a9fd907d6d662d09386991f8153e8f348b512837ba15b000627d2746312fe05d

Analysis

max time kernel
2501707s
max time network
135s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20-12-2023 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9fd907d6d662d09386991f8153e8f348b512837ba15b000627d2746312fe05d.apk
Size

26.0MB
MD5

6c6c912950573c84b5a122310bcd8352
SHA1

9c7b64e308afd6079c38ea0a5e5dc0606cd589b0
SHA256

a9fd907d6d662d09386991f8153e8f348b512837ba15b000627d2746312fe05d
SHA512

8cb959436233f45a8b6e82e26ebdb92b1b04e76815bbbf821879e8e8c1b97b9600ece40196bfeffc46fb0c086ad4c7a8792a3fe4d3ef4812868a0e51404f69d4
SSDEEP

393216:ZSViildEW3sBq3N0oaT3Wd0CJG7dPsA9LMLRriis8Q5z1Pkr0lmc01wluMtGqpW:ZYVqGsBy3WsNLRA7crbcffU5

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.nwnu.fontnote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cn.nwnu.fontnote

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/cn.nwnu.fontnote/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar	4278	cn.nwnu.fontnote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.nwnu.fontnote

cn.nwnu.fontnote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4278

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.nwnu.fontnote/databases/cc/cc.db

Filesize
36KB

MD5
237420b1a955f9c0e52e08587ebb7e7f

SHA1
550805e3a204c76a83417f4d41e7a0405e1eb1e4

SHA256
d07b3bdbefafed7c556f8a7491b95826f1012a386b1028eedd257a90be129f6f

SHA512
d35c5a739df213881de25c7937ffe840360977bad57a170f684ea55bb809172b08364feceb7e4ff27bafcb94a0bf95b8d4f6714adbe28880432246d4f137291b

Download Submit
/data/data/cn.nwnu.fontnote/databases/cc/cc.db-journal

Filesize
8KB

MD5
06719738ba956637a36f03783b134fdc

SHA1
eb1186123adb6326f4f9bc3d3d9ad02142a05d2c

SHA256
a7419a0b490f8ce0e5ae902dc4160adc2207594bf2a764d2cd3b43d323d0231c

SHA512
2912830e6e30b8b6372502aa897d72617672f38870d12d1ff510750f3eed3e12f4887b23115de97aa121b1673e37db848c9d50b4bc14231082b2257235e6723a

Download Submit
/data/data/cn.nwnu.fontnote/databases/cc/cc.db-journal

Filesize
8KB

MD5
c35ff50f49c101764000fe3030d824f9

SHA1
11f7c1d4c3022ebd60b3d64115ce67d2dd47ce50

SHA256
5f845a9b981c84ea3457895b3599bd625da241f9062802762b427dc9423bc783

SHA512
9ba6eb541a633d8d26a803d81eed3626b734d23a988e958e436f4e008d82ac6ed84ab661e0bf90ef89f5b6fc45b9a937db0cb62ec1b2a83cf198dee6b1832204

Download Submit
/data/data/cn.nwnu.fontnote/databases/cc/cc.db-journal

Filesize
12KB

MD5
5de4f7f528145ea6408dea093116b4c6

SHA1
d2c0cb01f25d91adbf439a66d8ec3839b4b4c438

SHA256
f84fc4e1a3070a8537e628cdf22cac419e853d84580c25b5eb2fa7926aae7f85

SHA512
b21116f890f361d3d28da74bdffc5667c4a64fc7b8416e46b20e7385392548f6e71706eb2adbd4033275ea9d8e5607f9649c0a3a4bdc89d577e87546cc79b665

Download Submit
/data/data/cn.nwnu.fontnote/databases/ua.db

Filesize
32KB

MD5
17bb57268badc491266a2729e57b37c9

SHA1
ebcb029dd3fc1f70e210d93ab3086bbd5d39e3c5

SHA256
eda21e9bb4ad31e62a195d99b6e8e7f361411de6ae8f3049537055c8e688f837

SHA512
a4a6b7ef13c6d81777bd583c1a96fdfc735b7aae8fa67d9502807d1e150784abad3fec756af3f59a0f9086447b89ceed5fdaa726e67682915285beb6d23f2182

Download Submit
/data/data/cn.nwnu.fontnote/databases/ua.db-journal

Filesize
8KB

MD5
217ca6ecd1fa33564a2b9eb2c4903b15

SHA1
09a6d69e1558b23328e32476d9057c1eacc7e92a

SHA256
508259de806a1c81c3370edd9eccfb4c37bc1d5623b58fc8868645aeea17b1b0

SHA512
d4505400b1484a4d8ca5f99bece9fd65e0d24c6c167d07ef82b89d0689782043c29b0cc4220249f3f31dc376215e3410c4dbc13fbd0c539163b596eea71a9230

Download Submit
/data/data/cn.nwnu.fontnote/databases/ua.db-journal

Filesize
12KB

MD5
d78a719cac79a1aa8c84e25b14581d50

SHA1
6ed54e1319133678bfae41bd84ce7ca8951391af

SHA256
e25a0f72cf131a55b72c18a178ca1f2b4ab769914d2e79d93473c7adad5e8ce8

SHA512
79224640ab746ca33148637ac74eec566737f283e55f60b684484d1cec528a1f83f787c33aa6d3e61afe00400185b63b2f6acc29f14778b75d58873ea349fd26

Download Submit
/data/user/0/cn.nwnu.fontnote/app_baidu_ad_sdk/__xadsdk__remote__final__builtinversion__.jar

Filesize
195KB

MD5
c3b999326b7187bdd85fd971f93376d6

SHA1
978fa76710506b2aa2dc1502e2697355cc64e34e

SHA256
555e565b45d2b030652d914830ad427d15182797886316024a2f04df6ac81d5e

SHA512
240981a457a3df5ce7f51ae1e0b323efc37b349a261e21d52ef8e9256d758f5c7dd4bcd6411ca2dc247de1beec2ad1a0f7f49d2370971c8c65f95b0d6c14b31e

Download Submit
/data/user/0/cn.nwnu.fontnote/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar

Filesize
74KB

MD5
89636b4b507c44c6bdd925586a2d80e4

SHA1
e59a170d00ac0e5744426bd0f565bf21c6c4e7f5

SHA256
eacd28e9e0e3293279392493e34ba4607884e91f8a673619879da5a36fa2de3f

SHA512
046a9d9da3316118117acb71c6c84be5e11e6568275fda61e7909fb215e56bcb5d6d27241d69b43440dc80c612f61c72199f69919172486e909b00648fedb226

Download Submit
/data/user/0/cn.nwnu.fontnote/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar

Filesize
454KB

MD5
6b0a1bcb4fc0ecc85f1e3e6a69aa413b

SHA1
28d537eb1680e881058a7d983a9c1f0ecddb559e

SHA256
8227dadacd824f07ccd6e4de6029b3b940115be0e670316de2e98057521273b6

SHA512
385ec9f325d2cf3b52c3b40b6fe79ba661c78d6df0a17fa89c2f82926d20ccbf1942c0149bea1c652b81971d826f8c724cc43ebf5f18c191600c442b2b6ea7ea

Download Submit
/data/user/0/cn.nwnu.fontnote/databases/umeng_community.db

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/user/0/cn.nwnu.fontnote/databases/umeng_community.db-journal

Filesize
8KB

MD5
bbac989216f9920f4b5d265b95de5892

SHA1
24b6a5a05904fc19d59454cc0858144a2a78eaec

SHA256
afb4bae96a8635d5ff0ed5097bc6bfcdc5afada3540b8b4d9c0bec22afaf94a8

SHA512
5bf5279f45206a183584c960af32d01c23b6094d70060442288a526bce4bda6fc9ec69c4263f1b944d173e5e69397dd280a4d0bda417fad00abc1605868c5a57

Download Submit
/data/user/0/cn.nwnu.fontnote/databases/umeng_community.db-journal

Filesize
512B

MD5
ec2ca68a46e543901b9f8e07427b1be9

SHA1
0ccf7bca5c10c949bce7f956129fb2fe6ff70cd8

SHA256
e6e00c1fcb06905ab3a9aca661b3d687aa9c87df6c047365f453e1c7b2ef2e1c

SHA512
5f7271c814264134d6aedadbffae69b09974a21c16bd6d1ecfead7544b36675fa2731c3ce71f4839d013796d6cdefdc1b325f3b7e3200c5d0ff5bf9aeb7dee8a

Download Submit
/data/user/0/cn.nwnu.fontnote/databases/umeng_community.db-journal

Filesize
8KB

MD5
8043ff1e6c520caae458b7a94beef196

SHA1
85e14e9a8b7c9269befdf859ed6bf77ca8017bc4

SHA256
679f38d7ec52afa6ab882d1fa8c2fc9ad0ad77bb739f0bb2ab4afc83169ff3f4

SHA512
562ff402f95b03457795dcf2b7b163b1cb66a02e0070bf12a5c10b9a7d8a8437a56519bf813dc7050ddafad66f645fd5dba1988c4d0a27cc662b17b7c8d4dd77

Download Submit
/data/user/0/cn.nwnu.fontnote/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
c98315be297b72ffe408d03f4d91eb55

SHA1
30939189ca1a5165f4a82518afa936be194be933

SHA256
4b139c168ca614706b11dfe485c241ff2e587fd76b5f1b304b1d8f4b8378b01c

SHA512
67b9a0aa24073e3433b15665bc6862199290564a02b078a43f9b60ca96341b9f28a0ca5b0226c4d8082dd2fb0fdd1739a2adac8cd54d36b94239bf5072a0176c

Download Submit
/data/user/0/cn.nwnu.fontnote/files/exid.dat

Filesize
57B

MD5
ef198bbf8bff55af98d9f37431fa9e6d

SHA1
31a5122a3ed0e04be21939a1ef3ca467e8fadd7a

SHA256
10a52d752b374994fc33c9411cab9ba578aee634a183217f319019e58118a3bf

SHA512
b3908b75933f7b151e56487c00615c0ddd28359c6852193995e7f6694c22b91adb8f94af6c055cd8f88e6ad2a16ac594b6c4caf092ec554a5de9cdb26d4eeed9

Download Submit
/data/user/0/cn.nwnu.fontnote/files/umeng_it.cache

Filesize
350B

MD5
744bb9281b5c30e8ef1de190580d31f2

SHA1
2bf92bf27b5d710356a0abca0024b450d6f239e9

SHA256
4355ee8f95633fd0a5651329bcddb77b1ef4455a1559522517685a1bfbe56c32

SHA512
14032fbba3aca23a38776efe4a700163415390dce586f0feca26abb0c85ba0ea65874a8b856780fa4ddadfb527f9a0512f6e4d7aee2ba22c0bd8cf4dac7b9686

Download Submit