19609edd14902029c76983088f1eb216e0db7c578fbd9d3af10444b610baee74

Analysis

max time kernel
2890172s
max time network
161s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19609edd14902029c76983088f1eb216e0db7c578fbd9d3af10444b610baee74.apk
Size

19.1MB
MD5

d3a7f36c23ea4f7afe773d3be810cfaf
SHA1

e8eef60a0fca739812d740f5981934abeac4466a
SHA256

19609edd14902029c76983088f1eb216e0db7c578fbd9d3af10444b610baee74
SHA512

71d1297812d27163ba0f432778058df75f62a947caf099dcd5e9c45aa1262b44139a22cce1f1a091b825469b66a6ed4a3bc113bce76e9aef717b794f8c7f807c
SSDEEP

393216:TZgAq1A94t57NLxuUYtuNwUtnW1PKzqQAzuCLvSDldwDJOb7ssb0zt+IfsjR:Vsw4tfLPYawA4PK+QAzNSDOJympfUR

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.hudiefive.chenyu

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.hudiefive.chenyu/files/AdDex.4.0.1.dex	4992	com.hudiefive.chenyu
/data/user/0/com.hudiefive.chenyu/files/AdDex.4.0.1.dex	4992	com.hudiefive.chenyu
/data/user/0/com.hudiefive.chenyu/files/AdDex.4.0.1.dex	5226	com.hudiefive.chenyu:download_server
/data/user/0/com.hudiefive.chenyu/files/AdDex.4.0.1.dex	5226	com.hudiefive.chenyu:download_server

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 2 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.hudiefive.chenyu
Framework API call	android.hardware.SensorManager.registerListener	com.hudiefive.chenyu:download_server

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hudiefive.chenyu
Framework API call	javax.crypto.Cipher.doFinal	com.hudiefive.chenyu:download_server

com.hudiefive.chenyu
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4992

com.hudiefive.chenyu:download_server
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5226

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hudiefive.chenyu/app_model/TinyCnnModel

Filesize
704KB

MD5
62a64143d87610b1a974c5226b36516f

SHA1
157791756134c54330203dead7edb5bd63417425

SHA256
59e63af392c5deeabf671e4e5cf23af3ea8cfb456f53c1d07bf7ae742627ea41

SHA512
53c349eaad40c9e0df2264a8c1afc0898b012aff4b98922bb538159c93914c9d3fa47dd1e9df0f3d2d40d6ec58732b8199aba382e42d65073edad5adfa06f539

Download Submit
/data/data/com.hudiefive.chenyu/databases/MESSAGE.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.hudiefive.chenyu/databases/MESSAGE.db-journal

Filesize
512B

MD5
a2e1cb7b3058d4b05170f2e5985521c6

SHA1
dd686ea9dcccd4d186685ea92dd3df51bcae9520

SHA256
d97d0c926c9f29a0de6b257fdb8c2f8795c453ed186b7dc7ad336a66111a7daf

SHA512
8a0d05da13c4c05d32b93ddbe6837630130659e164faedcfa24836d699ba9ef40307f17e0530cc57e9c9d253b60be0f17018cc1c62cbff0d99f77f49ebf6f71e

Download Submit
/data/data/com.hudiefive.chenyu/databases/MESSAGE.db-journal

Filesize
8KB

MD5
df2318fcf4d9938dbfa96a6032ba77cd

SHA1
d25aec4de27793c3722b1e410db094190b1f633d

SHA256
1a78d4746af79baba74e315b6eaebd756c004ee77dcbeb88b772ce7c5c630531

SHA512
bab5c6a7b30afb1f5b66be7df312febbea7137bc3971cf260ec645c05bddda740da7e755c230e4c6c89fb6a9f6ecdaf4ad9ac649889312a18a06cc440be3d53c

Download Submit
/data/data/com.hudiefive.chenyu/databases/MESSAGE.db-journal

Filesize
8KB

MD5
898b96000e60f0e77d5fefaff51aee4f

SHA1
87d28bf93614263e3196097ce2c4eae33681c6b1

SHA256
503b08701299dcd708e972a894987b619579fd465c1a646c8ee2c511b6410fcf

SHA512
a24801deecd4607a584be8459ae7b283908d38858c5e0d0311d9de4331622b571b4da594ab5be712febff2705f8c805059f1cd3d34caaf69ebc99070a72317a8

Download Submit
/data/data/com.hudiefive.chenyu/files/AdDex.4.0.1.dex

Filesize
82KB

MD5
261c2cba017cd86287a1720432fdda01

SHA1
73da81d2a9846a69fe02ff4ce554db7a94326b88

SHA256
69c54ce7adc1b9e6b59df395c854328cb498e899ee98af77d0019274b1e37a7f

SHA512
d5f7fe9e10a10ffc519d5f5674066f722ed7f2aa2f89bf5ff18e3255958b5650f875363a5dad87a32f0a8969b5c869fcba5ac8215d4922dc7dd1a28caedf892c

Download Submit
/data/data/com.hudiefive.chenyu/files/start_eventsrv

Filesize
352B

MD5
e6cb086ae00a2668ab3a800b59b57b57

SHA1
84e0ecd9c702adda4cb52817875cda42be161c80

SHA256
0d9785fd51b54294b1e0989588b3c5e276414f1d821d869aef92454d784b1c7c

SHA512
5dbad8ea14de185dbf3655c04f58a330b7c6d8b13578cda4d30b2607767e7b0b7d534594c3cad8107312ba4480b8f070889117ea5caaed81d6051327b45bce21

Download Submit
/data/data/com.hudiefive.chenyu/files/start_eventsrvR

Filesize
280B

MD5
6bb05c9301db2a24c423b45d10e9aabb

SHA1
63708c7144c41273af1a858daaa596c8f9f1bfd8

SHA256
e4a7527d64048916436ce3ccb935fca950b86a69fc105e1e5b9304161c4d7e7f

SHA512
50a12246ba70b6cd5b067c3d22433a798edaddbd6b8ddde38b5d99ab36805e07ca9cccb82c2df56186e9f18d11c24c323de8ef664744db2bb563902c81e88ecf

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MTIxMTUy

Filesize
1KB

MD5
a22097af5b95f3ff6ee3437590d8b92a

SHA1
b6e65110bc6964922b66058c713a40632e725471

SHA256
fcea38700ac7d67e102c39994586e167f6ea99952a4404704aaeab2647807f4f

SHA512
1ce0ad0c01e01edef813ee29ad293f479de35e1340b42a9087c1b6574edad4a01256c07542de60e234a20e8793ef27455d9ff47238ebce438030733319662147

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MTIxMjI3

Filesize
1KB

MD5
5528b4d60cf9fec0790e8b5dad3c386b

SHA1
ecc594c076ddb2c72da71eee9b8631b32937705a

SHA256
45275ca2bb9c0fa44356e88273055dcbed400fbe71d24203d30ac3b27cf9c791

SHA512
e400fe34d6699afd79aef32d2ebed20ba0b94311aea7fa708dea4004e82ba6287bd9a31a4e015200103bafe9a64286632e7e19d464d197fd25a802175b4e0529

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MTU2ODgy

Filesize
1KB

MD5
6cc30aa4c186163c5c6899e05292f6ff

SHA1
57df8e68e91ef4b0b0388687f60428d1b55b5012

SHA256
362f9fdfbd56dd58cef02e54f13f6cca4366a991a97335db19975dfe1e8f1ed4

SHA512
8f752095d4277b664cf649c809ba0d43eb7f0af17df85facc896c9b0a248eee04135c7c69240b6e8c4cf991b686d7914e0d7afaaaf7c866799369f7c62af8fa6

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MTg3MTE1

Filesize
1KB

MD5
10b0a6e57734c40b67b171300d2ab1d5

SHA1
f292d724d32b2a82173637f66aab3c3dfe57801a

SHA256
fe28376743561338676527c5de2a1e3da4968790d19894d28ce588d97470e074

SHA512
3d205b5670919786bd7f50d194e6acbf9e7132b1e9d4cdf103e19234ddc291281c7220cee0108a40974f56f0e47dd57ea7097c6669309c50dd80e7a242b6bbb6

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MTgyMDEw

Filesize
1KB

MD5
eaa5f2a26488f2db41b8a6eb2e1d652a

SHA1
f8de48755c594ca68eaf849b18b30da27b397980

SHA256
b5fd95024ad61b42c383b2c6e4a4799c0556af5f29ac198376cfbc9506a10ce0

SHA512
e3281d5b4fe41ac05e63f164913cbc3f0aea03e6e1538398d04cc372cd22490c2482eed70ce1123de806ad00aade70271f7adbbab2702a5a3ae2d16ab1c77189

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MjE3MzY0

Filesize
1KB

MD5
3c979ee566960a1bcb8bdc832ff01361

SHA1
64aec0a82ebe95c6c7b3b4117fa00ca86e6c4d48

SHA256
fa9c8b6bc001c5fe1e125cc8d12feb23b95bacbf65781818d0484f7cbd41d298

SHA512
9064b2dba788f697232654f17ae7c90388dc8a59cf8850ffb746d7eeb84f339501cd5a5a6b020aea1f65f7582fab4c27375cc634bdbcc2617203a990f7eb8d2f

Download Submit
/data/data/com.hudiefive.chenyu/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjk3MjIyMTc0

Filesize
987KB

MD5
0f903cf72d246ef61a6090fce423c237

SHA1
6eeed784fd22705a1cffa420a2d91dbc5da9a528

SHA256
970fc6af8f0d0635a609af2510ba57bc46bc583b9d564008000e67517176220a

SHA512
33cafd9ea13928191501998e3639562b24ca961a27385ec7799390c8a7bfafd807284ba8f07ac495ce9dae5d5745253618644040110e72335c0ee699e2c9c4f7

Download Submit
/data/user/0/com.hudiefive.chenyu/files/AdDex.4.0.1.dex

Filesize
167KB

MD5
094767f7c1787846b9a4be050cb801c5

SHA1
f4892b93191ba3c2f06cb66aaa446589edd9c446

SHA256
25380360545288fee582ce904d926952f7f0627f8f191b55643e5e876e56da9f

SHA512
8d891e690c96048cf55db2f75041d7e531c8c114c52e4e6b8d37bba1062f87034b644afd1898da8c0894996bf0fc573e8101ca86f0e34a813982581ff2363877

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
00f359a94654ec6baa940897907da74c

SHA1
14aa569817f240283d95a33b2501a91cbf7c78e7

SHA256
e28d22e1644f8fb885ace92346960e54aaf72c62f782b9247ff0b03935fd6f30

SHA512
5debb32e5c2736cf7c8e99d14f275f1f4b3deea938e7207f8decac36b7c6e756e4f8a219096d80af6f52f53be95a8358001aeda9ce386580620fa8aa5ff2763c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
3b00bdea7d9b3adb98830e636291952d

SHA1
b2b6f200adec611b0f42afb1dbbeaa03008f05a7

SHA256
5bdbf7b2ff8e24ccf346efe5e9b2f207720fe071c998049334e1b08c457c50e1

SHA512
3913a7bd193ba9a697198b09768ade01a944bc0300800143236e516237300e6e8c7b241d84e95e82029c9c1c39d66071a11b0c3a616aaea9e8c4cd337a82ed3e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
623828d495e3b5c281fd65f4b559a582

SHA1
ae97a8e1cd00ea45a5b9f411aab65997f025e48b

SHA256
50e2db6b3ae2cdf2dd4cb798ed75b7d0d2f7208794c5bc4a92831160a5426589

SHA512
ba91ae6dc6d0241aa28d606d5f4c6022d6f0a68534ae6f4784c1ff0f65f1403450f1a4f5e16ee4b3907ddea4ac778ad160670649f04fc358f70c529128d3aa28

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
d6dc67e1eb2e57f2eb3bf48b31ac881d

SHA1
63b99f15d477c2bbea98bfb342903cd27e9690e7

SHA256
51ecaf36f2f2ff308917ee715e05cab199d908ad9e9ab05118ff18ad3c71fc6b

SHA512
9d663886d7394ede57cf663cecbc676004abc60a33855a2c7627226d36fd4beba461512868a80159981d9b96430c4cd03b78b24dbd97ecd4c82eadf7fba03ed4

Download Submit
/storage/emulated/0/.uip.config.json

Filesize
14KB

MD5
70551f51998f21e4ef6638ce0afb7c9a

SHA1
ae4505bdf13993773716e3d9eedf0444d97cd491

SHA256
18d9e6f2f098894121ca8a937ea9a90de074c418874d745c1b7d57752365c8af

SHA512
ef182d6f3a4dba38540e4bbc940183e5887622d384e4d7a168c1c55ee0ec8bb549c67943cc649e5cc48840c7e2c2bd1cb68bfc9e88c40730d01b0ee04520c6de

Download Submit
/storage/emulated/0/com.hudiefive.chenyu/appDayStatisFree

Filesize
10B

MD5
440a3dc094c29743ef616df722347a81

SHA1
27767981c44d705ee85ed56dde50e221343644c7

SHA256
eea326b63fccf7d4e2af3dc8e305596e21d7394c6bf696d495412ffa691cfa74

SHA512
507484a3fb7c5d0ee6f8fe9ca66157c03de4dd6ca8c2a4819bab34fb964a2471e19b9bd6b1b78b01c9bc0aef5b39bcec9a8f8f7e65e7a55b0d0d0366342917cc

Download Submit
/storage/emulated/0/elf_uuid/uuid

Filesize
36B

MD5
b755ab825b4ca31ad3e10bae787b2207

SHA1
8618497abdb923fee7b4aa769857b594f8b02738

SHA256
579a4f67880f7534bcc53b551fbfcb13152ffe63a0c5dfb5e4e8a69fda3786a8

SHA512
eb261dc2e278e2f5b587990cae67538717282d1ad4aae1d21a0c111f1c5461b8c739f0b29a764580703aa5277964cb590ea688cf42c806192857a4384cc64d5e

Download Submit
/storage/emulated/0/hudieAtt/_hudie_zhfamc.txt

Filesize
52B

MD5
e7ebdae80e0a76d3aceba0b05631e575

SHA1
b2f5dd59e10eb28e0fe811e543d0c3973962afea

SHA256
2f4f3f6465b54e526fa88619a8d2398428887dc01421085f641419fda5509b49

SHA512
330d7ce15db04838cc1bbfb39535145a62368842d3ceeb0a1890cd19432f37198c064b324ace98b222e7b1ca700589eddc34bb0c7202d98757f565d5819406a2

Download Submit