5441be5a948ab34a6b7d0ad65492188926d864c4397738db20bba349b67f0c79

Analysis

max time kernel
2570702s
max time network
165s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 17:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5441be5a948ab34a6b7d0ad65492188926d864c4397738db20bba349b67f0c79.apk
Size

16.1MB
MD5

e3fe2245900a011a7584d312a1ef9181
SHA1

92e713dd3490bfa70805593d6ec3f9088aff7637
SHA256

5441be5a948ab34a6b7d0ad65492188926d864c4397738db20bba349b67f0c79
SHA512

79a84e33ad8464baf9df3d01c2cba0be3555c37dd98aa86c3c6183a5875b684eb9dd5755c741dfe47325f02f367638ede0ac6fefafa37187212b5b9670b3c4bc
SSDEEP

393216:e1a6If/QV/xA1IoPD+mxhOS1OS+5Mc9iQx55ayAFfeiKhYyWtUrlu0AaJl5UPWk1:0FIfo5i1IoymfOyOS+135ayAteiKhYyG

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.kingsoft.calendar

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kingsoft.calendar

Reads information about phone network operator.
Checks the presence of a debugger
evasion

com.kingsoft.calendar
1⤵
- Requests cell location
- Acquires the wake lock
PID:4980

com.kingsoft.calendar:pushservice
1⤵
PID:5079

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingsoft.calendar/databases/KSOStat.db-journal

Filesize
12KB

MD5
a76a9ab9a68a9cdcd1aa5c298d0bb94f

SHA1
13f847c52a3c7dd9adee83fb149a7ee55ee21eeb

SHA256
9a65b43bdbf423b1c1be87f4fa0dada207bb91ccc215258c9d276a7564dd8a92

SHA512
9d6333fbfc609b65960318d62404c8d70a5f3fe76eb3c44b185e9c50ff2333e0148657a9f74be5aa346845316cd60af232e972da16a46fd59b7e9390d66442ea

Download Submit
/data/data/com.kingsoft.calendar/files/.um/um_cache_1703377751782.env

Filesize
643B

MD5
5a298aef432c5284f5b0a22878e67a4d

SHA1
c5b0eec169a4e7759208f5e024971c6abab311ee

SHA256
c3d6ac6b834327a0179fd8553481ea8c1b2262c47e11e758be6185a3fae78917

SHA512
410011bfe3400d8ff60f1e871188c989301dc8c72f67982b5c2e306f911022f5028182f7121ecf0c13891d9857b2cb40180e4b84453a81712e368a9c6c291fbf

Download Submit
/data/data/com.kingsoft.calendar/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
73a5235db7a2097b1f4245622f54deb8

SHA1
5ccbb6d3603ca050f3ef04035d6ad1ba6915d835

SHA256
6d2da83415145d62bbe113baa4a2c93406980801c375c2812d5c4f78a59101bf

SHA512
83de56338d08887f30dc9c2baf115fe31a3ec6a8c7857ec42f9937c529c2ccf1abf34df73a0b10cb65439ff55ea7be4969d00056dfec2d7e0e56e6c6a3a71a48

Download Submit
/data/data/com.kingsoft.calendar/files/umeng_it.cache

Filesize
352B

MD5
14e189c4a70fa4d068bd5b507c3f0ddd

SHA1
7915a80c3b7e3d97255a6dd1b9709480ad7f7b92

SHA256
6badc47ddaa3c389f2b58b19c988e20bc44edc78320a692bdc64573a2549b172

SHA512
ad01e6e3913728b7d21c4cc46203d0ccefc52743a3995e11788957fcf69aa5ab5b1ad038beb4e98a47c3d8ad19a3d400f859e108eb2413b452557464f763cc3c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
512B

MD5
395c4e2db16bac8f4a4d7cf2b92880ef

SHA1
a5b80b8215eb6806f7c8412ceb9946fa500609b2

SHA256
2253a7f06b85071cf15776e86a1f9efe8d1ab50e3205c27b204174ca627fd67d

SHA512
d09e214bb58ccb9696093b3e4eac9ca3efa92e27771479a120582e01626689c8400cc487d727d9390d8e0f2f10270cf77833d2911bc7e02b75a787985c9889ad

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
20KB

MD5
ea3d844f5f81ac9d755c34caba0b899d

SHA1
b79334d197516e2e81f5459978e0925ee3c7b4a5

SHA256
162615bb93f10707a04d66ba96fde7993f8f7606692df656a11c27d002a3c4d7

SHA512
75708a8dd683275ec9dd5cb492a6e31969a8b9597652e39cf57e8698dec44b8a9ea5736b6e74cbf4c39af3e79ab8e081c9c51b958b7a199d24685aa437f42ccc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
8KB

MD5
2b989ad0f88a9f9e9d2270c964628adf

SHA1
3dd2d935e488ed3a3e7486ef5e272286ec9ec98b

SHA256
aaaa17db15a4e713b27f35194a52553b8b115e08082adfd29789bc76a0938287

SHA512
348d3786e66a13179d3947dd31f86a1ecdd427cc890b94a2b4167a2fd41b86d8eae1b1fe804846f8575e48d1575a9903ff15eabfe1bae4d3f1edbea21ebe6df4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads