26b746d99b82aa0637b74c4b7afd8b6eed7ef0992418636a6ef3e963702837e1

Analysis

max time kernel
2825873s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
22/12/2023, 08:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f700427ff84ffa56e93f71880999a1f.apk
Size

28.1MB
MD5

7f700427ff84ffa56e93f71880999a1f
SHA1

ee3a125cf0323b32449595eba8f95a3a85b9c3c9
SHA256

26b746d99b82aa0637b74c4b7afd8b6eed7ef0992418636a6ef3e963702837e1
SHA512

c52ceb3a3397717c06e19a0e351fccd089e5b84445203f276bb3ff4a82515dc92b4d1cb8f7a251095ba5ecea5c00c3040ef6b46e1cc438c61590b22c023094ed
SSDEEP

786432:x7u8IJG1L8GWllbDfShLHd8t1RheNmIAgv5/oB8l3+sus/AMtgsR:x7u8IJG1LWbjShJg6NThIY3NJ/AMLR

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.teamSoft.Chess

Loads dropped Dex/Jar 12 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.teamSoft.Chess/app_working/startapp.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/startapp.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/yandex.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/yandex.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/facebook.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/facebook.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/flurry.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/flurry.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/adcolony.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/adcolony.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/vungle.dex	4472	com.teamSoft.Chess
/data/user/0/com.teamSoft.Chess/app_working/vungle.dex	4472	com.teamSoft.Chess

Reads information about phone network operator.
Checks the presence of a debugger
evasion

com.teamSoft.Chess
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
PID:4472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.teamSoft.Chess/app_working/adcolony.dex

Filesize
274KB

MD5
dce080e7c1fecc0aab7ab27b6b269c1d

SHA1
3d4324825ca8a0b6055a0e72b0d9b56983c0d74e

SHA256
6cbf69449e0a2e0855e7e8c921d60adc38f8dddc368b88d216c729f43234b8fe

SHA512
4fc8f593cf92d846812fd041585a39066b4a17d6b22ad2d20ac279c6f930aa4e3fa73c6c232faa0df97c216b8caeb53d84f7419f2b7099def538230eb06db522

Download Submit
/data/user/0/com.teamSoft.Chess/app_working/facebook.dex

Filesize
207KB

MD5
87d967f2fe9f7da8e9ab5feb19674b60

SHA1
a8780fda2b547b6159e3ff0d28446acb1163180d

SHA256
f8525891bb40447e587921f6bf6b74d3fa17ed6fba6eb1f42a7fc7bc7d961901

SHA512
1d645e82c13e01db06b3f2f2b716416ed6c9d254f53b5d3f6a86543bdeaf022279741ceaddcd435f58059db51abb4cec8ab694d2ce1c4465824e4bc78995f3ee

Download Submit
/data/user/0/com.teamSoft.Chess/app_working/flurry.dex

Filesize
641KB

MD5
323bc8808355cb3f103ddd69bdc68827

SHA1
a1562b4b5a3d93315a56506c5b82448c9c711220

SHA256
063d9bb14b2f8c90d9b876e6756e10d1bde67bff000224ddcc076f20555db1dd

SHA512
452c4b8db3cddb33d56dee3460969addced4382ace85275b414f2276a7f04e05ac82e61548d6a3075c1b7e731f9114a2e95f053e6ef0d4fcac3705df83cb300d

Download Submit
/data/user/0/com.teamSoft.Chess/app_working/startapp.dex

Filesize
546KB

MD5
b480a2d0f7235c543c43efc4db907fce

SHA1
e682ebf3bfe45c42c2cc310c387cfd2029766a3b

SHA256
c26ef4654f3070214c989e1f3a31a077f74275743ab38683bd45b165081ba677

SHA512
243500a7893ee22f496183fe025a9ba3994243da8fca6b7ece82a97a1867f73968a9302b0b559a01297303e5d083f0bc314111ae6f803a5fcb505c5fb3a059a7

