Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

0087b29219...7b.apk

android-9-x86

1

0087b29219...7b.apk

android-10-x64

1

alipay_msp.apk

android-9-x86

8

pospay.apk

android-9-x86

8

Analysis

  • max time kernel
    2524549s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pospay.apk

  • Size

    2.2MB

  • MD5

    b6698bc016bd21505172813b8eb61cd4

  • SHA1

    73b355e824a97a913123a2e2456398089d13cc67

  • SHA256

    7d066fb07969e395d9ce0ca159c8f7531fc7753ffdde25ab209b6555b812fb55

  • SHA512

    3b4a547076ff1db5f297b1ec87f587adbace5e5d6557188adf19adacc799eef8624ad3afeb93b656bc2a782948fee5e28d3ec48c351badb2d6625d8d1afe20c4

  • SSDEEP

    49152:muiSEJA3f4Ud9AiGdV5R1KBE0EqlQYF4QJUtsWxh/4N:mbIThzlQY6QeqWfQN

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell information.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.chinaums.pppay
    1⤵
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4270

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.chinaums.pppay/files/lldt/firll.dat
    Filesize

    76B

    MD5

    07c4cef418a02ee03dd8cc3f9a5761c0

    SHA1

    f9f0741f4d31dd8c072a7ac1dc40d0816af7fede

    SHA256

    ad671cae38db3aaef9df9a1c254bbd3a7f6c1e0e62a82e4f4ce7dbcbf1889b0e

    SHA512

    1e559f0b1a305c5bfef08b0a958f6818bcc5236e9c164f08515694b3a36f1f8c5b5c30222a59f4e2c909cb520337c627314936aacd26b2b19757853e0f37b8bb

    Download Submit

  • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db-journal
    Filesize

    512B

    MD5

    d9c526c766178d2c3e1d7251c59e9b32

    SHA1

    31624cd8aef8a2f3aca0202c356af400f7c45309

    SHA256

    82303acda3e66106dffcd7add58f3b3a0f351a54f34835c9615d9248e1d28dd5

    SHA512

    72bf4cf3e3610b8f63317e71e7494ef73848ed4182de99fc4950f2b92ac800c1f80dbb4a644f79f29961a4e38c52631fa57389c3b4e55ecbe47261453e0722ec

    Download Submit

  • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db-wal
    Filesize

    48KB

    MD5

    d55d2d4e46ef72c2283497057b253d41

    SHA1

    d43b5455869a34141c98396f0d1c5577f4e72ffc

    SHA256

    daf49634428814b9219e50f20a99391b2cc321566c6920d6e9a68f901b1743f8

    SHA512

    ed3303d58aa3759b2fe3feb1fa7c8228767add603883b2c4ba414bcf56f3b5774a9a80c75afbf1280b45e53146d19a62569b564aa80d72b137c641fb2d27e7c8

    Download Submit

  • /data/data/com.chinaums.pppay/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    e922a648728b9e627b0ea7be63c67e89

    SHA1

    584b4ff39c45aa2810d50464ca2512e12c4f89f6

    SHA256

    b2eb681b1bf13e8c30868a3cdcad47a7563bd61c37d163baf455336e7035e7fd

    SHA512

    3b89feafef84379a8dd182c0d88ad6d79ce77da6573af6a87bb0b547451d140c7a2df895d8a74fc8749ab53add51b1a0e467dfd2ea6e983b5393ccf9b96705d2

    Download Submit

  • /data/data/com.chinaums.pppay/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    0fc944909257159473ea35eb6bad0376

    SHA1

    7fb885ebc548892bc6181b11d0ce8f7f9b9a4a38

    SHA256

    295e17ebe8b9b9e9cf8147f0fc90980b063b3f1a388c0dd09bedfcf9a4e178c2

    SHA512

    3fc7a280f29e5a38c156d7906f9a84108aca4705d94d90cca350d475db1ada7aa84ffb2a426b512642d29473aefb99ca23df56f842e62d64904c4849dceca117

    Download Submit

  • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit

  • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/yol.dat
    Filesize

    3B

    MD5

    693e9af84d3dfcc71e640e005bdc5e2e

    SHA1

    29e2dcfbb16f63bb0254df7585a15bb6fb5e927d

    SHA256

    709e80c88487a2411e1ee4dfb9f22a861492d20c4765150c0c794abd70f8147c

    SHA512

    6d518f8b31d1882feace10a9215f5d8cf5afe037652a1d11d9c1408d988c2a4f71a5edfc85d0712fa3f4e21b2c0a244c8c0d333bab454311e24067d2a83e5e59

    Download Submit

  • /storage/emulated/0/baidu/.cuid
    Filesize

    89B

    MD5

    6b90e0ee03a8f1caf48da4b88e828c9e

    SHA1

    51c457360a007ed7dfe7dfed718fc4f317b3b0a9

    SHA256

    df79c2443a0fca0ec593513f92936354f631bae2ab92138a17be84aeabc38cc2

    SHA512

    fb3e2313385acb53a17a5b5411b122fc12c7444a6d482f0d86fa067dbf53966bbd4263d54f85105efa064913ed152e77b926533199bedd6759cdfa5ed2b57923

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    96fedf9aecebcbe2284b59e456828aca

    SHA1

    46cabed5ce9718ba2e9b4cc5708dcea557fa5e8f

    SHA256

    a9f43d09c33b2734e7c73988c7eaeb2edd3b2e20bddce30baeb0fc8a6c348c37

    SHA512

    9ba066555dc03944f2807249fc64a475a73d6f6a5d72d702f60dcfee41dad8dd08dbd3b322695a1e10bb9d9790ab785f4bf0f6131163e430ccf8c9d20b072f58

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    44afae1b0f317570524ae1778d0577eb

    SHA1

    43d9bc9326f49f834e88606cce810fc223bc639b

    SHA256

    9c6822b547032bb6dd7b974b0fffd1d6450954728b8b474af734217834d4cfcd

    SHA512

    c6b67ca1cdabbcbc49cc57f17cf6915c3a771b0a485475de47524525c2a603de7e4a266053024b8ab70dc7a70a4f23e2f363098fd9fa156912a774c71f582910

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    512B

    MD5

    4c50e03ebeb797b051c4120140f7ae2c

    SHA1

    affaa3e42ec14a2e0be819725493fe5e37dbc1be

    SHA256

    0cb0e2db1dc2a25757cc79b859f4d34de44db27bbd66d45f24fb156cd3eaddb9

    SHA512

    f15c8c7c0e831034480bf80dad33aece2c195033908d1cbed0d1ad907635c7584323432dba3b56eef730b76561803ca6104b8e22780af843dc0bc5cb8d14b37b

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-wal
    Filesize

    52KB

    MD5

    719b2414c4f1896ffa503c5f66e0ebc2

    SHA1

    f9684416bc4d669c764db5405d72fc35e119873d

    SHA256

    d68cbb0472caa2a1e9d0d0b9c00ee4b8667936ef829bd58ab48105cf4f474c8c

    SHA512

    b39bdce3a3a6839672837c5b80168a89ff3275c5c4a828f25b88315182d24d6f96182a6748cf329e9c76845e88b0af042efc245b71427dbc56b1a4dd2786eb12

    Download Submit