29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9

Analysis

max time kernel
2681874s
max time network
162s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9.apk
Size

29.4MB
MD5

2e8f92ddc2cccbcd90e01a122f3705fb
SHA1

cc3076dee74f67b966385eff84ecbc694cb1104b
SHA256

29ff5798db99750a3c0a4322b4fb93e5995f95ebfa0faed30b422d338280c9c9
SHA512

795639770e695319368e1782c9a454e52c74ddde22d47037db1a4973f940a2e154adeb3386b1c18d6295f9fc3fcbed532abba658feae228c69f2291f37e4f4fe
SSDEEP

786432:LVhfXSmXwtbZDNGTDBuVLejz8brl6gLJdNAUnuHtnI4:RhSmXw5ZhIdgLe61NnuNnV

Score

8^/10

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.bm.zlzq
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.bm.zlzq:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.bm.zlzq:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bm.zlzq

com.bm.zlzq
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4916

com.bm.zlzq:remote
1⤵
- Requests cell location
PID:5009

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bm.zlzq/databases/ThrowalbeLog.db

Filesize
32KB

MD5
dc0d7812142639545d940581d5b5bbaf

SHA1
0aa802e91a6230c25301edfc23fc9288683295c2

SHA256
b7991f8e0ee2a0d28e74903d089cb4e02f9ec8907a37b7027ed6ccd7b10b6a31

SHA512
c92cd5610129ff4f2a7ab9395f88f4975504535e68520261d9c5525cc698e997c5cc693aef376d181fe5c895a3c4d1557220b71c4994e06731774fc0458fe13c

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db

Filesize
20KB

MD5
7c264f7e7f4d4ea80dee10f1c021af03

SHA1
a3da3d1bd1f916495e08cc366416edc4f2e86a12

SHA256
7762d1b426cd89366c6f3f250635ff39082b21d0fcc4ddc24152f747fee419d7

SHA512
8929770b7ff59fec70b76e74d43357d4bfacc413ed5615525e2bdaad9b8462e0d0d3db2bfba687f461cdfecf993c0b4f1c847598f0a1edfa9d07c3bae547392a

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
299105380897f55e7004fc279092dee5

SHA1
3c6e7166e5b83ba326e69c954a107de963efe43c

SHA256
de47e5897bf65a9996f0b8a65a9c226370b9926aea1a2a6461cfadd00d5f821f

SHA512
90e77435fe2398667f4b395255e2f6c402d6df8818e924886d988fdd68e9349f939466bffaa16059a653df970d96ca26dab546e7da2ad0ae5b70a34853a0f115

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
41c03521a27a7f767223a61509271c10

SHA1
23fb7fa087f70347c1dc5ef06f65fa702281d7f9

SHA256
7c80dcc6e7689f5923dfcf819f18fa63f469d590f10aa3ae6194ebf033078904

SHA512
a9865afe5e91dcc57b44ab49bc4cc7855393ee39bb2ecebb7463d82311a61656eb077396fb5ce6163026967fd6e0a8d370dc3bd9a2646dfac0d70d85747478e7

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
93a93169a7ea8a61f005c4014db541e8

SHA1
a50c8fcf9a2ae8f0a80a88b8542f49366efc2ed1

SHA256
d80d61317718fa726e5e1c8f735f63582050adc9aa56f642cf6d858bbdb6aa8b

SHA512
3cf8a517eb3536620a49250ccfb747b9f16a03b275eaa1bec488ab18f17d415525ea3e422796f1469d58a091f241096ca50052fa0d8e92f1aac0950c7dd87e74

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
c9b4e4511b64022835d732b6f9fcc648

SHA1
29dc3c5d625b9f205a14fe311e66d4d24241a778

SHA256
999d58858f2c148a8ac70f9d9094674874f950867e839eaa2c060e11947fcac1

SHA512
80bcfb42da4db4e987c7b4ac7a9fc4ddfc9083ccb5e26f3931032c8aed9d926b5f1401f314b2fba5fff7cf8fc9e3f94cf2364bd31eff6e9d41516f8ef7481c35

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
c381cbefd7a1290d7123185941cdfcaa

SHA1
b69d053e49252c45c11ccd7d3372597e36247cde

SHA256
7c953dac10977ba0a572a843b8afd5916bad1656ec7cd96713b82dd974263c16

SHA512
8c8d0db31558dd6c857d3b49c63740560c4e410cc1a5eae431073fff3465e2e3e5b60ad58b2aad9ae64bb481aa46bfa5bb1037b565ce70762d0d7173dc218d0b

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
cdbaba80fb3ddffb2fb5e3e48108bc9e

