Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

3d57ad74ae...45.apk

android-9-x86

8

3d57ad74ae...45.apk

android-10-x64

8

gdtadv2.apk

android-9-x86

Analysis

  • max time kernel
    2540064s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23/12/2023, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d57ad74aeb3584065214a2227de760e2b62b0a7e63337276ca2d022cd206a45.apk

  • Size

    11.2MB

  • MD5

    a64d5c8af335890deef7cac36a3369c0

  • SHA1

    5d8e99b24d8a37c720df49254d0cd9f7e208970d

  • SHA256

    3d57ad74aeb3584065214a2227de760e2b62b0a7e63337276ca2d022cd206a45

  • SHA512

    a5133aca615734149b38a81fac56438c89d624131d72fb455dd112e6eaa563e1106e337760a80aa2268c28d8bc14645a7f014f6a298ad73d9edfd404fcf95acc

  • SSDEEP

    196608:YMGED9Rx6tjyd/8HupTmcY34EMiSafTdC9FwNdueb4p2kid7EJ3hp4i7vMKLVj:JGIUt+OHupZKrMiHUuK2rIp4i4+Vj

Score
8/10
evasion

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks known Qemu files. 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Queries the unique device ID (IMEI, MEID, IMSI)
  • Reads information about phone network operator.
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tieniu.lezhuan
    1⤵
    • Requests cell location
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5001

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tieniu.lezhuan/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/com.tieniu.lezhuan/app_crashrecord/1004
    Filesize

    228B

    MD5

    f0a7fa3e7e2b20842a6444e7f81d189a

    SHA1

    175e209c67e5d62dd18130cd63bca3463776cf7d

    SHA256

    97602472c672d11c6b3da3e339913f664d841454cc98e63db6782ecd5b2487e6

    SHA512

    6e303b54026d885248faa5f3ed9cc48a45a19cafe84b909490f3ccd4dcbafd8d52f9bd54bc6cc522d2fca4257a78b0e118cd9af5eff72b18349c5e0564058ab7

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_
    Filesize

    52KB

    MD5

    cd1f86046cbb24a0342f41690d7f74f3

    SHA1

    9a784ddb82366f11e09357f0af509ead76e36d98

    SHA256

    2c548b57be744c4c237e427728ed32dec6d89609d25371fc0994b67ae8e018e3

    SHA512

    24a7b33f2bcc76d2c780fd71e25c2aa7a3725b89dc916bdf49a59caf5f540a8fad5325314cb83e64c22c63ac64ed13fb4d25f47326d840a333b916ac5ea876e7

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    442eaec0b1f96fa765f9623d419e73c1

    SHA1

    f6d7c457c31889ab690ce631b0b5142750cfc41c

    SHA256

    b4b3c1e417dc6dadc78a71a2473abee5175569dd251b3ceaa52037a59ef01fbf

    SHA512

    ab2908ae11c03bbd21173200fd7097de584583072ee8e14de1af4dec8678f92501a31ef45b6cef4c87949350afad05a6b8554f7d81cf408fc1eaa0b28dd1f7cd

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    377cb555b8f507f6e4dd6937411e3a7e

    SHA1

    267b63df9d592105daf0206a85427888df4e3c2a

    SHA256

    d8a4949064ead7b41218edf62dad61da15a3602be08239ff79e7413ddf8df62e

    SHA512

    2c738f9f09cbfea1472dac86c524ea0c442d45933baf10da9cf01e101eb18758139cd6be768becb3947a75b2c46e1b3982496a5dc54d1949fa952d97b6180451

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    eae4d8cb5b0efa0b7750e8a206539f08

    SHA1

    8f0cff7ba924ecf81c565d3ca89ce816571fcc0b

    SHA256

    060f511b347ea22013583107f3677ce7c61fefd3a50259b34eaee8dea8743b0d

    SHA512

    960f6c735acebe1ec346c5728bf7715ce35c65446997db27626144f8593c572d63adfcdb672429b1b72d520ca96b7a5c41750e08cc6a95f7e4ce970f02baa833

