a57e74d851d436331814a812895a3a33bacd513f0b3f39db6592683452c3fd77

Analysis

max time kernel
2504318s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 10:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a57e74d851d436331814a812895a3a33bacd513f0b3f39db6592683452c3fd77.apk
Size

6.7MB
MD5

1bfb6cc3e007bf316a0b62ff332b3dfc
SHA1

0bb137a670684980e81644c3d5a0a7d1e37aace4
SHA256

a57e74d851d436331814a812895a3a33bacd513f0b3f39db6592683452c3fd77
SHA512

6bf9ce848969f878b03fe8cfb54e1e9ab6a1142501399a68a8f39cbfede804344247df1e6e3c5aad95d78757a8917e107ee8dffdef30c5dfa21aa925b460dc0b
SSDEEP

196608:mAvGh8xdTZllVB4zsyUy2Crd9g2hVXbupdlbup4Rg2v2SZHto:7iI9VB/0njuTFu+O2uSZNo

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.snowfish.a.a.bg

Checks known Qemu files. 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.tdfm.mv.byh
/sys/qemu_trace	com.snowfish.a.a.bg

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.tdfm.mv.byh
/dev/socket/qemud	com.snowfish.a.a.bg

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/Sonnenblume/res.apk	4498	com.tdfm.mv.byh
/storage/emulated/0/Sonnenblume/res.apk	4679	com.snowfish.a.a.bg

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tdfm.mv.byh

com.tdfm.mv.byh
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4498

com.snowfish.a.a.bg
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4679

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tdfm.mv.byh/app_tbs/core_private/debug.conf

Filesize
101B

MD5
5397f9a772d337d0a2be1f7fa1184854

SHA1
1a1eabc1a8a36a642af3cb127f485c25ce5840bb

SHA256
e9b8510e23b958446fb83a92f56f5b22edbe1592098f865ec2a0055d294f9878

SHA512
9aa482a40b6b93e56419db51621ac7a5653c13eaf5d5122c3e5415d4de6d0acc9f2be9b93e4dafe894039e8d3cfadb2d53ebd63570e36b5c90b8e5839e961269

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
b3c99cfe965fbe2312ad49d2a7239a76

SHA1
a23a68dbba8551a921f5a98be6ac52c68da0a32a

SHA256
519a414e4ae935e28dc64f10d911095b534a09129e10f3c7d44113f625cb9746

SHA512
001c2d2bbbcc354de03dab4ffd97170ec914700e3a8a6df075e8b8c11166bef89c13ff0ea1e12a7af8e81e8822ee6b99c12da356a5263371b4b25948cb8ec5fc

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
8c688a7515284cb5e4a319025645e700

SHA1
05f538d5cd01e6feaed59172f0bc0b8777d41c1f

SHA256
4dcc90cbe3c5b676585f1373bdd0fee3045d52a43d5290719f39287ca6e8ee66

SHA512
d275270fbb21f7e40d10d936bb213ce6005eb6ec4595b97b4ce275a810c54a43d5f0be45d065938e541a6bd3ae6e2876b9a8a41b9b0fed52e561c7a18747b7b5

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
ed88aec879ea148c6da1d64159641e6e

SHA1
2f2a0267f0f7d5ba1d86ba28cda6c26867884e37

SHA256
a9de5b22c17a7de4680f17b446e83e64ebc88e5dece0ce598066e284cc48c8c3

SHA512
2fcf2c252244a9c1a321f6cfff65f5ed0f470be7ed6ce8a79f770ba4f8f63a48022f714514cac9f4869e6b0f373786d3b21cbe7fdc8fe7114135b1cde3ef2f7f

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
7b8330b5f4e6b8f538acede211921f8c

SHA1
94ff5f9a9fdefed898f5f93e951014f61305ace2

SHA256
d823ef38c818df7d68ef2939d8ae06a9e21fc85b31a618bf438de61188e34996

SHA512
78d6be1a2a54f8f71259d5a8fc6b75cd718a0d708e2409ef3b0254b3b447a3a6ec8db01e2e200c3d1b539fd935ded81bdf622819f496938a4c0dbf92f1741352

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
b569223a0230ad64db429f37ef8eba30

SHA1
ec447cf5f1aff053ff59bcba6c67d60bd41b3ea1

SHA256
ac1cf8125fca1a76d3aff66eab63e04af07b8e8ac1df01a15a0309854062fb1b

SHA512
0fcb9741ebe3e5d92d163036337a7c0771d25f58f989fa8f01606751a06c778ce5a88807fb6afa81e5f7d79ae5b4e2c5a2209bf1458e1ac34dd88b6c1933db69

Download Submit
/data/user/0/com.tdfm.mv.byh/files/duration

Filesize
12B

MD5
aabc56abb56de3829e2e3ab1db3e0ca4

SHA1
769955d62417ce66cdfd718643eb1211b0099fa5

SHA256
e34ab857bf37b227ee2a84e4a6f4f62d08655758698c6f328bcb818413a25c4f

SHA512
107f4172f2de66d6879e74df07d2a7ef8747d9da9d498f873e83de5028dd593f05ff5aebc63f87d79cf2ba3aae92701d7623c908e1933deba8bfe7238633dfb0

Download Submit
/data/user/0/com.tdfm.mv.byh/files/st_database.db

Filesize
28KB

MD5
d71f78b9adb6ed65718284bb98762ddd

SHA1
8d5a2eaae2bbe3a3f93a8ab052e276e3f64339e2

SHA256
82735857b0fcd16aa0a7bbc3fd9be1e45c2c002f730780641478252d0695b4e5

SHA512
05a357c6715864dbf4f3b49842ca5725ffaf100024a3da8220c6450079646bbc4caccb2709bd26f4cec2a1e50982b7bdec73bb2730ba12f38a6f7d91c9657a1b

Download Submit
/data/user/0/com.tdfm.mv.byh/files/st_database.db-journal

Filesize
512B

MD5
83bec41050c36502bf8219accb7945d9

SHA1
f9e779b95e3838a38546ef4f72d9c97d3c6fd031

SHA256
5c9c4138445ba372cd580e8e1fd04bcca52a0f0f974fe780c1855330f07741c3

SHA512
e7b840070583fd8e6d582c6b17bccdc3d22844f8290051e4be4d4c3fb5dc726d2fe1423737bd057caa28a0aa310c7021f91f773fcb495696935d9a6d9f0fb7b9

Download Submit
/data/user/0/com.tdfm.mv.byh/files/st_database.db-journal

Filesize
8KB

MD5
01680ca5063ac3a875ff05033a79d329

SHA1
305c0ae84ef33f2ea2222952666ee8d0d30c4ef7

SHA256
8da2b9da36197dd18796784323e4453c7e2a0e3a837a7c56f9b6f618cf6213c6

SHA512
5a4d1b7946855085a976c8eb09517ec5d3ec9862f1df507ecaed5ffa9b4ce4f9e0da8d96041a39e9ff641bfaf0d1f608ece501dc1c9d4ff6c4ba68ada4c96cac

Download Submit
/data/user/0/com.tdfm.mv.byh/files/st_database.db-journal

Filesize
8KB

MD5
8d2552561351b8dbb25ed977308af531

SHA1
23fcb3301c50f671791e5c5e4bf1820f49a83ff0

SHA256
65f5836e04addb2598a0a54d56fc45d8442868c4913d157b8c5a73c156bbecc1

SHA512
a8ce77f988d9a50d3022c5dcb419ddc6e7057aa83dd0da031814414237742083dd778832cfd7ea10fdecab892847ec52cd774f6c28e532a0bf420a35abc4bb51

Download Submit
/data/user/0/com.tdfm.mv.byh/files/st_database.db-journal

Filesize
12KB

MD5
23183c503902ffe8b837645cce30422a

SHA1
08ae9a6b294b38bc5cf4769c2ff50b0cf4dffce1

SHA256
564f58bfc6cfc3ced4a71f5a26c40e40c7741c9d99d2cbd281857e033442edfc

SHA512
6abad810d1fde1c1632e8d6169db05f980dd2d53d95bb433cf7e1b489db780805c22d53592405981801f05c47731bbcf2edaa238474dce3767ca28c0b2fad9c6

Download Submit
/storage/emulated/0/Android/data/com.tdfm.mv.byh/files/tbslog/tbslog.txt (deleted)

Filesize
1KB

MD5
e71859fa85130680580229ce8a61ef81

SHA1
ab1ff1c7465a545e3b20d27ac725f6dedf674b0b

SHA256
7975b79f0d0175f1be3d41f5e95fd4f7e61a0d16354818555c712f978f390a3c

SHA512
fdc5285f5f28d87a57317b1388b9a89ef4ffcea8dffa7207ca55a16587b52936ed525f9e70a0948ca7db39e3c4c842c03c63771c0752fdd570c6e270e1743064

Download Submit
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44

Filesize
127B

MD5
acec55f355e7a92880be3a1f0ce9523e

SHA1
d543e04b8f3a67301560634ebc48cacaf4fc8a3d

SHA256
a71041d600fb4c285de901c95591d4719e44067119a195b90066ad5fa290ac6d

SHA512
2546687676da1359a862c0ec809e2102257a28c92f4ca683189fa129b614c4458d7e33b22b8693f7d1f59663ec53d4657ee61464aed01e23f39175c8619d8ae5

Download Submit
/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66

Filesize
1KB

MD5
19f3007a97c88e1ae508ed1a0d9b27c2

SHA1
ba5f7d3e31e3150a01a6503c12a09452fb5fe107

SHA256
9aefcda6b1d18f3b192f26428c2ab087f872a53470806d92b8e8105137e232b3

SHA512
620dd135beacded2692262541fdc193264163ecb71e88f7e96f7f24d333a982b08485160e32c84b7a8d45d4bb95ca370d73415f7fdde51a0a4582f91850ee207

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
205KB

MD5
95b08a9baf7102387c52154380e01bc3

SHA1
35dd1da6dba7bb9eda18cc36e10f5f291aac1f1f

SHA256
ab33d551a9fe74873a203a398b431dc6b43d3d9aa579141ab6b8a50dd6e59120

SHA512
74a4173674bc7bcb0337708ee95a82c4353018ad2baea8292e998e9681d99210d3fb87da3f08c9f0c884cb42e5cc327ad03147ec4d85a97813ee07d5fc00e9f1

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
28KB

MD5
64c852ff8e090df61bc3e8a6eccff179

SHA1
540c8f7419f9579cc2e8a8f14e39d2d16e9948f4

SHA256
75e10418df3f1e107a8a872af0bdb3bad88b73a9fb6c7449a5a4342d0a111a71

SHA512
02e856268663dc5381eb55c15aeb3d71a3de814f710f026fc21b3f98e569a706ac64475eac6742e587e1ed8ce62fbdaadd506cea2c4740d37fdb63a992110980

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
8KB

MD5
7686f2048e43a923eee732ba87c5d326

SHA1
e10bced9030f0656176bab35574ce11d3aee2929

SHA256
43a65ec2916e3650e9afacace80913f8d8fdcbdf156f9a1bfa86783f6a79791e

SHA512
4b894d266c00976a857e0a2fa35976033b5cdc8f3557b3175be36933a3c80480017a65a14f245a4eca89a5698e4bd3006ba390e968b20c819a8185b9c25b76bb

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
8KB

MD5
d8077ee24f25afc115cbe21ad192ecc3

SHA1
aaf73b4c898aec4d367ae1ca3d210527e0661c12

SHA256
b6a0adc25b9f40b372132fd0c274ce7677f4deb4dccc7f684a1f8fe0674954ce

SHA512
bf520a19ed34481fe587ac121ee09ec39e75ae0c36f900adb3ed890a703e296ef5b90bfc5d497849c530beb742d378549cb409d783955e787d1958e43356a01a

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
12KB

MD5
b20899efdd3824bbd6074d505b87c7eb

SHA1
ce3cbf7c180c5648a03a759940c37afab3baac0f

SHA256
e162b97c707354c5eb5e3dd24ecfeece5e8bb0c12071b94e91fc1d274bb63239

SHA512
ac62ae9787ca897ecf7fe83c046e7bbe9ecc00f4ceff3a2b1004508bf53d54de1fc39199ac63d86d7e7d01ed8bcc2b6550d59925da48a795d40be41cbced51de

Download Submit
/storage/emulated/0/Sonnenblume/kb_sn.ini

Filesize
40B

MD5
74eec472db64e1ab2bde4af7366f4033

SHA1
8e305daa0644f379daacb6bfe57635e203759e2d

SHA256
1468f60791074b879f36372a2d32a4a86a51859cfeba09a5364c09dac857c96e

SHA512
6c3e3639168fc0d40c8a87cb934fe876f71774495fa813fcdf4fccfbd40c7003ededb735fdd0e3fa766bfeb056926de12cbd5eb6e0a501a29beff7b3d607113d

Download Submit
/storage/emulated/0/Sonnenblume/res.apk

Filesize
433KB

MD5
2639a7fafd82266d6313f59ac1c927cd

SHA1
1a0d135ed060c236ec35aedf25ae2b481e0c226f

SHA256
e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2

SHA512
e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u

Filesize
205KB

MD5
dafb7d4b90ea8d376128c625183dd9ad

SHA1
883c9b0586e740e9fb976d27a437e84fc26e92fd

SHA256
07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b

SHA512
56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b

Download Submit