54f70a30d42606ac2146cb042577aab18f8ddf07503b9761702e3e94c68b4560

Analysis

max time kernel
2608243s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54f70a30d42606ac2146cb042577aab18f8ddf07503b9761702e3e94c68b4560.apk
Size

17.5MB
MD5

505d03fcc2a4abee29333f482cc589f2
SHA1

44c220e4171aa6ceec332033d0be583d76ea58e3
SHA256

54f70a30d42606ac2146cb042577aab18f8ddf07503b9761702e3e94c68b4560
SHA512

c01b7f7be22f5f68a12ad43eb22dd2ac0c93f79bbfecdb2d01c478e5f70f7c383711989c7c24f027fdf0617db8a07f7925739fbe7cf73fa2c3554cb0d46846ae
SSDEEP

393216:BQqI5DZDK49Gu+kUmkY/U/jsGMocW8tjD72PnBEIan+uFfNGaDr:B89GeGu+kXkOMjMoKjD7gBEIED9B

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 4 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ddsy.zkguanjia:pushservice
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ddsy.zkguanjia
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ddsy.zkguanjia
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ddsy.zkguanjia:pushservice

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ddsy.zkguanjia

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ddsy.zkguanjia
Framework API call	javax.crypto.Cipher.doFinal	com.ddsy.zkguanjia:pushservice

com.ddsy.zkguanjia
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264

com.ddsy.zkguanjia:pushservice
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4342
- getprop
  2⤵
  PID:4415

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ddsy.zkguanjia/databases/ZKGJ.db

Filesize
179KB

MD5
e8ddfb21a49db57a54aea64374bffe5b

SHA1
6aba5fc97cc540e50558620aa0b09e27164c0f77

SHA256
a1a06b3647618edcc5abcf6346587a72aa1bd9c71b22c89519aae0862c08cebc

SHA512
a53edb2fbb6b9886a8c21ebbafd18b8c66fa020495e23c56bbea6e9d66a107c765244cad76279eb3416e819163cebbbafb39a60dbe2c7c8696d32182d37a1b79

Download Submit
/data/data/com.ddsy.zkguanjia/databases/pushsdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ddsy.zkguanjia/databases/pushsdk.db-journal

Filesize
1.2MB

MD5
d9f3181f980dc460cb0330222dc6974f

SHA1
6da7d925a97008dc923fbd060adf82b8c2c06fad

SHA256
ff408f5456ad6fce6a46b376d11b336f2c2a3d42e79c819d0ddd5ccea245eb85

SHA512
3dc69e6350adac95b24db83908ba4afc67193b82ef6249ab1f0f292be9f9cca00ebe7ccdb92a67302488ee492cba61c8458140d3416f1c331b0865c65d57a49d

Download Submit
/data/data/com.ddsy.zkguanjia/databases/pushsdk.db-wal

Filesize
16KB

MD5
a5869e5f9554f3c063d41a5cfc09f902

SHA1
5c4b4df053e17a01b8c0f6d305ed09d8ab73d669

SHA256
7b420238c127d58f3d859e508c49a3bd544367d90306293520423632f278bc9b

SHA512
26748661ab07d11448f910d76dcffabb3447af9b3dc99945459a6ee53a7bc977bcfaa66df232ac037b8330b5380b55392f1bbc3cf97dc5004754b7f9d456f86e

Download Submit
/data/data/com.ddsy.zkguanjia/files/INSTALLATION-744d9fc3-5dbd-3edd-a589-56d77bdb0e5d

Filesize
36B

MD5
77da74fa2a67303ed416a4a46df355f9

SHA1
60a025357ce194712ea3d60cf1f2fe9308ddb85e

SHA256
2fba0b0ed2b9268f93d1f4ac46780b5dd9bfe3e59f8ecd3b65508f8db821a7bb

SHA512
a775f440472d51a8bb47e1aaac5e19e0a4168e1f93dd54cd675b24ec620dfbe429b9a89a9f588f01ef3110d75778f8aca2373c1367cd43cd655dcb4ec0e0fb4c

Download Submit
/data/data/com.ddsy.zkguanjia/files/init_c1.pid

Filesize
7KB

MD5
3e27486fd411ae3fa639fe8acdec5bf1

SHA1
18991e42852d5eaf710a2797d08621877f586f1d

SHA256
ade34958965d0db7ae18d14760356945e82107a9f5c1aadf43c8c6e61604da4e

SHA512
5c618a905ff5269f2d1d163870463591a86a2f2e7a8a28197bf4f363e0fcefccbd37719abca140b1aeeb369c1ce59a89437f876380324b861a1f462bb098bf6a

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database0TalkingData/1703415156344_4264

Filesize
2KB

MD5
b9284b9497ac2a9382ac574bfc6238f0

SHA1
175d0ab6b9b99da91f582897540c4bd5f85717b9

SHA256
5fe03de2fb7dbefba147a6268d2f735d6442e9550a076902ce5cab9e4c03282d

SHA512
c7dabc8556f7f80c423be058f4dc4a6fb1484c5c9ae8282030174cda080b33fdac900bc7e122f9884e6e89a01314d55ecb541b9784ea0c7910c83b8313ca481c

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database0TalkingData/1703415158752_4264

Filesize
2KB

MD5
2c29bc5cdf8e16b01d6d55fde2c9247f

SHA1
07d5a71b618678224fb0f3c995ef8ec940a1066b

SHA256
cf552a96671d1b5589a13250df7f7845863ea0e14cad6f214131cfb9e37a4cd5

SHA512
f4a318b8502eb7ebe8b4bdd9533f3c08d3dec958f09c3fda371190825665caa1b58312ff3e57f41dba56b85a493457d35669866d6c1074bc7d3c84f39909dafb

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database0TalkingData/1703415158850_4264

Filesize
2KB

MD5
2205444248290eb7a4c1ef5b1d2aff95

SHA1
9b438545936044a188e22fb099f6b25c6dc64b14

SHA256
68d74049cccb86bd38355c3b6a720b7a4b6811637f6ca1ddf7fa86e5934f94ac

SHA512
85ab7aacdcb6fb522fc1c7d93e95e180f414636714162a2b8078a0e4a0fd5cc27c0c53c8433f95f71d321b122d404a2542b6cf68e25f0cd901335309ca95438b

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database2TalkingData/1703415156148_4264

Filesize
2KB

MD5
b128ed55a52dd8c5e51398b3226293eb

SHA1
a30e18f8f0df9c9e83259d053c47a2fadc320b75

SHA256
2ea654a3c1e37cc95ae16484cd163a26c95568e185cdfa9d99c8fda654eb571b

SHA512
e14a85ea3779bf6a1e589272887ada1ebbb2d71405504424631681e6678e1258a211c06943f3f07043d88d2497e499daecce81a4c24339aaf7401db8163e4e4e

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database2TalkingData/1703415157087_4264

Filesize
2KB

MD5
c6d5af973b080996e1dce531e080f89d

SHA1
8a3932b68cf0864962161b74751951992681934c

SHA256
4e72af499ef1296cf996c0f0f8b6705f373c7d2833f414bc04bd071ddf92b502

SHA512
06fbdc4de0685257536b75126a0db176222e9937f2755c9edf13e8825e65a2efd0fa02dec30a002a7384a70a059b640bcbf751b389cb97cc00b20d5fbf5432fc

Download Submit
/data/data/com.ddsy.zkguanjia/files/td_database2TalkingData/1703415159049_4342

Filesize
11KB

MD5
2435963f90ac324208725ef1179ef249

SHA1
016eeb971065a31b24d4de016e5b1339d314d411

SHA256
d943dbeb1b3b8e046d27bf872c95e4ca22068853cbfa46ca661720220a4893c7

SHA512
51bfdcbfeb3198e3f15ccb1b25b11838bb853ee18ff5e908c959e0099afbb2debb01e870b4bc7617bc04e3db8c6f51bf1e962021160ec9f0773d93f2fe268257

Download Submit
/storage/emulated/0/Android/data/com.ddsy.zkguanjia/ddsy#zkguanjia/core_log/easemob.log

Filesize
1KB

MD5
c31ef24067fa1938ea92d056738081de

SHA1
c83af20e8cef8af428fb9439a16852db9ff5c2b3

SHA256
4ca17baf93ed6c56b5c1109e3a58df36fdd9005ea04f11716c773f155c670d70

SHA512
9153d174beca8b3e09b465900e9d234a222ceb3d616f76b9496e5e1657814c84eb3d0e644bf96da581be68c5b6aa9965bfae3983f3dea6fec433d380e639de9b

Download Submit