29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9

Analysis

max time kernel
2834505s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9.apk
Size

29.4MB
MD5

2e8f92ddc2cccbcd90e01a122f3705fb
SHA1

cc3076dee74f67b966385eff84ecbc694cb1104b
SHA256

29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9
SHA512

795639770e695319368e1782c9a454e52c74ddde22d47037db1a4973f940a2e154adeb3386b1c18d6295f9fc3fcbed532abba658feae228c69f2291f37e4f4fe
SSDEEP

786432:LVhfXSmXwtbZDNGTDBuVLejz8brl6gLJdNAUnuHtnI4:RhSmXw5ZhIdgLe61NnuNnV

Score

8^/10

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.bm.zlzq
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.bm.zlzq:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.bm.zlzq:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bm.zlzq

com.bm.zlzq
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

com.bm.zlzq:remote
1⤵
- Requests cell location
PID:4301
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4450

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
41316cb89c27ea269c32688376f67b66

SHA1
6639e5bf52fc84a40cc83cb6a23b93a20a353204

SHA256
b9f71116f85eb7a3badfe89eef5619bdec13bc0917c553aea18067eaceebd412

SHA512
140d72e5fd97bd012c1d3057b64f521095d0660c5e03d2b535c0cf8d5bc0d1201bcdfa3605bcbc5953745f25378065c3d24d9d86aa7cc60eacc06831fd0a546f

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-wal

Filesize
40KB

MD5
163a89b25d054ae90694abd153fa621b

SHA1
1ccbde693c4faaefde1ed6e922a9aaa115035134

SHA256
2fadf4bf27ec17d9bc7dc3b5e4aa0e0824b6e33047e5dae2961db0441f3d5e9e

SHA512
5d267023fce997fb358303cf130ac39a688c5cdf8df8b16f421c98907a10dbb49c3046b504a173ae27f7705bdfceb61761f522f0103a810e912b15b53a8b4b1e

Download Submit
/data/data/com.bm.zlzq/files/jpush_stat_cache.json

Filesize
131B

MD5
b277bb99652ab36b3dfdee2deaaf4318

SHA1
9ec32102a9084a6ec23b913808e51b9b19b7a5d8

SHA256
868cd07bde0dd49caf41f70c4effbd13caaa23fdca35b10f5e98856eef60e221

SHA512
f936952e33421a01b321cdb43b7dc10260925525a9c6e3e3bd1d1d354b24f1c36140781395465c56f2ec60eb2d1fe03bb2846390aa54a5eea67132a93a414355

Download Submit
/data/data/com.bm.zlzq/files/lldt/firll.dat

Filesize
76B

MD5
7063f6feb79318300e825acc8c671e9b

SHA1
1e165a48f73a40c64ee7f80f207dd2b6ddabc81f

SHA256
5c681e1a77d8315ea621a0a85e07a46cf32dddf2448f2d4679208306d0619f2d

SHA512
1c7e1fc7d2a54e663a606ff601b1acfe31e35b8f5d5f84ad83d8d5c65727c95b9f0b8e8f69e65a2f7271334bf31ced2f27d24097c08937a3c7c1cef0dbcfa04b

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl.config

Filesize
235B

MD5
763de92a0e11f46b789845cda13ae541

SHA1
255559efd4e5916b740d93da112109d820292924

SHA256
4780827a5aa5aa1e59e2c6763e7e19a16b2f112e04911dec1eb2c37c8ade153d

SHA512
f4c368922e8241382ec25d41fbca465c57e86a897e4e008c5c6bd28588bc65468085a9d4f625facc13f23c6bae452126427c343054311a6f9c446db6c83cc6ee

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
4ac5c15002a783d5ec3e4595c9625c7c

SHA1
3e371036c0a6df88a8d93271d9dea1107f9077d1

SHA256
811cd92ced169014f8b473706b1d9fd13abe11675a08635c52c3f8aa79d28818

SHA512
a37610c7c1a928f994c0fe866fc00802bbddec040d3c7b852c0fe88665bc0f2f617122daeeebfad9eeb95c3d21abc8c4000449b18feb07ee2969a69dd46764b9

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
d3ca8336c7cb6a9035fbf5b5f00f0ca7

SHA1
173733cc7de3077e16b41fc827d66ff04a63b394

SHA256
17c980cf8ace42d6cc8a530efb2f08f61401278e0af158e0a85f9570116e9deb

SHA512
65cacabc2a908ab2438ceeb7c7997938e46b751bfb20be9934e4e2ac356e6b05a81b2315ec7b22ff45d238f34d291d2a3a8695995ea21bb6f9433b437fc2c9b0

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
801ac4be53451afd4278191b8a9b1029

SHA1
991611db437156945bf2913c301bea3b36c94c34

SHA256
479bcc1bd5ddd1dec172fea9702fdf00e359d92e34e0dd4a64722401c4d918c0

SHA512
ad8d7b0d4dd8aab722d8408bf2d4ea1d8f607b4e78c96dbfaa1d3c00d02da5da4cd6f4a7e8612c0925f6a8f330459a61dca4611f1bfba254ca9b736bf8debfe5

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
6b16d7699b6c29e0d95ec60215d37629

SHA1
52ad85a5aa40696dfe000722ea359577af263254

SHA256
1f74f54d52eac46b3ea1d56a9e6236e1a310cf0abf595b3e79b68e1f09b467eb

SHA512
cf081f804bf03761fb241057a6b61d6f6be8806a8593cf812325fdc45cdd4c7da9762aa4c699a8ecbb5ea2233278248f2acded3aa95cc21f0352f099b3201345

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/conlts.dat

Filesize
148B

MD5
4677f5a2de8653185c39bfc30d2d1347

SHA1
dee2331c24ddee9ba72ec4b25479dc2ec5a7e165

SHA256
c12a848f28adac6b123afb078bcf1b30d3f39ca44711288b6c0d3de83a2d8441

SHA512
4abaf0b4801d592a612b11086e4ed01c7525e4e3f9704ed5d24cb67bbb9f5844dd719c929b507a80a937a0353b2be665b098b55db0e071969502a8e82ff9d458

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
434B

MD5
a930647d30c98b8dbafea769e14c9d5b

SHA1
7dc139efb388f5743c18d8062cd924fcadcc2c59

SHA256
043f9dc2d9496fcedbef513bde277cc206f972740004a96116a84b66aa8db2cb

SHA512
74575cd39a2b9e5bd475492962c531ee1ffd48ab7d9ca0a916432b0fe30dc351ce0530beb579523dc4d7a51194f277aecea71ebd1b87fcffddddfca57a3694aa

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
17bdf3fedc29c0036d83099ee0fe631b

SHA1
187d2a5ba86e3b1852148871ce3960cf331e9bed

SHA256
2a9a14d7dc540204cb73f56d6a681aae32906615264236a549c225e2c873e045

SHA512
baa05b629f411bfaac802ff3ea88907a2e76ea73f35942e7fb1ea8f37905850851041ccda88f96576004d310f24a42a30ab3c484d55d1bffaad801c263e86b0d

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
4fe114cb64ef543278c5fc6e8c650402

SHA1
177caeaf5ad01d4bb1a79e6154c3e40ff81360e5

SHA256
a8b1dff6a1f59489080a35a228c366add948eaf1bddae3766c7fdfcfc36e097c

SHA512
684672ceeba0bff6fa7be6448ed1d6de0faa4afb82d803d294857732eec3cc11596659af47b65addf57eb6ec7fa332ff1f8ae24e42748b74293d5002b3e970ab

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
4KB

MD5
9ae7d1efa211c921200484d7821e81e1

SHA1
97846c2a9d072475b795890877cd09781d5abd50

SHA256
b9a94bfd44aa0b212288bd5cf587c20663bd545f53d39e9fa60c7c65ac947621

SHA512
8c1f9a60ee904342bb07759b54b1f2c2f499213ae1d75fda644ae4cca737897e5d1a728f918d8124ced6554a316e4390fed7e4374b128804d8374db4b74693ee

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
32KB

MD5
3c93236aba2f95129908c573f5740857

SHA1
dc84df6eb9b727345175e6c6f1aa95949a9d395e

SHA256
df6687c42b0ae7699d1ba5001f63694747c54e3b33446c193222f699b9f8d2b8

SHA512
bd8f8457b4fc7bfbdbb4df27dc1db557685f7250be9c78c0b89e9e279a75c5f75533c40fe45bda12aab3cfa7475413377b8af23a14b10957b6679eaa5c6f09d7

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
512B

MD5
a4d5949adab147cb4f121766f109f18f

SHA1
10ddf4238cef56c1edcacabaa3a319f269322dc0

SHA256
d3265e1e5062f8d638a0d89f7777c1e9473584ec7982ee2213585a3a4d25d376

SHA512
202eeda2942cfa8286f711c79cade631cc7e7fedeaa4f9240c6f61da9ea765d30c2e2090a782746e7aa214b75e430a2f48aa794c323f4427aec791b1050785af

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
464B

MD5
30b7802108a37a7933c0868590cc1ad6

SHA1
e611b87821911b76a9c3e09715d57c1fd46d50b3

SHA256
e7b09d8ff7155cdf122d6d6049ff3eb9b4041d8406160743045b80fa108d8cc3

SHA512
66fe47ec4fea9f3df1c6af5f88b19ff0f404cabbc296ae6f44bc9a1eb9af428bde47fadbf71e20cfbdd8a056edb984688e058e258e0525c9ccb548d6308125cf

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
36c53b796464e02b1a9d1950eec98583

SHA1
8e7f9c64ba6cb5eb1163575306fcf5428d7c1791

SHA256
972599dbdc7c79dedaf5d1e2e92a3b05bdae5fbbe567563a1a6f383f682931cf

SHA512
abe5224f78f12db216b903346b6cd4bc9e830d3ca4001d4fac92323fad634cd2b000552dca64a74cfc61feaed89d1e53cc827f6e6f426a488af88587d0acec42

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
533958933a85e281734e5ffc90f90606

SHA1
95597d89dd23d2d1d2de102e97995e05d1c77b3e

SHA256
38ab84599cc28621e721a164eb438f983de8f526af2c8dec6bd52cdcb33b26ee

SHA512
ad7ec3946a940e0e48aea296d98e0a4b665a2926ab99aad061cfa351bd1aebe393506ce29042b0a7767903927dbaf89ec8a4dcb88c15b3e665ce913ad8c6af35

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
9eb16960a474c04123675b60039ca64f

SHA1
8e397d3272eeb2464d701166ccd57c7ab27ce366

SHA256
9c0d291b2568bb893b147301d110390aad23f6f21917a781556117cfbf6fc7cd

SHA512
4cdd7146bbb6508125ba1518c1ce91effbed1f563fcbda82d76076498fda422141c1593fd2377ce1753798c4357a6e56c89f1d47cd79d3b32cede7f696f25ae1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
6fdd61f46b379992dba80507178f1996

SHA1
5b5326e9f5f82330240020ca484f940ca1d018a3

SHA256
913e737cc8c6cc8116ed7afec4a7f93525a8abb38bcc517d8e417e47b8d65c19

SHA512
1a45e5aca2d22e9c1e1bf519caf6d47ac16696a1898ac81445ca0e848d6f64ae58f617ba72965855d1eecd4d120ab0491cc15805833623f8cb1a9c12284bdddb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads