21c8849e7a9db96ac32f9f7b818e880f0a16ffeff48cba018c03fe44c05fa5e2

Analysis

max time kernel
2803074s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21c8849e7a9db96ac32f9f7b818e880f0a16ffeff48cba018c03fe44c05fa5e2.apk
Size

14.5MB
MD5

55dd5a2eca95fea27417371b36609098
SHA1

21a8d0d1b1503d1cece8b85a97a60126f8a44cd6
SHA256

21c8849e7a9db96ac32f9f7b818e880f0a16ffeff48cba018c03fe44c05fa5e2
SHA512

e5381858682e3106082f7077e3d447933f3d627fc9c79ff1d85c52998137ec651dadb06beb4d5d57d3a3fe1499bd4925eb3d556e29608e21d893e974617b3ab1
SSDEEP

393216:KyGh/1YHfg/iW+FrmEnjqZ+XweUXzVjw0oIxIt:K/TY/g/iW+FrmEnjqZ+weQomK

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxxinglin.xzid10823

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid10823

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid10823
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid10823:pushcore

com.yxxinglin.xzid10823
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4489
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4736
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4756

com.yxxinglin.xzid10823:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4517

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid10823/databases/ua.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid10823/databases/ua.db

Filesize
24KB

MD5
2295f48cf146e3534a443ca2edddd1a9

SHA1
a11769649ae8d17d2d6122418e4091a938c454b7

SHA256
58df2d664ee7f637d913bcbf93134a3b78561477d0ab54cf3c3a31327c77661e

SHA512
f72666c8cdbb34c37e5d9fe3a3a81d237e13f41f33ce48a0a2d7890a429641d45b64d4ba525a39c715fc83509aa52f66d950c105ce4d08adc1cb131475aaaccd

Download Submit
/data/data/com.yxxinglin.xzid10823/databases/ua.db-journal

Filesize
512B

MD5
8d9f70590230976433b6dbf3611d2a4d

SHA1
1af1a53da92ab09f0343043c8b072fb122b7616e

SHA256
3aed264e77f3791eafdab69b8081c73f1df467a636e022f982f34678a69892fe

SHA512
21ad3e2b76a8f36a1a88832509750de740cb2e022e05595b840c8adc5c704f6817b0354d6830eb6b084b42b4d21002242de8382f4b56e358eacb6644fb63ae3d

Download Submit
/data/data/com.yxxinglin.xzid10823/databases/ua.db-wal

Filesize
12KB

MD5
bb09ea565105df3dcc56c3a53e524b05

SHA1
32d436215d235ba2266b25826b3ba16c760bbfd9

SHA256
7e083d489400be4abced6bae0a374349d68f3ea8ed9dd93625288fd29c12bbc1

SHA512
003e224d9329136abe4cc8bc3d8baf4dd0a5a71351d63ab6f961154371cbb21527a099652d5c59ca38e87b8abdb56e4b5902ee59407c44990cd7a67f2a10fa13

Download Submit
/data/data/com.yxxinglin.xzid10823/files/.envelope/a==7.5.3&&1.0.0_1703609987085_envelope.log

Filesize
1KB

MD5
650f9eb59752095a40b15619239f5a75

SHA1
891bb8b7a9b9e9e891e27827735c0f717c8223ca

SHA256
007b7de0a5e6b0fd904b09778e99320405853b8e1b6177707d0e05258083cb8e

SHA512
f7515682c07aa80a6db2539a473b2965f30d630b22608a520924fec8bc3a4f402683ca31c1bcfc0ecc3c7c2f9e4a7f949a8cc8b5800c542590d2c1d972c4d68c

Download Submit
/data/data/com.yxxinglin.xzid10823/files/.envelope/i==1.2.0&&1.0.0_1703609988985_envelope.log

Filesize
2KB

MD5
eeb94c0f08877c3c9619bbe0d9b4476e

SHA1
ca62e52320c19bd30b01551ba4d5beeca191483a

SHA256
60584978d8b014bb4fde9892a541b06f21487250171a61e79a6032e2d28daa62

SHA512
cece8b596ea837e7637eb2afa8b3297d85c7908462575bea87cc1c0cec130e30cd9ec0b2df44d1f3c3fa1d5a9ed9696b3b214701968c63111c29e0c2c6f5e37a

Download Submit
/data/data/com.yxxinglin.xzid10823/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
7c009f71c207069acfbafdcdf7374a5b

SHA1
d2554261f35b83b1cfad5cad8c58b01ec953b6c0

SHA256
ba9f8504c36e49184ff88cfd0aec5b8c93b8b5990582fbc37c79110074ebc950

SHA512
ff6c227d750a84d3b354af13733f26b7116d9369975d04aa9658e56a7a99c15834e2c57b40e23c59116506de7b9f1c937067a3be0b0f515b7d77254c6c3f5d44

Download Submit
/data/data/com.yxxinglin.xzid10823/files/exid.dat

Filesize
67B

MD5
5d05001f96f40d5e43db574f0ef01724

SHA1
a3c4c0b1b21f34c96884c121403cfd83625451cf

SHA256
541396ea95abdd2ab735cb6b045a531d17157cce80cde25a9f9b83610291ddab

SHA512
a4eaee8e9821696724d792521017b22ba81f816bda8c6c76cf32f96e84d23af9cf920457031621169421e95a8439141600f47649987eabdefd050ff85277a997

Download Submit
/data/data/com.yxxinglin.xzid10823/files/jpush_stat_history_pushcore/normal/nowrap/3f975e4e-a713-47eb-8505-1dae5451ae41

Filesize
202B

MD5
fd00755f87335fbdea34bdca72242b6c

SHA1
722279d8e07792a0a3eb64fa75def812a0c231b0

SHA256
3e2229f8e6c369168b11e0df7da99374f81193340e072959dab1e7a24538ae50

SHA512
a465a264af8255770c462485ce5d532613b85cdc5ec9c1eda594afb5d3763902fe9c739c2a8973a7c671c121ce874e9713a5c5a66fa75fd64969d70b7819cff7

Download Submit
/data/data/com.yxxinglin.xzid10823/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjA5OTg1Nzc4

Filesize
1KB

MD5
eb4dce31711c336b66da22be30dc0f49

SHA1
8913a9a1131e5ef6a0a4be591a0a628d09630c7e

SHA256
cf02907ae39c8079a0e4fe850f714c804ef7ae386db9c3d24ece99225b15f333

SHA512
7734229be3ec01bf40f299b0be591836c045d59047204d5e3e3a57e0419c687d6bc466f0e46c6324e631c456f4cc70c5c594e7a113a1cafba39f307c5bd740a0

Download Submit
/data/data/com.yxxinglin.xzid10823/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjEwMDIxMzE0

Filesize
1KB

MD5
38d1cc52f711705625b0128e3a182515

SHA1
b06f4b0173a60d6c61fa56140a1694d8056a2ba8

SHA256
2f4032c6da1736525d3842f79c1c03b1ade5276b5821b363d0b4ffedeb2d3da6

SHA512
5c84ee0df7c27f3d2888c93b67f819e62002d43f111c11fa4f3a8d417f048ef6f924a93c5e08ab0c54ab3639bd4464d284e04ad9af38dfaf3b2642a7e3f66a1f

Download Submit
/data/data/com.yxxinglin.xzid10823/files/umeng_it.cache

Filesize
415B

MD5
d8048cafa5f0596b5bf80d01966ba5ab

SHA1
8304746dc637a3f3ac0012de7ee9a62c30fe7fac

SHA256
f9d3dfe46de80122bfc4bb01c1f995033b5b3a6ac5747019b73d1f802de6f06e

SHA512
9a2c543055cdb8ee57e476a4f4f8ae490026297131f9409303fa43c9650f1c372bc6155c0914498101891e66f4e09a84a80f0296d743ac388da6c4219ffd84c2

Download Submit
/data/data/com.yxxinglin.xzid10823/lib-main/dso_deps

Filesize
152B

MD5
fdc112a95336da72ef1fe6107577a137

SHA1
14000356dccfe21c94d211d1f2e4c48bc0f4bdfa

SHA256
44915d049048a25cbf645ba0a467252516053054af0d876bd1b75c237f6e6988

SHA512
e155f7285c4ba2c8790f1affd81438b132da7fdd8b461faf1dd20e63bde222f4c07e74201def16cfff31343bc0303697c11f9efd0bee55d0f5d94ae733445257

Download Submit
/data/data/com.yxxinglin.xzid10823/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.yxxinglin.xzid10823/lib-main/dso_state

Filesize
7B

MD5
e00e988e8751defd343d495400c790b8

SHA1
42b8c1eaf5e5344d3c2b2e74425e6ed1879f0408

SHA256
6002e253ed3bbe03c751c835ab254934d553c39f896f446ce9ca6a1d22077208

SHA512
84b41f459b87d28f82aa4aa10562cf2fe4e7a0717f222b7e694d36a1536ccd1b1854d6b37346ebe0a69849ac915e5c15575a02317af84baac0a41012e9241c3c

Download Submit
/data/data/com.yxxinglin.xzid10823/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
7e6dcbe6db95bfb4dab937bcfcbb60e7

SHA1
6c5187fc36842053c9a797236b690d3eb1e690f9

SHA256
06541fd0f743ca9ecaee56cd1524b5730d2f1b1f93d04a5d54321a111c162753

SHA512
f90d70a9f1cd5644f9b74364518c89cb897ffad1aadb8cca11b140960d878e3fd71e570011de115dcca0ff25b69a618721a3e7c9adadb667a60de07b2049f7ab

Download Submit