3f94884db79afad2b84d96263db503c364c2c435d8ae9ba29692da67a82ac9b9

Analysis

max time kernel
2671602s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 15:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f94884db79afad2b84d96263db503c364c2c435d8ae9ba29692da67a82ac9b9.apk
Size

2.9MB
MD5

f03f9744840b7fb173fe583113cd40cb
SHA1

12d289fff5bc91d43b6faff6729313a066773fb2
SHA256

3f94884db79afad2b84d96263db503c364c2c435d8ae9ba29692da67a82ac9b9
SHA512

26edb402e6dbd6f6a7d08d43db35f74c1402df4e8a46ca5f1b9ac579af91f08a136d1796cfc0cf0c03e69108dc88be905f7627f1bae8f4d5c405f9d728c404d8
SSDEEP

49152:TZRC65+2I/qCdu9UxpCNEPXWzEzDGvFjwmt/5h1sFJLUKEFl5Qo3Gm:TZc60T/5dD0NJmDGvNt/5hOFJnil5P2m

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 2 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.aio.downloader:remote
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.aio.downloader

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.aio.downloader

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.aio.downloader/cache/1582435991586.jar	4447	com.aio.downloader

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.aio.downloader

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.aio.downloader

com.aio.downloader:process.main
1⤵
PID:4240

com.aio.downloader:remote
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
PID:4355

com.aio.downloader
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4447

com.aio.downloader:daemon
1⤵
PID:4492
- chmod 0755 /data/user/0/com.aio.downloader/app_bin/daemon
  2⤵
  PID:4563
- /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.aio.downloader/app_bin/daemon /data/user/0/com.aio.downloader/app_bin/daemon -p com.aio.downloader -s com.aio.downloader.service.DaemonService -t 60
  2⤵
  PID:4596

com.aio.downloader:aio
1⤵
PID:4873

/system/bin/sh /system/bin/am startservice --user 0 -n com.aio.downloader/com.aio.downloader.service.DaemonService
1⤵
PID:5063
- cmd activity startservice --user 0 -n com.aio.downloader/com.aio.downloader.service.DaemonService
  2⤵
  PID:5081

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aio.downloader/app_bin/daemon

Filesize
13KB

MD5
3fc73019a250522ad89598ed334fb9dd

SHA1
0311ce2ae0bf8fd85b6421eb31154d33b2d62d26

SHA256
c9b3f2c1f1c1012881aafdf61465aad5866f0052b74978127d2d1eda9dc690bf

SHA512
07593085777a99571eca9d8b0f6749e5afac6d92ae0ffdcb98e167715dafc4b295f83df09c72cc4cbd36eb5f3c9c894f6dd0303dd24726c82d7c37f9c6939bb1

Download Submit
/data/data/com.aio.downloader/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.aio.downloader/databases/download2.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.aio.downloader/databases/download2.db-journal

Filesize
512B

MD5
2e2a48a5ce61f83fc026f75837eff754

SHA1
a9e8f78754216f2bb1b41d3aa97f387fce51673e

SHA256
703a4018ec2b1a18855ae5bc32ba96d1ffee209c31cb37a0951724a4f2f82257

SHA512
3c5881e7e5e32fe2a0aba7f122719733523f06dd5748ae43858e64d22ac1b06c606d242b3328e4d64f2855934955e95acfc96ba278187c95510c805afd38bd83

Download Submit
/data/data/com.aio.downloader/databases/download2.db-wal

Filesize
16KB

MD5
7179e5f36dbc31d4eb426c37756bef25

SHA1
f78d3c1991ba16e08ab3c95c683bae24c7b62915

SHA256
98cd910cb90678e8e90d3ff28680a7235119236ca025ac4ca5aac0f332ea993f

SHA512
504c27b81417146fb5e43433e5265baa02406cef006e72279a1969bbc6121f3650d450800388a708f51c3a7d93ca654da23150a81744691fde5b35fdbfe166c3

Download Submit
/data/data/com.aio.downloader/databases/file_list

Filesize
40KB

MD5
9b29c619aa33518b360e2373d13671a1

SHA1
21644b2d58364feefafaffd454b5da2efce6a669

SHA256
99035ab34290be7be1df091907e5465183163df07d106e7c7bef11cf60e8bcf2

SHA512
c2e652efa09082c14687a71211ee3669250ad1b78f53097a7fdc4d2a37697d53c5ad62f3631e80a47ac1ca97cf3da19b359e4503a25f84fbe6d0083bba72caac

Download Submit
/data/data/com.aio.downloader/databases/file_list-journal

Filesize
32KB

MD5
d86ee2d2cc648f32b529af1602944c75

SHA1
28323185948080050912730bf74cff84b308faf3

SHA256
f96daf5b650f7b195df47ab4653853354d7a621f2c2e567fcc3f9d2d37413bd8

SHA512
8f61c63ed8b4309b7dc8abbae2e3d97625e4a82506751399af628a4381903cea99217aa12641c0e66ac8c27dfae1f11c774f444b8f6a6dc60bca68020c4a5bf3

Download Submit
/data/data/com.aio.downloader/databases/file_list-wal

Filesize
32KB

MD5
906f2bc217e60cdb2b7f19c1c68f4a14

SHA1
f283a1a2f6e2559b9c1a79420da063ef13c0c4e7

SHA256
d3e10e51d35ddd5f20234da461032a08b151c61987d3cd2f22b22966b27317af

SHA512
ce8a2d5b86128b77e34f1dbd2555514bed31fc07246315148d1dfe233a261daaea0603c4d9680c46a8f63cefcc59eba7eae763a2cba58224162b6abf63e729a1

Download Submit
/data/data/com.aio.downloader/databases/uninstall

Filesize
28KB

MD5
d80184653c9e15747a8210aee5d2b7c2

SHA1
b738d550236f56d04937a99163b047d94b8493e8

SHA256
a9e061faef6445ec75ca1eb6e15752cd7dca0e2730da595abb38ed55047715fe

SHA512
d3db07396102778ad454257d0d88e461e1a040a045d20c404a0b83ddb136858a07c3c017317592812ebf1b65419418acf06574de7bfc4499ae2564ff7e9ac3f8

Download Submit
/data/data/com.aio.downloader/databases/uninstall-journal

Filesize
512B

MD5
9a324ea0927f21d146d6591a7285dbfc

SHA1
9e425d782260fec70838d2ebca243d99bd0edc88

SHA256
9c0b69cd84e96b1d8e1683892d9d69e75af2ba8f83477398f34a76605c142b70

SHA512
37f9cadec0e9e015d892aba36613012c274fd44ab410dd0cf8ce3ac704a7a4898aae164309db7ccb595219ca4e4bfcfcdbc15e1fab4885723d7f9bcd50aaca6a

Download Submit
/data/data/com.aio.downloader/databases/uninstall-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.aio.downloader/databases/uninstall-wal

Filesize
40KB

MD5
21794ebf6bfb1653d7879c17cc1d1e22

SHA1
7ad9df2cf03bcef5132261e53c204d7af2a0872f

SHA256
03ce629c5593b25bfafa883a7633c67e77696b93f3758d2488b137e16907a1ad

SHA512
b728dd11fb99cd83b6a8ab340e99c6183c288cd1737e23211da202c8cd0e4a618bf0d68de4c30a1fbc45fc56021237f5dd315d6217b42c74e2ff1d3512257fb9

Download Submit
/data/data/com.aio.downloader/files/.um/um_cache_1703478574304.env

Filesize
32KB

MD5
013bbd2c4487c5ac8be8946cc2f81881

SHA1
8e813e59934f8cde1a83541c767ca934ca22528b

SHA256
95295b5d912c2e6f1cf64ba9f1e7a6f5345c139a46dc6e281768aeff892f5409

SHA512
36b8baae07d43a8a6c600ba85bae1ff83972aad6a13542aa42ff95155a8ed78b92fb7b27c38c5aee685b056d7c1bd17ad9158fbf816345a8a74c0fa76981059b

Download Submit
/data/data/com.aio.downloader/files/.um/um_cache_1703478590671.env

Filesize
761B

MD5
cfc896c2e7d84a902479be58d0bc86e8

SHA1
e2c6f1fdd810a73cc41096c7a2cf8aec465fe097

SHA256
4f9783a545386182301f3948311c22733eb0d658e3e76d3db1a96d4c413ba20e

SHA512
9cb6f2e45e1ba1f3112dc3ad691887599653b0e0aac88547b56a92aca57f7b4f52cc369199566a9f8c196f04171ee30166cbba9d0d1bc10d9de069031b6746f5

Download Submit
/data/data/com.aio.downloader/files/.um/um_cache_1703478603928.env

Filesize
32KB

MD5
8fc0646b18bea6d3867b131bac6d4ca1

SHA1
7bdf68a2d0194c001cf307e01c6c3716d7eac8ef

SHA256
6d7ac3d769991dd646a9d330e534491ea0e8d0ef4b2c4e25da02235061a835f0

SHA512
0042929bc1252a174bcd957ca8a39c1824d2517b87c3864af2c003e68ef984a056780d8f5d57ff06a57513686749ae8f9253cb689f835dd507cc8740912f0cfe

Download Submit
/data/data/com.aio.downloader/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
a122885a8b4b36a5569f4ac6b20ea471

SHA1
3a867146f3580d1b1c3eb588a1799b5011afaf6b

SHA256
dfed12b53e25da942a7ed0b8efbbea1c4c6107b0fb58b6c06868ba4b8319d1bc

SHA512
5f1a6d93ecd7c3353a900e805dd6fc188be93f3b51ba779b0b5c7a5527677ff4062ea256fcf2f6dda1a7000d9b1c97d23d0d6a28bfd2a830e54d722020e5539e

Download Submit
/data/data/com.aio.downloader/files/.umeng/exchangeIdentity.json

Filesize
40KB

MD5
981eefd84a0e58820e177d61ac9a2d73

SHA1
95db176b9bab6d7c1548d417615c85ee03f8a9f4

SHA256
3832b83245ea510344c9e2e7dc8537c904020f6a557a16d83c5552059f23347e

SHA512
8d36844c5e8345ee087b91acba992a9d930601d09e15adf1d341409e3d5b398506a7ae5c4a81432224635bf5fc6ad0def9c719c5f1fa64c751955d8eff112bab

Download Submit
/data/data/com.aio.downloader/files/.umeng/exchangeIdentity.json

Filesize
32KB

MD5
ae45a6e76fa003a11e6de19c09865720

SHA1
ec307603738495c7f202780f4303eb849d42723a

SHA256
d49706a68bc0c219cfe9318fad04629a4262178dd328087b91bc0ad8b4972063

SHA512
5269dc0677924b5647644ce51795d957d177fb6dd5e537dca171a12d52d678abdfac8b6ffa296b777ba01f0d36af41e8c46c9deccdfe536fe58b937e61413707

Download Submit
/data/data/com.aio.downloader/files/umeng_it.cache

Filesize
512B

MD5
2a10a1de8aa94f390b738caed69e4bb9

SHA1
0130a4361fadcc0d807002795baaa0cbd07461b8

SHA256
ee8495358af1641a35c6bf3d55aa5c33662b5c85ce5a448a6a5d036f1aa45f12

SHA512
99b697e3b91d490f5c6d93c1dc5a60c761fa5b451f70ec172180037a31836d0b31c726638b5e6955aca19700d52e5cd7caab5eebb647861f4a725b4bb910528c

Download Submit
/data/user/0/com.aio.downloader/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/storage/emulated/0/com.aio.downloader/setting.json

Filesize
15B

MD5
476f35785c7a06c31897427d1c28c5ff

SHA1
6e549f81bbc7297f103611f095e8c558664b0e0b

SHA256
519d1867e637afc47f78feb0dae61ad20e325453afe6db56b3e77b3e2dca356d

SHA512
a1cd9c26605b319a9e87a8f905fdece32439af5f5cd6208cb7345616dbdc6cafedba99d47f00438eaa446b6bd857b71f901bce0c398c137864ad45f4d5f4b371

Download Submit
/storage/emulated/0/com.aio.downloader/setting.json

Filesize
196B

MD5
2a6d2dd8c6410a218a6476aaff9ed89f

SHA1
def86febdf26e6b5c2a8fa4f204d22fe4d60f56a

SHA256
7d6b45cce9631b5d30ca9183a0c58842f597734e2297ceceacde78655bf7e1cc

SHA512
23a815420da8f7b8ec815df1baf3149247f4468994b63eadbb93f00aae6650d2a9a7bfdf812959e767e4bd634138e7460f1b8d9aaf17b82e174b790a3f39471e

Download Submit
/storage/emulated/0/com.aio.downloader/setting.json

Filesize
212B

MD5
5584a2b238bfc5acb3357bab5bc9ea5e

SHA1
1da8cd794c5d5505b4d33822235ee4bca2903ffd

SHA256
abfa28f4d5ba706a8d784b0fcb93f0babfd3fdfa61ea660fd888b4576ed431b6

SHA512
59393bb202e8372f09f130d9d9fe9e2ba898fa3aa184d5e4c9969e84735a4ce01661fc17912e26c823bf19391942468e99664b5e84cf529290996e524501dd90

Download Submit