93e01312d1402ca6b92280b530666c2600dec763fc250f5dec186f45d0293344

Analysis

max time kernel
2782712s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93e01312d1402ca6b92280b530666c2600dec763fc250f5dec186f45d0293344.apk
Size

3.7MB
MD5

19320505a7561b1005e0d04061959041
SHA1

2a019c352b76c6032ed641d79d3d95e80415c672
SHA256

93e01312d1402ca6b92280b530666c2600dec763fc250f5dec186f45d0293344
SHA512

31d573a8bbe9758c7cc8723ee98fc12359d5f2163ee689e9682e0e3ea7511bcdb983770199379a11022b813ae84f55b106d6c01870a40fcb34db016d747a180e
SSDEEP

98304:8iwyE5FR84MMZZG/eA82H2IyN3TV1g6kUAJm/JFjYT:VwyE5FR8w0Zr2vN3Z1VOm/JC

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.bym.fontcon/files/impl.jar	4247	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bym.fontcon/files/impl.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.bym.fontcon/files/oat/x86/impl.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.bym.fontcon/files/impl.jar	4218	com.bym.fontcon

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bym.fontcon

com.bym.fontcon
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4218
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bym.fontcon/files/impl.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.bym.fontcon/files/oat/x86/impl.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4247
- /system/bin/sh
  2⤵
  PID:4297
- - stat /sbin/su
    3⤵
    PID:4346
- - stat /system/bin/su
    3⤵
    PID:4366
- - stat /system/xbin/su
    3⤵
    PID:4392
- - stat /data/local/xbin/su
    3⤵
    PID:4422
- su
  2⤵
  PID:4459
- su
  2⤵
  PID:4536
- /system/bin/sh
  2⤵
  PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bym.fontcon/cache/json_cache/com+baiyi_mobile+gamecenter+version

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.bym.fontcon/databases/downloads.db-journal

Filesize
512B

MD5
2f5063f610016732d3c8d9a744e981b4

SHA1
5bcbc4fa504f8b26bfabb4b1bc88a1832ca9ed0e

SHA256
e56619dbc5fa85e72bdea8b2ef336ab59f8e069088647afc5ed25a26770e7cdf

SHA512
23c144f8e2eabf4d358c77476b6bd29269c7e086505430af829c939d1b54878cc6dec201827851feb7cdcc4d5160f627949ec4b25634b7b5bd8043a8843c29b5

Download Submit
/data/data/com.bym.fontcon/databases/downloads.db-wal

Filesize
36KB

MD5
76660057d4b51e0ce4398b24473b134c

SHA1
8efc5a13bcaee34384e0579a640c2e073081220b

SHA256
3a1a555909ee4b96cda7417f2e9823478bca54f85501d2fbcd0b28568f4ee859

SHA512
410db5a8fd57a6346f95d470e2f579e78e4d2bfbeaf39aa6951b28b9bd071eff6c87cc31ac3aa998d6f7b18344320255bb42fff6ef839f1bb7744d28df79b118

Download Submit
/data/data/com.bym.fontcon/databases/ops_downloads.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.bym.fontcon/databases/ops_downloads.db-journal

Filesize
512B

MD5
c4be44a571d3415ffc24a05b00c28ca1

SHA1
913fea8642a5a60f06e7857bd334d724e23c04ae

SHA256
55264156fb4831d9b2389edab7ca57c4766918ebdd3124301660b11bad0d97ba

SHA512
862d78d7d1edb98ae1e25f40ef0c822bcb6fd98ec8713eee808094e999bbef3b594059b0351ade0a92bd062b36a1b9cba95f6a7f0defb72cef2ea4149c180954

Download Submit
/data/data/com.bym.fontcon/databases/ops_downloads.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.bym.fontcon/databases/ops_downloads.db-wal

Filesize
36KB

MD5
610158adaf065c389af4b5db0ea9718e

SHA1
10cfb0e1bdc9d71a9d11c4fedec042797a0cf6a0

SHA256
7688e52987acb07c0226131b3d1be4b50225a268bdc4f03885dffa2056ee3d42

SHA512
ae58548f153ea190ae030d9596bf65dedd1f6ac8e17763b853bb801f2c0fe60b9d919868a8a3495561b343267a8828c067aabd545d738d5052a7c33927ff5aa7

Download Submit
/data/data/com.bym.fontcon/databases/u.db-journal

Filesize
512B

MD5
17a7d2a689d12e29a6f26afd7c179ea1

SHA1
905ad0e40c88f891ebd06b0453c6e2d73673aa25

SHA256
ab8fc4fe0f4752f3017f05d6bb0cfeea6735ffda4e99b15c47da418cfb223606

SHA512
7356aa4e02733d0efbea8f8085936819f32ff97f86d2f087c8ead11288f8f5a388b097c30c0f303d15251f2baf4e4609bb57d136ecec23bf1933c870b1e78b71

Download Submit
/data/data/com.bym.fontcon/databases/u.db-wal

Filesize
40KB

MD5
20e366dcc32047521f63038181c4efd3

SHA1
34379e49d9b4bf98e30ccc8fb7efdd5865afaa89

SHA256
ab1ed27ea098ec4ca27be15d9cb454c8a415a7b22751b15503bf3ce651930c77

SHA512
210b499e4f1ebc0fb49dae0f181034a2c3a824047301268c5012530ff24b11e6b68768ae0e5405163fb95741cad27d2ab83ced1374f9f25d889775758cbf5f81

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
105B

MD5
eb10079abaa74dd035982fee58c5e020

SHA1
d0449755415fed02af9564f6c7b9b1fba04ade15

SHA256
5480f743c1c20479ff872f2587e24485b5fec52cace606ba2890df0e19520ac9

SHA512
e1587a7e3e55c14c002dc5c879ef69aaaf3f0a2df6ce21f7aeb996b2cc7bcf8d4c9e352007a924e8c1434beec4781ebf28713a1c1c1a5f8d376183945739127f

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
25B

MD5
2d805b13f2f28dc3ca9bbcc000f49bb5

SHA1
9eac165b4d81258fd3967cde5cc53b53b1dabcb1

SHA256
c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

SHA512
5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
183B

MD5
1dc34c1e58b0f3f70127bd6e634a9212

SHA1
218558236660adeb35d78c379c94378e101f265c

SHA256
0f570fc29e970ace2e471105f640cd903b5ec8ca2e2c43740428441d0af8b807

SHA512
fd7e038071cc55f28eee37fb17b5076f6395d6e0130c39b3e18e7ced8ad054ffcdbaa979ca2b3f67dd362e0ae7b6e01336fe7d57ee58b8f747de09473367c226

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
339B

MD5
086735bd4da3a866836ba7ee83f4acf1

SHA1
f22c400e24b43309bd691576485d942c6904afe8

SHA256
45e0b8cff1eec31d10527915e83e6f23c634515b9208918b7bd0271e559889ba

SHA512
d2d3d68696d3c766c84921753c45d846b02bae894c3bdb165016b52c0abd9689a0d050135faa2ce909536cc5681c401a3961e9e1a006532b64e8a49b2ba41e60

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
503B

MD5
28268472ba8021cc24491818d21a4a67

SHA1
e007831452fcbeb72cd05e5496800ecb031dc28a

SHA256
10f4da21437a6d26d6f165298bd09ee307573e60e4224d7886ad2240cd1e2c55

SHA512
5087088ada279dea98498ce97a9613fdf51e4b78594d51425f06eaa78b9b7ad514f8208173cba1b6e1188375752e35e588d0b0baa0de6d6faa27c9abb8583f1d

Download Submit
/data/data/com.bym.fontcon/files/__local_stat_cache.json

Filesize
822B

MD5
844209d43b16684bf7109d8e164495c0

SHA1
f80dec00911031c9da92db6ecce2c722c651a404

SHA256
31e0bb5e789096295c16c60220692563cd906e71e3deabe5478130c7ce7fbc72

SHA512
0899a8e5cc21247ac31287790e66d17fa48b28ef6be7da92bbf8df783d20b0963c38a5ef0b9f822059ba39c51890a8c131122de71fae11185c1cb5550099247f

Download Submit
/data/data/com.bym.fontcon/files/impl

Filesize
216KB

MD5
fcd3a0e7c7833d586f0b6a911fdf6f72

SHA1
daf65129f94f3a2a543f48558d6af345fe7be106

SHA256
2656b59a5228c7ad4303c2b189ecc8af98fd334149f2aef7b109c7033c0bf1a6

SHA512
03cfc18e4f236a10df929572985c1069c8e9b71119715ea938265fe42caf7e1c6deed6c055bbe056b8c18f306630a0ea24e104b998c9c6eaee2737b3fb6c4955

Download Submit
/data/data/com.bym.fontcon/files/impl.jar

Filesize
10KB

MD5
a4729d5b19b8242b1c3848dd3558c55f

SHA1
5dbb338daf0ca0791856c2e1af03bf19e67476b2

SHA256
e20ee837f5bad4d53f3f7afcb0c4825c69aa0ab621ce289f5c0dd6646946fc29

SHA512
2bb4cf84bec935d379e73e6ed65a9803413ed2376112c6ade82538d5bbdf735486b1651c5a016d64ce4d8713fd12ce3dc236ca1f234984b3d0d5eb794ddb908a

Download Submit
/data/data/com.bym.fontcon/files/oat/impl.jar.cur.prof

Filesize
288B

MD5
b51e9a501f913141a5ca4ff3d5f0a969

SHA1
c5b8c7635efc49136d58e9ec1a993e78a41beb48

SHA256
3d86d242d81f270a70ce1064db16439baa78dbcd300358cb0ac5bce992fa91ed

SHA512
e80eb2ddf37ae0501c29af9fc8cfefb1968b27fd710aebe8effdda8def29bdabfa7d43033c0afa32dd59906d277fe190c224b03db93f865d135ed3b138441ffb

Download Submit
/data/data/com.bym.fontcon/files/profile.xml

Filesize
1KB

MD5
e60c05b35452d623e23d5b4e6e9e92a8

SHA1
5cbc0aee0748ab9d19f759fdecd36d7716ae9fb4

SHA256
2882d0f6a541a695f8244b2b7fb1d72938d4e827344a7073fdce5f29a52f1bc4

SHA512
99c72d69fd699343745c54d7acc0a33173e4a8b79c2a840d1eff188222ed86f5e91c100e68b10356a46a08fb9cf242c6470a1e0af77d19843d35e701cbeaf314

Download Submit
/data/user/0/com.bym.fontcon/files/impl.jar

Filesize
502KB

MD5
bcdc003255e963439538cc5b3d44f9d7

SHA1
d3597cf73a6f54afb64b406a7860fdca2a933a16

SHA256
8bdda523dc98a219b0e01697bd4aab0391d820f4e5d78fad7f3c99b40957dede

SHA512
618fe8b8ecdd7cbbdf3e94fb6669c563b6b50a67550603b1b0fec6b94568142d6ab6f15e545e8098b71ba97b824208dbe846e020bd50d689e03458a5b380fe8c

Download Submit
/data/user/0/com.bym.fontcon/files/impl.jar

Filesize
502KB

MD5
6456318c8f66577f06b692c0fc503784

SHA1
3a81e4d0be3f6021ff5f651f84210a7e6b53e4e9

SHA256
629d64640e882735cf6d90c663f227d950fef12f6fb095ccfb9935c498165abd

SHA512
2e6df8ce6be60adcbd9c5199a5a7730a9fac7a3bcc7530ed05063fbed2ff89edf04b77b2aee617bfc2c732fd8d208c639b141beacd175a697d447386053af417

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
4260677176776dc0f5c98de23002d7c2

SHA1
48170eb20e8922e72a33f0a67d0996ceacadc44e

SHA256
9f4fb3304566d1832297927e940866021db0b5739a472d9e0ea40747570e9e66

SHA512
47e71805eb90b3c50e39780017aa7ab84a104b81e1a43fe113208e0989a3667dbfa9f171c0bf9e27c450d48f8d57650623a110f727a941550385ede202c9d465

Download Submit
pipe:[40709]

Filesize
206KB

MD5
44f4b82816ad1b1bf96758a354d1c35d

SHA1
06d19185233b6e3479899c717394f08027bcb7e3

SHA256
b5a6032ecdeb210157c110a92cbc40708b927f7b60b207d7fcb5172a1afae3f9

SHA512
cfd9b7ba702fc90bed886d680fe00ea7c73db6a3c910a09116f5eafc7d71cb3d65bbf68355b96c6b9c84bdb3c722601c323481958a894de47d0a87eaa38e1d99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads