Overview

overview

8

Static

static

6

40409438dd...30.apk

android-9-x86

8

BaiduNaviS....1.apk

android-9-x86

BaiduNaviS....1.apk

android-10-x64

BaiduNaviS....1.apk

android-11-x64

BaiduNaviS....1.apk

android-9-x86

BaiduNaviS....1.apk

android-10-x64

BaiduNaviS....1.apk

android-11-x64

Analysis

  • max time kernel
    2675472s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 15:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    40409438dd0080f0cc574ea105043daff4f8339b5bb5c76148f8cf9c3ef20630.apk

  • Size

    15.0MB

  • MD5

    52fe39a7ce5d1da2f5aa3bd11a3a5884

  • SHA1

    59b3ccbf4aa0f8f8f3c35ac116205bd9de0fa626

  • SHA256

    40409438dd0080f0cc574ea105043daff4f8339b5bb5c76148f8cf9c3ef20630

  • SHA512

    8ead384e824f709afacfcea01fbd6b16db4616e0033433206d3e402857ec9e967473deeb4a190501b1dae9d3a77ae3df520e5792e632715efab528d575b3afe6

  • SSDEEP

    393216:4aZp2f2q9dAiKg0o+skRdgLkf91hsyxWYgl/pOS+vYdZO:4OUeI0fLgL61hsyY9Q4O

Score
8/10

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes

  • com.baiyin.user
    1⤵
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4257
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4444
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4464
      • com.baiyin.user:pushcore
        1⤵
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4333

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.baiyin.user/databases/ThrowalbeLog.db
              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              Download Submit

            • /data/data/com.baiyin.user/databases/ThrowalbeLog.db-journal
              Filesize

              512B

              MD5

              5b2ecec5bc5adf420c848a858e147b17

              SHA1

              ea545137f5d26e588a146e1475feeef569129613

              SHA256

              26290982490d2b591277bd2d02bded782b59ad236ce5dc6a08591c55f5119cb8

              SHA512

              4de8dae5a69beba6e1edf6ab021ff59faf7ea9d235a70a0cdf76e9e560a624f817eec1b72fe067e41755f358a743557f5fc3dcb82ed5f4bd8e898f0b738953f4

              Download Submit

            • /data/data/com.baiyin.user/databases/ThrowalbeLog.db-shm
              Filesize

              28KB

              MD5

              cf845a781c107ec1346e849c9dd1b7e8

              SHA1

              b44ccc7f7d519352422e59ee8b0bdbac881768a7

              SHA256

              18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

              SHA512

              4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

              Download Submit

            • /data/data/com.baiyin.user/databases/ThrowalbeLog.db-wal
              Filesize

              32KB

              MD5

              2c38c9fcd286f5e6086148c0ecbb1cb3

              SHA1

              6f99810f7198e5072127150898366508adb9ea78

              SHA256

              92f3c80006887bed9f8c0e7031dacf8014ff75042340f07a127b64e9727dce37

              SHA512

              4aae243508d6bf1dc1caf45c8219254967252844a6947beab5ae1d07e294f3930064f11435a89ff9ab047ff2aba10b6293e0d5bd3c0ad5184e6d2bbb63850d64

              Download Submit

            • /data/data/com.baiyin.user/files/libcuid.so
              Filesize

              129B

              MD5

              af8f50e3b91378d39d6a06fd240a055c

              SHA1

              71382414e83f5d288608c4f388279a53133c5477

              SHA256

              6e5d7d90482830640ae5cf5929bfdd7e6f4fd97283e5d6fe62f6d0ebb947f4d4

              SHA512

              13a4129b346b861e8d9af2b0f4dc07e30c5ffe41a8b2afe58f71d3f3c48c911ef08013b57b695bf42f27c14211ef6f7b3266ed62f14019bb45d8309c095210a9

              Download Submit

            • /storage/emulated/0/Mob/comm/dbs/.duid
              Filesize

              496B

              MD5

              eaa320ef9e9daa4620fdc9a9f523b7d7

              SHA1

              600eac370f07d398740f347a42d2aab4ef197a7d

              SHA256

              e2ac46a9606d0499ef384b4457f24e89a9b9da5cadb8ea7cb3cedca75b0302fc

              SHA512

              77bf04d8242837525e20786a4a50792b5c43371cde6d2ce57d61701bd2eab53c37d8c59d137f70f1e6a68bf4b92a8eeb8dc1af45c9ab601c4a5edf34ce34e368

              Download Submit

            • /storage/emulated/0/backups/.SystemConfig/.cuid
              Filesize

              89B

              MD5

              68873767ac6991428f8cb8d05228b9b0

              SHA1

              a64dbb5cb22b005832af68c7f0e84677ecb4ace0

              SHA256

              0262e75d07dcf249b643627ecfe3be628d2a75f74077a0e448df6b646806d571

              SHA512

              462b81ef36aabf8ce15e382fce9c5670b9efa248bdb7842d1cd7c09e4a99c261083ad65df999ed45181d69ef97acf2f339abd1cd50cf651abddf8d048264f83f

              Download Submit