07c9ced63d59743b70e281611dd9f9d5fbf20c7aa13520869e9d853606d02c73

Analysis

max time kernel
2857646s
max time network
162s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07c9ced63d59743b70e281611dd9f9d5fbf20c7aa13520869e9d853606d02c73.apk
Size

12.4MB
MD5

35f820215952acf9ab542c7fa4732054
SHA1

f20d6dee643491258279dbb4b56c3960f0073695
SHA256

07c9ced63d59743b70e281611dd9f9d5fbf20c7aa13520869e9d853606d02c73
SHA512

d6e21cb126d966d4cbd1aae57271a896312397de0ba6beb67602681048de5437df28bbaa1cb213e21aa132756d1505dfda7d40f5f3d028a583558adbf2a8416a
SSDEEP

196608:CSBMNY2dZxPuWGWt7QZjA0MGL6sW6JCbmg+9h3lyFK1pdHsvH6jHaHHVFKJGv49V:nBGYYXuE7WAG6sxg+735Le+Gnv47

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore:channel

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.mobiletool.appstore:channel
/sys/qemu_trace	com.mobiletool.appstore:channel
/system/bin/qemu-props	com.mobiletool.appstore:channel

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.mobiletool.appstore:channel
/dev/qemu_pipe	com.mobiletool.appstore:channel

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mobiletool.appstore/[email protected]	4988	com.mobiletool.appstore
/data/user/0/com.mobiletool.appstore/[email protected]	5441	com.mobiletool.appstore:channel

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mobiletool.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.mobiletool.appstore:channel

com.mobiletool.appstore
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4988

com.mobiletool.appstore:channel
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5441

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

Filesize
69KB

MD5
75a8168e7080b90fc2956592c268371f

SHA1
3702da56d31f381525473364f031dc884e37076d

SHA256
0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701

SHA512
33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

Download Submit
/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

Filesize
69KB

MD5
02f69eb4fe05ebc6c9f736d83e5f7e26

SHA1
777d75e14a73f5721fc4ae34f49a9a4b82311373

SHA256
13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042

SHA512
7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
69KB

MD5
c2b30f1cd11817c5b79aa09e5fd38b18

SHA1
b7b2976e833fe02ff8adce0f4851418532beffbd

SHA256
bbf25ac6d7432464605738ee4f9ad64db7b9e9d6ee0e963c8c18a7049c23c732

SHA512
ba727957c69571bd8f272c61dbf13a8ca6d4f87459b96db38dfd06462c0741150d19d4e9e4ba673e3692933a2b69bffe9fd9c03380cc6a44bfece4881c9f9a2c

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
28KB

MD5
a9f465b11921f49cb6565651e5760c37

SHA1
682e09d8d52c7f60abc9a14bea9dd1ca43ce597c

SHA256
769dbe544daa89304387fc211b812c4ddd324ed9efa9e472a13eb0544130fe00

SHA512
09342c63f40238ac2e84f6706bbbb651e812c775ba8e70a25fbc001cd6515b98b009a9d068aec77cb174b5b314a4e8b5821d59897459688fd617efdde8761b6d

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
8KB

MD5
e9d3289299701eb0d1911312da33809a

SHA1
73c416168c24c2dc9e487bf781a3d1567b7cab51

SHA256
404b85d7231cb677c2e67c5bca38fb93cf80fd92cc064746740a9ede01b74516

SHA512
3ed798aad3a3a7835c25b0dc6fe18b810c6347178f96a6fe84f248d805c7d96430c0d5e17fa6eb27fde559f2652b2df30ddaff2ac9e13ec86b1145bc05cc9894

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

Filesize
8KB

MD5
53f9bf4ed8a85ac9d62e35082c69cf1e

SHA1
31a269a5ac1c957568b1b09950a6454cc61cfac5

SHA256
ebd2ab68f3a6b43bea2d9c7123aa0d8aa68981348038924e195a4cace434b137

SHA512
d54600724a5cb267022d913b4aa45b7e713a62fb074e635124a98cae8fb25e263a794d429261d2e3f1810fd6ef514bf26829d6ca3d31d1c204119c96812050d4

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

Filesize
12KB

MD5
7353b1a69aea8560148852f59ec56e4a

SHA1
d54028656576d1a2318a8faae6ee9b8c4cdb808f

SHA256
5e6bf3609579e6fe30cb18fee66e55995e0c16dc395453c6069b7781383661e4

SHA512
4d768a5914af74fcb1606cf3d4585f3974ec1a6f5cee91605a099f0c3e9c2bb318409e2416b4ebc408bfd2d12aa493d42376656914c129377ca16d6dd27654aa

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

Filesize
512B

MD5
6f6d1080cbb78a44a72158e561b4da67

SHA1
0cc44c5ead45c2abc79db661f950a6f192619820

SHA256
00875d8ab5387a0a5f3bda1b8cb2a6de23ed3402cbc04783e8d058abc2434ee6

SHA512
01005ca3866eeb3838c8a233dd8e647971713087cc7d9d7e0a43f2420351964648b17042ab63b525befa548c960e7133530f608385e7cd11be95262d819b7900

