26abb8b11b762467eb5c3ff9ae6dfb4cf421d6d164d4c2344826098e10549e13

Analysis

max time kernel
2675064s
max time network
170s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23-12-2023 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26abb8b11b762467eb5c3ff9ae6dfb4cf421d6d164d4c2344826098e10549e13.apk
Size

10.9MB
MD5

06f2490eb7a9940c2ae75632e5b99eab
SHA1

228bdf339f364d8a71531a1ef3dfba4bd6c02e40
SHA256

26abb8b11b762467eb5c3ff9ae6dfb4cf421d6d164d4c2344826098e10549e13
SHA512

56818d60e99aa397c789f7916948d2fce2fac0d33eb19275b82b27016ac62ec2170be8b33bbf07f0b22cccc5a137e8304cbebc6e1cab8781b9b240b40aeba996
SSDEEP

196608:A3kMCW037T2ElcNOqCBDMPCN08sS8v/yZsp3Ipbcbrb8bebu5y/WVo+UxylNhu6A:AUfW1ElcNMB4F8sS8Tp3q5yOebL6A

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.sloan.framework.jdzt:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.sloan.framework.jdzt
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sloan.framework.jdzt

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.sloan.framework.jdzt

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sloan.framework.jdzt
Framework API call	javax.crypto.Cipher.doFinal	com.sloan.framework.jdzt:remote

com.sloan.framework.jdzt
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4598

com.sloan.framework.jdzt:remote
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4674

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sloan.framework.jdzt/databases/ua.db

Filesize
12KB

MD5
8eff0b6e0351236bf7ebcf1be659f854

SHA1
06647dc29d971839dd65829cac738845be19b3cd

SHA256
a7d41305a8b8be801a8092065c681d6870ee280207f788ce93a6925b562c282a

SHA512
1f46304ec6019788965442a84ce0e372f9fe458b8b5d2ba128a68ed77c4005b1965c8c6cdd73694183ef959c222c01d61b772a042ce01a377e1494564a051ff9

Download Submit
/data/user/0/com.sloan.framework.jdzt/databases/ua.db

Filesize
24KB

MD5
6b58e97825a6c4425e008ec9ad9c1046

SHA1
8b9939970ce5376d00e5a70a9d864a5948280449

SHA256
87747f273ff89af17c47cce8abe038987653d266aafe7c5383a933ea14db3349

SHA512
928ea8942b6ba33e3db68132833267c6ce3ddb595fe83fc3176ac0fa7188b914fecd64061eb30dd30da61abe595e61f39afbdb76f03f57e09402b92dd96641e3

Download Submit
/data/user/0/com.sloan.framework.jdzt/databases/ua.db

Filesize
32KB

MD5
3eb677509e1ea686643816067a45eb5b

SHA1
3bbd456c97a4ae818b1feaeb6ef6aed6a4f553b0

SHA256
961ba014ca1f4dd1da175729d876f3f347517d2759bd59f3f05315b16b0fc157

SHA512
204bde16b2bd0e269984b0b846098fcef7bafb0664d4471401f1e00797f15310e039d6326feb0b0868267e17faed79be3103046aef00bbe13423f5c3f075ac70

Download Submit
/data/user/0/com.sloan.framework.jdzt/databases/ua.db-journal

Filesize
12KB

MD5
3cd9e0f51794ba56c6b658620c4a776e

SHA1
1a4c8b4baebf348297d3ffad7dc164208c50243d

SHA256
501b7371cfad19d926f53de991d54259fa0674618efcf344ccb0f2787d9a21b7

SHA512
36191d3e6b6a1cc90a5bb8cb49eb4269a563fad34c1f523ebb3eecdc98b4783e067296beee01959b46188621c2ba5732ead240c70daecc52fb3bf577e6e4d6fd

Download Submit
/data/user/0/com.sloan.framework.jdzt/databases/ua.db-journal

Filesize
8KB

MD5
5912c80c63547a817490c8ac4d9faa55

SHA1
b461fcb1827310bf1ed785e13074420cb07f6fdd

SHA256
89c971248bd00a0fe6f7ca9ed3cd1ed443373da09dd7369c0d99c4b0ab836790

SHA512
dc28f8476344198f3f3e9a498a4626d73e1b56a4a88fbd57053818dcc4f9eaab9f043949878cb70892c851db0572d05cee5afe0aff7fc58f2612cbf150cd1d5a

Download Submit
/data/user/0/com.sloan.framework.jdzt/databases/ua.db-journal

Filesize
8KB

MD5
caaf01962e69707284fda01c3fda7762

SHA1
61569f3aca60673ef0e6e3e2c2994847247dcd2c

SHA256
18dc693be154fe8748d2f03e27fcbff88719abd65c375af058fe552a7bcaada9

SHA512
bc6ef9af09c512b6ad12457ae3ca4c90f4e6e49c1464c05cfeaf4c104b3787f5a0f7c69e987146b5feacda98bd7e12bfd733fc763b956e962ba6e36d6e9cd7ed

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
192B

MD5
36c3b8f2e6c77006a8e7c001d267bedb

SHA1
6a2869ea3c67f224034745af2149a6be59754168

SHA256
603fe1a2208b3d1740e2d0b233d0f6d8dba24d1407eb721a8824beb07fbfae09

SHA512
304bb299bb44a3abb7388eea56d94ae877a03009cbe4da4c191f0d0af2039e320cb57d8e7c17f00fadf5169879536655e4f8c27cc732462aef57ace5ffe6ae2f

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
f5dd0f345c59eca85693294da3e48cd6

SHA1
16afad46dcb694974a89b7f245a5d5c446282b00

SHA256
46f0aaae0f1b6c883a7b4c1a20704eeea6d4e8c0d6624d6d5250ea8a7d578ce7

SHA512
1d19fecd0d7c4726310f62e56acb4e71d5fd1ee8b5ee7d057a5d265b255a2f083faef52eb4c953c412d60f84b73a0479bb52ab3ed0edc1d1a1e6aadcde82d693

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
192B

MD5
ee70875e5e9008ad3fcb6a2c24515cd4

SHA1
c71b13f51af9e23f8fb3180b8a5192207542093e

SHA256
1c7f415c951f7da9e706314068574af15ea8e42f84676e0964e7b27cd5d1c870

SHA512
efde9382930f275fb247f8be3b1b27ab87108524c58d2dc7433bc007cc2201d70a0cc9aafef3357da9f1dd694f222b072b94eea27c02ec49502117f6ccc4b912

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
0f35741af940ce7356d01b9909e39298

SHA1
903da0aa2c21b31d4ffe9079efdd69c0cd0a4327

SHA256
871bab0b9691cf6ebb9163e85b6ca6defb2a8d2930f18ad218bb3ee73938af0f

SHA512
57d4012dcf6dfd21ffb3058959dff6c8cbd045eb3495f4fbf974abf2d9ec8c03d5092d69db8a351227f2bd597a3e7d8d26a5739d5008c59df1efacc30d0de391

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
1dbfbdcd7aac0470bb2a3728086d1325

SHA1
72a18738eed96db52e9a354b9c0c0b649c1cb798

SHA256
8e7aa32f716798a904040c3ea8cf16c728f9e04c23f9b53bd47d5aabc3d9b763

SHA512
f0d9e0f8e9a5bc8b2174a9d03b0fbb5f2a4ad8c190bf2d3dcaede910a1e20edb96bf1c4a0948924f59ee9368d7a0891367a77157ae0c7bcaaf0022878f103755

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
5390582981003aee327a885cd2ffd9bb

SHA1
87206ca1d7f0ce037c272a0026a524f007e11e19

SHA256
34e376a6ac3af7fb50ffdc20a35440a6d02da863cdfb19542e278ecf5adfd663

SHA512
1bbb3ac1b955e5b8e6f3fb0cebc1fba03a7c22e67892ab167820111c46dc96a7a935c336b43eacc48c659f9be127c75090ac46a62c881178de1f9a2169b12089

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
9c25f077bc127ae6166a35c1d2209b31

SHA1
cd26157c090ee37f5f7b4dcd49519be0de65a30a

SHA256
624faddca748ccd058853ea66c620f35bf4b9a914bd9ed153af01995d8f75882

SHA512
8e42ab2a4693102000b20ea220fef2db2f48687791a6a89571903aa156269e0ddd99196cf912046525a45f592e88c0b0619598a34de1c07306c3f7a6a1444ff7

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/baidu/tempdata/intime.dat

Filesize
186B

MD5
cfbb82cba2b4af2e923a2f168bf2f2ba

SHA1
3f79c0ae5ba011ef40dd51dc0206be55bdc7abc4

SHA256
4a2a321c78b70300df266e0d2fe9793d15df6a01e6aaa4725dec720bc352543b

SHA512
fd143669814264d235e99afea34eff6e8c4fa242f129e315d5a5e6e14c54adfddd890a1aea807a7f8e2ba150e0a2164c05112b00e8ce7436158858fbfaff7f39

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/libcuid_v3.so

Filesize
129B

MD5
eeb89a404c989187b9bf3c9a5c4d865a

SHA1
c79efa3f857bde6870927a48e2ec387720a8a81b

SHA256
9f3817b7dfa4b4955ecc91a81af9a7eaabd37173d116d838bc54103ac3c4306a

SHA512
2505d530ee5e0b7ee98774478c2dc582e5df9948a4ab4d4a0548389fb88b5a5622a1dcba0980eff1f564c28170c65b96eef0751b28aed614a9505dd462616b17

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/firll.dat

Filesize
16KB

MD5
a6683fb51ae2953c42adcba37feaac72

SHA1
949afd3091b0191b320e6cb68383b9f36f171f70

SHA256
f4e5b405618927d4b1acb3b123e19d841abdf1389195f6c84b752e37849f2653

SHA512
5a84b042153fc993ecbd2a1a6d5492439cbc7787bc418d4de006f1b962878fa8e826a29bda48c9bcaec3c9c38d425ab48f86c26d71645294971e8e67957487b9

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/grtcfrsa.dat

Filesize
206B

MD5
6d613136def26031e18f3f404299bb7e

SHA1
14a7a4a3309b932512dad59dbdb35503845e60c0

SHA256
58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

SHA512
89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/hst.db

Filesize
20KB

MD5
7948ca710d2ff6f0f9cce41d23798a1b

SHA1
988843d73bc6945fed66500279bdb9f3c3f85dcd

SHA256
fa463b46ce25cb2aa30523ee23d618039f3c651c5d8468f89d434cbd1263e228

SHA512
f389da35fd05a09f9bc8e59005aa95c60e0d6ec7a3977e0f416fae1a2db0a6fabf19762e25b0803d552a2cd2960d1844ef99fc580a4dcec457eec00033dccd7f

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/hst.db-journal

Filesize
40KB

MD5
4a7d7a879469bee7fdadfe97aee8c722

SHA1
cf7d1142800de9b07f098787b16b601bee9f803c

SHA256
5dc7460e67ed8400bb5706b1f4c7338ec6f4a76767a725c4b48ab73680bffc95

SHA512
4e0e2cb7f3dcae5587a0e31d71efa46bfd8cab6447faf2c0d98fba57f830525f374d87ee4c1e7a5ca27c366f8c6269bab41bcaa6dbf7b88cf32eb973f9312053

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/hst.db-journal

Filesize
8KB

MD5
fffe2bd5fba97ff948c883fc2b09c234

SHA1
57ade48a3f8f554ec472a3f14f562caa725134be

SHA256
fcfaf0f9432c6d4854c346d77161f712364bf5671c20c846e46c909838cbd284

SHA512
52facdd4befb4dd97c5cedeef53c4b5c4a7395cb64848838a11e41c40c6debeace65c1d782a8e136837a28eaea31bf9e925566ccfafa8b9d64fd3c7544695115

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/hst.db-journal

Filesize
8KB

MD5
a83a501aa9c26449ec64cfdbf31bdef1

SHA1
47d3b9d1510f261f036f3786ffe2700ec243d2fa

SHA256
e4ad961f879887719de3f6eaccc00b441f0ae1dc88e62a924f5724bed65fea03

SHA512
a4371728d47328f3c67f386d269f6e2278e48d40bd70fc07584e505dc71784bffc1e4c6fedbdcf421b675971498407bb72fd5b75e77ecb97faacfe69c3efcfd1

Download Submit
/data/user/0/com.sloan.framework.jdzt/files/lldt/hst.db-journal

Filesize
16KB

MD5
fc1eb7a975552b3fa61f6fac4a6be458

SHA1
79a011a28783d845c6047a358736f6c8721560d1

SHA256
eadbcf8f1682403e2876c484340601bdd60d0e515a7eb4d8de747e352a41f063

SHA512
dd7bc39ff998995daf09a0fa2b7fa5cf219377244a2a68856f1647d924e380791f908d23101e3be1c848edd3adf8191af9388f8e5abdad9e292fa181fee24722

Download Submit
/storage/emulated/0/Android/data/com.sloan.framework.jdzt/files/Movies/baidu/tempdata/grtcf.dat

Filesize
801B

MD5
7c366ea8f849e91e3f0f3093867b5c33

SHA1
88bb005e5643134f8719895233047017afe39800

SHA256
d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9

SHA512
4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Download Submit
/storage/emulated/0/Android/data/com.sloan.framework.jdzt/files/Movies/baidu/tempdata/grtcf.dat

Filesize
6B

MD5
69503798ddf28ee3fa2358a5ab9def30

SHA1
91f04f76f1dde08881cddc1f755d6af8e49a4a01

SHA256
186128bf8a4d60eb4b51102ae2a2cb6a0b80011977582480395a454454bec7e1

SHA512
7852814a77a2da9a642144bd484cbeeff2dd0d348d606f2c878b1d10fda47dd5b90ac78729a20893cb8ea303323d31ccf47033d786c4c3760a684827d49853f7

Download Submit
/storage/emulated/0/Android/data/com.sloan.framework.jdzt/files/Movies/baidu/tempdata/lcvif2.dat

Filesize
108B

MD5
948269fb104f69a560352a1998d5858d

SHA1
ef5542194e66157036ee6f956506fb76248a7815

SHA256
12665be70e5a4a9ebe4459272f166698e6ef21441433de1f4828dd4ce9e56039

SHA512
c77cced6ebd5e82dad7018b73c745b89defa337750d35e542a933d72096f67c2586f99d048f4cdac7ac2c4ca08d44bb3882f0896b4a194f9c3f1ee262b256e66

Download Submit