a4b4d3587e5816b51ec213e70a73b1cf5759ae5a1539ca1f56c95fc634c4fa42

Analysis

max time kernel
2483173s
max time network
170s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4b4d3587e5816b51ec213e70a73b1cf5759ae5a1539ca1f56c95fc634c4fa42.apk
Size

17.4MB
MD5

1eca7ebbbf7708fe9225207194ed8684
SHA1

e8c89840929544d8bead94cc8d301d9e0fb5dbe8
SHA256

a4b4d3587e5816b51ec213e70a73b1cf5759ae5a1539ca1f56c95fc634c4fa42
SHA512

b558c71f7cdc30fcecd8f5afeeef14baa1c6ff372343f61c52b4fcb6d35a247dd4f309c9700b6cd098099511379028dac5326bb14c6df190939be3a486e4f121
SSDEEP

393216:jkhJDtKua+/MxLjUYGw4O2KF0m0fKECqD3cI3oWWoCsSGu7ogB1z1kdH:jkhjKC0ZCKFyiECqD33/WTGsoK1z1a

Score

8^/10

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	app2.dfhon.com
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	app2.dfhon.com:TcmsService
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	app2.dfhon.com:remote

Reads information about phone network operator.

app2.dfhon.com
1⤵
- Requests cell location
PID:4517

app2.dfhon.com:TcmsService
1⤵
- Requests cell location
PID:4572

app2.dfhon.com:remote
1⤵
- Requests cell location
PID:4647

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/app2.dfhon.com/cache/WXOPENIM/openim/app2.dfhon.com_4517

Filesize
8KB

MD5
f3f1ec6614efbe709dd61f5f0a317594

SHA1
fba41fa178d962339b62a670b24dfa1753287159

SHA256
89f645182f495f0ef27224b1db4c842b5e708e78d6dae518b72617fb892a5562

SHA512
80ab1093bee40de5480046be15adf91e5b4a98c0217e506dd7b003d37c9a534e094614b26110062928a36a96632b2523f40112ad2b7c38529b8410273804cf87

Download Submit
/data/user/0/app2.dfhon.com/cache/WXOPENIM/openim/app2.dfhon.com_TcmsService_4572

Filesize
220KB

MD5
f38b7be32684336f14a259baf6abe57e

SHA1
fbb66bdd10c5a1e30f026c2e87c978d8104d2be2

SHA256
9873c6bc5b2f567fb2a28467494fbdfadf5c5f636047a5c7fdf4e24530446b61

SHA512
c6591c47e82cb452089d0a9c4ae02a965d4ced2d8bf911f572c8c82d6b3438a56ffe32575f887f1b55082ba13bc5ff13bd1f6629d68bccb62acccdf4897fbd9c

Download Submit
/data/user/0/app2.dfhon.com/files/databases/district.db

Filesize
54KB

MD5
d027eb64343427610761fd02dadef2a9

SHA1
4602dc3417520cf7e21d9c1455a3d139433a1091

SHA256
597d3f1bd02682cd572849a404d75fc0c2ce248a33202d3ca1fe9a46e180de79

SHA512
c93b6b6963fb48297b4c8b01a74af24b2e2bdd4cdf6524ab1b37a7ea8f77fb066ced5f21f21480bbe0a1809ec79f2f13e79710ad49bb05fbafcc1335d2ea528b

Download Submit
/data/user/0/app2.dfhon.com/files/databases/district.db-journal

Filesize
512B

MD5
c708da067cecc1b9df0b4892838fbef7

SHA1
f66c882dbe62d083d14c01dec8729a89262dc111

SHA256
bcd8c55929361995d89331ed499a038fa211d981de9713416d5591dd28cc8a5a

SHA512
287ec6146f68fd76d32685a7003bfa816b347baba5590dc2264edf4f6e679dbf9768a6ec59f1b1a9fe383470b201200289b036ce988c90fbd96edac4fbf81d76

Download Submit
/data/user/0/app2.dfhon.com/files/databases/district.db-journal

Filesize
8KB

MD5
706a2abee8631a486dd60ac0c36f8e1d

SHA1
e25a112f41eb640bf3f7907b96dc25d61f5f83a8

SHA256
9e115d0dee9d446665f50d82d2a5bf88d939f7cae3cc3a7deee11470ba4eeb8a

SHA512
77b99d66fa63e8d41ba4e1085f70ec2bbb04b00d292448ead60bdd9721338d5ba167ea7b4db38b5892c7cc93a08386382e22b37eb806da218252f075d8c52153

Download Submit
/data/user/0/app2.dfhon.com/files/mobclick_agent_sealed_app2.dfhon.com

Filesize
4KB

MD5
bb8a5d0970f1874563dca804bf7e95e0

SHA1
aff65e0ad56e9eb5e88d18021317445f5c865f4b

SHA256
8f0ce215c0de2b7f0dffa4c269375df36634fb1bcd1d1505ef5c352dad2fe7b6

SHA512
eb6e221627c5fe2bf415b19847a1c3b04d52978666151ec11dbcab302a8c2eeed666196ba0283ef6747ceb123f70ff6af03e0e9dd6dc3b98896519d58c9bd8ff

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl.config

Filesize
235B

MD5
af2c81f5ff614a691a381b0fa7cd8e5e

SHA1
9b01327f89c50eb5a12e661f637ac46428ebebfc

SHA256
51e5d7bd7e72d655a412bbc2b305527262dac3244b6b5aaeba3954dca66fd0e3

SHA512
78c9a4d0705fe61a1e8fe6c12a5748a414fcb5269e951ac01b8af65540b6c88fecadadd6ea57e417e1feee82f5bc0b796ac944f84d3ecf021fed81dd6f002ff0

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_location.db

Filesize
28KB

MD5
0f1d016b72965660817257279fe6db8a

SHA1
c6df5e5df595298450460b93783f47d41de93da6

SHA256
28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd

SHA512
c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
bcf2c0d61c401894002f065bc5b6b564

SHA1
a75ccaed4f596511fc85beacf5684f3a2c383977

SHA256
4faafbb8c8e92a057937d9dc4ed7590932ba4fc21db19306fc797395fb2cc00f

SHA512
4d0d988900a709d98c53b94121143a71f29db3bf75921ba83e5e8f6b0602c37e474b4417dc4162e32ea7b018e08697512a3d237397a0698352343076d35407d2

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
7f37770a7772c9b368f52a6fa6fb8ede

SHA1
c2c2ee82fc167f9477c27172cb6b18ef9ae5b21e

SHA256
f7b16e75eac2a32590b50b1cc08cf53127839ec5bf5d8be79d2163be2a333918

SHA512
eaf894282d2378af361ca52f5052c07358a794808eefab131a0ed9503dfe076a26065fe3fe03ae884cb849d542e04418b4ca3e8e44e6173ac85f12e8fc26f91f

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
4704ca9cfba82463a0a12ad873116b38

SHA1
b085374546e664a91ad4dec1369682e3a542e748

SHA256
faea80dc1f524f71796c3cb31cd1bf4e9067a735a16c7946befb8410d739b2c7

SHA512
309c227500e9156e48e86401f356c22713308dd2875cae136a8ef088fed27db228cc56fab799da5640c99c7e30e4008fa6d7db33b6493bd982db4e6058b3e4f5

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
51fca4dac8c4e365e179fb6696b13487

SHA1
11f61ae25842d0ab4b0ec9e4fc41d906cb990173

SHA256
1f4ca16dd9c97352b64ac312da7dc238ead1ac2776d1aff1c22d1bad100d6973

SHA512
a7e8dc1ffdd81f43c53603eecc622a45004c447e6a181aeaf39d2c0a81e296f56eebb09e6a2ddb86a31a6d80b8f2a44f20da0074a5cf351a530c30bd67ee0e2b

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db

Filesize
72KB

MD5
73bdcc90906eaa22de483e2e43d0e175

SHA1
a4a0f245db38a8a9a46dcb2707bf5fb4119e8705

SHA256
0caf334e77ca0d886c079cf0f4af45d64065812ac850b65faf8bd37545f82cad

SHA512
c77df5d4bd8414ff672bfa310caa22c5de34dc84f9f955dd133d5aef5db37fba84af70d2ed1d3c464dabc203ea3496aa5bff61cd9a860288fca10167f42573b6

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
25f1ae0e996c930c0de35439215cc66b

SHA1
5bd50c67fdb2a96e2b9c0786c32341064a776f5d

SHA256
482982b8b36ec0e1df24d88a8aba14454e29dd06c598a3bcef9e714d7b4dcd57

SHA512
9f168ccdab8980c1ba3f92fe8db9ef57af5787ad53d7edfdb346a816300048a2beb678ff7fa44cf57c2c02edbf6d20ab2d461f8e6d329703002e91ceea38992a

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
e51d36c6b008ca3bc3897d9c3316dd5c

SHA1
36299e5718593bd467ee860cd4939ac73499de47

SHA256
1e6091f560eb4694dba1434300f91f6a1dfc6039d26910da731ff028295ea454

SHA512
6e1746e27d146f8779da671fc762f78dc9eb9fe6adfeb589f9d3368ca0fc19823b393d958f322bd5d4fc70f4b92f4fb1b7a4fe8a99bff7cce2daac495c0288ab

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
a29ceb4e375591cf04ed304e7dc4e026

SHA1
4281cde2524e6b07907579ca78d25e1e07975dbe

SHA256
98838983213fb00d66856e7dfa6a8d48a7fb18ca0ea83d3d9a209b2df813ae55

SHA512
903a475c31854d7b803a68e4b5ddc30add7cea530f383faa45ec20909bba2cab79b8ea82bb0413dff8cbeaf1ebb81fa42b24943aaeac311b883da329753760e2

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
02226702e274588386d229c95c36fb53

SHA1
d42ed14eef613f480fe533a9583f027ed37dfb65

SHA256
efdec590157ee2872625f867d4237713de7908171d1c2c24e009f16e2557894d

SHA512
98ba72b193f5d0d762d0e6e246540bd3db492613715a9a18dce6cab1d9424fac86d3b63f267426ec5afa1177577878d854b27b63f74ea566152863c05ff333cb

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
c9b3c50e1895138a2d5261269ce85449

SHA1
9de2425c91f208466d146f046cd7d5f50603b682

SHA256
498f51e95a57dea2fd67ce6cd15e5b58147983392713bb9253696f14e14f5ec7

SHA512
d3a04240ec1cbff2b47e04b3278141d5e2d6233d36b511a9309659000b18aa2c2f3580d403b7584c8fd2127ff4f4467a50c4363d37b99323beac857a83ae4f54

Download Submit
/data/user/0/app2.dfhon.com/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
7b0c54f5bc190698a92f0534e3a1fe5d

SHA1
800a929189c2f696d0573fa2ae25b26c3ee86f54

SHA256
1e28d85572e47296bbb860d58da91dfe7983bfa5e83a2d57c0c82dbb45e64bad

SHA512
ffed4b640531dd96c2cc8dd1e9d24c02009a20fb86b2721384b0d99487416b3ec5e9adfa00e9149aa18e48d71c2a1ecd06f11d5da9a69fafc25e1bdffe3b4b8b

Download Submit
/data/user/0/app2.dfhon.com/files/umeng_it.cache

Filesize
148B

MD5
644a1d63b2364bcbd7740d769e4e3ffd

SHA1
ae6fd930878d24bacad9ffb558cf52b1b7ad5b42

SHA256
5259661e52c9b9f101903003879176b30800468b70b1b4c3d12763ede0653fbe

SHA512
f717b48bc032afa7a3547c77193d417eecb74b0293a9e106aeb57e42ca7ebdb715ce0da09b29da23a25ddc6daa1cc6a27fadc02f586ab627ad86520ab663c62f

Download Submit
/storage/emulated/0/Android/data/app2.dfhon.com/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/app2.dfhon.com/files/baidu/tempdata/conlts.dat

Filesize
151B

MD5
c82a3e50e27533646b53b59abe6aedf4

SHA1
271e90466da4294c03c2e4a8d3d791813c7d6dc7

SHA256
0609b8b0e6f725077225b0cd8dc42d84016840705407440d61b8a638b8945d8f

SHA512
c2750cb47e9ef95a8da6dacc7db3713140228034b9c325e6adbcb11fce4b6f64192ca7e68f7b4b3c05cf627e82d5dfa205b56439c5b0965756d972bbde61f1a1

Download Submit
/storage/emulated/0/Android/data/app2.dfhon.com/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/app2.dfhon.com/files/baidu/tempdata/llg.dat

Filesize
418B

MD5
d015ff1b63b9738cedea582f7b911e55

SHA1
1d5656c78087039d92c29c22903cfaf9a7fdf1ea

SHA256
d09789c52fbfe484408266aa82057df23e1672d10b4ed51e4de31e31d0a882e8

SHA512
351a354f2c2174c4bde724c2130deb3a8c601ac740e3b334f7339fc19b0e2be11074783280009ade73b443390f1f26ff90ff24b3c759ce7c8a5b4585936b44b3

