a1d66a4f46785cfaae039875cedafab766700fc69fb62834eea6fffbb3764fda

Analysis

max time kernel
2895994s
max time network
139s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1d66a4f46785cfaae039875cedafab766700fc69fb62834eea6fffbb3764fda.apk
Size

10.4MB
MD5

9f861935519632c3a370e102592097fc
SHA1

180b4c3f98ca6181703c4e02ca7245c5e5d8eacf
SHA256

a1d66a4f46785cfaae039875cedafab766700fc69fb62834eea6fffbb3764fda
SHA512

9128e4c708022f12eb8c98e1354a40b9d2c2a21450ef850fa4bdd053eeb6468bfd041b4765d64eaaa0f1e57bad27af8ca6b180bec0341dd9e0d4c30b5942d6bb
SSDEEP

196608:x7NGgIJNbDiXQGnQ0TOxHqLchaXZeeveKKWywI4o6LUsaLMRhaZKeV:x7ZENbDiXQGnQBxHp2eqeKtyb4o6wjoG

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.baihe
/system/lib/libc_malloc_debug_qemu.so	com.baihe
/sys/qemu_trace	com.baihe

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.baihe
/dev/qemu_pipe	com.baihe

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.baihe/app_st_storage/6/update.jar	4294	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baihe/app_st_storage/6/update.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.baihe/app_st_storage/6/oat/x86/update.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.baihe/app_st_storage/6/update.jar	4261	com.baihe
/data/user/0/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar	4317	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar --output-vdex-fd=49 --oat-fd=51 --oat-location=/data/user/0/com.baihe/app_st_storage/6/st_sps/oat/x86/wechat_org.bin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar	4261	com.baihe

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baihe

com.baihe
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baihe/app_st_storage/6/update.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.baihe/app_st_storage/6/oat/x86/update.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4294
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar --output-vdex-fd=49 --oat-fd=51 --oat-location=/data/user/0/com.baihe/app_st_storage/6/st_sps/oat/x86/wechat_org.bin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4317

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baihe/app_st_storage/6/oat/update.jar.cur.prof

Filesize
622B

MD5
061d93fb56bd108973181c15884a6711

SHA1
bbd4d6dc936538aa11bd43c65bd2d97a8f987002

SHA256
352c2226ec58958141d147332fa0ec8186edf92bbf3296717d9c7e5d2648d850

SHA512
721a26c3990ca6fb6402855ac26ce26013c9b7c6c9f8607dde8ee2c1c9be88c2eec59ca5508d8310838e72295a38f6909940120cddf6ab5d0c89c5471a480f41

Download Submit
/data/data/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar

Filesize
3KB

MD5
321d3f08697d7df7f268cf74c5008a2b

SHA1
76012884373812cbdde1fd5dc5c2cd40a1e92660

SHA256
712f0ac00743b96b68b7c6cf2f34bbf2e593c66162c9a0876822aa2b64a54baf

SHA512
6a81e2b9027e0d1a6f7014081bd31e0bdf79bcd0ca5cf9ee1166503ff6f8e5441f353fe033bcb8597dff0d3ea7716130b954878fea3b939d21aad7b54efe6b56

Download Submit
/data/data/com.baihe/app_st_storage/6/update.jar

Filesize
118KB

MD5
65a30ed458ab216af84e03496a835f76

SHA1
0c79bdcc352b4e8600a92540c79d21d4de5aac57

SHA256
42eb15e80de9129667f176780c7dc2b3d2f11b54b84bd2247fc26078419cad3e

SHA512
deec047a322e0be05cb0336f766fdbab0a4271354bc751a2cad09fca43e161285e25425e3cf4be73dd5784893a63b21033de5dc97d2628c9cf85e2998c5b6d50

Download Submit
/data/data/com.baihe/cache/RequestManager-uniqueName/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.baihe/databases/contry_and_city

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baihe/databases/contry_and_city-journal

Filesize
512B

MD5
a2ef445c52c791e00cc5f787a8c50989

SHA1
40e1de6ecb4014470d4a493d7b48481ee1bdc3c1

SHA256
2b1909d1fb278298d567ee9ef125626dd5733f63685315de63535e45b6d99d6b

SHA512
d8062c212d68d25a092f73cd7a731edaf3fbf971baaa7f42e3a1e14aef4c392053fffa478d4bc7e298d867d11abc91e9eee469636ec899f9e3dcdf12179a640b

Download Submit
/data/data/com.baihe/databases/contry_and_city-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.baihe/databases/contry_and_city-wal

Filesize
92KB

MD5
a335d2dbeedd0f05619e9cb5f10415df

SHA1
feabe968e461f88c6a30d2a7839cad9b84b7cf2a

SHA256
5198a3a9568182c66ebd83de5512d83a94240138d90d1bb51192c443866e9adc

SHA512
9078517722443e993d99fce9c21bafdd3e72b6a285e24a064c14a47d3ac3230c094d56b13575f703ab9c652b436b5c0c1476705d0ad550561be13dacaa97dfea

Download Submit
/data/data/com.baihe/databases/st_appdownload.db-journal

Filesize
512B

MD5
4fe376a8b0b9140fb3bad989123eecb4

SHA1
2e273e7093b7512cd8e62e6d807ca9bf8ffe6051

SHA256
3542fd8f1afdd00742ab37bcac5e8caf115deee83fd45274c56baa2395d28e7c

SHA512
1d76e2d78a374387810881fd65d2913617e3db71e97c05586c41c92fd233a362b50510c303e3055b6072f72e8b9c16fd2161a6626a6cf53aae66bfa045c9b7e8

Download Submit
/data/data/com.baihe/databases/st_appdownload.db-wal

Filesize
16KB

MD5
841e89ae581b903360275623dc10a1c5

SHA1
5e5d18be3d0bae3a52b7d95f67458a2f1df5a355

SHA256
1f849f53f74f359afed3f930ee73f6f65667eb3232cb3e2fd765ce1e6443af83

SHA512
10240ebea4e31a9bf1ca42de4c484dac53d6c925bfe6d50d20038bf529c798422d505bbdfaff936240ccad3e90ffa2d66831e147a33bc2fd05f3830609e427c1

Download Submit
/data/data/com.baihe/databases/university-journal

Filesize
512B

MD5
7b047ee35809180e8a65b9cef1bd51c5

SHA1
2f2b531bd7a751f8ab4ef5971bf777b691dc8466

SHA256
14b9c9db9bc43091d7f5529f59fcfcca56fc7fcda6341c82225e1b8fd317b62f

SHA512
51ec4aed3b7c05e6dc9321926305cf0eca94de63c4f7a917b7346934b99c4f93c53f96998d9f09f39e4833d9df93b856fc21dcc0b187c458a7c2ea8f53888bf4

Download Submit
/data/data/com.baihe/databases/university-wal

Filesize
88KB

MD5
55d405f14e6d8d086d623d0aa42995e6

SHA1
4ae48d3670503d604ab3927724b9c62769cd28dc

SHA256
42964483f2a319533492b1173bdef5f8c76507c49a4b28d6323d2c4975b9acdd

SHA512
86ada830001174c558b39c17baa2134ae4852ea5f0e406b843f47c96d0c719db241ed28a4b268b4712ecee2ebdd6d6b180926d61560987a23ed82dc355bd0598

Download Submit
/data/data/com.baihe/databases/user_lable

Filesize
20KB

MD5
be8f0172dd32f1f6cff156e91571a697

SHA1
fc2c6e1bec0b7f3a4437c6e94f32d72ecbc13e09

SHA256
c5fe51b7d7c1bae4f3d6a1de9b2b163187c6ab68c9e70db7cbdbb603c4a58138

SHA512
195e16d834f75c40ed96d8805d98e5799d3368763aba65044b6619597b610986be9bfbf5423fe51b4b00e00543e10b81252af3a294519c23f9ad1c0b24139adb

Download Submit
/data/data/com.baihe/files/.um/um_cache_1703702974926.env

Filesize
591B

MD5
890bfc781a77641043146eeb0e88c193

SHA1
163903163aa31176afb58fa8c98f4c0243c593ac

SHA256
73df7c51584a2efe51aab5d072a65d784b0d2f5333c661c9b18614b9842d5376

SHA512
596ff61162580badcb01bc81b9e2ebaf40a9934abc193746c5252d21e74ec54b5182f5135a81eb17f110c5a97b2d58839eb936228cbd306045b53507a53c9100

Download Submit
/data/user/0/com.baihe/app_st_storage/6/st_sps/wechat_org.bin.jar

Filesize
8KB

MD5
18485c4bbebf8f80ba8591adbe458540

SHA1
fcef5d8a2358312cecb384d1d553080316896a49

SHA256
f1455c795d0c8bee5ed73b37ef510bcb7d3826a497c616578e75bf18e76051cb

SHA512
446ea6ae9bbf5c3781b34774c81c2eec1afbfaba77b5bba55388ecb352aa9e90845670a84a9daeac92205b86c4207955d35eb02808245c47ae9b40fb0c8a7bc8

Download Submit
/data/user/0/com.baihe/app_st_storage/6/update.jar

Filesize
196KB

MD5
7e8393a3185e614de16cecfc9d41a2b4

SHA1
21cd7ef46bd594b279eddeaa5cf7384fd737258d

SHA256
44d6d52daf7e0f24e1b4921140f988bbf11034d7e1b4fc4bf11d81c31d751ab2

SHA512
1623755559d2891a166d824f85e4d1d8214af0190ac09a237180c2591a0f3430741549ec3dacd31c577f496d086170237015ccd6904cccf2ddb4e6cc3bc346f9

Download Submit
/data/user/0/com.baihe/app_st_storage/6/update.jar

Filesize
196KB

MD5
c92d139f6cd09d4efc195876e809a17b

SHA1
4c762b91d921fe3883cb51e0765e4717b09ba8cc

SHA256
473e8423648941dc8a7951b1a4ee65c68e07a4782d679f5e945538ee42823dd4

SHA512
3520025339265a0c428a6b82104aafa36c5bca204173741a217ba45e9f874e8ad55e5d196fb82797406e8f56656def8d3b5ca6dfb65d27b18241b4751ed27ff0

Download Submit