SHA1
cda844024ed718529416ee3101cf1ad8293b4458

SHA256
eb1fd6790e234d07183c1d54df34c2de251bf701ff4c508afca8cb19184c31d8

SHA512
e574ed3b2359099501eb0eb9328250d02ac32ba85c3ea6d7f2163526e51e6a9c889648d90296a8ae822c56ac3f224bef52de709f304d673d4cb7f86fdf35f049

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
12KB

MD5
7e87825f2e799aeabdf2ddb9a51abd51

SHA1
a8d14f282f1a1e8cc11b8ef530c2acaae2f18ad4

SHA256
0a2227e1b001d451057962682578e9685fcc06fcabe513e018ef776ba41ac121

SHA512
a897e7421902e9ec4a6b3b58265fa0175f57fc94e9eef5f687222d020cb1e022feb950605a53a03e171fdcb3c4935fb214cc28c6e407db75738512d593bc103b

Download Submit
/data/data/com.bm.zlzq/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
5cfddc641f9799f48dd2b41882af649e

SHA1
0183c005c1efd80fd94932c031589f98d35cb23f

SHA256
6f97dc4135ea85658ab48a0edbfdbfc5cd441bf9ef48e062c3de06fe0b98914b

SHA512
a93fe46c2657fd70c6546e4e733eb74b3ccdff424995cc993c931af9f7101c4bdbc2b2201d0d86182a277d653446d25d38b1f687d009dba8435a76aac9e1cc1e

Download Submit
/data/data/com.bm.zlzq/files/jpush_stat_cache.json

Filesize
28KB

MD5
2cd47ada17ad7a4e3d5e2717cb2762c6

SHA1
7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5

SHA256
5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279

SHA512
c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db

Filesize
20KB

MD5
e9575f508f70952358bcc276dbd0b7ab

SHA1
6af2ec2c6c6efc48dd49705366b719c6118b05ee

SHA256
0bd08aa1008d07d09bd977c5f8d40514159c86a938b81149cfd558d653f65aa4

SHA512
65e661b9a81c6955b236df7655d59499abaf28a425cd80a97c8387c5df45a606179812b29f3498d503d83026f9680d9f8b169bd1fdb85103bfc60f09dde82117

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
769b88e1bd623c0c87154b14cb274bd3

SHA1
a1c3705a41268d1d449187b3d0cfcfce73f03911

SHA256
bbe9ff9dd0d008445a846285f9071fb29eef185100420305747b85a4eef3dbe8

SHA512
e051e29174734ade96ee57524172b8cb9face571f64fe260b5c8b376146f473c58e78d789657a5fa9ad33b3ba84d18ae43f36ede2de7a4a76b9000dee5c1fe60

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
454dd327204633d7e99782e329f89cc4

SHA1
df7098375c9cd7b57f584cc601168f53c601dbcf

SHA256
8562f8482c7ba3160b9ac6d0dfa5e0ef1c46a9aa39eceb6d7f7e09948d8e2a12

SHA512
8fcc4a31a641745a0aa70a0ba7022dc35f8dd7b210bc7135509ef68da748c61e2023a36f4f89beb86f849cd727b39d054c570d4d63a95745bf7578d1a4834561

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
717b264f1a0746bae4da5c2834c59417

SHA1
a21a321934c7069b281b0f362df72d339ff8c6f5

SHA256
1571b44797c28b5acd5ce23f34bfdccd21f2f0082a23f9b0ddcbb936c8b301e5

SHA512
819711009c9598c4454a27125927b2d3080f6f6f81e3dcbb25221a5118fb3adb2db946770286266d0b3114f105dc313ec3f67c9c781ba04235e8e055ad880af1

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
fe1bd19689b563e0210c9cf0c71fc6af

SHA1
7e83614fbc19f58c860a96593e28d0476fb9b7fc

SHA256
a8ca18bbdebe2406d08f2f613d410ae45933e5c23cf6e602fbb5830683114fde

SHA512
b956106b167f90699d0aedce0d1aa0b48bd29b6e900174cc56460fcd96f83b0c3dae6fef4ec9ecb44adb761624c4565438f4d4d99c094603ee69117ce96c1566

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
f39ef09ca8d3fceb4adcbddd511ad47e

SHA1
4f0e0c96e0ec7534fb4ab98c0b8e8ba70cc8f246

SHA256
fd03fa46172bfbc0d45d63b246948ef6b4b8870c2cf524e431d640be89054212

SHA512
cac80c5edbb6de05a90b1ef0cf2354813dc8fa0320d62a7dabf8b43d0ad5ffad57f51d498ea3109670e81c3830999542ba92ffe097c08540d9a0993533e77c82