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    12KB

    MD5

    510527e1d790c2c66a91ae1f3f55827f

    SHA1

    840ec411b76a96ab9b607c8b3d50427bef5a1476

    SHA256

    f86df4e4b74665135306f7e81654a49e5bebabea6e36d796c8bd73beccc093fa

    SHA512

    866cc3a66ab9722cb880cd2ee616b93d3a5e93ce9b5e5c8a79297f64aaa3679e5290d79139c5a1b53deec3b335e3aee0e7c5a8c42d6e340335e1a5d8453547d8

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    2d3719d1dee629b76c13745b0506d615

    SHA1

    8bdf998f4581ef56e39bfa7ecb67014f00db8b00

    SHA256

    e0cabe92c58341d7eb22d71e7fc8a7d515f18c02fe567dca1660ca9a690b8ab4

    SHA512

    8ef97737e54fa6f89c8f3d56f0d7766987e5e917e24a6745fa63e80c53629b342c7e748f98937b6650ee392f31dd6a2e66ba1fe06c4231bbc0177c15a5535e1e

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    c6962eec864bde5dfcfdbebc4cea6c0b

    SHA1

    f0e7bd4e2577dfba869a91e2481a62a78630eb16

    SHA256

    b4df23d13369b639f0537a2569b391361ace631e468fdee83e33c2453b9acd71

    SHA512

    be9a6d8f04bf9fe884328914f144c6f14cd9edc2088c16bbbc6269e1bed80628c897608519e935ded2a45ce70bdb048c20d8e5a2457821199c04700c8b604876

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db
    Filesize

    20KB

    MD5

    600d724a598424fe6a9e8c30f407c6bc

    SHA1

    8a4f9073370bbd3030552d7595192c24f7419e4e

    SHA256

    f7f0c3e8bbbf3835ed943557c570a78124755eea305d14a6e56340ff53ab30ca

    SHA512

    f4a411efab7a676378bd8196c7603de41d9c7bb2d67a37fe2fd6ba78fc261f8f981e68d56c89d12c0bbdf44eee477cfe9880c28e5f1c734f951a6640d4afa71f

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db-journal
    Filesize

    512B

    MD5

    31c63c69a30e582e46864471a33f364b

    SHA1

    cf550473b7ce820d53a004c4adf17c223d34a794

    SHA256

    c162baa99f63abc6c8e0e33d75762cc1a5f892c76e6369ee3e0150fc771a7f55

    SHA512

    2b7588f7db50a366f41ba2463d40df7372f4ab238322adc4778a2f4b84bd14f3d0336a785e86b4dc7a379b4f80984afa3538e2a48472844fb02adfbb2b533b49

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db-journal
    Filesize

    8KB

    MD5

    c3956333ab9e04b5ca4fa6cb044f3d7d

    SHA1

    54b80ba06ca5b71b3f014cd8d4cb1825b1b53443

    SHA256

    113441b7b320940af3326399f363d743acf36089128982f22d304dfeaffde061

    SHA512

    463278090c06f51dedf1c3adbad39d3f494ecc4c948d3122501daffcc9004c809060a43c19b5b54c39d02b42afce8a599ef2e8aff47e9f9689e493f95b70a94a

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db-journal
    Filesize

    8KB

    MD5

    05f28bfe3841b34195fb312687b898e7

    SHA1

    afc5b5205698305e7b2e278e9d348a9bb4465059

    SHA256

    6ffa4443fe00aa2ae2cc96ce5de0d0e115c719fdc73f42637bf91b44b4ebadb4

    SHA512

    bfc5c5946cb01ff244f93e35529d0c42f61d0c9c25fcfe474478d659bae23f71a9ca9bc25351eb04a60892bb1d755b2c3777107723ecf5e169b8efd5c246d4cc

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db
    Filesize

    48KB

    MD5

    b42c49b45ea1479a7c13f64e8c0d6ae6

    SHA1

    5a1874d7adacd65a87b0a49ca877a7f291c2caec

    SHA256

    e2dd34c69551bf6026cc452ee3e94bc6a9d1861126f72212a092899a12a8dd54

    SHA512

    cb4dd39007dd0ae6ee4a8aedf27d2eb7eb907940bc9c1097b43070568dcce0a8eafe0b81b60d224a4c90c1d3261f584c62205b447bae701073250b9ce1971510

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    512B

    MD5

    cd5bfcd6ff1073eeedf90e2735718c44

    SHA1

    70651bd761186ee8503c77d2a82790403aa2e989

    SHA256

    49477650941f613bd6c1175000943a208edaf3b60d7e9224827c0869406a2acd

    SHA512

    fbfd66ce061bb394f38872744e9165f378c80c00b7ca7df1748bb406e47c2ce1e7200abb57f8388d5fb4a409d945ab0d2c2ea428ed3ade28e00f773d94d96e11

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    8KB

    MD5

    5ec42f38b66fc99ccb39f0a208bf839b

    SHA1

    8357c4820088111adba8c9240ff34997bb38a057

    SHA256

    bf5e0d25c951a90bf6857104db4e1e26f63f4f600d0a3736e0a1f5f9e8673768

    SHA512

    c8b7988c1dfb7b4468f518f522597d7cbab5d1d23c176f8a058d268feb3a3df9fee035b6f0e3595a1a254f72ba46aa5e0090c312e053729be67e8b28dd0a1232

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    8KB

    MD5

    befada67fae548fa0846d8956e28e917

    SHA1

    118f26a9d77fd390ca99e0d2827c313f5bd7e639

    SHA256

    b1c522f810e103d385658a7ebd7893b5368b1f169f7572440f9c1bba8ba05146

    SHA512

    e02afa51f3d4ce6c5a4ce7f21abfc7fead94a9d41e85ce11c4820c0dbb8861ab489d1b970ac139df075420b3209c60cf1fbf207039df4f819238829f0a6dac99

    Download Submit

  • /data/data/com.tieniu.lezhuan/files/infoc_sdk/batch/86_deeb8e3c-f38b-4644-9007-93914367731e_1703347006607_0.ich
    Filesize

    231B

    MD5

    c060ce96bab178cbf84c95e6c38470b2

    SHA1

    6336e6efe2333e0a30a68e716a2abb68af182513

    SHA256

    c6f7412769bcf3b0e7121eb4c2b47591df7ec865d8f77f6b400ea0e2cecb6ca8

    SHA512

    5a6cb2f5828eb1c4274c795bdd3212d9d6d8d7fe82ae7c417fa1d1cb1df71b896578e9b407c8bb17a8634a2ec6e128921736494dfcc8007f67f61e94d7e6c6f2

    Download Submit

  • /data/data/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_55ae1ec8-7ab8-4102-acc9-973072508752_1703347006910_0.ich
    Filesize

    193B

    MD5

    92b489cca455996a12150b738672433f

    SHA1

    7f6415f9b0714a8091ac6d8cdcb9b5e643f7b30c

    SHA256

    5abfa4ab6b129cc4c3125bf32ec23eaa980c34be1b53afacd9426066a425cf5f

    SHA512

    b398a499b30ff4359d7050e546fba86eec6ee05fb0ee1ebb5a255ae7790f98f37c0d7e659574a1ab2f533112234cfbca73a5349659cb8296c109652f47434035

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    11c072c1716f0f9be34dc240a4d3c480

    SHA1

    06b6fcfb5904a0ef0630c8ee872800be2b8903de

    SHA256

    d78e2a092bdbbaecdb4fd7518d3930f958fcde706fa80c5f91e4503746addb35

    SHA512

    e4ce7af393c2de953d81b3d7990281a46134dd3d22dd89f21df6b0a59100caa7c453cc07b214ed5478c95172e5f8af5b775abe3394774d8d558075cd786f05b0

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    01b1666e51ae6cdfc8efc537e3d64809

    SHA1

    ddeba426c99ce86090f3d14428da370597470384

    SHA256

    f5da1d7de8bc1159ff3d18a5221d3664760adf965a3309bd8d7d58ae6ea1beb1

    SHA512

    9035f3f0b637aae0f7de8e9d6c56690f0390316a4d7fe546694ab800e0fee468edb0e87d88aa19fe76587f4c6f36d7e53ddfb8fbe2b3fd463a0f34d23422a2de

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    407B

    MD5

    a6bdbe1647703d1b91977c4f7a3bc4ec

    SHA1

    58e7280afbb1b74db768642f63307292cc9bdfc2

    SHA256

    5937db1c49779113294ec255d0c87395b7c479d8edd31cadb3c107b5706f0957

    SHA512

    03d7b0d2e1919ad87c7a7f590b91596706d8fd6f3d90e537cf318bfcf8a778af828a57bb18b5cd3a776f2a9b4d9bbcfcc6de0bda0676a9835eed019b74812977

    Download Submit

  • /storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/36270120544a2ecd02163da0e2df7435.tmp
    Filesize

    21KB

    MD5

    14ac2e399918a26f90219b23bc443dcd

    SHA1

    2869c8287b42a57a5dffbae7c9a8c478c6bf5e4a

    SHA256

    4addad439ddec6a99bf472646aceeb75e6184b43fd90f3fbc56dfe6509e285c0

    SHA512

    dbf7699166a37b159e1e7118a07bfeaa2008e57de9c8482fa268b2b9afe209659adf5f3119daa167e70f3aa048cac873151ef137a66fac0d271c5f4bf6c8860f

    Download Submit

  • /storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/ad6bd3e6bc7eec226d76280544f2ef19.tmp
    Filesize

    29KB

    MD5

    80134f8fcbc09ee3c89441a8c86400e1

    SHA1

    dbb68eb7dd0094614984ce97c001d4af4eabcf3c

    SHA256

    3553461208e16c1df658b9cf1915bb4b94a2cf8cae772bac852a5c51c3722dd4

    SHA512

    e834587d0356e0b9cbbc33e3d323bd7ffda2b680789329ca215a0c391f72a2157be91abcab2e809926f6bcf323a6a9a405b055d4ca8e880d5fff2ab0eff8956e

    Download Submit

  • /storage/emulated/0/Android/data/com.tieniu.lezhuan/cache/tt_tmpl_pkg/template/efbcd986c1fee7f430303b1db3ac9661.tmp
    Filesize

    98KB

    MD5

    6189a783452127bee910a45a1bdd5184

    SHA1

    4ac2a42beb1e009b5f6f6bfb4ff6ed3503f3d660

    SHA256

    3b8de75c77a7b0d69096b752980680e771ad0e08b150cef632ee83f3b5785567

    SHA512

    7e7a224929e57edbfbc0ce7a23b4e73cacb01dcb4c908b0550cbcbb8fa1a56e58e38c78b18d068fce04432a780b0fe667f30dabda12e6f3767d5f2a0ddae94d8

    Download Submit

  • /storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0
    Filesize

    344B

    MD5

    47ab2d4557ec190835df5c0d1a3157bc

    SHA1

    bf644230282570b0ddd6ba4cbd42147bdd2bed7b

    SHA256

    4fad6f8d04b1471d64cc33f6a3ddb6111a6387ef34d3820fa3cdc9f0ae91c593

    SHA512

    ee7ca935a4a9468ec64a2dace6b74533ab8264d93ff1478a8a891396f876da95cc5c141dec6de1a1e9ae9b7d031163092264c458d0decbca3b630908eb4542d1

    Download Submit