4cde831e223e8294697f407cd2bd067fc2998d2bc92650904c01277fe96c43f0

Analysis

max time kernel
2562641s
max time network
161s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cde831e223e8294697f407cd2bd067fc2998d2bc92650904c01277fe96c43f0.apk
Size

17.6MB
MD5

5d5c69f04984975c9644c43aabc0cd42
SHA1

97709610f24c330c37dfa21794cc350c88badf6c
SHA256

4cde831e223e8294697f407cd2bd067fc2998d2bc92650904c01277fe96c43f0
SHA512

00e89da4044f565b880d984ff12b1ab2e70f1f7d6febefa389fcf71a9e89787d59adc42dc89de229840351a1f88c646faad7f80c5d4598ad59473b241c6072db
SSDEEP

393216:r7UmeO0ys/q1RtYXSNDjGUOIByKAJ2ryBvVRRonf:cmeO0SntYXWqyBvjWBCnf

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.znwy.zwy

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.znwy.zwy

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.znwy.zwy:pushservice

com.znwy.zwy
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4250
- ls /sys/class/thermal
  2⤵
  PID:4288

com.znwy.zwy:ipc
1⤵
PID:4319

com.znwy.zwy:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4443

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.znwy.zwy/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.znwy.zwy/databases/higyon-db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.znwy.zwy/databases/higyon-db-journal

Filesize
512B

MD5
6e691fa500b5e369baf5e19da0fc3ccc

SHA1
2a9ca90cb7b96db253dacd802c3455ef1405b895

SHA256
ca4eae085ce8eea8b05acefaa8a96ee3fffbada3d185fa6f0fb87a11ae837fe3

SHA512
394d22aa04f5f932af5b2daa92811958ec01eb91a8eebbd1c1de705b284eb6e82e547fe8af34bed5330b0bb4bc2b52bad2863c4a75e46278ea8d5bd60e775be1

Download Submit
/data/data/com.znwy.zwy/databases/higyon-db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.znwy.zwy/databases/higyon-db-wal

Filesize
32KB

MD5
dd0e91f0fcc73eebf5f11ed2b06db46a

SHA1
f4f90284d10d3af1dcbf2cf85311e271770e6c0a

SHA256
19d565f8bd201f97d67c496f5c9cf8c9c1cb035c58d8f10daf601b0545d17b0d

SHA512
34305b9e43879e9c8450583a94f2a363568d52c08f5b67a8579a53a9efd6f182236f035483ed65de23e205391ac6d0aad1ed26d0961f37d15a65f77849e5b491

Download Submit
/data/data/com.znwy.zwy/databases/pushsdk.db-journal

Filesize
4KB

MD5
3fd33ab5cb20e8f85febf7a7bb691681

SHA1
6b9b4a25cbb497ba875eacb21388d494843f4200

SHA256
b6a49403cf126bcf5b166b33439d76e7100e7c01544fc4197759673375b05269

SHA512
0f36e38179f5ad806e1be1ea265ca95b8eea197109551b15974d2017bbce497aedefbc6aa30609a36d8447f2374d4c4d541a8f320405e4a081988dec42010105

Download Submit
/data/data/com.znwy.zwy/databases/pushsdk.db-shm

Filesize
32KB

MD5
82b3ee0faeb3cc276d7c0cba518c0b46

SHA1
4adb1042a3624f3058cc079b9bb9e490a71e9825

SHA256
663e1012f028e3963aa2500340fc0410c1cbfe4e17f6ead99052db98b123e23a

SHA512
3d55e81e3c5e2d62eca2bf60a4966305cf007ed406a7c4e25db08323a353979df19491f28751945ec61a92db38424828f468948d6e31a362f36691f68e24d693

Download Submit
/data/data/com.znwy.zwy/databases/pushsdk.db-wal

Filesize
80KB

MD5
5e74ca22322f5432810dd2f57a461519

SHA1
295fa0aefbf551e96cf98dc3ab40cd658e1ca96d

SHA256
b8d7cfe1d5b2fdcaacf87c8263fb406676beb61368263e9846881c61e93c27c7

SHA512
43fc27550b125d98fc08e13d83bff3fcca4a848a69cc14838f24de19d61c30634df4e44b0e02cf6dafbe38645b76ed84a5b0c2f5aa31e38dbfbce4ef55167490

Download Submit
/data/data/com.znwy.zwy/files/init_c1.pid

Filesize
14B

MD5
ca4fc59d5f4a95ac443ab8a717ce291b

SHA1
4621d70996c60362928bb1023de3f3c736791e2a

SHA256
adc5d2ea5f8df7d43ff21667b1cc602dd56359097d9e4d2fe2f8f04427c2b683

SHA512
1cbc44bf9997f10604be57f649ed85c79506ae9bc10f689e9e552469ff80e788e4fa1efea6b23773ab6215270b7c651d41c4d09dbc4a7f5b8f2846a8886b4638

Download Submit
/data/data/com.znwy.zwy/lib-main/dso_deps

Filesize
264B

MD5
699b28af63cd48cee16bf217256fce77

SHA1
d4cb2b9996e931e67084b2c428a4a8a30127cd74

SHA256
d0026eb0cfcdf8cd4d8fd5dd40a761af39e92a3b6c24ccff1fbcd528ae9b83f0

SHA512
f943b55e1e86537b5387bf711df9e1773e3c96d2dda278fdc6f1464a98fd3d147f5653c36819fc250551e15b2a8e360a39c43a715989b66c22b22ca1a5cbb1fd

Download Submit
/data/data/com.znwy.zwy/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.znwy.zwy/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.znwy.zwy/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/libs/com.znwy.zwy.bin

Filesize
65B

MD5
33960108e5d6f84a23bf69d400a61c85

SHA1
06f97fbaff64a181bf566b5f301eb5e92ff724b4

SHA256
cd2cc5928f8592cfba89f138bd85838dc009179dd953610f257a93eb0da46dbd

SHA512
3427341ce58f342ce9f271479dca0569b6cf02382e0b84ced42e21313253b78e4881af4a0ec4f393c20aa640ad1135e67cd8e35cd9d192bbc76eddc3ac7e7c7c

Download Submit
/storage/emulated/0/libs/com.znwy.zwy.bin

Filesize
65B

MD5
7b279bc83147090d74e4a1592b23fbd5

SHA1
738f01b6da90473821a4b23b4b8537c68421b762

SHA256
6f5d96c7a4d4a3a973f1545e338224dd477c974c0aa4a06cd6d0d6136658029f

SHA512
afb09e2cb1ac3831c69a8122ae79e3c699d2c02b7a97e3ef03bd2ce636c8792d77781e3065f89d56789cb423b6b307df99cfeb0410ae8c505a8347ec55c682bf

Download Submit