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
fe3fe3baa26f48d57a4fcbc9b8219792

SHA1
b834580a434e410d136b6d0b4340a5dd6af4bb52

SHA256
59e1af9baae5b1734c325033fd9f29cc465caf4a3fc7b97f0119911501c8642a

SHA512
13ae447a919e80bbe7614b1e8433d5b14af37b8333482dce0754e86f0e171c7b58d503232975a773caeba1a8b4a42fb26558ca56a8760320ba2b00c2fa792b5f

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
1d9515e779f797ad0fa9fc570adee540

SHA1
b69772a470dd705abad68f533fce601d05d3b8be

SHA256
c1eb7f03fc3cc83da63756eda0d190acd731b699a4b128200f8099279e718e5c

SHA512
f71fbbcdb5d931f7d6b9b8473305cda4d82e60646ac4307d2deb1ae389bba65cd9310b1ebfedf7908adc85e2e981ca137259104387f2a7f7ea3ea75a65d02350

Download Submit
/data/data/com.bm.zlzq/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
7d03edca51870ba3fe2019334be95041

SHA1
21ce80adafc9e4443d45f79a8a616a93d9e636d0

SHA256
0987c138ff0e2ca4ad95de84b306acc5de5911e69771c12505769032869ac056

SHA512
d3eaac8d490037ea718e2a6b7e622279e572b0efbc0514a86f5161e053d7449731a933739d21b26c8d6a07ebe668d6e76c5f850ca89314f1b268a187e33eb28f

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/conlts.dat

Filesize
148B

MD5
4677f5a2de8653185c39bfc30d2d1347

SHA1
dee2331c24ddee9ba72ec4b25479dc2ec5a7e165

SHA256
c12a848f28adac6b123afb078bcf1b30d3f39ca44711288b6c0d3de83a2d8441

SHA512
4abaf0b4801d592a612b11086e4ed01c7525e4e3f9704ed5d24cb67bbb9f5844dd719c929b507a80a937a0353b2be665b098b55db0e071969502a8e82ff9d458

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
414B

MD5
777897133267772d225451621482aad9

SHA1
c6a5a532cde64159b6a146ef8a7121ef2da390df

SHA256
4d2149b13e25323c39e84b92dd0a7e667315a2b16865c3c94c4c50d94f0d8e1c

SHA512
38da84ae4573ca9efe7b7ab8372cb0e8484bde4b8e295e9d999b57c9afc739d3fa3591892ed4adb1fe647f2ca4ae2c9c25fd6da5125f67ec92821a3ae7228e66

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
ae3989cea36f4df32ff16f7abf2f5ebd

SHA1
b8c8151cd5c3a83d59f15bd97d5c0757ae8b3fca

SHA256
cf654e21472fa857b2e68c399dfc033fb6bb2ac93174f09c554e112dce9253db

SHA512
f6cf7ab6181d95f6da9c17f532372c041e693fc6ba71fd16139aabf97ef64d2fc31ef9d66ae44586a7a94990b683a82b632f7fc3c6f942f0bfe4e04081781561

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
b98c3630b893033f914e4546de76a588

SHA1
cb7815264f6f1e469318a7aaec92e57841e2f011

SHA256
8da14c4cc644f4a65661415dfae1c7deaeb6862ca40df69e462a961fa0054028

SHA512
3bc13aea3d84332e52bb287b51c4af62dd1a997edce3e2d6be5bb86ba4f9ce5b1882fc5846f630e1fe2229e76d6b164c7dd36e11157ab5671b756e1059d9e270

Download Submit
/storage/emulated/0/Android/data/com.bm.zlzq/files/baidu/tempdata/llg.dat

Filesize
4KB

MD5
c7b8fcb28cf15a7b31a9d0471fe12f1c

SHA1
116a8577f2ba076334fb661ea84624db8d83acd2

SHA256
c1aa5de457ace8ccd711078f4b100c6585ff379525f2e3426da3be9fe41bc8c7

SHA512
b6227292573c6298c3dc0d753afffa2d6ac54fb7a4f47642fe56e3da728d86cfa8a415b2480581f6caea4a9a4361efbb70eabd73fc2f565b3501489d0a0d9899

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
512B

MD5
f7e6151bf0808ecd381017613f62b9b0

SHA1
868772709db83c7a4a5bd7c49447fca19fba7e7a

SHA256
7e231c551ced7a02ccdf8695ef90682a5c5fb6380ab166cf96a61fcd538543be

SHA512
90f6eaaad10ed10c00ddd1eb6c7dac6464c0807c40f7b3c81659b8c802376fde5740a85efca3714fdca3b7c6b519181709eb2cfbf711d3809af52130544d097a

