25b69499915063d7f6026508106a83e8f8a6ade2c53f01d5b8ae850f9ee94813

Analysis

max time kernel
2673302s
max time network
151s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 13:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25b69499915063d7f6026508106a83e8f8a6ade2c53f01d5b8ae850f9ee94813.apk
Size

14.3MB
MD5

4d2f3bf8d722c4e537b8962378faa0d1
SHA1

77bf2182d85b81a80fd5175c85b37e1b345f797a
SHA256

25b69499915063d7f6026508106a83e8f8a6ade2c53f01d5b8ae850f9ee94813
SHA512

28a79a1d9f6ae5a4848198bada8ae79dbab6f0c2801f9076d39ab67e6f043f9f91769657591671cfe5ca4d44b308e0e9ec8199465d1a89cb70dffd0fbd51374c
SSDEEP

393216:P3LME2KREhGIQWmFNZX0cMYE2HilR/MCYOsUCJUZR3Q:PQXKRVZWmJ0cMpqilR/r/YJUZR3Q

Score

8^/10

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus:pushservice
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus:pushservice

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nfdaily.nfplus:pushservice
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nfdaily.nfplus:pushservice

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nfdaily.nfplus
Framework API call	javax.crypto.Cipher.doFinal	com.nfdaily.nfplus:pushservice

com.nfdaily.nfplus
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4921

com.nfdaily.nfplus:pushservice
1⤵
- Requests cell location
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4972

com.nfdaily.nfplus:pushservice
1⤵
- Requests cell location
- Acquires the wake lock
PID:5202

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nfdaily.nfplus/databases/TestinAgent.db

Filesize
12KB

MD5
8e9f766c762457702dbc84943d45a428

SHA1
3d0b03568a56e8b1076fb3e48518a1d7f5f867f2

SHA256
ba267fba1ec7f678c80e7ed1a970dc0dc2f026ce9029bbcf722340a77eebe48c

SHA512
2e888a63d6009248b4e983e3661a4608dd860fea31fd629537903a9c9ec8006b6f4b146ef1812f79fed0bba8227f09bccdc3ac853060da33750fb8ce106a792d

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-journal

Filesize
8KB

MD5
916f20e37fe8687cafdc78951833245b

SHA1
dbeb4f1f02640184ab174e7cb8ead84cce8b2318

SHA256
5be57aea8a2a497cfb8fe15f1efd5429cca9f613720d276cff170b6cd3923c71

SHA512
e628ce8765945c8abfdc4eb79170e5002ed867f1bff25921688d211470f7438b7884cc6deb58e7a2bb5b30b0d054845c8dcea7957568a61dc8031a2f7b596360

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-journal

Filesize
8KB

MD5
de56d8ae3142889f51b804d44350e429

SHA1
db114268c356b12fc13e23f376559f2dd4d16d7a

SHA256
51ccc80e37fbecd5539dc49bbb1055f7aefdf3ff3a183ce472e0a673294a7497

SHA512
e9b34e05f96ba5cb5e9f3a451619077d39029bd784a7983accf4e35cb80e2eef3936af4ec2d0ef08e5b4e8c5a745ab6e676c7a3d69eae9252a09471cc6c035a6

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-journal

Filesize
8KB

MD5
7aab8a26da0cd5bb0b5dc921c884c218

SHA1
f453359d0bf01b682b9ba74f6f446a205afb7233

SHA256
8e34cf3353aa455ef31d3f607368ecf9cc104e71cee7f1b465f3580574d4d870

SHA512
7c437b0c42667cdf0293aeda3671c10b7bf074452838dc2a4bc215f982700facc808facb795c986e428c49f99c82c495640332a1e13d3662579e20fc91f00967

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-journal

Filesize
12KB

MD5
6d14af6a980d81837dc2ffc03f0baae5

SHA1
3d35b386a1b84ec41e281f0de9efd5751449e7b3

SHA256
ab2c08b9f6b7fba5e95317a7e312bf273ca09914551dd8f10ee888b5c84cbbcb

SHA512
701cf9e99e0618937352c178cf167b01ea28ae805f209abe81045b9e1df0e01e0d444527dfe3320a944077261baffee9b22c3fb5a9b35a446cf3a9987b4b67b2

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_

Filesize
32KB

MD5
8a18a7f37fcf76e92a82f0656379d779

SHA1
85f0cba84e1ecdacd6359dfb181626d2ff7cf3cb

SHA256
ec1e367c6c85e420e4e5294da9e09854641d84fd6d68ab630915626edb30a8c5

SHA512
f3824fa4bf4fc6b812aa1ac6eb88e8b7f05bf2e34fbfbc8b481304ace6291a7b9cfd6e342973a18dd714a4c2dad5fe702bf27987b9a0f685ce0e83875c22c390

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_

Filesize
32KB

MD5
26a2ec5ebc9604a677a56183a53db698

SHA1
476439eafb3db5161759bbff739a64ead5a2fef7

SHA256
344241136f62ddcdf79062def9e555c5887727a421df1d9a11af45eb2f02ac48

SHA512
d7fbb3b98169261e9f7c01ef844d94bde36bfdccaa0aa2c3e2853177679145fd9666fc7bc5d3f6a5ba3f6a96981ccfab01be23253cb60e00a946cb252cb06042

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
8KB

MD5
b0f9ec2e064380922f4c0e9f8eea035d

SHA1
06f80aa85e79b87d33c23f9a69ece46889486552

SHA256
39ce3b9194b52e39468ad8b804f5774296c957a59592ff9f9f5b3fe3e561ee5c

SHA512
6aaa2344097ed61237e83dac58569a5cea5c7fc056a2c6c3b72c59f90cbcea1ba176e293ac1eeaf0adbd9e3436125a755a3fd8e205383e1152f453bb7b8ed9ff

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
8KB

MD5
c5e78cb0624acea3bc85811eea3a8c12

SHA1
3c11bce330010b6d2c327d7c12bf0ffff6b3c834

SHA256
b66290071fcf15a06d692fa99cd84885f96f2ee5def202ff758a3e2e0354effa

SHA512
ad7413516929bc2bcbd36b4de43fc1ee163dca9701154504d2b878d0f4df47e16ff83e4dd2ef3c555c3c3392b92b11cacd284a790ae642034d222bb92328776b

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
8KB

MD5
7e1ff09955b12103540d46674f59dd5e

SHA1
a8c539fbc4543fa1a5a5f6119f57b4dfa18f17d3

SHA256
b9c6f50bba99315292db73a4c8506712041500943baf67928dc10e4fde9e7bda

SHA512
f759c9b99105c7754301693dcace0a2f7ae063e4bb82b05405e10d48a5ca8771a6bb841153adf3984b5f0f878c3c5cb44967f95a8a02b16b72e13dcbc83f65a7

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
8KB

MD5
75d82d9b6f8601ed395e11f78fedb3dd

SHA1
55ad12162ad5af0a8f2b7ad5d4c9ae75416197ae

SHA256
401a7785204431e7e41a7696d93bc7c635b981a061c02ee427a395f84c1ef828

SHA512
b9d4e3046466ee4a06d92e8fadeda7a9e44d7bb0fb2e3a1ba6883a51750f2b6d910389edf524756af0935d250f574c3787814e4b292e4f134f57cb3eb570bd3d

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
8KB

MD5
bb9e3bf92162d778899663b6bcca5d6b

SHA1
21e8f5e4b41cc78a8484495f28399d3f32d1b4fd

SHA256
b682f48ddcf348357e4524f557de2b81437acc3e608aa6000ad55e11e19ba31c

SHA512
60d56c8ef219529082119f601c55fc1b5edde4d6c4435877e672ecaf542649d8a81a6b90cbd4c85ec66f4a07abdae34673b8548951f78e35b2fa8929508278f9

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
12KB

MD5
f744e839ab1b70c4d3504fb49ce170ee

SHA1
b812d2b9961f3e22e1f59dc39696baaeb0da567d

SHA256
5f0a2afd01263594222643a18b9debc71b56a7e5018cd17a76acf834cda4f406

SHA512
7b9e2cda100e308316566af9c37b13b0b3a2afd78f08e7f3ceef29c85d8c2ecfcbd3e6ab92534691e5a37b6ad13562ae058ef6e36ec9fef5427780800a377680

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
12KB

MD5
1b91098b6d98223e6fe8381e53908276

SHA1
731944422b734f57b3f918d6723fc9ef054ddf86

SHA256
672f05f417ec0651174a761cd541135010bbd163d760ea3ba9045e1f0cf8d8df

SHA512
5dd1fdeed5e24d23bad90d4de850cffca8e437122ad7ebf9c953f38264aa7077cfd346f67ff71d1652a7807ef1a86e5d6227a3a6ec8c274a686976a261749843

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
40KB

MD5
4db2c78593d6b63abb58153f2177d0fd

SHA1
0b3df538787d9e52c488cce20dc92fc6cc85bdb9

SHA256
915d31dafc33277bc955a33f969a1f3ef8d6dd8d85e39b18f7d28f81d94410e4

SHA512
73cb1d1310a61218570c7a0818454bc1f079098d975f6fc187e902091b8c8b926109fc7fe8d6ccee24e4a31f31039b24c829f8ef512e4c20cd2dc6557bc0cc29

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db

Filesize
44KB

MD5
aca522421bfafabca4b333bd73e322df

SHA1
9e1e0e080cbdc337ff5ab4d6e18b4446e277d562

SHA256
f22992a328bdd1ebf2cb7047aecad02a823e65574df73fc796819deecfddf1b9

SHA512
5803a3f227358d21fa24f928210b100c76810e784aefd637432715f4861275fcabe518a704a4401d0ebcf2b2bfe3623261d527c5584efb8e82b05b240991b43f

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
8KB

MD5
2ad53bccbf0d21ac603fbecfa8dc677a

SHA1
466017cf1be5fc9d3e2114b82c4c9de5a7a3fb32

SHA256
f533e3fe38145b4473393591e459f26f0ad3f20c5f85e22905b0461d94b38b2b

SHA512
169d62ca375c9ef7c4cbc7fe8da6bd88404b039b5e993552047c212539337b4e0582f04b65a9520b90102eb176e30be89fa843b70d14ce3a463849fac0878e3b

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
4KB

MD5
22a43f598d34304d5ed5a2e99448e13f

SHA1
554a5d10b11a84e7d6fb7cc9021d1a037b38773c

SHA256
e02c8347281f40ae6c4ede8fdbe4e139d9d103aa72a0fd509e23adbd7790ef3c

SHA512
b39d199bf1ed3e1abed8eddf83278a1a85f5800581cec78e473e2b9b74f68a40d5dd66cd4f186ad9582f6699070847658171d66e69ac04fa3693c89d41a2eacc

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
512B

MD5
4e7268ddef08dfaadbd9b955ecc9f552

SHA1
ca73045ad4275698f80e53fab7e365308d2555d4

SHA256
96b4443ba21baa4c47065d7f0763d2777d1807a230983ec8a8dd287c83a0af88

SHA512
05f853197957a567a249a8045281d829485eb3ac62d36e481fe0be9b3c4e8ab41339cd54717084d490744e907bffd754baf46dbbb2d5eb7c12800496793d2784

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
40KB

MD5
3d74e33b454e422cdf137754da438c93

SHA1
176af89f08f3116fcf15718d6b644c14b1072ad6

SHA256
5a4e7396f9941f24797bf087a1e3ee5f795f2c15e923a5026a09f9b756ee3e32

SHA512
ef4efe964a9c22203e9d5208310d04feab4954d58ae7cc601b2db4e8a23b86bb09f44073a58e669af3d04d6f32758c38ee9c5616674a9944a8dfc6b6ce2919f2

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
8KB

MD5
5ab54140ef5ad680587e8ee56ae32609

SHA1
d09ce8555bd73c6cb8d57d9641da794b37f4c209

SHA256
95eeda5447802a37922d44f9d7cbcf4fb04d5e16a060a976a1f00920ed585df8

SHA512
176ec14d1a294fb1ec59af7bf78b1a6032018f51c3fe3778aff28456950f4cfa2b14ee7adb26d48329dcaf91fb90368a57b97473871ff03a6cb072dffc3faa95

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
512B

MD5
945c448c5161a25b5a639751980c6d5b

SHA1
5b6b1abaea8b5e5488a18dbb474a0e87a7295b42

SHA256
71b76953af2affd15959e9b3eccebb60d7cd17281890a975a1f120d930b60bc8

SHA512
f7061fc983a021c7355095b35f00b2b0e86c6fa328f07e28ac585aea53244893a8475832546fc6c04b0296395db3c50fc9f3d0692659ac0d505f25f04281f7dd

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
8KB

MD5
5b6dcf4ea72a1512eccb9313007dab2d

SHA1
21364279a0ae659f70a833ae75d63d5f45cdcc0e

SHA256
a5c1cc414f6e31d22a1df1f1908535958bdb6ae422077f9efb29b0afd51443c1

SHA512
59682e1d5030da741ae35f450fd72f78e90549b1ed30b3f15e90f964e5a4806e79ee180420c65be36e375b551d63b0a0a7157bd1b6661a1340dc58eecdb00a72

Download Submit
/data/data/com.nfdaily.nfplus/files/FounderReader/localWeatherTemplate/localWeatherTemplate.zip

Filesize
29KB

MD5
79ae75011f6b6c78f80dbaf486595287

SHA1
4617fddcf7dbb234ddb4d371f2895af7f2f792df

SHA256
706036a4b40dc4333890775aa908831177c310168d6167949bc997a511ad3e77

SHA512
7ad63f9dafa2d002bdad3a92bc4618bde47dab30f7534fb217a2aeb92d6d95b482201c0c15b5766ea93ddff6a09d4e3ea97ff3130cb51220116955b3693a92be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads