Overview

overview

7

Static

static

6

1da632c562...01.apk

android-9-x86

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    2530812s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1da632c56297da0ee852923644fa9c331c45b954a68226bb161823998ab87f01.apk

  • Size

    6.8MB

  • MD5

    82f584a5956eb2246a76c43ab8e2b224

  • SHA1

    50e15e8ffb169a023bd311a3368580b09e7e7473

  • SHA256

    1da632c56297da0ee852923644fa9c331c45b954a68226bb161823998ab87f01

  • SHA512

    1b7261c7eba982b57124834d926a4b1a6912b29192d97b5f61a5248ddb2298829b1bf559d00f8ff6e48bfe9bae70ab98321d7a27023d62b7d11d0a6767166792

  • SSDEEP

    196608:9jorsAyKjHnHAxhLjdu5iGujwp4c7xfYD:9srtyK7nHANCiGusp4sxfYD

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.exam8.yixue
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4246
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.exam8.yixue/app_push_lib/plugin-deploy.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.exam8.yixue/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4275

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.exam8.yixue/app_push_lib/plugin-deploy.jar
    Filesize

    181KB

    MD5

    6e5031abccaaaca6984404dfd493a789

    SHA1

    3fc228b07e4d01214981e33cdbc91509d39f498f

    SHA256

    8c18aa49fa7ecd9eb8e48769193fa4c46a424f0fafab999a92a3ec064fa62d60

    SHA512

    d7c6e737c725d59b8a8fc6a82196270b323c2f52c408c2b6b58cfa7e2f7b2cf641e8897f77d32edd7eb51cac7fc2a1fc170c7cd6301d9764966d145082f010c0

    Download Submit

  • /data/data/com.exam8.yixue/app_push_lib/plugin-deploy.key
    Filesize

    174B

    MD5

    569b042fc85eb9efd6d83c2eb97a3919

    SHA1

    96bf0c911a232ae3d54be469daed3c225260614c

    SHA256

    0ea99771cb20a617db6c31b76b9e0bae188e02dea9744e4256ec625388cadae2

    SHA512

    8d0eb57729f9813c024b1a6fea5f027717dc9917b33f39653e7e4c5f6ea53cc2c67ca9517100c382299cfbef6001d289f1a59a705703d4ef98ffd294c347317d

    Download Submit

  • /data/data/com.exam8.yixue/databases/exam8_gk.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.exam8.yixue/databases/exam8_gk.db-journal
    Filesize

    512B

    MD5

    a0909c19fa0cc8e0ffdffb22955c8d39

    SHA1

    392ac1b1255fa76832ad9f334081a833eaa7521e

    SHA256

    f048b8ae5adec564132c26f5dbe0c29ca55d8d843e2c2f31f48ac678fafa9c70

    SHA512

    5789b46a47b30d63b9627595952bd1145beeabe0739aa9c0d34e4d3bae32c4ddac8a17863931253cdf149bb485b75faa3f0179cb716a27e5d069f69ae9ac8a5f

    Download Submit

  • /data/data/com.exam8.yixue/databases/exam8_gk.db-wal
    Filesize

    36KB

    MD5

    3b72cc349e13fe1e6e4ee2818f70a112

    SHA1

    64457e4449ea9880a730c07f58f948bbb62e4ba6

    SHA256

    c468901a196dfec5fd4b158bcfefdfdfd266067276b9284fa112adf14bcc0b2d

    SHA512

    3011c0e6dfb3aa1fae176c3eef955d4163884e173dd1499f49317fbb88fafea5036a3493b8c3369f2c61ee21d2586fae281c8bd927718bed3f2f8dc12582f44b

    Download Submit

  • /data/data/com.exam8.yixue/databases/rep.db-journal
    Filesize

    512B

    MD5

    da7cf57523fb9cafad1fdf2687792c8f

    SHA1

    527818eb1fef34d42abf6801dd40009d945efb78

    SHA256

    67b670be3c88c48b1ceeb181c6a6f497cdf2af9526a7d925fe6082dbae8acf56

    SHA512

    a499ef4db8bd61e298d6e3401986ac2cead15ee6c7a639ce556c9d6a6c5f72a736cf623a1507cddfebf1060fb30299d3c94b430ef0f1cc330ef4d4e0d738df7d

    Download Submit

  • /data/data/com.exam8.yixue/databases/rep.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.exam8.yixue/databases/rep.db-wal
    Filesize

    36KB

    MD5

    15f01c393b0dc1372532a4165c927ee3

    SHA1

    10a9d6b251b11d3c80430be555308c4d9490bfff

    SHA256

    dd8edba75bc29bacb75156470016640ca6a558407af880ca6f777bc1d9864548

    SHA512

    5bbc376f4bce69aebf21ff08c5d176a187a09aa114ffc77590e1cb2152c2fb294db2fe7cca64641640113e19a63529e3eb19df6ec146041b54cca4403fbf1240

    Download Submit

  • /data/data/com.exam8.yixue/files/jpush_stat_cache.json
    Filesize

    138B

    MD5

    52cfe4366aaf66539b49c01d12bef2b7

    SHA1

    15164330773b103c773e70c5d1689acb6a4a1798

    SHA256

    9bf0faf88e3836499789edb5715e1f9e25bf6ec8807ce5ffe75358626f1d0a11

    SHA512

    e3d01a33d5c8e1886c0618866de006a00a3fb6f3db9219e666c9e62bbcf84d894ab6b618ed4869bd15c54e762689bbfb71a3bcd8f0fef1ab080bbf90cd70be56

    Download Submit

  • /data/user/0/com.exam8.yixue/app_push_lib/plugin-deploy.jar
    Filesize

    436KB

    MD5

    07e8e0f9c5f8fc1fad8d1876922a60a7

    SHA1

    7c04db18848031e37d5c84808dd412d9ee9faa06

    SHA256

    a93f3fe93e622f9fb90282beb4e9f7ff55d20c1c9699ffd515adca2101799aed

    SHA512

    200c58f2ad5a3f9c143e6b4d3dfa638395314c71f7632f4d982e80e69dd3960d288e2866dcdbed1a8673a3e85d9bc2d9ca312195a15f9e5857b13f9409da4add

    Download Submit