3f58e6cc8eac9a37a906e5b2eca28ebd4b11212685cc0bc128ba022b392ae07f

Analysis

max time kernel
2602849s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 15:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f58e6cc8eac9a37a906e5b2eca28ebd4b11212685cc0bc128ba022b392ae07f.apk
Size

13.7MB
MD5

ee35edcbb861fd7a26a92dd8d3d19814
SHA1

0593690d2f2307c24b2c6a5d6969a5f0447afe65
SHA256

3f58e6cc8eac9a37a906e5b2eca28ebd4b11212685cc0bc128ba022b392ae07f
SHA512

3c635697830858778fb3d2397db3f19b8fa3b14d4272034ce64540e044aa42666abcd7f34d96ff2f3ea615b1960f3e23d7af73762d95a71c9e2955853f977652
SSDEEP

393216:JGeoAb6j92rW7UoLAcAt6RiZB0eTGVPKuYf3M5ww:J9oY6jKWAoLBB23bvMT

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tieniu.lezhuan

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.bootmode	com.tieniu.lezhuan

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.tieniu.lezhuan
/sys/qemu_trace	com.tieniu.lezhuan
/system/bin/qemu-props	com.tieniu.lezhuan

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.tieniu.lezhuan
/dev/qemu_pipe	com.tieniu.lezhuan

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tieniu.lezhuan/.cache/classes.dex	4644	com.tieniu.lezhuan
/data/user/0/com.tieniu.lezhuan/.cache/classes.dex	4644	com.tieniu.lezhuan
/data/user/0/com.tieniu.lezhuan/[email protected]	4644	com.tieniu.lezhuan

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tieniu.lezhuan

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tieniu.lezhuan

com.tieniu.lezhuan
1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tieniu.lezhuan/.00000000000/37CF018B.dex

Filesize
48KB

MD5
75d46252620a12dd7343e91c8ba209bb

SHA1
6615b67e21963e5689685f8494f442dcd729d4d1

SHA256
c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71

SHA512
9ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8

Download Submit
/data/user/0/com.tieniu.lezhuan/.00000000000/37CF018B.dex

Filesize
48KB

MD5
4e93a7a07efedcc6e3c741526d2d89a7

SHA1
e25833d7a51783c17978a7c5e7953d7cf1df80f5

SHA256
26fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e

SHA512
94a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f

Download Submit
/data/user/0/com.tieniu.lezhuan/.cache/classes.dex

Filesize
9.0MB

MD5
2cc06fe46fae652dc81a64a8f7d0f162

SHA1
83f7d198ec483b6a8c2df7352118537e64cbfd5d

SHA256
3a17abaf76d623dc458292673756f4e0c3045ddd6f6b492f65c54be8a225f13c

SHA512
2576393b259da0edd435f07e85c657209e5ee0ba70fcbf24296f775683624b63c47ef57799a5a472532f1d16f8bb19afdd79797f7332731ad59c9470784f7baf

Download Submit
/data/user/0/com.tieniu.lezhuan/.cache/classes.dex

Filesize
4.3MB

MD5
c46c23741e1787a3a16e5a4c1d0915e9

SHA1
cd20a656551e918b2bde2a54d106db355c1f0136

SHA256
1f54357d95be10116971552de409ef71e3c41430b3df25f9537173c254ec62fe

SHA512
0f5fda9613e4dbcf0a2b7b6964e0ebddf2289871fa93ed88f80f6f5728edc44343635b62b054386bf7a2871abfb4eaac01e56238877042823b09ac7012afe219

Download Submit
/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
228B

MD5
e273bb6de55ae3e1b2651e88afabaec9

SHA1
159d29bdb78de5f9a109261eae3bb1ffda80dcd3

SHA256
f60365654ec300cd664b1c253685e2ac46671f85e3874b7c727241295ca7b24f

SHA512
76303f2a152f45b258aa2c05c5adedefe897defb6720f20ad31e949e630d2bcc4a3ba9e538ce1c7be51418286ebc161078ab975a966929c26b01683ef8ecccce

Download Submit
/data/user/0/com.tieniu.lezhuan/app_tbs/core_private/download_upload

