Overview

overview

7

Static

static

6

47260cfa96...3c.apk

android-9-x86

7

47260cfa96...3c.apk

android-10-x64

7

Analysis

  • max time kernel
    2726168s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47260cfa96205403d495b1110acb11a30c58f78005cdc53fb7f05030e2f19a3c.apk

  • Size

    7.3MB

  • MD5

    db5c1b182e458fc68e6e0f9c7bfa755a

  • SHA1

    cab4d5428eaa294b67b1e6b110444406bfae278e

  • SHA256

    47260cfa96205403d495b1110acb11a30c58f78005cdc53fb7f05030e2f19a3c

  • SHA512

    2f2e92a583867b91c18d82d3199bc267b06dac986833b7d4da2ffb284e7b5595750af1793387ca01b14f73f170fc840b9f213b3a0396f73326d5f962698592ea

  • SSDEEP

    196608:7hsHjgPq3NPq1zruQF+URejRUbUtlbtj15u8qpxHvwF:7hegPq3NPq1zrxF+kcRS6nh5eRvU

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Checks the presence of a debugger
    evasion

Processes

  • com.macrocura.health
    1⤵
    • Loads dropped Dex/Jar
    PID:4251
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4292
      • getprop ro.yunos.version
        2⤵
          PID:4292
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.macrocura.health/mix.dex --output-vdex-fd=56 --oat-fd=58 --oat-location=/data/data/com.macrocura.health/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4317
        • logcat -d -v threadtime
          2⤵
            PID:4492
          • /system/bin/sh -c getprop ro.miui.ui.version.name
            2⤵
              PID:4515
            • getprop ro.miui.ui.version.name
              2⤵
                PID:4515
              • /system/bin/sh -c getprop ro.build.version.emui
                2⤵
                  PID:4540
                • getprop ro.build.version.emui
                  2⤵
                    PID:4540
                  • /system/bin/sh -c getprop ro.lenovo.series
                    2⤵
                      PID:4567
                    • getprop ro.lenovo.series
                      2⤵
                        PID:4567
                      • /system/bin/sh -c getprop ro.build.nubia.rom.name
                        2⤵
                          PID:4592
                        • getprop ro.build.nubia.rom.name
                          2⤵
                            PID:4592
                          • /system/bin/sh -c getprop ro.meizu.product.model
                            2⤵
                              PID:4621
                            • getprop ro.meizu.product.model
                              2⤵
                                PID:4621
                              • /system/bin/sh -c getprop ro.build.version.opporom
                                2⤵
                                  PID:4646
                                • getprop ro.build.version.opporom
                                  2⤵
                                    PID:4646
                                  • /system/bin/sh -c getprop ro.vivo.os.build.display.id
                                    2⤵
                                      PID:4674
                                    • getprop ro.vivo.os.build.display.id
                                      2⤵
                                        PID:4674
                                      • /system/bin/sh -c getprop ro.aa.romver
                                        2⤵
                                          PID:4699
                                        • getprop ro.aa.romver
                                          2⤵
                                            PID:4699
                                          • /system/bin/sh -c getprop ro.lewa.version
                                            2⤵
                                              PID:4725
                                            • getprop ro.lewa.version
                                              2⤵
                                                PID:4725
                                              • /system/bin/sh -c getprop ro.gn.gnromvernumber
                                                2⤵
                                                  PID:4749
                                                • getprop ro.gn.gnromvernumber
                                                  2⤵
                                                    PID:4749
                                                  • /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
                                                    2⤵
                                                      PID:4775
                                                    • getprop ro.build.tyd.kbstyle_version
                                                      2⤵
                                                        PID:4775
                                                      • /system/bin/sh -c getprop ro.build.fingerprint
                                                        2⤵
                                                          PID:4800
                                                        • getprop ro.build.fingerprint
                                                          2⤵
                                                            PID:4800
                                                          • /system/bin/sh -c getprop ro.build.rom.id
                                                            2⤵
                                                              PID:4824
                                                            • getprop ro.build.rom.id
                                                              2⤵
                                                                PID:4824
                                                              • /system/bin/sh -c type su
                                                                2⤵
                                                                  PID:4849

                                                              Network

                                                              MITRE ATT&CK Matrix

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • /data/data/com.macrocura.health/databases/bugly_db_legu
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                f2b4b0190b9f384ca885f0c8c9b14700

                                                                SHA1

                                                                934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                                                                SHA256

                                                                0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                                                                SHA512

                                                                ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                                                                Download Submit

                                                              • /data/data/com.macrocura.health/databases/bugly_db_legu-journal
                                                                Filesize

                                                                512B

                                                                MD5

                                                                026e7567d72b972ae44890a257d72bde

                                                                SHA1

                                                                7c35b17668d0dd604e6ab8bb9e14fe58714c376b

                                                                SHA256

                                                                7a30524dfdaeb369c83892b8b349c3ea62783d8cd795ff84998b018bd0bd5523

                                                                SHA512

                                                                2eb27f6f3d9171f0dea39b473a26d91c18311e8aec069b096857730a125721345a40b0bb0b1ebbbb4e5bbe1d0ab1c18fc2b7e233bd53ebeb9d03b2ea7e3f1bce

                                                                Download Submit

                                                              • /data/data/com.macrocura.health/databases/bugly_db_legu-shm
                                                                Filesize

                                                                28KB

                                                                MD5

                                                                cf845a781c107ec1346e849c9dd1b7e8

                                                                SHA1

                                                                b44ccc7f7d519352422e59ee8b0bdbac881768a7

                                                                SHA256

                                                                18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

                                                                SHA512

                                                                4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

                                                                Download Submit

                                                              • /data/data/com.macrocura.health/databases/bugly_db_legu-wal
                                                                Filesize

                                                                84KB

                                                                MD5

                                                                9620b673b235a0e3636a0f43730b1ae5

                                                                SHA1

                                                                063af6d845be74492c2c2f48058e8f5fd895a77e

                                                                SHA256

                                                                9d9c1e8ac2dccd50cfd2a8c914e6fe75391628af65c05567af4b490acde47ddb

                                                                SHA512

                                                                ad63c47f8b3b9d5bbd4f70878dc5a83e3342247e11122083b22c741a3943ddb8ce1c05de35d2de918010b7b8ca2859d20a0647cfa3930581fa824edf65073b30

                                                                Download Submit

                                                              • /data/data/com.macrocura.health/mix.dex
                                                                Filesize

                                                                292B

                                                                MD5

                                                                63f77f99bd2c2b772a479923bde11974

                                                                SHA1

                                                                c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

                                                                SHA256

                                                                4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

                                                                SHA512

                                                                3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

                                                                Download Submit