53943946ff87b80b505e02b3ca69c1ed9c8d3a697d6775c7783a3681e66bb550

Analysis

max time kernel
2598935s
max time network
163s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53943946ff87b80b505e02b3ca69c1ed9c8d3a697d6775c7783a3681e66bb550.apk
Size

22.3MB
MD5

932415fa10ea1cc38ccd60fa225431d7
SHA1

ce12827fcfe5528ab770f0789f059a5022a6fa45
SHA256

53943946ff87b80b505e02b3ca69c1ed9c8d3a697d6775c7783a3681e66bb550
SHA512

320e19fd329c6c0738d3d05d91a4916b8927db454d9c2bf4ff63b898d437672c7d8a5657fd797e917e9f853e1d36a2c1d83319001b0cbfec9475ce5f67f84c52
SSDEEP

393216:5yjnEzygsD3mNgOy5OB3rmRl3tk0aEG9/RagNFyZlPCNWY5uEf7:5+Ezy5iNPyab1R9XNFfNWVA7

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 9 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.lianaibiji.dev
/system/lib/libc_malloc_debug_qemu.so	com.lianaibiji.dev:ipc
/system/lib/libc_malloc_debug_qemu.so	io.rong.push
/system/lib/libc_malloc_debug_qemu.so	com.lianaibiji.dev
/system/bin/qemu-props	com.lianaibiji.dev
/sys/qemu_trace	com.lianaibiji.dev:ipc
/system/bin/qemu-props	com.lianaibiji.dev:ipc
/sys/qemu_trace	io.rong.push
/system/bin/qemu-props	io.rong.push

Checks known Qemu pipes. 6 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.lianaibiji.dev
/dev/qemu_pipe	com.lianaibiji.dev
/dev/socket/qemud	com.lianaibiji.dev:ipc
/dev/qemu_pipe	com.lianaibiji.dev:ipc
/dev/socket/qemud	io.rong.push
/dev/qemu_pipe	io.rong.push

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 4 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.rong.push
Framework API call	javax.crypto.Cipher.doFinal	com.lianaibiji.dev
Framework API call	javax.crypto.Cipher.doFinal	com.lianaibiji.dev:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.lianaibiji.dev:ipc

com.lianaibiji.dev
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4510
- /system/bin/sh -c getprop
  2⤵
  PID:4554
- getprop
  2⤵
  PID:4554

io.rong.push
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4610

com.lianaibiji.dev:ipc
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4588
- /system/bin/sh -c getprop
  2⤵
  PID:4725
- getprop
  2⤵
  PID:4725

com.lianaibiji.dev:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4654

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
4KB

MD5
aa116f2c83335403a32fbb2d6d515ceb

SHA1
423438723c6cc06c752d8099fac131a49657d54d

SHA256
4103a443d702632f9c5d4e55626f8beab758ba8f102b92538cc7002000000799

SHA512
dd336dbb8b9ed4217385ac6377ae41689b30308c77462ceb49cb0c37e8c31812280e57b6a6d151f2acb4e8552c6f9c6008a82e206bbc1b7debd2612ebd5b6633

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
221B

MD5
5f0e3060026b8a9d7a0315f321b0ffb1

SHA1
6d2efcfa4c2fd0dd0d4801aef08d4cb160fec037

SHA256
a63159f2fc0196b9c9d54d81fc0055ee38c42509ad67c7303b072e6aaeb312e3

SHA512
eaa775d2c975f72656d50fc977d4163e9c75a84c5ca2c2866761b6d82a91616e47a4beae558252e39a97043ba266a72fbe767af7ed741d8f030c6b390380ed7a

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
227B

MD5
c211da65026a3ddb20c60d84878e3d96

SHA1
feb1a2bf32f6a263ba1872a396544443cd7b28f1

SHA256
f19801c11a006d2d566a184b518abf8562535e06f0c49738782024dc8b944547

SHA512
bdda5277c1cce1e8f0d992556f1520489bd7409fb23a2c4ba5c9d3f144e1fc098ff30c74005667b173e502302662c49e009574f9430291955ba5d73e88877e77

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
80KB

MD5
e453d1990cf277d808f9e99c792545cd

SHA1
3842fa3d9fb6e0d33308b65fd889719d8a240685

SHA256
491e75b52695e77580b4a567af584656c9adfbad177210df24d9b29aca4abd66

SHA512
ce06aa61dae24662691e08466314e0c1045de2be441fd0d1addabf634f6eed4551e19924c00a5a350d5095a8bfcce3c857c1f664ee0c139c1b063f5eb4e44bad

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
116KB

MD5
0d27157438af5dfec26112f24fcfe629

SHA1
b1389659619b8a617c1c5c4d2e5d3d881a36bed0

SHA256
82db41fa53eb5ec54986da6217949bce33fedafad108e178aecd87ac2672a116

SHA512
1b271870d5441fc962b2bd315ee7eb03a5fead431997b0c10f4345e760c76edf7a50aba91708db627f83db1327b12e726e921eed44bb573e262c8ec5d16b0bb9

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
32KB

MD5
92ab339a31ff940a4e1e40f20ecccdb1

SHA1
e83baf4939737d267bc069b23f832af208f05911

SHA256
f5abd55e03618be503545a3e005b777a08f1520913211bde80b903015a26b75b

SHA512
074ee362e12fdfe5e01848c597bf5ece5937a8dda1a3724c5bac248270c3c12ed87cea36898663ed89eeda72abbe7d2d28f30ef917c8308f5f7515faa0b74c01

Download Submit
/data/data/com.lianaibiji.dev/app_crashrecord/1004

Filesize
221B

MD5
0c8414b1db8c24b749a3bc80119ec1fd

SHA1
19c06664a623d94f948abcabf13d8187f08b9f7c

SHA256
c01da27fb2636a15c42aff5b82aadffa8576bb5e991d2957f664309440f9b85b

SHA512
211d4e94e8a78b208d3e300aeb2fc6ae810b7245b9257aa97c0c53d2296eb7ee758b33aae969b69e61b07ddba1147a8bd6b3ebde9a608bbbe40f06bb5ceb9e6e

Download Submit
/data/data/com.lianaibiji.dev/app_lib/x86/push_daemon

Filesize
22KB

MD5
9596d37fb527a150e9d7075a786bb940

SHA1
b036f0bcdede595c2fc006b83d31363b263197d2

SHA256
5cdbf912b6dfac2a19d91e9470efe032087bbec50e15c3b7e816ff60859a4309

SHA512
147bed38d79ea617f61194adf6b3b78b5189973c0890f8688ca27dfd794d4cd922eaf23fb82fe784769a296fec26112b93d4ee084ed8db946ac2ffe610c99817

Download Submit
/data/data/com.lianaibiji.dev/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lianaibiji.dev/databases/bugly_db_-journal

Filesize
512B

MD5
0d003594055f0d2294be6a9349390567

SHA1
1f6c94113f09f5b8dd3fed6074e393e7f481e93f

SHA256
78a1226f4b0fbed4e33e92ac47fe70af5d78f77215b96f446c0794cc0a075b29

SHA512
9f75e5cbeb643ea5f43f3c7a941459df941ce5287bc11078ad4ca6c5003b89855c3f4c41b396cc809ce43f3e830b44c56588f6c54b4bf37ae91b2c405e4b415a

Download Submit
/data/data/com.lianaibiji.dev/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.lianaibiji.dev/databases/bugly_db_-wal

Filesize
76KB

MD5
adf668eb6c92df464b7e87e23e2b453b

SHA1
a13473bd71bad91b22cdc68591d3d0beaf4ab464

SHA256
2c7157d8af4441c5b09c31e8ca72f7706873a5d090983a979a155206fb1f3693

SHA512
815c5aa4f7b7820875ef13935885ffa41b97ea96f9b2894d7fea584bbb88abc7205c434c8fedd947cffb8f560182fba5c482a45eaede2fed80936299d2acc7fc

Download Submit
/data/data/com.lianaibiji.dev/databases/bugly_db_-wal

Filesize
68KB

MD5
48874227fe01cf50f1ee686088d1848a

SHA1
77aaf1a98988266b848bc263fa3f9060b4fa48fe

SHA256
9ab5f282f5c8b5520b574b7de3513b958514348f9ba868fb16044bf05d749d51

SHA512
ad5234f67641cffc67f358fce73c0e342b1e890fe33ebb9ab1fd1b7c057b9e0aacd476812e0bba87228ec57804afa4405b287a4b380df8803a50888847c17a7a

Download Submit
/data/data/com.lianaibiji.dev/databases/lianaiji-journal

Filesize
512B

MD5
52913cc7c81760851a3e6449322d4330

SHA1
75cab42fa833f6b6b9e92e01e4640374caabafc3

SHA256
99e254a7e685d7e7d5adbe1d29387d594d6cc00855d230584f88462ba476bb58

SHA512
66ac46e37a190e0549ed4116b550d05c0b0bccb26452fc00efc2f3b24a4848e75c1656822ddd6b6472867aca190eeca93551832f972e3c638787495f010f86d3

Download Submit
/data/data/com.lianaibiji.dev/databases/lianaiji-wal

Filesize
20KB

MD5
a3a8083b48aa49812628e56ae44707b3

SHA1
fc3a191f592af1b467ace5e740b402fbed9f5287

SHA256
00bc05170d65c8f8a00849de89c2ffa50bc602868ae8d84cbce15ee99a9a628b

SHA512
70f8035816ea9b3b5eb69d68fa0c3c384367eb478ff94494d5510f736560e174a074ce25179c7c31cf9028905d843d2d23652ccb91dbf8537a88c205d2aeb3ea

Download Submit
/data/data/com.lianaibiji.dev/databases/pushsdk.db-wal

Filesize
16KB

MD5
bef1322d8a7368ea01b879c7c5d669ea

SHA1
1b660bf4d53e7f31ef8916511b67e419732d8c1d

SHA256
c973b6f36225b6b1f0cd14f86aa094ce1118d72c97f656e7f7fef4e74b968853

SHA512
fac20e5564b0ec5a8d8c8dae781092bcb9bbf8af59153d78b937cdf7aba002c184173586bdca9dcc3cb5f101dcc6ddbbbd37ae71cb1ddf37a686a2cfdd4d9aac

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db

Filesize
32KB

MD5
e78a5bcd6ae2aaf46da5c953b6a2aaf1

SHA1
8a42e5c12dc551f9a10c81c6558e446e8bcc9174

SHA256
2c29972516f7a96ee44341e76eb5e8ab3d8b99d7f34482dcb2de687285b17ad8

SHA512
bd2275bfe2ffec84a2388a5e4f4deaf54412b489d2fd40e080d41ed769a1f2376732dcbcec419ea3f66f9ed3525ae876346e9a3f41bd05c563f494dd52434a72

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db

Filesize
36KB

MD5
3e8a91b095739d2044cff9b6123abaa7

SHA1
a6b4f3adf651f66a6db1b8938fe669974856e395

SHA256
fdde5fa77023fcc4b5af61ba42b48e2b46b55b26246934ee2f40937ea04bfc9a

SHA512
b0da48b1c15f3bb42e3efcd06aac0cc8daa4a0a08528ef18f23a0968b350898bcc91f709577548534e208ac81c36f6cd017878b043861508041c06d85679a250

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db-journal

Filesize
512B

MD5
5ba4f8fa7b22f49ddbd0d9b45482b027

SHA1
87141d5c6140e2027995510cfc4249b72aad9f85

SHA256
8f4b5b5251375885d2c19fc8e00c77e80c16adcf749c9b678b8936faece792a5

SHA512
b32b7c0e6aa785da2ef38e32c75c074d52cd5f8db166470d3858016d0ada27ca5655abc61146c9d7d123844c91a7802f0d013fb55d760e3647cb738b5e59097f

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db-wal

Filesize
16KB

MD5
868fd53fe98d7fdb84cfc9203f161fd9

SHA1
3bd9738159b0f187a459d2ec6d0fef6caaf96ec3

SHA256
4c6521f1e5705bf2eceb3a0c9d81554bf0fd54e0f4944dd153ea6a8d9640f569

SHA512
d0ebab9ba7b6d9a91bc25311ef1f081a4125272c6748753e56649f9ac11bd5d67c842af32a06429e6d038fd28ffafbd0731781137749726152c6d6308424b684

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db-wal

Filesize
8KB

MD5
a4e4532105ff82787999370a751812d6

SHA1
3e39af316584bfb6008c948307339970cbc13162

SHA256
76476b7b890701b637dee56c646cf9874994c2caa35c84dcb7b3e77cbbcac696

SHA512
2d49281cb685ce13722182e6aad0aa1ca44611402e6475ffd8643fd8eeccc96df98fa7fea1ad4289193376325057c1aca1f2f2bc5beaf72b0a3fb3abf4996220

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db-wal

Filesize
8KB

MD5
cf2e60f8961bc80b88b4c31dc3ed4eec

SHA1
5c74f55f41e5dd9da4a2499db6840588130211d1

SHA256
d376c192b5a009f5ddac1b0a1ad3f691329f746959926b7750e9135fb0cb8262

SHA512
b12d3cf174f700180364c62a99b1c96babd6868f82cdd8568328eea7506add629a16d8fbc8bd872b8ee265cb861466d69e1c2f1fcd8ab34db687f4e8eb5f6e1e

Download Submit
/data/data/com.lianaibiji.dev/databases/ua.db-wal

Filesize
4KB

MD5
917aeeaafa4e4f0dc7ac5e3f2b890eea

SHA1
48bcde2cd529ccccc10a48b10b71fc71dd295eef

SHA256
ec805dad27937a73fd605db330fa611f3a94835041b7b10fa67886b018a09b79

SHA512
3657af9ac93ec81ee885500bf901131c75625a0531a2ca63d42b72b85fde047d99447920e149d7fd1112bbb384d72d453a14c2a1356c4e041b22ffa6f6df020b

Download Submit
/data/data/com.lianaibiji.dev/files/.envelope/a==8.0.0&&6.0.0_1703405866040_envelope.log

Filesize
1KB

MD5
940a34123097ae35b2583cc6ca3671c3

SHA1
a05a9f583093093051998c9129f8a0b5c7542e00

SHA256
9902570c23a09d18e9b9053fa2a3080186b52bc7cb71302c1502515ed8ae0286

SHA512
02aab39b0baf2770d528ddfb8e0db148f63bfcd064c7c5fc97ee8904ea0625bf75a0c0044772f93408a4d6b9409e9d4fb87acbafeb973828d2b0e9c2c9ca81c8

Download Submit
/data/data/com.lianaibiji.dev/files/.envelope/t==8.0.0&&6.0.0_1703405865097_envelope.log

Filesize
1KB

MD5
7b3225cf8d9bb4a45d6bdca07e6c6c7b

SHA1
7d5adcbb026e99217ed69ef6883c18fd47645ba3

SHA256
560e1195bcc383fd9713b742e3526f188bea1c6a05a9416e03c4db4128de8fad

SHA512
f6bb7dd989e3890e42ba31cc8ca7c49a1b311f2b65953aa4ca8b89df0c6ac06e0b49009827f7fac0d3867b9b0d4e4823786acce8cf0ee504ec7c13fd92abf60a

Download Submit
/data/data/com.lianaibiji.dev/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
194a0970d1e519b7a96c4ba4b983775d

SHA1
7f951d02575fb8dc27f74af9682148901912ccb0

SHA256
a552a59cd3ab56e3cefe0a49072f84ca07d87d2e8f70885b3464d4583542493d

SHA512
6c7ff679d89868fb79c288b77220986124c0157ffc624e8f0505177a08849d6ba525739f6784b51aa5f6d9374e51e4facaa345ad0b70d028630447d16d2842c0

Download Submit
/data/data/com.lianaibiji.dev/files/IMEI

Filesize
15B

MD5
748d9beeaa1899252a7365b780b95fb0

SHA1
2158cbe9044f2b138df0094615afe6616e526c9d

SHA256
59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8

SHA512
cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

Download Submit
/data/data/com.lianaibiji.dev/files/exid.dat

Filesize
54B

MD5
801d5cebdf7057f81d623613e94375e3

SHA1
ab74c9aa425b757af6b6902f30d77ceb479d8fc5

SHA256
af4ca5bac885d8e271113c3c96c7fbf827d9e2b800985f805b49bdf7f02fa0ea

SHA512
38eafc66edc4d1f5660d99396b3b1d141431d0ed737647afdcbb84a94df35b0686363a72adc57d71459cc753bee1a29b31c5ea5ac011406ac6ef45f9bcfa639d

Download Submit
/data/data/com.lianaibiji.dev/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNDA1ODUwODg1

Filesize
20KB

MD5
3b3e3c4bc910084b039058160c84f142

SHA1
572bbc4a7eeb395d166ea07d7959462c9c6a6b80

SHA256
758b6ab3d9889280f81e8d58a53073270e62a5a6ab77d128a6598fdb786b5feb

SHA512
505c37927585d12135632a695418b5c998d6ade2357a3cd32e4f04622365f1195cd9abfe23d384865d9b7b973a828d027bf780878aab4726d50fdd6d5eb0d2e1

Download Submit
/data/data/com.lianaibiji.dev/files/umeng_it.cache

Filesize
4KB

MD5
75ff89cd84cb16aa22a3dd5321ee7c69

SHA1
67125d04d0f2615f5b98e97790f93c543ad1b186

SHA256
b31dec3aad4ba4d211f7ba80ebef28f2b61e06f6fbdf4893408e1005757a33d1

SHA512
e4779e87567401a31b4aee4c505dfa4d4252b4b2cae4ba08964fede110edb252e3c9313d389630f08c537c501f8d1e0eb8783162ae36cee1968f7a3019764478

Download Submit
/storage/emulated/0/Android/data/com.lianaibiji.dev/cache/skins/boy.skin

Filesize
35KB

MD5
ba74828142f9300bf1e972223d4e9ffd

SHA1
bef9c8ea3864dc9fea65a044e86c14360e02c853

SHA256
d090deb3531d5e5481861a97d9a25de7b97d16b94ed00899c051b2551ca47fc6

SHA512
ac178898bd79a39ef4fa17d92f77e7a58f57842bd643ff4c79baeffe25fa59d0ff3662def6f12a0ba008de2092f4a863a215ee5c708d03fa419fad53f8e2ce85

Download Submit