Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

0e541b81fb...f7.apk

 

0e541b81fb...f7.apk

android-11-x64

8

Analysis

  • max time kernel
    2867880s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    23/12/2023, 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e541b81fb79f1aedaea3e512212e51e7da1fbf28ed4d7ca3404c3ac1a2900f7.apk

  • Size

    8.4MB

  • MD5

    9b2bce13c4372f62de58faa1ef1c3297

  • SHA1

    6d392db6062725006ccffd8919853cefb4e1f03b

  • SHA256

    0e541b81fb79f1aedaea3e512212e51e7da1fbf28ed4d7ca3404c3ac1a2900f7

  • SHA512

    7fe17e4611b9e8465014b153161838ab29452efc7f7ca84518886c641c08e904ca7ab810579ce4380730d9db9fef93042bed6273258307e43a28cc7130d21d7d

  • SSDEEP

    196608:izrmvmDmImaLzl+icjY/jqhTsYD4loVYTyyXb61hX:izrmvmDmImaLujoOhQYD48YWX

Score
8/10
evasion

Malware Config

Signatures

  • Requests cell location 3 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.yxxinglin.xzid43499
    1⤵
      PID:4521
    • com.yxxinglin.xzid43499:GuardService
      1⤵
      • Requests cell location
      • Listens for changes in the sensor environment (might be used to detect emulation)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4554
    • com.yxxinglin.xzid43499:GuardService
      1⤵
      • Requests cell location
      PID:4725

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.yxxinglin.xzid43499/files/Archimedes_p4
      Filesize

      13B

      MD5

      5d1fe391f5e048b5c236dba6732f526e

      SHA1

      6dd7944c8c4f980e2c9f4efc479e8825fcf9536d

      SHA256

      8140fbb943fee9f1e582bbbb71861011a11cfda36338046e26c7da4066fff3c1

      SHA512

      54a01002c32854e27c7c06e4c36e4e2123728564eab7e99348e9eb414ffaae0e96fd554e203092fcb38b0c0426a328c9de86a70730f2323e51109fa7827a5af5

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/Archimedes_p5
      Filesize

      13B

      MD5

      356cf73f446e5c531c007de2ad8c3d12

      SHA1

      9bb285a84f77f563a74695dcad79a5f272f54c51

      SHA256

      2c83b476dec2a84cb21eeef4af6a4dc819abe214b04506b50f91cb0b95f4c9ab

      SHA512

      8bc4c7ef60642d833ba19957057c3c5034da52bfd77e637b137dc316d36356f9204c821bdfa4db8221b543d7afe99e8b8a3ac59b55e9ff65f46604a92b6ab829

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/TDCloud_Control_Cache_Param1
      Filesize

      2B

      MD5

      99914b932bd37a50b983c5e7c90ae93b

      SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

      SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

      SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/_Ladder_Project/Archimedes_p1
      Filesize

      14B

      MD5

      3b6d6a928cede0d46f9bcd3dc24c7031

      SHA1

      55d2df5ba34bad54e17753a4fa859b688e145366

      SHA256

      a091a32e3b345b8056cc32ef42307d7af6d9f486d61c10c5263a66fd2b68607b

      SHA512

      5b5b90d4a55f379c233f35b27f9baaff63e5522f060003c98dba3e58537be608cdf7555e324cf458fcd8ed31e7a615ca35012cbf6af48ddf2ff93a2335678126

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/_Ladder_Project/Archimedes_p2
      Filesize

      14B

      MD5

      33dfbe6b35e7b83014368dbbbcff8977

      SHA1

      b8702da51cb7ce9f233ea6ac024166f0003e9d40

      SHA256

      9026d579a77c69c412f0a417dab885c870db02c20823455d6c5676d1b642ab7f

      SHA512

      daca03d742f6bc2b3b5bb91268195efefa3a67c12a576cc807497b800a29a2036d2be2730af5fd964ac7f3624667d35568d7e14f600da48d8616ec92c5394f09

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/_Ladder_Project/Archimedes_p3
      Filesize

      13B

      MD5

      fb23a5ca29c496159820fc8ff5b8b618

      SHA1

      5113733f8611e53fa820ae8e6ecc396dd5e31ee8

      SHA256

      da631bb476b26db30eb05b5e34139e7b5196b3386ccdb60bc8d46e5134dacbb7

      SHA512

      45a7ae946bd2712a43a3c2b1e177009ab89800a82c3388c5c7291de2c660af923f7491311c2f7645df98ca29ca9d3f6a2a099d44097058578d7cca01b6406cf1

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database0SaaS/1703674919735_4554
      Filesize

      2KB

      MD5

      3cade4329ee7a0bbfbf145bc01eef9d0

      SHA1

      a76fa8bec033fdaad4dcdcb97dc8b8b8e37518b7

      SHA256

      dc664ed189f3b46973031dd516fbef241e67839413de0a1e83ab5fa7ef6edce2

      SHA512

      9db4234a8a35c231ef11d5a8a0bacbab833f898435a9998fb20a58fb71aefabbbebc820d7e513ef9e7b1062e16e6ad339a68eb0ac0f953a15f25d50ae1b164aa

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database2SaaS/1703674919565_4554
      Filesize

      2KB

      MD5

      af5dd5780887509d171609803db02fc9

      SHA1

      23f66d096f6106c88e7f717226ec4672895a77ad

      SHA256

      341c947606136d89505f3622ed604dfa5ea1e496b225adb1f0acc2755d5fa6c4

      SHA512

      3e4389febf8269380d9a7627791bfccd9e85b73b3a27969f9846f5a9e7662fe59b70a7a718d029340d755f0fe1b36889263c9a8156ff913517e4c8dce6ba79cf

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database2SaaS/1703674919652_4554
      Filesize

      3KB

      MD5

      d0af317faba0364de0883ec55778d9fd

      SHA1

      20be693f76b09bf0ecd9a8defc7ad3bd80d8909f

      SHA256

      42236cfb429e32182ad02ba0a98ce5b62dbd82d0b4eb7dfb6f94e80a5c7b1e43

      SHA512

      1605e6a112061c4d2a9d0978871dea9f96dbb9d0877cd73b61da3493f063ae490ea8bf3b1ca1363551c87697070d7bc27fe0dcfddf3b413c5bd3f068d741d57f

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database2SaaS/1703674919850_4554
      Filesize

      3KB

      MD5

      4c3a5914cee78624a4c1d6d2d845c1aa

      SHA1

      d4aacaf16ae195fb3d5fdb304443928fb632782f

      SHA256

      0f752d29adc8d18870f1a2ff612f4532eb9e2d5b0c8bb23536c72baccbbf2313

      SHA512

      5c8ebaca6658ac718cc21571d81e89a46497ac8164bff0e6fde67861220e897e613b1430edf5e30d57517f676d021ff00f082f07bbe8cae6089ace1e5924177b

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database2SaaS/1703674919978_4554
      Filesize

      4KB

      MD5

      2f0b9e34d0ccc96a531c027269a8b784

      SHA1

      c73eb41901dc49296b443d6d26cf6fa2ee0c73fa

      SHA256

      76be04c674a922912e9637d92cd921be5bb9a4a4148e71661e645cd52be796c2

      SHA512

      d0fabd2280c0ed440c1968d678ef00ac06399f0f574dfbc95ba596f5d69111b6046eac550c0258a66f58e7b656b001d0a9c5c8d5cbb5e23e59540bf6c4cadcf5

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/__database_reborn_January_one__/td_database2SaaS/1703674920079_4554
      Filesize

      4KB

      MD5

      bfcf3772b2cf9b19c1b25eea75ef0185

      SHA1

      ebdac2e4a0b4870d922dcd9256cbfa7f4df00bc2

      SHA256

      2dcabdd1d6dd958141d501159648bd98fe923ceb1783f65cde204f25684a20ec

      SHA512

      b60cfa84be25bcbdbe71f9981ef9397783ef4109c95406eb42e58ada049335c290714b8e388f32af8f36974ec7009b7b6f4a13f29aa2dc357cf64a6e9159878c

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/mPBE/iv
      Filesize

      64B

      MD5

      431b3d748a80016f8bf4e988acd91e43

      SHA1

      84e8168d25f77da295e828af6cb8a63b62ca6c08

      SHA256

      d5d7fa3c482e3234a4a8509412132601319546a0b036a1e961dbea91e34eba9c

      SHA512

      3fbca83dd13c49a81ce983f02076f8642cb3e2b7f2581d955e8829f618db2f06d6676893d3f93e72198555e807e266f0da15f66f660e61830946914dc13092c1

      Download Submit

    • /data/user/0/com.yxxinglin.xzid43499/files/mPBE/salt
      Filesize

      113B

      MD5

      70439213c93efabedf32153bd2cae57c

      SHA1

      1780d0867436f3b65859befa7292787f5f1f9427

      SHA256

      ffc56666028c20671e28d47446f4f1f3a0c037f5ebe022bf7893fc4d27a72a45

      SHA512

      24ffed9fa2ef01969cab6550704ca1e432b95c648e4c83323a1270698533b946f5c558c52177c47efb945d21945346a974fa8eaae0ebf317bb166a4e8bb28dca

      Download Submit

    • /storage/emulated/0/.tcookieid
      Filesize

      33B

      MD5

      a4efc75ebe8fb86a61babdb6978837f6

      SHA1

      ce2564ba48fa88be73fc393bde47d5bfd9fbd800

      SHA256

      fc7ca95d8528d41e3bb95992967af94748dec2dfc0f7c57004b42456e76d89ef

      SHA512

      01684d1d2e70e64f3ef71b4de8e4d3825592625b2b9f13a6453b4b2356cb3f7a6aeb3e68269ce3e1cd61ffd41be24167517ec1d20ef4bf919dad386a3b38bc6d

      Download Submit