Download Submit
/storage/emulated/0/app2.dfhon.com/WXOPENIM/tcmslog/userTrack/2_20231223_r

Filesize
8KB

MD5
f8dff52571f8f6e9ceb90e0f51b0cd12

SHA1
219c6ed8eca31f1285702797e0456bb8d5a8d2a6

SHA256
f3c7abdfcf4804c044c618b355525b91503e085ccbc9bc6d5e293d33198b57ab

SHA512
cdb21ef9f31db5dc86d259f3a09615fb1733abb46b04e28ceb5839bfb648d14d8b63ffb08087a80353b5718ee3ccc5d0d91811c9a47933be9986d4be50dd30ad

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
3b9f5958897a6c484e4fb82ef99c4918

SHA1
383f8282723bb4c20d105fc218734583fd78a32c

SHA256
3000c6ae5acc332a0af3e1809f7341511177bbffe99e357510b3a1c166f62fa1

SHA512
08d1bb092f0cc7ca9370bff0cd0e0a89a7eb2d5ef9a8202b598d05f192cb772884fa841f1737b51456486ff44488181a163fcb4c4f4dff2e124b8e8dbe0543d1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
94f1a9d77e9bff1bf826e5a12f0b9cd6

SHA1
df2c63fa4b2dbedc7deb4904a218967e914f085c

SHA256
eb42e71e7e4ee88a1f8648eb17b8978f4fdf2685c0a67ec7d85b8df6815d1fca

SHA512
b62ed56ff1b7bff7a7f540e9b9ec1a429d13c716e31b29eafa4021985637eccfa5809526dc43c2932f956faf9e7bef48ec4260ad1bb378d00a948c1a1905d40e

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
615e4ca3a81a7b563084b5df0c9ba15f

SHA1
32da4c4d92a0ceba9524ebbeb4db753776a82e04

SHA256
e356c19f5a6d7a764f4940e13431267e1b765a47cac1d0e239b3a867163b26e5

SHA512
386589ce9a16219fb829aa47b3853b2872242733147956243b164c4ddcd4eb32d95730a2b34731c02537d0bfdcbe9dc8d8ddea73322209f22cf6afa2934a38ff

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
cecf25c789aa80c787fab53d1eaeb1e8

SHA1
d523f53f5f7e0c8dea97fa9169094122bace5106

SHA256
572d6935719a2ad93dc8c9a23d9a3c0412bd04443605f5b45dcefeecdaa739d7

SHA512
79109f4919df492322c5b4cf0d57827729108f81d39d03bebd21fe799c1bb388a543a79563363feb5fb868a511ffe4362f2598b4b9939daf21d16bb08c857750

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
0daf058527d6ff3ae3e0767a4c9061cd

SHA1
21b1994737afe004c7df9b368a690a9b5399c9fb

SHA256
6b6a4cc424112c9ef0e379920c0426ef3ffe9313c92c5bccf4346310c0ea9328

SHA512
f259d55b11486064eae1394c4baea1fd696bc1aedb20ea63e8f6ad28645cdb0c7c7c6ef66359489f4655e34f1aa7abe33ef5773eb54083864e73e3192ec7dd14

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
3fcb299a9789ce2b5174a0499676fd87

SHA1
21dc29136dca4ee96eee202c5e8508a6fc0e5c12

SHA256
ce284504c7055fd967ff314792049d98eb732b8e3b9d614768a4e45da5997b20

SHA512
cb026020496e5951840dd1ec49e63d92dfbbcf673727958f35de63758c090562ab3c5a7ad7a9560406cba1f333d01759f7277f9cd786845257dca178ac54f261

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
4KB

MD5
ccdd731a58295a72b8e88584b0061499

SHA1
3c40dbe9179050fc6c7af655da876df743fe8e8a

SHA256
6e09ac8940cef5f54dcb3292354f99276fa78fe477ed21a9ca6eebc61dcfac23

SHA512
4de818c8c87e7400f76d92e52474ba20ecf6bee3721da600428b1c1fea5068dc7ff719329ec65a51f42bd9fbdb2ac7c5ec106a584522fa1714c0a54bcd581fe0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads