2ae524b92f456aa6b921bd0ded3d42a5128ec330f1e38c0484d4c3d3ea7cb992

Analysis

max time kernel
2832045s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ae524b92f456aa6b921bd0ded3d42a5128ec330f1e38c0484d4c3d3ea7cb992.apk
Size

12.4MB
MD5

ea2ca1fb172a508791b310e5a908849b
SHA1

197f29ef4c3cc2648f72d3d0fb62c849003b03ed
SHA256

2ae524b92f456aa6b921bd0ded3d42a5128ec330f1e38c0484d4c3d3ea7cb992
SHA512

ad8e01bad0f22cccbdc38888c660a5f85dfad6727f4a0b9f6c4dd27cc344bdefa2ce4915970005321b9efe660b9efe98628f25ec26c80d391eb4bc2324b4be04
SSDEEP

196608:qfwSBMNY2dZxPuWGWt7QWjA0MGL6sWAj2zIM8DhxlyFMZxZ143to/hzitsWNaY3O:CBGYYXuE7NAG6s9M8dxTX0O0N34Px

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobiletool.appstore:channel

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.mobiletool.appstore:channel
/sys/qemu_trace	com.mobiletool.appstore:channel
/system/bin/qemu-props	com.mobiletool.appstore:channel

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.mobiletool.appstore:channel
/dev/qemu_pipe	com.mobiletool.appstore:channel

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
Anonymous-DexFile@0xd39d7000-0xd39e874c	4254	com.mobiletool.appstore
Anonymous-DexFile@0xd3a8c000-0xd3a9d74c	4638	com.mobiletool.appstore:channel
Anonymous-DexFile@0xd3a75000-0xd3a8674c	4711	com.mobiletool.appstore:channel

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mobiletool.appstore
Framework API call	javax.crypto.Cipher.doFinal	com.mobiletool.appstore:channel

com.mobiletool.appstore
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254
- chmod 777 /data/user/0/com.mobiletool.appstore/cache
  2⤵
  PID:4284
- chmod 777 /data/user/0/com.mobiletool.appstore/cache
  2⤵
  PID:4307
- chmod 777 /data/user/0/com.mobiletool.appstore/cache
  2⤵
  PID:4333

com.mobiletool.appstore:channel
1⤵
- Loads dropped Dex/Jar
PID:4638

com.mobiletool.appstore:channel
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4711
- chmod 777 /data/user/0/com.mobiletool.appstore/cache
  2⤵
  PID:4740
- chmod 777 /data/user/0/com.mobiletool.appstore/cache
  2⤵
  PID:4766
- /system/bin/sh -c getprop
  2⤵
  PID:4889
- getprop
  2⤵
  PID:4889

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

Filesize
69KB

MD5
75a8168e7080b90fc2956592c268371f

SHA1
3702da56d31f381525473364f031dc884e37076d

SHA256
0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701

SHA512
33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

Download Submit
/data/data/com.mobiletool.appstore/.00000000000/39285EFA.dex

Filesize
69KB

MD5
02f69eb4fe05ebc6c9f736d83e5f7e26

SHA1
777d75e14a73f5721fc4ae34f49a9a4b82311373

SHA256
13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042

SHA512
7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
69KB

MD5
6c4ea8ed79643688a9b282dd72898a39

SHA1
ba2e7dbb62fae5ca7231061077ae092729f6d0ad

SHA256
138852ebadf116feb4880fd97983d0e2aac142705c056a2ca9ea7c881dd7a565

SHA512
1e68645f17bb8ee1c3ed9bed77f1619b6b69ac90185ef8638b5cd83a453dbc04a192af05ecaa4ee61f3d8039b233bc338e074fc28f65717b63278d990d3fe01b

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
48KB

MD5
977050835a4e5394dc00134cee68a1d5

SHA1
7e42122b4ffec51ef2de5263c173cd26911174f9

SHA256
40b1bc3083a476387a2e1388a382472e1b832cc0e70e09f2a999e45c3ec14c03

SHA512
845ff858d1fc1e6e174802dff5a54a2875aad5a4f41ba3d3bc5ee1f417e26b0d22c83ea707afb733e8f929255dc56b27e6c6d8806cad94af4a61c49fd9d49461

Download Submit
/data/data/com.mobiletool.appstore/app_crashrecord/1004

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-journal

Filesize
512B

MD5
ffd196ce1aaeca75fd76be3dd15ebfee

SHA1
7e4a01f6905ced8e379b6692da79d9afe26b3690

SHA256
4f25cd6bc32ba2fde727bb89c8a3264d56848d0b0a33ef2872abeb63b5879852

SHA512
274968f125701aba56b814a69b01847be6127d395e0485b7902ea422c7816a89b45c88f59c930a581b4b3bdb1be7d8183effd66b48d7f5789796fc222d7da0d6

Download Submit
/data/data/com.mobiletool.appstore/databases/MessageStore.db-wal

Filesize
48KB

MD5
358ad84421365d6146a41bd65db1abc0

SHA1
e45a73adb0ce5607e7cc43b5748f2bcb1c016595

SHA256
41658bcd3af4e602669d11e7e46909c636154c159ffedc67e95a9ea1314dcd99

SHA512
c030757662b23dbd035d009cbaf322a92319b87c9199297b84563f66dbbc54103e12290f8e5e659ab29690b7f5f1858de728a6af82fa702c728aab8a33deacd3

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-journal

Filesize
512B

MD5
09a88f12dabf200496549dff4ab386dd

SHA1
17aca65e484b241877a8e9f42a4eb5409a4f8e63

SHA256
4b416e5107a6e45c34496e8a4ecedb503dcbbf40d0e750238bb0e91a446d11e6

SHA512
51ee09618f0680cc16576335ca0b80d806471fc3be91a50681ea35486944cad03fc9601a383d0df2f3c4065b133eac47b6020ceca73e1aa7d609f45e91bb2cfc

Download Submit
/data/data/com.mobiletool.appstore/databases/MsgLogStore.db-wal

Filesize
16KB

MD5
6917fdc353ea8146827fc285b4ec3832

SHA1
7ab1a288a42eab83ab22cd8c1a4dcc6a6cd8fb50

SHA256
5738dc7282e4126814082df9dcda454495e006d3334158e5f372e1a82ca74c95

SHA512
ced85172ca5b4bedd4b4793c63932279ee3674aadd4f28fe0032fd6db91585b416daeb9ffb6d321d88ccaac91574cd6fe3a0210344c7f584ee624c026a1cc662

Download Submit
/data/data/com.mobiletool.appstore/databases/bugly_db_-wal

Filesize
124KB

MD5
6a9c82f091cc579f3e532f38352afc41

SHA1
2a715589dfbe732b6df0fe96d0d93c659db98164

SHA256
3b27e20f49c28e982a31f9a012007f9f926c06dbd778dff33d7e398241f6e18b

SHA512
7f82920a5a50a48561af8aba1c03cf74e2a9ddbff875921ece15fa97c38fb1911a216387a5442040da5e40826f653c5149aa80b9e336c836851c527bb2607366

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-journal

Filesize
512B

MD5
7ac824b391e14fe815fdcd9f7f9e4f90

SHA1
cb167f45b27d090ce93add4e107492c836667d49

SHA256
1e59d45ccb04a7a6dc6150e0fe4804be83a95dcd31eda3afbf1f3f1cf96e4a0e

SHA512
0e4971ac504940b11bab808525ef8235969b96f7909dec3646b150af3213668dd63affa3baaa173e306a7b6c0020d8f6ce5075d762f167497114d58a0c7cb43a

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-shm

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.mobiletool.appstore/databases/message_accs_db-wal

Filesize
48KB

MD5
01211f990fcd62a5f60fbb57b7fe557e

SHA1
8f9c99c49c84a6e952d3ed75e64594b616f7e58e

SHA256
ad18e447642857394f3869b528764977b582f67ca4834f62adfd253c7cdac7f0

SHA512
4fda8f5b4a17fb053909567421172c620ac6a735227efe8c2f75df31c0c17e613958d29e3f74c42b05e4975f17400bb592208fc92a420281726fac7d16774368

Download Submit
/data/data/com.mobiletool.appstore/files/agoo.pid

Filesize
28KB

MD5
9cdbe2afc39a3004c09c5de4c92e795e

SHA1
b8da6ecd05b7ffac1b1243cf55a77398ef1b018c

SHA256
2c2b72561b8ed586ed40b6091286e432fef5f187dfda5b3e7edbc3572348f12c

SHA512
be7c960a67da153804e2dadcc9532170a3edb010b9ae217e2d53bfb0ac1af0ec9c6d8c20c6e8b14a5549dfa3df0bc8c6d7e59b1053677b3655c4546761f13655

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
68KB

MD5
07ebfbaf674ec283923e654ca2db3c94

SHA1
705f4aa9be7bd03fc79947fadf2dc355d4c7c7ef

SHA256
ae4bcdd3e906d7138b643033849fe7cdcaeda7757121601ce18c9becd45f2020

SHA512
9f80551d52e87e5beaab26883cf95c2b556ed481598476d412b8adb86b6101a01db461b3635a200d7882acbeca1993f4cc1d3b1af3810d9aa7b7e207382b4bbc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
3aba40980fb2edd06446cda64d9b39d2

SHA1
da12c56cd61738e28bfdefdbcc711454ada7eab4

SHA256
2080bfbb7abb3fe201c6caa113ff2d886d6c0781afbba8d6a343a188f8618954

SHA512
6be25a696fc02c694920fce15e27959652167f1ad34b76ac0f9cc7466e42572e78a0e41d743648fe7ab33e0d6438ce5f9433cccfc78593ce3538b211aa885586

Download Submit