50b390bfd7232826c39505d3ad3a77ac10ab378344edf2830a5044fb213d4146

Analysis

max time kernel
2581303s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50b390bfd7232826c39505d3ad3a77ac10ab378344edf2830a5044fb213d4146.apk
Size

15.1MB
MD5

b6150a0b818627566c1bb28fc1f1f64c
SHA1

c925c154ba881a1aa052efbf573d45e51fb4cff9
SHA256

50b390bfd7232826c39505d3ad3a77ac10ab378344edf2830a5044fb213d4146
SHA512

38ed077de1ca277ed0f35269fb0f864099db9e21fc75e15e80cc077a1037af053880d3b79d70e3c2116d9c2a546bde183a1e2d0a6c23d8cdce5a7a8d44a405b6
SSDEEP

393216:gm8Q81crpHxpv6TemzH70Xk5WUCJvf8GBSDdBZkGvds:ly1cRpv6Temz4k5ZCNfng/2mu

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.k915500991.obe

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.k915500991.obe
/system/lib/libc_malloc_debug_qemu.so	com.k915500991.obe
/sys/qemu_trace	com.k915500991.obe

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.k915500991.obe:remote
Framework API call	javax.crypto.Cipher.doFinal	com.k915500991.obe

com.k915500991.obe
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254

com.k915500991.obe:remote
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4291

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.k915500991.obe/databases/ua.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.k915500991.obe/databases/ua.db-journal

Filesize
512B

MD5
b6c6d068b3973c2c5b7839abd801be4e

SHA1
76262fdb02c39f160b06e43dad11978b414490f7

SHA256
1e21a6f26da4a70c85c4eff7d2e3d385fcf25bd2b23722f7675483a6404b0702

SHA512
8395e6bd7f58d46eb4508ee7f5abcd750b38cc7ba772e383020fc984cca282bcc4c031b58396b5dbfaa5f92354db8b639da60b06f7431543ed4b4241972fb08a

Download Submit
/data/data/com.k915500991.obe/databases/ua.db-wal

Filesize
16KB

MD5
9018d0e7cfce13d4f8c4d14eead4f006

SHA1
10b33fa74fbb9cfd8aa3fa78d491df2c2b87c30b

SHA256
4b663d17854e30c71c221f4d9cbf4f7903f52a878ff3681acdca7beb9c0d3ecb

SHA512
92603efe440ed207e91fe7c2514a6d6547954c42aed7b8bd9690a3fc5394f57c315f01121a99ca0cfe81c28537965245b00e8377ec5ca4ce4cb6f96ee8a2a228

Download Submit
/data/data/com.k915500991.obe/files/jpush_stat_history/active_user/nowrap/76226540-241e-4eb7-bb0e-ad91d8c6df69

Filesize
159B

MD5
dd4a40e04e45f04bf1ef2d50896302cc

SHA1
28722886330269f88d54faa809b79a85953361f9

SHA256
1617113548c0d2f6b4f84ca4ff975e2722c190aa433cca0d582827afa911016b

SHA512
2ecfb8a67d2c773ef24e335c2f8e335f8fcf4335da341e045d58303cd98bf5be1372eaf1c7a47508b5528eddf2d75bb93ffedd2ee3d09e7561f96746aaf5e5ba

Download Submit
/data/data/com.k915500991.obe/files/jpush_stat_history_remote/normal/nowrap/0493ee81-3c4d-4cee-b5e8-a0b7a426e3e8

Filesize
202B

MD5
baac63f172d771bb7bf721b2f5817090

SHA1
9acfda0621ea790549e568b90a04db4abbed4f42

SHA256
3affd1c735c52a057cece8f440a54f4bdb1b00d1aef26f509b2a04c8102589bb

SHA512
20315be50019acdfbdf11356d4b8b7c98f2339f17a5b6fb53252a31f90d47b1b8c28b4acc3e360212f8bb1bef5b8f1bbea200728655c9366ed3f783f5d86a3ea

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
9ae82028da4e3d142fbebacf9219fff5

SHA1
8ed563d8d0ea0e24f73c4ffc428b6df608931060

SHA256
d20522bee093e1a7d31216533781d85b89804b313c418133539eece59361de5b

SHA512
fe8b53908fa209b96127f767654f1cfb56df9e00ffbf9ab8155fbb617e2ea6663896f6c9f48da8801ed11306c67fd6de4eb3f41c19e48cd847318faca820757e

Download Submit