Filesize
56B

MD5
96521b0b06ad0991c091e52c5b82d929

SHA1
333dbbebef4f5c366b8eacf32189f1e4d0fcc32a

SHA256
e3ab1629015367c333338b6bc6bfbdb96711d57043adf6e7f9fb2559fea8f82d

SHA512
9af9dd2e1d399af4966ffa56f17cb9ad0c828f99154d41f14e7cfa7f615e1889c3ff25adf5348249a4fd00231419efe5d95d9e0796dd06530ed43e666ce5b485

Download Submit
/data/user/0/com.tieniu.lezhuan/app_tbs/core_private/download_upload

Filesize
56B

MD5
8dc2b206383b2e39d27cb951c84824bb

SHA1
23d4756385e432c55c25340051d4af6383e001d6

SHA256
7d9c8ecced7e30c2023adb2643644741bf4fe0be6ebbf0b72a4fdf944938e1f4

SHA512
caf59a80c0a0666669acafe51b9b4e3138cb1a4c7692a9ebb51c8e4f434e217267f84fde08ad17296cb3f4722743e99aa84debbb0fc6d8d22f716a938d9ca439

Download Submit
/data/user/0/com.tieniu.lezhuan/app_tbs/core_private/download_upload

Filesize
84B

MD5
f364159e666167ff27f456e99d4a8fff

SHA1
c246ab4b0cd2a007964ce3931fc7bb5c2a8603a1

SHA256
a924b5b3a245e0d63d589574bafb75231de025cdb9022ac21dbd12dbd206f703

SHA512
30d9679694e68fbc0b645d4861f1365992a5f52c953494c1b8d97ccaeba6286c93870b170a9df114fef9102c51084e53861af14eaab4553ba2f75a98501a8502

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
512B

MD5
ab64d8418639dc66c22f8286424a3a55

SHA1
6ea47f4f6c1bb8af20aa24f723d66a8b092ce616

SHA256
aec05bda27c2213e147e65dbbb88609eacc872e6583afe26da846963963e2f18

SHA512
e28300afb0071fa0662aabc25ead9e50fed0568a09e893353a50922febe8e13dacc1ea754d80233b1e8f80e3c14c716d1bde253e34b7ad4347ef94ae2589b05f

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
8KB

MD5
e3de94475471fd41ccc3f7ecdb4640c3

SHA1
eaa80d64c228e8148f3fbc02b35ad5d83cf7a045

SHA256
c98c249ed878056558887ce1f71e35476b4633831d2f4af3d0e7dd8421d3b0cd

SHA512
dafa0cd3257d33d791ae4a6b5fdf73a3403392739e06fb15278802f7c8e9876ccac6371351eb625a779594a1c4bbc540fd86a67dbf1a509be1bd6d420b11f6a8

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
8KB

MD5
97f7fc79d7f817efa50bf13616d4bc7b

SHA1
0f6598435b7a0a72b7b0023c40c17849b089a0b5

SHA256
d32cf80ed34824d4bc913bca1605ab5194347d5dd7962cec83783ae6ef9939d4

SHA512
1ba104197965628295b59a222501dadf7b6346160e54d7f61d3d608398348bc175eea7864a88d5a809826182a26bc121078ea34ecadc53a6729d9d5e1b1fcedb

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bytedance_downloader.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bytedance_downloader.db-journal

Filesize
512B

MD5
c4112f19c6feaeaecf85b69f40d53690

SHA1
df6e593dd838224cf3a6eaff3e54bbc2ad76db23

SHA256
9383019b2e2290e07191fcd7e1286e61f804374f65d72d490c5e5383aa2d700f

SHA512
98902269dd79cc0c5acf66fec611038525778a58d18d76fe540c9d3c2f2329ca64dcdf662e6c2bcbb1098aa71fd69d1d5593a9312b8b8cef350941a9ba3fd13f

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bytedance_downloader.db-journal

Filesize
8KB

MD5
ec2758dd763c65e0516c9b21a80d64fe

SHA1
85a97339a814c3db4b7f500f43a6ce1989ec011a

SHA256
6234c2cf8b877e700f977bf8fc78e5305e9dfdca88c69f3b280815307b22f2f9

SHA512
6b6e7c2390cc2fef92d0a5ae8620e94e44a66a71dc05297929d6365e1e9794cdc78730c78de8cb1ba10f3da8e10370af2be501e6b3e8981853c1c4651bdc264a

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/bytedance_downloader.db-journal

Filesize
8KB

MD5
d7cd364fe2d6e09bd81c85248b4ffe8f

SHA1
26035dd1b82d45713fc13aaa28d792afc0f072e6

SHA256
0d570ae09e941bba39ccb34a442bc58b13c17150f020ce446deff32d33436c2d

SHA512
d49e291e566a0537e46bb1311c6a713daf042e45d5e66993206c1e8d9b594e68f42b26118efe293c7f40837fc36108f29bd98b4b9f849bc1ef2a06aee067f2f1

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
512B

MD5
f96855a05c9516efeb40854fa9379886

SHA1
0a50caf93309ae552a1e559e494c000908348fe9

SHA256
e85070bf312119d15ff51421bca9f7e11ec3aa0977f5ca1854cb125179a506cc

SHA512
15cb9b8d564af37c499829e0b1898150e9abf0584ede2b4bf3701ab20949dce53289113486dc28a55427eff9b9fed5ad94191028a015aa5fd142214a9baad5a3

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
8KB

MD5
2d40a74e28471842ce87e6b2236ece52

SHA1
42c30a6f9ed2c409f32ef0e1d4845bdeb5469af3

SHA256
ea52f5ce6c3f1adcc617f0ea5114f075174909b99322d102b47886024ba8d143

SHA512
2ee4db8603b77c065f6f6b58d4e6f68c3a53f4611fc4b63baeb81d884f7914d14dffb52eaffa64f7b0fe097c15f1f40ad87204d26911adbd4348a05ea0ff1608

Download Submit
/data/user/0/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
8KB

MD5
72c236b20ae45a2de55bc57b46b10937

SHA1
64761646104f415992d1457605ec12c756c203f1

SHA256
04438c8406cddf506e142d53987374049e907ed9afd40427cb20365e20ec4107

SHA512
19046b6a627de619aec8eeb26515305800552add01c98b78ebd559c050eaedf166f7560496f3e4d1b95e1da57cffa3ec7f2547d61287bb1a1c1b1acb878ccf49

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
56cf962f6743c4298a041b3e43396671

SHA1
167d46affa7e03e307da3c39175d4594a6c45b5b

SHA256
0b8c4b1ecfa8914ab4d050a125715a73df03938235c56144250b6a3527a8f683

SHA512
3992b75a8e2c30a2dc6acc85c293e8ca27efd7041c2316fefd4222f1092b256caf0c633ea27ccff5921e163fcbbdfb65410ee178e12c0bb38a0a970d473e9b68

Download Submit
/storage/emulated/0/Android/data/com.tieniu.lezhuan/files/tbslog/tbslog.txt (deleted)

Filesize
1KB

MD5
4225d084c5b07155f5a23aeab9724637

SHA1
4df7b6e98cc071dc718f42f05512b42060f7f2e4

SHA256
590445f07aab677555496786ff26bc87bc2c1a7edf9d266ab3b2f64c9cff0a23

SHA512
488a0a02afef39e98107b13de0e07da380a67aefe7067add4a58a08d660e652e48103cc3cda5b5aff07af67bb1f093f7446f3c06c0410a9da8a6a217f8eb6c3c

Download Submit
/storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
996e9b2de7d4cf13d0472c8ee4492564

SHA1
0919bbf01b7c467a69ab25ae3e19a0f1d1ea05d5

SHA256
a3f1af96b6514e59c510c5941db9173ca14b319827f4b4392e0b0f406a753d81

SHA512
8fef58443ed3a15d640a4bd6169f3bbf7484780a5e6bbb39a333e1b9b78ff243839dd27a68e51f723f5359ce5be9b08c81edf3842376318e5e868aa17767d4c5

Download Submit