Download Submit
/data/user/0/com.teamSoft.Chess/app_working/vungle.dex

Filesize
694KB

MD5
4da56a4d98f4e4fa0f6eb8a56f4184e5

SHA1
907a6c3362ebd00e1eebbf158e025a2c03ad9abd

SHA256
8c90b442f00138496607e307e83da5a20e5b0d15c015b788902af25e50d3b7bb

SHA512
b1430ddd62068fd084a4b48a8562712eff06972b486ec4adaf204e8541f33caf0808b980927bae1f137b2aac364f9d78be1dd99f986c4db6fbf959def84acafa

Download Submit
/data/user/0/com.teamSoft.Chess/app_working/yandex.dex

Filesize
262KB

MD5
669ebf34f47502b7dd1eb5c23db81914

SHA1
cafc653f3a0f1d8b11717dd7eee9fb1ace2470ac

SHA256
31047d678521bb70c00a93ee55a721e283a5d8e8f9cde7e5ff29e389f21f3945

SHA512
60df31d84bbdd8138767e423c16ab46ea354c0161fbfe6648bffca99c450026991354dd45d0e36cad46447921583b5413a9f97145904781db50d84d6c84e1425

Download Submit
/data/user/0/com.teamSoft.Chess/databases/__hs__db

Filesize
24KB

MD5
41d38713e2e4bb07b4cf1b5337d7f0d5

SHA1
8815d7f6d3cd93b7601c46d75e7bcf3f132eff2d

SHA256
85857682605bb8de4a3c1ea90bc559f39c7b4703f0b9337fa40ab774a7d2616e

SHA512
bab544f5f51c2a2be38eafb7e2d35ee42d43bc40636d22d205f1e1474d0efd6466692814249d93099cb4612c213541c3028daab6263ee45ad4515d8b6aac59cc

Download Submit
/data/user/0/com.teamSoft.Chess/databases/__hs__db-journal

Filesize
512B

MD5
35e74e3dc54c6019ee713f232012c615

SHA1
8a5e8eadfbc4627aa9029280359d7153bd2a87f1

SHA256
e3704c070f77e01e801d854d63ad40cfb9d65193cc518b7a879dcdada98cb6ff

SHA512
99cad164ae39dfc6ec935371f866807623d561a946ecdddf2fb81383bcf54337c8636701c1d3053dbf089ce5dcb92be1b848c092fb9f2c998be2e349a2555d95

Download Submit
/data/user/0/com.teamSoft.Chess/databases/__hs__db-journal

Filesize
8KB

MD5
58a89fed61866e030d81e41bbafdcc78

SHA1
9e45fea341e31f2123953c520c77569add38f2dc

SHA256
d67dcfc9d18916fe664bd0b459613bd3bd6728b463fdeb4420e3228af4b7a723

SHA512
7f425c44a55420e5f8ec5f0493a5392313f0b826adcea131de30ba24a44206b1b49cd92123e0a3c6ff855774f919e38c2eb995fe4ce9dab6f0030784575639b5

Download Submit
/data/user/0/com.teamSoft.Chess/databases/__hs__db-journal

Filesize
8KB

MD5
68b42701e42e375938c3ad7a5c6a3c8d

SHA1
c749df80e8e38c54bbcbffbdbbacbfc1f125280f

SHA256
838bffa66c768842f9933ca690ac41c08caf824c2f7c06d0f171e2dfc1864568

SHA512
1f5a55c2c596c4a280efa5a777c83e898b61c9fee9e3f4664c2bc02130a4a56fdd5f4d3960e467c13f77babe14761035e1b8732bd5bb94e0d4dc53286162726c

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658B5F8800FF-0001-1178-DC3F11B6AA9CBeginSession.cls_temp

Filesize
77B

MD5
9025569b6c38ec23e4129bd6a74cce96

SHA1
01b031ce854b706ce5a97c1a88c633f1fbf8e994

SHA256
0b72078e3913165860087085231e5073c9e85bb3d7ce440a0a2f07cde901ee22

SHA512
831ee8a4529b8741821116b2b4d175a92fd4bbdbf9c31a3c6a6d8b9f9e006abe0389d51181215b4427c794379a281938ae770180dae936ef17462fec6d4bcd42

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658B5F8800FF-0001-1178-DC3F11B6AA9CSessionApp.cls_temp

Filesize
127B

MD5
854fa42470c9189fffde55ebe52188d5

SHA1
7f638aa402d6585f05a175b32624925ba7669b7e

SHA256
3b5baa82974a42d4aae08848aa38a9eb0fe68916a7d566b77a3f6c10a3abf593

SHA512
3b500ea4242e7b46a2b91089b87cad9d818dc018adf7ba1e39cb801b68b21a73f208015e1d5b5b56bd3557f33c90f802d12dcb2b76067a33a3661bab92f0c84f

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658B5F8800FF-0001-1178-DC3F11B6AA9CSessionDevice.cls_temp

Filesize
131B

MD5
d115e1664333666bf5e5d964e4881fc2

SHA1
c4ec43d0df01b016fb2698cf60590bf176ac802c

SHA256
3aaf536802795a6811b168077a181b5c05442e25f6f9674b811c57540f7927bc

SHA512
66a59b2b528fddfc30611467aec4c28b4b0203cde88749dcdb022cf1f4dbcb0ce5c7e4765e8acb26e4523e60bec13a362aee9ef598e6f57ca62ac5becaa0076f

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/658B5F8800FF-0001-1178-DC3F11B6AA9CSessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
1KB

MD5
6e01c5d36fa9ea7d93e9071b43cbc116

SHA1
6654d41b77349978151a5250de6ac5a07d14457d

SHA256
7ef2d9037a37051795ec0f9cbd6db3ca18135edcced73f08e7cc7ef09da6e30f

SHA512
1c36570f24b46614d5a8e606428becaa16f5a0cff9604c80eff808d7f521a43bc9bf7f62fbc1e994c51ae318d5fe439f5eadc2495641b64eb450e91dca54df89

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
475B

MD5
b8e4313d353274b9af2d21efa76424a6

SHA1
61f5a5947b7d2f612475557af6168110dc1fa3a5

SHA256
fbe5fb584c14e19e92ecafd0f115feff8e19eaf957d74f84ef49bfc0084db444

SHA512
c2944bcd7a12590ba5a6ab29786a427042d5ee6fba195635a81d85e5d697df51f233edc04946d9ab2c99db2ddd818bca6d2e109f3328029162641aa32c9cba13

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.teamSoft.Chess/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8bbef326-ff20-42da-baaf-a624feafcd60_1703632777101.tap

Filesize
378B

MD5
621b766f2a37430007ce750c970a471d

SHA1
44dc9a432c5b550f52be92ca3e03b2ff224015c2

SHA256
bfc16195d20f5b8eb0fbfcd93d9f7f146acee0abf51e578c72993e0dde76b64f

SHA512
ef9365128778d91c765bba7660ecd14e6298e301a8ec34d50f2ca74bcd52d3a7a6387a8328d39a7d7880be9f727f8f3e398d1c0f1563545f554e7d8e0ec89ae4

Download Submit
/data/user/0/com.teamSoft.Chess/files/AppEventsLogger.persistedsessioninfo

Filesize
495B

MD5
e47ffec5bd0a93fcfd7556c68bfc6d03

SHA1
8d572e864288677b9f18ce6441a13da857e1985a

SHA256
11eea951bfdbd9c4d51608eaa96d14a3df573dd71ed41b751fd9bed76abf332f

SHA512
75a92fbe82735da4159f1f19cc24d09b6f71f30d2b0e749b5ef716ffab7e06fb3fe9ca99b54fb382bbccd849abaca044505bd89120e95bfda57c501065ff47be

Download Submit