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

Filesize
8KB

MD5
83ad7d3b6c2e9a39f3d2d9b2c240a39e

SHA1
55c421b12922d3695fb8ea012976fa99d3f04502

SHA256
bf4e244412702604000dee4c0ae608f117eeb8049d25b72377fb8dcd6e577a0e

SHA512
0e74957ca9bb52966f08ebc33cb4b296109bc183b3f86512ccaa58996495b4b983d8d8dc2ebb7754e228f9239e0dea623706a62413291e8386221faf95ca0341

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_

Filesize
69KB

MD5
75f7ddba5d507f5bc01cd6be29e35a16

SHA1
6bf42e1a80976a516ec1cca5cabb5a6acea2b20a

SHA256
5e94208ed3ed6844fb650cda929994a0b1c221306989ef2235648fe9126b96f3

SHA512
37278738ae77a41a1182208b433123723d9a19395acff0fa79df053d38fe810a30629f32afd66ba6520d815e15290d2d5ab8f1bffca45f623309d30879923381

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
8KB

MD5
acb707eb91b68e812f4c44b873c3b7ef

SHA1
72af1a39666434e10afc1c9963e2833c517caf50

SHA256
d87fd8963668a836158c45462e58ea199a51961044a7ef33df362aa72ae01266

SHA512
43f08bc795d04dfadf6de2e87b03659d9c760f1f635076be955f270d7bef13313a30ba1a1b9fd90abbee24c3fbfa8250aa07d1f7e39d6d9ca6e1c0fb7a8fc6cd

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
8KB

MD5
38fa5580fb8dc3389e63629e3ebfe57a

SHA1
35937e0bc42bbddaec8f28d6409b9d6104490ea7

SHA256
63deb441a32db764cb398083bbc9275fb410a0ae9d0e1fe2c5b7424a1d24cfe1

SHA512
ac939f99719226d7de9dc6bbda27b2442739791c7efbdd271dd3e0a8312ce26379182f715bd7a3d1b85c1ee5439067ac9c49b371268b3039a098b961d9fc9608

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
8KB

MD5
3159b8e4622a023502248d0642181147

SHA1
9226ab13a198658b8db7129318ff03bfb90d9a2b

SHA256
bf5736c283a9aff3e091d65566672a719542f2e0c9bef38ff2a65c5ead77d274

SHA512
5b92abe686aa5e64572d3e02a2398187676b35aa13b759d69a8f749418f58890782336c954e8d6bc0cf1cf18913f54d04d16e7a0f5a27001cfec3331a9c563b4

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
8KB

MD5
de002f42ec21a267b8371c464a5bbd00

SHA1
b5590bbd3191c6dddab2438f539173f7352004e8

SHA256
85c99e558225f65d45e4d6b008e87717bfa52fa0a984cb1d40d27161f94afd6f

SHA512
c10b56c0eb62844e19d45603ddbe77b56e35c43fc8e879b370bfd32160c93335db81da6838dd095b2fc1d2ee92e7c1e28d01e9fca647b941a83c52e062b0be0a

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
12KB

MD5
347ba8b953f0244f33e5eed1447065ef

SHA1
ed669ff43bd6177f2daef49b67feef2b72f3b685

SHA256
18f2facbf0de9104f5b92c44bd550c3a34bd8bfd88da3436fa31b99778b2df02

SHA512
f984e7c2088b9f3f9ac41df4d91fe340c37f486b4d9134ce53fda1f1b3ce9267480d6cb9db6e64c659f0d8717b3a77ea987080610b1584b26424082add6ed6b7

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
8KB

MD5
0a486059b68c79b611d7791f35faa166

SHA1
4d7d7a7d56331967631a233043cf687f5a476411

SHA256
7a722f2e773803fa8902138d1e92d37e0cc39dec8ad1bf9e1f39f6373fec9673

SHA512
52876f39e1b29c8789c3e11af2b78bafbe320c1eae225c2a1406243cfcf87377213a14d759a54e19b97d29eea6be81bbf10c4383eb35feb453b2277cb0673708

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-journal

Filesize
36KB

MD5
76c4d2ea3bc79f0f29c3ba98c296232e

SHA1
5fc3ef745a43c24f904b32e10f16e594bf610f93

SHA256
3b8e115e6def9096b54416526a18962a1d9b2bb7ce3104b6c70f5ef9c76bdfc9

SHA512
bebc2671b2087164083bfd2235ba2243c4a258b7a0b956a8cf2d36207d700ade12cfc053392e6fa4a0e4552293ecc5bc87c555de22ae19b85fe27b1e7f4a206f

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

Filesize
512B

MD5
7702a3a5cf37f5a417452c3c6a4a3a4a

SHA1
f0b79a8fee578a43c80f33f1805037a2a47a5b2d

SHA256
c6630502b3bf415e67f9a6b51134a9d1b7d415970480f2afbb3dee697ea967e8

SHA512
26fc8f3f69da697e063d01dd470f9318cfece1389ff9571d31ad728ee8a3df4b720e7a5c998a19c3cae5dc8819febadc94e6cca8e0b9a9f065874fa8f50db472

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

Filesize
8KB

MD5
8e400ebccbd9eff3d440fb5a9a286954

SHA1
ec6bb0263f1f885a9e26abce847bc0fa48c2a4aa

SHA256
aa6034dfbd3dde887c8923dbec0373089aa44452bc445ac91c59c5553be07a2a

SHA512
be95ffed2af187f949ea83d5180c4dad5ec474d9ee9b7b4214e28ace91dc58a6da972c7e6f7266d7811c1103b012eaf1b205734cfd141fb3254789c328397dcb

Download Submit
/data/data/com.mobiletool.appstore/databases/downloads_classic.db-journal

Filesize
8KB

MD5
209111a92fd2301de32ca522394660d9

SHA1
27032f441000858c0e7a6f6bae58f6d522a87784

SHA256
b67b5beb9414a6d2848cf0287330e905744805035353017ea170c95a4e24d032

SHA512
2c26a360f36e3150396ad4bb51177aef24e545a8b1d499bf338e4748d780bfbfade14b6f95fccdb4864cfba8bde720f78f644d7a4c4cf34db599f7946d256668

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db

Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-journal

Filesize
8KB

MD5
cc991f8400efffd10c9439e93f6e7db0

SHA1
09679a524babed4e90917e260b637cc1503edc33

SHA256
9925656e5b2dd9df4ff950026e707cbb9e34f82d6b867818ba274426b2264db5

SHA512
7185f2f2f3c70327be3b012f9f1197e3e2f739b5f2b826c32883796add8e73923ea4fb2610b811bcfb2a0a2ab81efaab95205985d464a380c8b07af64c58fd7f

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-journal

Filesize
8KB

MD5
6aa3a2ea1e6fd21ad1cfc98f2c7b5262

SHA1
f1955718dfe2de0276ce83b557612661bce5767b

SHA256
6a402c1dbd6ddcf98ef9bfe04abcf7ad1b72442be2126c2e38b1d30fe95cab2d

SHA512
173ea10b0ea705975f7676469823bbe0418685f09fd05b35795952c1ddc8da069dd9e41faa001d9f577cefd03ccd68956f45c5e092e94ddf4fb060de0470a769

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-journal

Filesize
52KB

MD5
f907655cd4ed8b2036cab9d20007b52f

SHA1
8d1018aedd74be6b7bf25ed5f2ee59207f3a2312

SHA256
7babfaed1b478e645e904724ad57a42f473f4a1aeb76101ffa48f5fa1886ba4c

SHA512
b57a3fd5a7c8cb77875ea2e4354065e718379153f39920ce59e133bffc6ce05cbebf845e40c659842f84a0ced723ed2f93a81d1294a92f80d4f36a039a76649a

Download Submit
/data/data/com.mobiletool.appstore/files/agoo.pid

Filesize
56KB

MD5
5d7dc71a0871446b34d737f939251584

SHA1
eb5a9c00470e24acd0591cec66e7d6ba42dfe790

SHA256
294aff6dca348ffb4ebfd5bc943fd0af810a44b984ee622d03d6d0ba6990bd6d

SHA512
1a0b4244fc4b8c5031428173649a88b44945789c792dbe342e0fb7f90955916c759d96a68e352c99e3eda84ed1ca3b3787c0b83c334efc3c8b7c847d4eb568eb

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
8KB

MD5
1194f53dfc26e8515565be269dbab189

SHA1
9f1ef0047b33e56c1a0f54c2dc5d501122ced09e

SHA256
3238a53d39ef019bec14b81e7db2a0b41763db8ea18dbabb9de8260e633891d1

SHA512
d4ff103d8d13c4f7f311f55fe47cf61c394d9ad00e6a26ec38717af3b47df720aab71f37072fa2c72e010b916e14d94e371981eff3a7ea0fae6c93453bebf415

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
492c52fdd6ba07a8bca2ec9584d7da92

SHA1
5105a34a5b724ece6e695382dd65245915911f25

SHA256
28d8633a027e4c0840300fa2dda68e3e586e9790e14dfb3b0510a9a87702589f

SHA512
24cb718f7adef0107137c7af6eb1c00962726c0f42251a9b8339dba373f6eabc65f16006069ff1748908a758b6e6e849803db475d21f199398d0423db19652c6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
a3613c281bd930344ab87278fa445cd2

SHA1
18adc1609394f2c301e9ea4e7f3ee91ab68393c4

SHA256
b3fa28560a50dbe827387dc937baeff35012480273cbf6e16dd51eef0449d6fd

SHA512
9c3abc71de251a8367b35d915f390b49278c899590d254b19e2bc046209a238354919e797fb4ca70ff3ab4411335aade79304cd4d8dc20bc1af3bccfc1db0559

Download Submit