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
28KB

MD5
9c35c5f0d08793354a9c7ecf3efd80bc

SHA1
778a71ea114bfc3f5bb8ea76a09888ea6d04b0e9

SHA256
68e53505ae03337797d052d2aa8889f55ea6e04df4e6ff4b767b5e4cc1add7dd

SHA512
fb31c19631c4c95bdc806587e5bb70958598ad5428f4083e8da8f430a2178987c5973e76fe384c159382d54cff570b9e60d242c13bd6d28d7b639199c2b3ac93

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
365B

MD5
28f7cad1cef49cca46a44d5afa1ac18f

SHA1
e6840f4ec45026fa6e58f5385b5194e627ab9a5e

SHA256
90e453fc0d0c58b8dccf2a354f9c30bd073fcd9c819637dc606e4be5d0ea8dff

SHA512
a74be049e5a4ef31bd6bda24c293081822db6ddc545ad470a1fb86c5d27def86173a9cb9e3bdc6d99999bf6fc89db11510134edd6126910220926a1b343469cf

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
464B

MD5
1aee13d5b094f72e3030e78fe7faef25

SHA1
d9efec48bcac0a5a9c7da2d0f8edf00cfde246b7

SHA256
fc30ad70a2b59422b47e205e65955d1270ceb84af7a3f9d35550f651e12bb88c

SHA512
7e3cd59a19e91637430bfef42d6b3caae2d5d7042bf393b802a2ad72ef585c1aa0707d080cbf136a78707ede1284b7563474c1fa9c67c55931f5449455a01e2f

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
c324e6715db99dd067ff68ab525dd14e

SHA1
bdd33f3382682ac3d80a82a1ebe419d3297a1962

SHA256
99591ef83026eb8b11a671770c64ddab134c4de8cc99fbeff5fa8c4f96507a5c

SHA512
20c134116be2e9f50b76e5386bef73dc0349f8115abe530f81504d8b673d12fea1002abbce92e5bbf8a86e0bcedeb3ce5470d9fb815947d5c3814d267ff07c50

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
bb23442297abff82b20124343c05aaa9

SHA1
1273892b14bddd85063fc5838cc8a9fdbe6bd34a

SHA256
9ca9bccafaa651e98d3f5209e83c25dead7877d4d6af068b3fa370f881c9405b

SHA512
3158b04f1ac31a174d80bc57316822518ee524777826a3d18a4bc330283495021559e45343957712841d9eb5cd091c9e46dac228891bca641a3db1de5f94c23c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
e09c9bf46fcf94802c6f200fc4759264

SHA1
b33a8524bde12db501b456ff75dd86ab7fb180dc

SHA256
24db3cc608fc70515a8032a5d1b292af2ba9feaadc6efb139d14c61b31ea8429

SHA512
216c588b612e5056bcc737206eb6a97d3a411ad1d39d50779454dfb447d4ab4afdf05d53fb27376016ae1ed447215dadf7ff0d67dead61a32546d9cca33757bf

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
084bb7cd52368b5304a7ef4d6ce77450

SHA1
92ffac8129b7a38a044e2dde88f39b76aefd9d65

SHA256
e5d69a4f55d7716171bc19ae56658daba8f298737a08db4f8d6c3a304f5b0b61

SHA512
0848ef88e0a5cc5e5459efd5831a670cc44efde0576cde137dbb144bea3ec57dc97e4b189d82f7245e673d841cb38030b605849951ce759dfc27abbc6034eb0c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
c1816cdb9424863beec617c89fc0eca5

SHA1
ae33a5a12c5e32389affb938414465b34ac0850f

SHA256
40c38d6bfa6bbcf0d3c6dc639fb246b53840c7341637a0ffb52bbd9706f63c05

SHA512
a9c0674f9ad9cc6715ef5d16f12993f79146a6b606b4e0450f251df53af8f6b77e06f9e2698b0557d75f28b632c6e36538fc74797409f30ff49af7157fab8388

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
4KB

MD5
7273d926ab9c6d4fa7f313d54b98f771

SHA1
cb62368b548770184c0e4eea6c76ecbcf5a9779a

SHA256
8cf3a0f37c6978c4aeac6d544f9aa49597f36df566a27e00dce171e5fd02ecc7

SHA512
789035569fb8dcc63d4277d12efcd509fcef49f10de35c3abe7529bef2ce7f119afcec442cec9c2c9f534a06b278d6559819f74f56ef4cad67b3311a28f2d727

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads