961624ee9797773c1dc7b2a8f42c7b318326c618ae452f7d1c463a2c0e9a77d0

Analysis

max time kernel
2449334s
max time network
170s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

961624ee9797773c1dc7b2a8f42c7b318326c618ae452f7d1c463a2c0e9a77d0.apk
Size

5.4MB
MD5

86de0a093fcbb660831b37decb669a2d
SHA1

27f6438bd08ac774816f70a0cbd2487338e9cace
SHA256

961624ee9797773c1dc7b2a8f42c7b318326c618ae452f7d1c463a2c0e9a77d0
SHA512

470238f439aa94ed5cd1e1cef9753c9bcff71ef799fbde90027bffea43fa85aeba3c9fd8052c86b3f809e8011a4bf52bec33bfe50615cf9419a020d193b5dc9d
SSDEEP

98304:1toWxwivMGFazAgZB7vvFKc3GHLhllVGJBmZ/g00Td8G3tvst2Vmu1x5JW0:lwivY0gZl89HlSB2W/3lsImu1B

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ido.projection

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ido.projection

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ido.projection:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.ido.projection

com.ido.projection
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4650

com.ido.projection:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4773

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ido.projection/databases/ua.db

Filesize
24KB

MD5
927005dc0aeeae07f3ac887e161b415d

SHA1
f4fff4c3273e90e7ac3110bf73cc8d1c7ddf8d47

SHA256
f9e1b0ed14d5e132253bb1178329f5c3cd9decef1a44e6cc84756e7ba1e4f5b6

SHA512
24eed58e9f945f9e22cc5a7a00239f40e3896fc5a1fdb833723a0844136473d675a3e6c97a514a307e10c5807cea5b09a23ff945887498040eefc37f09dadac6

Download Submit
/data/data/com.ido.projection/databases/ua.db

Filesize
16KB

MD5
036c87fb1337ddbfe80a09249ff1fe75

SHA1
146362a08421180c334b371fdff61e8aeba09e79

SHA256
418d14b478bfd71b667b485e1a47d59624e98bc119461470f6319eba5525e2df

SHA512
59b8b8f83ed0d78b1757015ece01837a4b774a1e540bab70af3373a1ab2fd6c6002f47a31caea801c2f69ee2c778a8e5ef57408eb8af7de0945113c8cd0e2fab

Download Submit
/data/data/com.ido.projection/databases/ua.db

Filesize
16KB

MD5
7f167a8183d76b6fa694b90087f7de6d

SHA1
00888eb56dc585681ba54a87457297f791ba8009

SHA256
d8334db435e982e4d010c336704e0f360e9a6457b1a3aabc59b5633ea57b1581

SHA512
00a7dc73ff0d2146973ae9fdd3db92655ade29d488bceab68e34d6fac434bc4cd580242ac17ed0e66355e732af9194f0ec697603283bea1a54cfdd520b380bba

Download Submit
/data/data/com.ido.projection/databases/ua.db

Filesize
28KB

MD5
d1bcc087bcfe63022f693c0fcb91e117

SHA1
9a903015473a22c972544ea1a231bb2d64a0cc96

SHA256
045b9bf6b7f5dcb857cd5bfc57cc00c353149bdb24151d1ad006fded6e376593

SHA512
f59a635d43b7163cfeccfab2cede84dca264985cbcc8eeddab2c2b731bc9cdbd821c61bdf663a97be6149856a7848a7485852702927bdcd1e2eb3cc6812e293b

Download Submit
/data/data/com.ido.projection/databases/ua.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
8KB

MD5
5adcaf965356b7a17cca4d41701e76fb

SHA1
68e23d37dc5f60a8507c275bff16a18c4c20f4cb

SHA256
d371ff0369880f747bfa6bff9eba5892c16feb9e7823f95edf5e58afcec92bd2

SHA512
eecc677740ef2fda44f132891d605d666eb05fd8e830b52959fdfac649516cfd4c7d735d9067207f3bcaf258ab364b250e809a6c0302afe8f995e0ce8ba49335

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
16KB

MD5
47edbc40c0773facadbcddec71dbd5e1

SHA1
72f8a175ad6c662d3c106eeb35c861a3ab91ac77

SHA256
8c999b225fc59a687905d06963f2100eb605df8dc0571796c01090781fce826d

SHA512
a8c49a660769d1b980c82dbe42c8f6b000f47e6c4d377f1c63d387cb2837923b6e81b2bfa1968964c7538e64e436a0742f0d0c360e719321ab2f784ebe10854b

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
8KB

MD5
4627bfce441a2904b14966645327312d

SHA1
bc4b386c291a2584fd122f74609ef6adeefea91b

SHA256
915c1525cd610746890419c1c22e173740109cc8c9a0f494edf8a20d24d23414

SHA512
3245e6566a650646fe3bd5b1ede8094c3a2fa78ffe72ee495fa5c14157d9857523b19c4f6d0412fe86a9ec222da52156414a6ab8a9468e0f7a042afc85409caa

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
12KB

MD5
ae9f1faabe983ec0f82ae4096ec48216

SHA1
d09467589526233ca21b3259bec069191a69364e

SHA256
d30a47c9da1b9cee73d660671813bf8c6544c28684382a6e05c51e399e2da271

SHA512
28ae13618c4617d0262ca70eea9e6b2e7d3660c779e65e723d77362127ae70a5d24bcde59350c4daa8c78f50bf379ae141125f77880b5cbd0d2120638d052c88

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
512B

MD5
c2927aca2f39b6a4b55257ae929e2615

SHA1
e6e268017bc1b60586b65d32d52f6ead3668afef

SHA256
34c8547d6fde972cb3633f6d0e33419b39faceb710969f23a4c2fa6c0eff96d8

SHA512
49201814b313ad9459adf8f8f37d01c36bf95774473ef9ea5ef6dae41168f7c07453144dd39d56066c5ac7f1483484efa7bbc87e253840afb6818d6707c798ea

Download Submit
/data/data/com.ido.projection/databases/ua.db-journal

Filesize
8KB

MD5
f46bb463aafbf74337d52509d62e8071

SHA1
e2308b983ecd8d0a902f898626bb4f0d54125bf1

SHA256
bf606587d843615b591e08df3999a2b48011d8d7ec80c0cbb0cea03c74323781

SHA512
e93dcd2ddb1a380ed0b919e6717491598edd8070475dace0d069eb97da533db664bdef486c13d987590ceb529bd5f224430bb7ecc8edcf520382f4ac5cf42642

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db-journal

Filesize
1KB

MD5
052dd89cd339bb734f3c0e2516578d0a

SHA1
c090c7223b87ebe6456b923f3c5bfeb7281168a2

SHA256
f0ee4ef987fa6f49c0fba169eb6b6e3a7ccf670ce2b5760b2f15d6d54cc97ecc

SHA512
5d4047da991bf751f2a13b39f4fda405429e7ae5032ffeff7e79cefc6109c6bfd976c4b40244c5c116e5efeffb220812936520331f787041190832118b009116

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db-journal

Filesize
8KB

MD5
ed203633ef956841fcc4d80ad4865f9c

SHA1
b742a9ebb3f8aec5d6cc3540ffc959fa65543f45

SHA256
67261ad8c0df009d313e357018e38e3b4a0b5161e7e2373d8cb4e26d33c64f9f

SHA512
c6569899583ee32f1a7a3335454475d5b0ce658ad2876216b5ec774e7d6cee40627352d5396408367479c82f7aa97b543f67dca5006867caa4d389a2ef7ace2c

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db-journal

Filesize
8KB

MD5
f22d283bc78baf9426c3b6456aafef3c

SHA1
25da1e21b4594aef471fe6440ec8c2cb76f8220d

SHA256
53bd2b15fdefe12a9cdccda22a538de1c82e7007337940ded4cbd82900be7c46

SHA512
97bf72b153fa55fae249499c90a4d48f29cdc53e33bfe2d120e1d0805da3fb2ad163682caff203c731f702b5bed4bb0478ea9e73cc68eba1f046e3ababc18be3

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db-journal

Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/user/0/com.ido.projection/databases/pushsdk.db-journal

Filesize
8KB

MD5
09ca282465b1c36bd55092bc9e340c7c

SHA1
b7de0d8145c9e00293dd00100da6314dc0da4c5e

SHA256
0f791d0bc4adc227dc6102560df9f2751e88976e6aafd6d3b98104bb6bf7239c

SHA512
eaa265f2dae94dc167a52a8cb4e334d8362973bf8419e36c1a86893bda13cff80760872f09399e3d89bb3574dd3ebda1db1a52dfcf2d11201a72034034a7e6a7

Download Submit
/data/user/0/com.ido.projection/files/.envelope/a==7.5.3&&1.0.6_1703256237102_envelope.log

Filesize
1KB

MD5
b4d949b30a4e58bf93d14c7873026e51

SHA1
4459e8dedb8af61d08fa7c0b417ae69087217acd

SHA256
59bbd8c20ab628ec3157712f01e0861f00fd27f1e556e772f50d915436d5b4a1

SHA512
767417d993a4f6ea630fe2b7f612c41c7be86a2ac185f3c8a4a7ede07d2639b06b9f8d28abcc10f846b6ad1f6d01b6271aecf303822a298a0561e806aa789489

Download Submit
/data/user/0/com.ido.projection/files/.envelope/i==1.2.0&&1.0.6_1703256235757_envelope.log

Filesize
2KB

MD5
64ac914c69b5900ed2e291445ff19053

SHA1
d79617d6c5636ff6540f946a771161c710e8b81b

SHA256
1d5362e0aa96056ab9c18d2099bdc80245fe4386e359db37a39b7e3200d29f39

SHA512
c6625710af8556bab1df5d1e4f012f25ba954646af8c8375f08c86421d0cefd8023d7b16f690be7a2a16a2a0d73e3fd27c129a0c74b9b859b13e3c14ecabb2dd

Download Submit
/data/user/0/com.ido.projection/files/.imprint

Filesize
417B

MD5
767007d1359e3d0d10b991d70db79c77

SHA1
7f808186869f147f92bf0158ed5bb20e4bbaae3f

SHA256
297d2ce274756c637931e67f70b7f5da0c19d0bb93575ed2d86600269b66039a

SHA512
67bd9ae5b4f1568b6e5e2540b13812983300d713a12e82cb3d05e6343d5150c1d3ebeb143a5aad21d2ffcbaa80da80b501550faa4ee8cb0d6738596dcf6770b9

Download Submit
/data/user/0/com.ido.projection/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
8d01ab3587058a92dd548707c5deaa64

SHA1
faa655f7a217eb2a9bfc589b70db860995545fbd

SHA256
d495cf977b86e8fae90eae888ca4f8d6a07bf9446fcc6fbb9d9bda48ec2723fe

SHA512
ebe6d79f609e9b8d3577db57d9f19bd3194291a016dc4270a25e32491ec4434230fbc3386ea45aadc952e957181321fa0a2331ed778a946bd59bcbec368d809e

Download Submit
/data/user/0/com.ido.projection/files/exid.dat

Filesize
56B

MD5
67ba50f40e2f78711b51008c48b3bd9f

SHA1
9cc142791be3747486bd49bde91dc7a555190cea

SHA256
043f7fa00ca541240996ab7afef6ee41eba307433db44234018c073be3f92168

SHA512
d4e883f2ca2eba414d712b46fd318d8e373368c45244be1e09052485d6f0c981bd7c9cee2baab5a78d0f50354bb165a2ac7846c05985c90e54b7c436b2e31773

Download Submit
/data/user/0/com.ido.projection/files/init_c1.pid

Filesize
350B

MD5
1d68493e232a89af11ae5efad2516a68

SHA1
7ba6484d9ca66143179e2e5053834da7fc6c3396

SHA256
370f08ef2aa5922856e305fba7b320525612d2272edaed57088e36cd35e0a02f

SHA512
d77567998ebbf24ecd61e3f08b500ac08799c7aaff1807372a078e6b20fc27b5f648b946d50d9bf3f86bce1bb40a85db262e48aa7ec8e359aea49f1ba18c7f41

Download Submit
/data/user/0/com.ido.projection/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjU2MjM1Njc5

Filesize
1KB

MD5
94c8a95a2ea8a890d9d61f3cefaf27c6

SHA1
c95ec6a0e05f4c45eae7f664b4cc9ea79998ced4

SHA256
2609ba787628c1e54f3209f58dfd951fac671bc4cfa6485158882453b78b0c47

SHA512
85397974355494bba63304f04f09702df84c0ffaeecc2327677d64b18c577e2bbe81d3bb9dfc3d46761fba743b1369b28808752ccd0b9ac3c7890a9591adcdab

Download Submit
/data/user/0/com.ido.projection/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjU2MjY1OTIz

Filesize
1KB

MD5
b30edad4f625a0bb82735a414e2ff8e6

SHA1
7810147d39a736242c0f542f12d4e8b5a2d38f8b

SHA256
e27f65194ef843e4e0f5c989709f50977cdba6241773d0428a66a57298653c42

SHA512
f363a487f80ec8fef5baa58ac0edc319000c5432bcfa282df92a20a26f6f693e00f6743366c04a51b33706c1ad33c04b8176ef060ac026588f16296d3bac8e78

Download Submit
/data/user/0/com.ido.projection/files/umeng_it.cache

Filesize
350B

MD5
b8fc2a2a1d53c901c51746a0e9c6f72a

SHA1
5b6290e060df30e688c235f9163b8af1a2306572

SHA256
8dfb68d14173012347e9f0737dde72155502d1c8fb450d16efd12ff640090ed8

SHA512
f5eb09f531828d80c2588b63a6d50029ee4ee95b28fe901a6ddebb69e53b691d8189eb97e903b5aec62ebe38f19fa3c108b85867573fc74f63ac7267c38ead68

Download Submit
/data/user/0/com.ido.projection/files/umeng_it.cache

Filesize
178B

MD5
6726256a7596188d1558c65ae6236523

SHA1
7031f12db56e2dbd37d63ca38062511e608c93f0

SHA256
0e5918c1b8ec3ceaa8ed15d306739b8cdf0779fe9186e59dfd56cbbfa166d891

SHA512
78b41aa3f9c52011cb7fc092564859dfec037ac648726abd89fa044d85ed15b9d56d1891584f985eecb3775da71628a0371504fe7a73a62a2e91ef2e788cb058

Download Submit