Analysis
-
max time kernel
2626881s -
max time network
162s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
23-12-2023 16:09
Static task
static1
Behavioral task
behavioral1
Sample
462604d1a1758a31fca11665d4e5570305400bef432e01516c47ced8753c8c9e.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
462604d1a1758a31fca11665d4e5570305400bef432e01516c47ced8753c8c9e.apk
Resource
android-x64-20231215-en
General
-
Target
462604d1a1758a31fca11665d4e5570305400bef432e01516c47ced8753c8c9e.apk
-
Size
28.3MB
-
MD5
2baae2962e8283316df6c96099bb2595
-
SHA1
527273e8a9ec58ed4f16e86a0af6ae7c08e3a190
-
SHA256
462604d1a1758a31fca11665d4e5570305400bef432e01516c47ced8753c8c9e
-
SHA512
6dc35793ff29e6dda27424966292f01a1aed845de3132d20362a4b15085c795d041a05961b8fa9a5d94aa4cbce3e050efe86cb9cdd42ae3ec2a9066978697752
-
SSDEEP
786432:+8i3tXCM4BwIzD4usIBDl+PTTUcfIp5TPRSWAwp35Gr:ri3tXCMMw44u9BD0TdfaRRgwp54
Malware Config
Signatures
-
Requests cell location 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.example.cifnews -
Loads dropped Dex/Jar 23 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.example.cifnews/.jiagu/classes.dex 4996 com.example.cifnews /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 4996 com.example.cifnews /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 4996 com.example.cifnews /data/data/com.example.cifnews/.jiagu/classes.dex!classes4.dex 4996 com.example.cifnews /data/data/com.example.cifnews/.jiagu/classes.dex 5193 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex 5277 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 5193 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex 5346 io.rong.push /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 5277 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 5346 io.rong.push /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 5193 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 5277 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 5346 io.rong.push /data/data/com.example.cifnews/.jiagu/classes.dex!classes4.dex 5193 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex!classes4.dex 5346 io.rong.push /data/data/com.example.cifnews/.jiagu/classes.dex 5491 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 5491 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 5491 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex!classes4.dex 5491 com.example.cifnews:pushcore /data/data/com.example.cifnews/.jiagu/classes.dex 5775 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex!classes2.dex 5775 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex!classes3.dex 5775 com.example.cifnews:ipc /data/data/com.example.cifnews/.jiagu/classes.dex!classes4.dex 5775 com.example.cifnews:ipc -
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 119.29.29.29 Destination IP 119.29.29.29 -
Reads information about phone network operator.
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.example.cifnews -
Uses Crypto APIs (Might try to encrypt user data) 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.example.cifnews Framework API call javax.crypto.Cipher.doFinal com.example.cifnews:pushcore
Processes
-
com.example.cifnews1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4996
-
com.example.cifnews:ipc1⤵
- Loads dropped Dex/Jar
PID:5193
-
com.example.cifnews:pushcore1⤵
- Loads dropped Dex/Jar
PID:5277
-
io.rong.push1⤵
- Loads dropped Dex/Jar
PID:5346
-
com.example.cifnews:pushcore1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5491
-
com.example.cifnews:ipc1⤵
- Loads dropped Dex/Jar
PID:5775
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.0MB
MD5b53495dbc3cde4d092774acaf5864efa
SHA1f22bd8fa0a5b7f07f683d69e66d2c08bacdba33f
SHA256149313e1fdb0022a0946d3e3d1d67a8574ef27c37bc22f724775c06d66e50466
SHA51275d8025dfce9cb70feb9df5d54b7116794461ecde230da3bad501cc8356b5a0ed7c6eab6e31b689d1f48201b1416a01bebd8880ac73afe144740fecc86d48395
-
Filesize
3.2MB
MD56c40a5f27f246a3aba2d1f3b9a92cce3
SHA1e5563c09405ca9f20b0f639f1de8da6c49a0e3ea
SHA25664b023d0dabb7cfe85d62e9b324fb86ebe9a96854558c06e3bbd7567d5ff1648
SHA512d0290d0d9656831679a28aacd3659c1a94d259c7a1c33f81a105b5ddfd8d16e6af8ce763318394a4309882e14fbec7d89222370ee31ce8f35f3d769780a57d89
-
Filesize
6.4MB
MD5999fedd3f38b4d0a11b38784e0754375
SHA1599dc7500b9b041021eb8b6c85efda7efdf9b303
SHA2563ad425e4632c4776e32d0b9f25f14f8b3f2947c62e071f8ceab7fdecd08a79d9
SHA512c73b4bc56b27cf414bd197404c0d6e3fb6600cd63463c4f1da6aaa4b44b8ea0abf901a0fdd6f280a0f9f5a37b5d578c27622c61727265ff0f2c9ea804de59f0f
-
Filesize
3.4MB
MD51b50fb48fadaced2b17d9d16f068c827
SHA1e469d5dff751986a2207a9af0bc154b7c1ab67a9
SHA25673dd746fb78b169e2b40327719bb63bb58778893bd20108a977933c111fb42aa
SHA512f19cc3e4dfa6340c0a9238c1f60e935dc93d5e1d7de7592ac09cb9f6d3e1beef71d80d8df84fceacf02f072e37d8560576437ec5f90cd7aa2503aac447f35b48
-
Filesize
719KB
MD56cae37fa6f54468133caae7193c8040b
SHA132ed206789906fd3806cf71464e1de71208ef844
SHA2564904c044f2a1f42e5773163c4e32195dcc4372de82a35fa02e734f5dbf2ab8c2
SHA512ab8c1bb77e6f9e2ddfbaef903af2b241e3e70185c6603dd62e450a7cb4b217d4ccf4aa23b1cd15a6b1789813296849bd33e0f1c57e345ef0925964ab891c04f9
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
8KB
MD52d2f4f95643619f050430290f480cc17
SHA110309263660ca83d91ba9191c373e971b8bf57d0
SHA256c7266a2946dc5d8a515cad4dc1134fd301601d8145d635b0db367466e9702243
SHA5120af5f05990ac5d82b6cf23e6fa28cf20c261f4e0cf08defdd83e88ee84b190507425dab63cf1095642ef9dd93c8649fccadf87b5f2bec3eab2de14690ab62ada
-
Filesize
512B
MD53c7c5b9c5c1d5eecee3038ed852b6b30
SHA1874ffee51065e56230bb5559397940254d795521
SHA256e7f850040158de99c0932e2fd61476fefbf85050b39c21d42c3a2b9f83122fd4
SHA5129020d8c30a71ff03daf251da698f7ef431405ca5b2222b39737978c2c90d3770253d6e4f7e46f9369e3d922d0ec087dc13da7f853a3c9cf139d8a861a23b9f30
-
Filesize
307B
MD5bb17dbee9bc16a1c98cab1b1d8c6d636
SHA107f2dd8d644e1edf1b307540648c70be7ae3ea4d
SHA2567feebefd3d6cbe9e1dbf7cb85d6a13dfa846b36f296aad6c6a039dc98438bf7e
SHA5128a88bc835ed0d9f2d821eb0e67ab54644652ff24a3fe1c6dfc48046053a125596cf4783febd736bd2627b395fb655d84da04cf3ad7eb85126d5578fe2fc300f1
-
Filesize
32B
MD51108cb8505b46650ff7b7357c99794b0
SHA1f07c16fb7ea638e3ad85f140731a97b3f5a2b046
SHA256573464d6f58e895560d7870f2be3b2ebdd910e8bc7443115a118f4f56c04a29f
SHA51273e910d865b89fe50329ccc36032f46c3eb263ed62bafb3742d9422bdc856c217a2177bd7617f09e601346870fb7c320778da5901d6b7b85167e82ea5adb3278
-
Filesize
32B
MD5e6f9328b7f7639225a4ff0f6df4639e2
SHA1eb68927fbdb5312e670b16b5eb5dddaed6685699
SHA256fa857695b1c58670534503073aa5a659e5dd50507a2bb210728f8eebd764e49b
SHA5128cb4849a9ec68543d2930879a46a8dfa54ad324d51e370d39960c7163ede8ac382b801effdd875da4d57c5a978b0b6cd1d6f2eb179c4f99c9043935dc71ef0f8
-
Filesize
4KB
MD59203af6336c714da3787c0df076bfa48
SHA1da283505873b68262a8deea8bf723cee98f2077b
SHA256c6175a84f713f738e67a7c8cb80cf1c1db8a3e38e6360f4f4b50b23553cae709
SHA512359d8bc65dd607905e97d96c997039b0f40a3777b88d4a98b862de72580cda27e55015bff5cf8737b78c34e75d12e69f2311037405d6936e80b8ab4e4ddaea1c
-
Filesize
12KB
MD5aceb613d15a509d6a8c493715ab58128
SHA17dc04c590e44c34d3577b115fba629be28f9d04a
SHA256d30b6353bad39820e6c5867896c78951bdb131e7932904764c027dea1083145f
SHA512b5aae510ef6a4d803adf2f8bc676fed9d0b543e4fc7fb4335a30425e307134b2fbeb36d66e06e4961abde5a14cbfd463bb103c4bf187a16eb18de508806d9431
-
Filesize
12KB
MD58b0ad9fe164d4400b91995ebe005f159
SHA1723e5241acd731a2a4beb067e2c0b894828faeb7
SHA256e7ded7338870113f3bea69b2a4776ec01c0b7bad099aa0d15435509db1800f14
SHA512f76beb6042f71c5f9c523875c33034cc8a4782712853dc681933ddc700cd06b99b7da3d915625bd11038c10d92dd9b1fa023e00b957aa3e0c477646b60f3ce1c
-
Filesize
40B
MD5df9cee7d877df73f9d020da856535364
SHA14175193e215288144c1048be3e6e28ee0417e7e6
SHA2562cf74d5ce0c228831e3f4fe17446cc77bc43bb15f16e4bcc4df75cadfae91d94
SHA51243e13a74e1d137bf27beeafd9432ed15a7cedf2278a8b4ee6294800f6282a7186f87383141fa04a22307ab248d0099acd3441836ec3afb7a1c0c899a8c9c3a85
-
Filesize
8KB
MD5584ab6495fe0874fa33ce451de678e51
SHA1e35d0ccf981c07e2a3c4eb3c070d35fb852180a9
SHA256cc63b5da7bea4d178810bc92022e850dae205c043c03a96f8088b1e9e35c05ca
SHA512a3335c044a33ca44199df94f13da6933e306c0affddce2bc3892f7f8968fd11301c469a2a0be19ede0bcc56df360e69f5ac7c2b971b3b228e9ca17fddea59730
-
Filesize
491KB
MD542f23f69d9fb1028c9f50c09734e2ba7
SHA14eda99025e0fbcc563d7b4dbb30def9b69f3d12a
SHA2563852e2bd8d2a8f8fe6168792fb7a385d5c4d8281a09c2880a9ebbaf8d5faa7d1
SHA5129101e26a56bcc29f948be41fab1f05d442f3b52b8380a86f275f7a02fe35c1e08d510ec32d29827e5bffc69947aa19ff80fc5dacbdb3966d2004ce83be564642
-
Filesize
491KB
MD5e77a4812888a47327579639aef1b742e
SHA15411f639d7fa941fdebbcd112157e23d1b8a7103
SHA256a8f3fca7fc7d5994d058b87c9c46643d5bac94e8ca567fff3f95d1e4a96c5c5d
SHA5127b30026fd461fb142ef55f7b3f92147415dc8142fe354ab5824bdcc4201fe41f2463da5a3539322aff57a782b79130abaa10745138d9d6b58b0d48bac3f25abc
-
Filesize
491KB
MD51f2a1d09ec2e6faa5dee22d19677f373
SHA13078bbc4b1f7a1269240b8eed7a3e3e0cc595d84
SHA25606db05639a2fee7d4dbc2dd81caaf3d17b8af8c63d424597f4f6b91e36ee89a5
SHA5129f846722c57711435003627dbff57bf34dfb1d66896b876fe6355d3b16b1536ed362c3d3e4ca246fc9b6d836c39d480c100723e3e7006f18aa278dd15b9e17b0