9c0047b1683d9ce6d29b95b1a06a65555b6d99e3814ba1fbd3c37a02dd553349

Analysis

max time kernel
2455514s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c0047b1683d9ce6d29b95b1a06a65555b6d99e3814ba1fbd3c37a02dd553349.apk
Size

8.7MB
MD5

441f1327a16f623ade53f8a8cdb0ac5b
SHA1

ecb3b64bf7fa9b706bd43b70921eb98835809ae3
SHA256

9c0047b1683d9ce6d29b95b1a06a65555b6d99e3814ba1fbd3c37a02dd553349
SHA512

d245c8632d74cb44bed680e710fcabe49ba71fe57c87a474669da4cbd9f5ae1a7ee78968a96d3900185c7793c805986c3ebf5f5fb0968c215d17843baf9d5e00
SSDEEP

196608:uWVLcBpBZ9Fp6icxpvqvXY5m+ja3/i5rHNWTTzqP4vOx:XLcBpBZpj4lFjysYTTzqPOG

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.hdll.goodnight/app_e_qq_com_plugin/gdt_plugin.jar	4478	com.hdll.goodnight

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hdll.goodnight

com.hdll.goodnight
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4478

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.hdll.goodnight/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.hdll.goodnight/app_crashrecord/1004

Filesize
225B

MD5
14f0fd1c128ac432a791a6b3874864ae

SHA1
d3450ebd6abbd07ffc55525d25757f6fdc80c733

SHA256
3bc359e18b53d8fda07012b677ed580a3646a288726cb194e9e133d6e4f89001

SHA512
5a4cf344a738b62a2d6f1e38e95d45d94823b660d467294935489a05987820dcb23d5fbf279ceca2ecff26989c494fc8a0e933b8cb354a26fe482876bc4e846b

Download Submit
/data/user/0/com.hdll.goodnight/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
149KB

MD5
5bbd4987057c6aa8f1992d72206c68a9

SHA1
3a2b6dae68dce8239f680c2684c648238bc1bf36

SHA256
2a7fea6e019debe6a0b0c8a5bff40a0451133d3f122d3bcb8f28aed615c50539

SHA512
ec138779d809f32ffe54998314263546f630fef799bb3cbf61fd494706724a3f756e0b3a5e721765b121a053b56cbe3e39f8edd09c17cae8289d677f9c4b8f73

Download Submit
/data/user/0/com.hdll.goodnight/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
336KB

MD5
b766bdb156e61ab55372d9fed442f45f

SHA1
5dcd61a8b17a916bb3d57804dbb913fd678ca423

SHA256
5086de5cab42eaf3601da97f3c11ac84ff406c77461ba8c97e3b36e5f1491e86

SHA512
c7b1b2983199494db18addf61a55d5d3f5b9b5e77e9ef4120c5d5ec962c94921d7493fc3e320c7f539f6eb0f68b40d282546da9429ba938371b463333f42ae31

Download Submit
/data/user/0/com.hdll.goodnight/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
9fabb1cf2cf24c194c070a774a2cb082

SHA1
7901296e19069bd56517c71f2711e356298bc546

SHA256
87c7647f6b678369b0b35e173a63661024f4942cd0c2369d81d77a82965a7a0a

SHA512
2d93db3416cfc0c0477d0b93f75346ac77e0a9c4a07fd0e0a474913f5a207d6bff6700876eabadb5517a5f047575ca09f0730aef0ed76abaf004b8cf71d1b825

Download Submit
/data/user/0/com.hdll.goodnight/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/user/0/com.hdll.goodnight/cache/HttpCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/com.hdll.goodnight/databases/GDTSDK.db

Filesize
24KB

MD5
d9546e7529040098de5b03ef296970a1

SHA1
7781f0f230dc2bd574bbea97194d0033431d350e

SHA256
585184ebd52cf769be667e0b871dd9324197f21e37152fbd5fe1cefa5f523ccf

SHA512
acf1935480b8b99c231fff1b1de32b7456094853cdf0d7819c57302100d608ae884bc2d44ad3ef3ff8c2cbf2d4d66ec8d77827e6c9605ebda1f31cfc522b542a

Download Submit
/data/user/0/com.hdll.goodnight/databases/GDTSDK.db-journal

Filesize
512B

MD5
1e1a7698bbde76be9f615b96ada68359

SHA1
73e048d8982c2b4e7f0fcc988ba411c080ff176d

SHA256
3bdd46c3e540a117cf1cbdc06f12ea69d0eef384808058a20f137831477e91ea

SHA512
0de59fa4ff9e5a17db02afaf85d1a66bd1b704cbad134d23d822b806f2b866635def6f146d64f7d836a401366234d81f18a2b15efff4dd2e97087bf7bc9bd4b8

Download Submit
/data/user/0/com.hdll.goodnight/databases/GDTSDK.db-journal

Filesize
8KB

MD5
c8bf4dfc6815493d34db5c68755a4af8

SHA1
8b7a3eebc625297a7147a09b79243584030f9754

SHA256
cc4f610abcc3971bdfa7cebe8d53d2039fd7ab8a153def97f98c1311074ff3a6

SHA512
648a1cd7c1631bf9402fc723adc50da909688258679a7db271782a2bceffd418b7167cc485c7af1615a5a48c67bbd723c4e4bd6258d2cefae9035fc40c203fd0

Download Submit
/data/user/0/com.hdll.goodnight/databases/GDTSDK.db-journal

Filesize
8KB

MD5
1ab605d4d24f0acf6bc1582728f4f9d6

SHA1
839674cd9468e46f70c24636a84078d359bb748e

SHA256
06c75d7497be7f10c4b4ab7729616110118b905baebe76f866d9eac879e63954

SHA512
5c44b47b69386974fdf8a3667176e6043384421fecb2c6847db68d91a0bb1776b64f9d1007831291dd84d35381e8811ae14e71f7cc48173fb22b58b5ee3e264b

Download Submit
/data/user/0/com.hdll.goodnight/databases/ThrowalbeLog.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/com.hdll.goodnight/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
aab4eba42f123543a4cb32174ed7491b

SHA1
316acddc6132cbb8d34e5c82713aedaf5fe9ce6f

SHA256
0c724b2cfb6d05e2386dcb72a78058d36d6ff18b0a17629746e2b40c03c21ebe

SHA512
63409ddddde8f4253a3b0e4204c66f35f8f422ea45caad18e1265cd3ff02167d90c16476823728cef89617a3c7bf5a243bf3d2c376b1b8e3490b74838a0befd1

Download Submit
/data/user/0/com.hdll.goodnight/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
8a9e98edf43bccdabc854665e13d447a

SHA1
77e3c1b63f518ff497d554119736f4bb3182d07c

SHA256
dda019fa227dd6de0d1f5ce58b8cbdb95a5f1499ae930c6d57e30fdf132cfe92

SHA512
e59dc90b86b8f6db069cff0e93718f34848c822c08f4bead965ee8d93af0d7c761b5be711dadbe8fde88fdccebd5297abafe567c37cffb3013daa2288c0a328d

Download Submit
/data/user/0/com.hdll.goodnight/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
c7099bf295fe25bb8517b4762e868bfc

SHA1
245af123750a857612b12d9e5bbca7265ffa65eb

SHA256
705ec555fa5e86bf67bb69dab28b9e4e30f1dae5ebd92fc816b05893b45b2a74

SHA512
7d72f0a2182bed97f1dc921837633175c76c19483b5f687623d4ba5e55604e20ddb30f0acf385976d778b69fc08613ad57ce5920b6dd8fd3d564cbeb9511e734

Download Submit
/data/user/0/com.hdll.goodnight/databases/ThrowalbeLog.db-journal

Filesize
12KB

MD5
16fada2443f969ee50d520143096df64

SHA1
7fc52860a8fbe25aceee213037e2490522b6d016

SHA256
f620ab05f3ac0fdbb77445f82440e759bd77d5b6f72953da0ee3ffb19d43bf9d

SHA512
2581a11ae32cb5401ee10f2df8863f0d1c9710fb390a8817767a968f17230c8798645c11afc171717c1e1b3a4f588b7ea46a9bed92f1402eaadcb7ca83e36371

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_

Filesize
52KB

MD5
24f7edc6e21768493f48d8112df284bb

SHA1
38074dc035ced5840d99874184142692fd5a84f9

SHA256
d8fc4591bc0dfb07542d1a57fc0f277e98df58cbdf21d92cb61db50f750ba250

SHA512
626f1be81a54dbca162533fc38ee70bfebe9141ac1a72413cf7429a5c7005e2b0a96a7fb915e3c771d9bd7ab4fe3b00e3e58b24178dede580bee693499b6f209

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_-journal

Filesize
8KB

MD5
594b6bfff40a3e084a80c8d8dd9ca271

SHA1
a2def116d224e360add3e9bec17d375803c79e56

SHA256
5dbb5e56db9288ab83007f6d94a7cc0e0ad8eed602cdbe364e8fb4b4970859d8

SHA512
ea33faaf083dfab47bc21653a5aac8946395fefeb48c4e34fc7c6de29a7f62c7f66c116bd37daafbc25e74d14c4b420ac8d8c69ae26febb6acb6911d1291ff78

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_-journal

Filesize
8KB

MD5
e5a23d61a34d6d2a5761d2a06dfe0ea1

SHA1
ffec4b862e136a666d54219c538bbc96b5fa4666

SHA256
31caf4b64d9f30274b57871eebe25997df214f79865eec42453dad32cd5ecd77

SHA512
bdca1ba8a755b0bfb25a72bfef4964ed1259c9f30e3a36d95977c78962ca5b41fe16259717b4dc7e90a462dc436fc92cc2ab7c57f8eb0f31c61c058f7a0b3b7e

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_-journal

Filesize
8KB

MD5
f39e5b5871f3596e60374d11dbf043a5

SHA1
10bc096d2bc22804a51fa3ef75bf261ca1fb0667

SHA256
6be0f7b27caa63079de25b702f7e6058330824fe23fa29c8588ddf45fe7679ca

SHA512
4976ffd078cdc1af4784b17f8e4e169f28b95b7aeb4ec790a9893fdafb621b8b1df42361b563210fb231dbd4d0b029b1c45c2d6954dc9d89151eebfb34624a38

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_-journal

Filesize
512B

MD5
d1af5ac92811f097f23bf510e4859d5d

SHA1
150ff7aaed618498dcacd0faee61a511f5245a7a

SHA256
eaac50dff4241eb864680c2726a39ae8d114ef7700d2dc88cad021220e1accc6

SHA512
fd41cbd8c194950913e641ffd7d79c8ddbb15ab1c37bde9d7038cd64eef51c3d2b434979048757bba76953865adc1cdaf237ade5623952a1561ec40cf92080f9

Download Submit
/data/user/0/com.hdll.goodnight/databases/bugly_db_-journal

Filesize
8KB

MD5
55bb5bd479e72ac04115d1a13ab5c5f9

SHA1
10dd1bc68bf61ef3edf62fb1b934bfd6914fd5eb

SHA256
f771c4ab6bf84abf6e23afa76b8e69b17282c5a3251c06e7e134979416a9c122

SHA512
422a59c444645e459fe0e633ad619ad9ac629e078cbaf12fd78d015424a6d1ca3f4e9bda00cf54bf8351f17360d68e7e97ffcf1e2c5ade9ff752ec91ebc20147

Download Submit
/data/user/0/com.hdll.goodnight/files/default.realm

Filesize
24B

MD5
a6980e37e665bb8a0965c29152647c63

SHA1
86b4048d9573af651cc779b2658c09cdac17ba48

SHA256
7ba495d2a0eb852a151ccd90d42baa6824812e06899e30bc5047dc83553dab58

SHA512
8cdcadce37d74496a054a4a1a092b141fe42d56091b63835873e65d0557122d4fbd36335952201ee9f4376a4862ffc34e086a4f0e623651e2b6a8c88d290f239

Download Submit
/data/user/0/com.hdll.goodnight/files/default.realm.lock

Filesize
1KB

MD5
89060eca4478f5343a584fbc0b6b914a

SHA1
7ae63ed36dd08967176703450b39240b1ae4dbea

SHA256
834b357d7d39eea0e0c10d11b2219f6830900756c8044936f5374c9e9490f05a

SHA512
0353fc9885682201e275f5186cb8753962f73f001ee6599d361103f57f24f820cafda6eaeb5d34291678bd03fc1f65381c23d834fde418bf7562c4d98b7c49de

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid

Filesize
480B

MD5
183b69589f42a9a900a1973be375096e

SHA1
6d1f530adb9a3c01a29ed5c8b2d6f34b3e61fe5b

SHA256
b8ee4c27840d61151d5daefc1b5b0e4f7b10f25c8e8db0397e8afb6dd37cbd42

SHA512
ef7f9d12c8f071616d6826161d392cbad63791acabb72cecf9a7096436695a0982ca2b05c654fb2fefd137df64987e34eb0887dc5049c173ef2592d54f118850

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads