fb16be40896d65f039675aa0d403d8217a648bf6b353

SHA512
e2298cffb1528604ad974ece69345d96adca3d7cf3d643a1a4d1c592a765e6f6369b9a2372da1d01f3a2a40957760504b87b3cf36692bdbffe22aae36418a051

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db-journal

Filesize
512B

MD5
d958a8654d0e4d3c620f93ca7f021a24

SHA1
74196c4434f1ea8384eb9ceaa84d7d428c982d3f

SHA256
c7d7c9f435112f69c81a782efc4ae532b45304e9dc403cd102853ca5d7bd4dae

SHA512
14018f4d11b62f30b9bf31f7e4e14069974979bf0db18bef68ccca00629db6b65e86aa7546a30a5f28a64d90735a6edbb7dfaee15dced4eecae4da4ddee75a9c

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db-shm

Filesize
28KB

MD5
8d45c43c837d0f93532ac1e537374e9c

SHA1
f0c1663846605c73fb6df13bbafc0781cfd8a0af

SHA256
6cb7efd194ccc9248b6c78b74cd84066d73f60a6cd734540c59cc813a5c790e8

SHA512
f713f5ffed608b4ed68fe0f747887c1f5fe3b979766b7ce5648f0dcbb0be8b1d5b70be50fe9643af3dcf62d940117aba230eccbaaa7e4852568b36ea37e23e1b

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db-wal

Filesize
72KB

MD5
244a7c2f6781847278505ee2059376da

SHA1
7d74f3a3d28b3af54051af69d8f64540e3325a7e

SHA256
98d75fd8dc04c8eb8ceab02b4c84aab16a76b8eaac3f80d551e3cf1589f9374e

SHA512
bc96ef20ff87ebf65a3c6969278e2fef57e637299c65c17c4bb4627ea1817abff949ca00dee38b050f814e9b561efa2922d55f0988af73e4775b97c6838886fd

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db-wal

Filesize
4KB

MD5
9b04bb685cc16703e2cb56bdcb58f9db

SHA1
fc5f9bc14c5cd617c2843729cb29a060b03e9893

SHA256
69147d0be39f688aecfa75aadc0588a5379ce8aadaa7436349d1a0287a21ffa1

SHA512
74bf891e0fa258d39494f5104999357428b54f4b196982fbcd62104157153d0e787fbbb59427b011c59ab759502db71cf6e9bdaa405a4d885b4346378adedeb6

Download Submit
/data/data/com.fenglin.xiaozi/files/TDtcagent.db-wal

Filesize
28KB

MD5
102e8df0ef8f420631de84c1276ca943

SHA1
83cdca80613bde52ca6abc8ed0cf1a33ecf11411

SHA256
0912897ce332437917efaaabbefcbb9dda5fe5088f98a6e8b874db91acff20a7

SHA512
81f043752a9a324c9cf5ba688a61c71bab74bfbb4d8ee7ce37fb2b4392f391e6877c5b9b182eced8ed6a69dd5ce12b6ae87a40445f719e7b30edb41b3127b5d4

Download Submit
/storage/emulated/0/183/LizhiFM/Backups/backup.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/storage/emulated/0/183/LizhiFM/Backups/backup.db-journal

Filesize
512B

MD5
1b4800ab957e1672f451b569a0f0afae

SHA1
b77af27895d5e4d72a76b60513c77fb3360bfad4

SHA256
c35883791a1af2950b63f921fc65b8c79c1c1206bb312d34f1a44a8f05184d00

SHA512
e27aa691f81a4eb00632cf80875e36e8983914e9de379ab6cb6db186106e1fe3c017ef0876a00b08c7fb9444a0f409f43bb5b269d8c7a601d937eefed821e222

Download Submit
/storage/emulated/0/183/LizhiFM/Backups/backup.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/183/LizhiFM/Backups/backup.db-wal

Filesize
16KB

MD5
c391cef1764bfb4141a4e2363a3d522e

SHA1
e8973a753e0ec869ca0f6edca9453c680ddacd00

SHA256
5fe6b125eeaeb4a3acb7e4f72758b73be47ea60c2ff94eaed7aeff7017ade5d3

SHA512
52792f5bbde8160f99986787596bbc75356c801c030a8dfc99e2989f53c02e6a2607feeceead861294230a5f05b07096bc97b0bd8a4ec271b88297c0cc448672

Download Submit
/storage/emulated/0/183/LizhiFM/watchdog/lz.ini

Filesize
512B

MD5
e55f2badb780c8f6c0215575c361cd79

SHA1
4c01194a5f0f3314348fcdd0fdc2c0b6852c723c

SHA256
d8fd63d8c9c27b9fd6a88cf1fb099cec638d458774407664cbf520b531750cc0

SHA512
310ba699b1bd83a98779cc0ff3cc52a74c17d18caff374564b6473d9cbe0bb12797f962ea7864b8f73e749973121ce80e7621523b1dee112be192b553f05a092

Download Submit
/storage/emulated/0/183/LizhiFM/watchdog/lz_1703329932819.bin

Filesize
16KB

MD5
cd212da9b15df9fff4b118e160a47d80

SHA1
fb5e2010491480b7d40daadebed12f353da08546

SHA256
ca6ec97e99f1d2730ff348ce43e9601448f505149655465fa76785e63e87f41d

SHA512
41afb7fba37539ebf7285b79f497f7c3cf2c6f3ca881a85184a0ac0fccc6a3411e5c77334f3c17891176d5eb3d68826c0241b3a0d57ac026a48c9bc3e42fc34d

Download Submit