9a091e00ec399c94add6bb1fbf22d337f895a1694cf7b768f1d2d3355c28ecd7

Analysis

max time kernel
2877484s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a091e00ec399c94add6bb1fbf22d337f895a1694cf7b768f1d2d3355c28ecd7.apk
Size

3.8MB
MD5

8f676f4756f1c7538ca0f8c1a96cb318
SHA1

b031339d689b35c35084bdbcb65873cd9eca1eaa
SHA256

9a091e00ec399c94add6bb1fbf22d337f895a1694cf7b768f1d2d3355c28ecd7
SHA512

cf945a7958ea489981b9b40139eb34cf2d88db7fe4f007bb0246e80738f33f6c2822f46f85d7b8c8c43244a28ea8915373e0dadf0fa84ec05543ebf5efe50719
SSDEEP

98304:d9awEpxQVXd/Rycbr67yj+J8j8RIBpI11RD3zHnZs5ncjEB:d9aw5Vucb+ey48ao1RHHZAnQi

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.change.erge

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.change.erge/app_a_data/classes.zip	4300	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.change.erge/app_a_data/classes.zip --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/com.change.erge/app_a_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.change.erge/app_a_data/classes.zip	4256	com.change.erge

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.change.erge

com.change.erge
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.change.erge/app_a_data/classes.zip --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/com.change.erge/app_a_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.change.erge/app_a_data/classes.zip

Filesize
78KB

MD5
29e4672c223f4b6ea0b5d691098434c2

SHA1
0e0e6043a4d70d38f0cd8526dfdbe13e6528b61e

SHA256
e21510b84108561d17b3ca9fddc2eace0c50cdd4c19363150cc1553df4adb624

SHA512
cd7acba0223798d2584b7cd8200c8031a45e7bb9125bd0439271541e447ce476581e3546516b34f2ea75d1a5a748d5510c0d8893431d0198e5ab3232a8f4d6b5

Download Submit
/data/data/com.change.erge/app_a_data/oat/classes.zip.cur.prof

Filesize
654B

MD5
0225abc5eddb1b7f3fbcb34f80928ebb

SHA1
032e5df8f52ae2f106fcadc6ed6022700d4c4518

SHA256
c9df27f0fea8299fa4c3bc6811000257224e47d4aba97a726c256d5eca45c1fe

SHA512
ee9a58ce2e3960710effb56eb9a64c135a2b53ebbafabeb8f053fbecfda99d1c86de758e6cc645674227e6b8a735fae34ee2172ead779f75ab97e417783086ef

Download Submit
/data/data/com.change.erge/databases/a_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.change.erge/databases/a_db-journal

Filesize
512B

MD5
62bd24ffc7e8a8f6031133563b2195c6

SHA1
de74c6c4e5225b368d34e286f5e7bb96a6392af8

SHA256
c8a262e5336ff93a8a3d7fd0eb835b1afe042a6c8ad02e225eb4f8ef9e98ed7b

SHA512
793307668d7501e20461deb70e9ee1ae0457ed0583b11dea706c8d6bef02e55b814e6791ad59b22466bfba9d00f9a0a670ee945444a0d9d93921fbeb7373e6d7

Download Submit
/data/data/com.change.erge/databases/a_db-wal

Filesize
16KB

MD5
f8bf5800516632a2b9b55050afcd959b

SHA1
6619c0427fd0fd6d255fcb82a1230da7bbf0fb68

SHA256
3b90ff4f425aad58566df927ae7c82c1a3fb7b4629fb78116caf42fa338ec0dd

SHA512
fc069ed6157caeaa14bb60a3a4251b5654f640e51f8a9adc0f42b351c422ad480c0d74bc681228203adf37558c8fe18d33870e8a0f0827b7fc2f3543e6995e08

Download Submit
/data/user/0/com.change.erge/app_a_data/classes.zip

Filesize
797KB

MD5
43c921a16e1c23209e455330fb9e769e

SHA1
ee2b648bacbe4f3c29720897ef44e9b05e9d9837

SHA256
649141740ff3b537631c8a76fa2f67f8c6681aee8133f107003d324da7785187

SHA512
c2e3e6a49fd63706bf2b2fcfbf77c4b2c075d2b4ac4bc677738667ba2f07fd7b559eed45728359c4f9bbac7b6234fc21c42452ed213ebd7fec579409b53ecf21

Download Submit
/storage/emulated/0/Android/data/com.change.erge/cache/images/journal.tmp

Filesize
31B

MD5
67f7df6ae01ab89b2b63ecee72533625

SHA1
1675cf510ec2444fe092ee52c3b291e307cceb15

SHA256
9d24995a8b7d2106fae71e505390f841c62bcc0470712fc3e59c566d4cbe2014

SHA512
3f6230161216a04964f13781d1e40a1e9b65578894ba5df52ce4665f1d865e9d07aafedbb2a9d1d458ff475aea0ab71c3001f2d86c761ebc30b9bcc64d81d93f

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
2dff6078c1826a349ec62f73d368a517

SHA1
1ca578ffee963cb953e17e2cf1e4697bd7171c43

SHA256
b883a775fdcbd147bcb0ff9fb16dae933dc619a815c3b43579f800b8947ff326

SHA512
cd1a24f75c56c024a4df73d03414a41db4112eaaeb139aa342b9fd4a2d7460658efba6f8e753f406a5ffa517afe6245e440a5749549fa20a39e58971700e9d96

Download Submit