3f6704c337a25af1b380e839738de8b2f225e9ea64b06b4c00c1ed41d9044bba

Analysis

max time kernel
2670449s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f6704c337a25af1b380e839738de8b2f225e9ea64b06b4c00c1ed41d9044bba.apk
Size

13.3MB
MD5

59d6f226d66bfccee621795f3452d128
SHA1

feb5975285aa75451f90970b178ff1d7bff57480
SHA256

3f6704c337a25af1b380e839738de8b2f225e9ea64b06b4c00c1ed41d9044bba
SHA512

e06dd0b80cf4b4d63a7a10656026a1b1bafb2c0102881a745e156568bfe44a9be7b8cd26666215e94eb6a18fbc6184b5bbf9522ca5c5ba033b64fba73a9cd230
SSDEEP

393216:9EVMgVv9+KbIYWmc7c8Z+tdRkHBsoPHVmyCyjj:mMg1scY7zQdRysoPH1C8

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	yx957.yxdown2.a148

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	yx957.yxdown2.a148
/sys/qemu_trace	yx957.yxdown2.a148
/system/bin/qemu-props	yx957.yxdown2.a148

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	yx957.yxdown2.a148
/dev/qemu_pipe	yx957.yxdown2.a148

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	yx957.yxdown2.a148

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	yx957.yxdown2.a148
Framework API call	javax.crypto.Cipher.doFinal	yx957.yxdown2.a148:pushcore

yx957.yxdown2.a148
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

yx957.yxdown2.a148:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4326

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/yx957.yxdown2.a148/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/yx957.yxdown2.a148/app_crashrecord/1004

Filesize
234B

MD5
c72fde8df7b9f47f60e0b4af1199c8e9

SHA1
007d03d21394c03f949afe71cbee33c950fd9e43

SHA256
2854c43df44da1ddb51333e3d41e64af83d9e0871d3e6434a01115328fc52e0d

SHA512
7ca2431235540ac0846e26186bc902eeef66d75e0ad7db576502a51f302e1a715830e6b934438ab80922ed6aad863b590061a66de12b02becfbd85b2fa88080e

Download Submit
/data/data/yx957.yxdown2.a148/app_crashrecord/1004

Filesize
225B

MD5
16064e014aad7893d630fc8292c9ebe4

SHA1
4328b61ff7cd22dfe237d3cbbc44f43843212225

SHA256
5b21b065fdb32977024395875a605922297bd7459bfb1e969d7c31a5af536332

SHA512
44d6318c19728691051d4a369e53cae38237176cf42f15ce0c0a3672d4ab513a1e6a752bbc041a820fbb11828f7999aff5b896d09cdd7f27fd998adee143dadd

Download Submit
/data/data/yx957.yxdown2.a148/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/yx957.yxdown2.a148/databases/bugly_db_-journal

Filesize
512B

MD5
314608c8a8061f5229b36363ee42d482

SHA1
10108a189c073cf3ca371bf01370affd323220cd

SHA256
9de5d0a88dfc8fd9d3c178885a618bf81460f31ff521d85255b29ad49c8db24c

SHA512
0ac91f94a94114114ce39257d3a51eeb92271c8f82536f4c86445349fb27d6b26a49eaf25bcabed79dc44b55efa97684e341823d633984f14fa7af7c2b40dec2

Download Submit
/data/data/yx957.yxdown2.a148/databases/bugly_db_-wal

Filesize
16KB

MD5
fbbf9dee39330b05367823fa243a2bad

SHA1
5f8cf9299ad86df376a250d1c7659ed29157562b

SHA256
fc5ea795e580952c0a239c10a3baf44e4f6ae22c663b56b5db709b8063971177

SHA512
f80b0be4849e2a4129336171fa8b479ed2c385e9d7064fd8a76abdfee986683ef518ad597245068e52a68f5e84639eb302822a483d8f933847e88a2205fcfb87

Download Submit
/data/data/yx957.yxdown2.a148/databases/bugly_db_-wal

Filesize
209KB

MD5
e104b03a49af37b5e95531769aa35b75

SHA1
4c9edbeb46a15e852a150f336409f7e604a17f2d

SHA256
151383e97c2e75a45a2aecba0d39cf84d21b9e63b20c1fb230a7bd20fae81525

SHA512
d5b1d7280613bd0a000e6fb8f9dce4efc4e164e80b0c1b5ba0f413c6e4192a6e4f4dbf97d894eb08d553f0af8ee4d2887c3b52c93a9d13335a3d1847b8f292f8

Download Submit
/data/data/yx957.yxdown2.a148/files/jpush_stat_history_pushcore/5f01af442df2e1b58525feff/active_user/nowrap/66e3be6d-47f1-45ec-aa4a-fd88bc10daeb

Filesize
159B

MD5
0673a7ed73b44c11766c1a3da14f1caa

SHA1
8e1951ef7df67e7027d8b0aaaa977b89fda51b3a

SHA256
f52fe34b5536fbcea921cdfe4437001fb0dc763c3f734de85795b11711752280

SHA512
04901ff6e66414e16d7e879f747fa73a1d43de22bedd826e2a8222ae19efa90a3c2ae8279785d96bb4d63970449ef5a5be2e6859bab6f839d9f453324a662eed

Download Submit
/data/data/yx957.yxdown2.a148/files/jpush_stat_history_pushcore/5f01af442df2e1b58525feff/normal/nowrap/1c9e1f20-faa8-4618-b437-41bb364c09fc

Filesize
73B

MD5
1c7d3837885724cf5b041e77f6329176

SHA1
3fb1618d18c8c92c42889b367f3c6c29a8c1a0f1

SHA256
70fa444cc01f3eda41ef447478bc0a87f78b63266e91896be1a812e000cf0e8a

SHA512
a6ba6d41af741d3d6d4345b6916161f01105cd4ab71cce77862f93c9bb7e86a999c7e38c177da79daf713a15f0790780894e352004071dab44b6a6923c9b976c

Download Submit
/data/data/yx957.yxdown2.a148/files/jpush_stat_history_pushcore/5f01af442df2e1b58525feff/normal/nowrap/44daebcc-3db8-4454-a408-476f988b2ef3

Filesize
225B

MD5
3787fe7d0ab86201698fac3d6318bb66

SHA1
6fd312b3c20c151907567ed370f226c85e5e3842

SHA256
ac3ed34ab021d130c1da667d10337e6fafef015ac6bffbd2407ec933c8f88663

SHA512
59b5574a49c3a4588b5a123a7648325652edc3e01910362de9093a07d98123c20296d0c851abbc0295bd33f1b084f145a4728c0dea94782ba9c27c00f5fcc2a2

Download Submit
/data/data/yx957.yxdown2.a148/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNDc3MzU2ODQ1

Filesize
1KB

MD5
3ff155af252bd8614883faeb486251af

SHA1
5ef945ae0cfab1dcdfde4f38c24070ed18f38320

SHA256
6124d3eef7607c2d9c9babf4480f9d3fc7b275c53da63321ed96224f58a8afa3

SHA512
2e099b152ff5243b67710a2f12c4ff48836496c347cb1af6286e64c2da364beec9f11b728bb1296bd961184b948b75b7c593148123c90bdc9225ea4a24d4e825

Download Submit
/data/data/yx957.yxdown2.a148/files/umeng_it.cache

Filesize
498B

MD5
7366d684aad17071b15c20a541013b42

SHA1
886167ffdb3b12dd25b7e771d8e386a3f5de004a

SHA256
3ff5445d11ef9ecba3e14e0c5f784d63b40da32005ec55117b9e92903e1ebef8

SHA512
28d9668167a3081228dcfb16468d723da3f363a73f82fe849092989f6c0abf9405e481919e1beb07bdfa3909c43b823cfe9cf07697b3de6a391c23bc273333ff

Download Submit
/data/data/yx957.yxdown2.a148/lib-main/dso_deps

Filesize
288B

MD5
2b174086cb22eb544df75a732c4c3636

SHA1
fbc431b6248a8531430b01ad330e7e5655ac7171

SHA256
0e9388d9f165799d3bfa625d7a3607672f84c2039f55ef121580f3e659f88a7d

SHA512
778bef9873068eaae184711d4b49c1843be068c5c7a34f1935ecfc2c6b7301e56b720bd061ca1b9bbbb169c015e992a7c37eee6eb70b7abc9160cf2dd9bcefa4

Download Submit
/data/data/yx957.yxdown2.a148/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/yx957.yxdown2.a148/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/yx957.yxdown2.a148/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/yx957.yxdown2.a148/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
f96aeded6d24f7354112382cff475972

SHA1
2b1e918cc9e9709046b1a2d36dc6498fc074d2cf

SHA256
ff1330203602b00b01ee66c61ca2edbdf54afa453e8b1f86721c117b31e5ca34

SHA512
53648c648b6592e07215b8f5a9e1e5d3322d46606535629b85b85081d0d7aeb7150a6bd52224a76f95c28b6940f34f5db509b90b1e20cde672d648e5955e2544

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
e2ce7e322f64243b0aa1dcac793cc7fe

SHA1
9ff35a6ce3dbdb8ec506f1a7e6240bea79def66b

SHA256
fbf1dd5ef0c0b2945b601d922797cd3af7993cb77fdc486df289947cf8ed484c

SHA512
f4c4359ddf59b2d19ecd39737b9c5e336fc9def4d2a604943971e0fc138fc87663c7d2b5ceb7ff56d8c69e0c684110ec98c4cc1973a41897348cfb4aa90c1172

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
f4ef2fc24d7761c01fcad979d1303602

SHA1
0403198bd599435294d153c8d6f1a54924796f17

SHA256
b5f2804c98c3ea342a38a9d4605ec5dd1c670f0846f0851693ab3eb55de3b232

SHA512
0180733ed16a13f201679677d9079590598946256b651ac4d246f81eb57bb9a698f25ab5560c77bc9ba80859e5c53517342ffbfa90da2466dbbaed63c7ee7fa1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
d82709775e980c1be987ddcf18104798

SHA1
da69a61e69fe06ec84df0633209f3ed4396a614f

SHA256
c174121e8e79453e35aed9c4d93f5b12ebec970300652f900eb6e03ecb710f8b

SHA512
0400962a453aa93919832b6123531de91c9ef5980d95bbe0df516cf3c35efb9716d9e22d6c1f5ef24b368de37f47ce2849f3d24792d42d8f7c060cbb16c010b1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
2020c022e0e716ef5a2b2354dd668f21

SHA1
d11e9f04e9d88ad4760f0cf140e797e7d465c725

SHA256
087666bb165d555da42878aed6d0a14111904a3f8296ba7a50c48ac5e331d67c

SHA512
369211243e697c3f636ab36a54b704a8e03295b525a953b5c2b51bb3de7925501d0ce107eee155c8f62f6f8009203ded2c3664381c98b34a450cc75c165a8941

Download Submit