5b796455444fccf03ec6f3b26e3817f624444b7a501867c2262113fddb9bd1c4

Analysis

max time kernel
2603496s
max time network
161s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b796455444fccf03ec6f3b26e3817f624444b7a501867c2262113fddb9bd1c4.apk
Size

29.4MB
MD5

9fe3fb3a8a3b57e33107775e07e7ff34
SHA1

207ac00743614dd2a2f6e762103e997f34829da5
SHA256

5b796455444fccf03ec6f3b26e3817f624444b7a501867c2262113fddb9bd1c4
SHA512

eb64c903834de364cfe9f67f315af115ef334ce0ae67a6cca9d21a680ab720a760fe4de4de39ddd17d074c7ef861fdeae081fc1e6fe3df2e1079d6b716c53085
SSDEEP

786432:irZ1xnJu0nQHerkvcEndB7Do2wABgANM8u:ir7WiQ+rkvZdZDDwuS

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.quanzhentan.app

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.quanzhentan.app
Framework API call	javax.crypto.Cipher.doFinal	com.quanzhentan.app:remote

com.quanzhentan.app
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247

com.quanzhentan.app:remote
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4289

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.quanzhentan.app/app_tbs/core_private/download_upload

Filesize
108B

MD5
17f2e8473dd6342e85a8a56c87509cb5

SHA1
4dee1bf5f2409e5f694bb7feec72434c624381e8

SHA256
8784847dfa13af6e9f356b8744d75d9b0b314f49d2946b47c0dce63131f0cb5f

SHA512
05971a5cccc81f58800a19d5167112ce60cf2567aeee1e134c970b2f1529af94f621393dca3fb0dc1aab838d6983e2115ca8d3f353c9c683617368db244a33cb

Download Submit
/data/data/com.quanzhentan.app/app_tbs/core_private/download_upload

Filesize
135B

MD5
31c71620c4dd2180d6ceec9e97631831

SHA1
65a39ead8f2be93f095f033699b529958738a203

SHA256
351dbcd6bf64d7e510e0a16c24300c0c7fc1522752701c0b5c8f469828ba9610

SHA512
60c9026c7e1930a9d09f8f2fb4b87c45120d99bbce5e1a91098581e8c8f2122d4f55544c5ab425f718a07794753e645a682acaf0844d4886efd3fe5cf1299d1d

Download Submit
/data/data/com.quanzhentan.app/app_tbs/core_private/download_upload

Filesize
56B

MD5
ebb47882fbaaa3283139ec1daed14526

SHA1
9bbd71699befa0558b1637d2890fb03c0f2f028b

SHA256
a0bcb52830f1db7397ce091d2da101002f86aeb306c487e36ead5710c77e571d

SHA512
d7379c55861ba11611091fb4e24e2db6f4a4fbe2a2bd82309d6dc6f3debf29cb179399651cc9f180eaf7aa9f18a77598590b60623e5535857831881faeb2e248

Download Submit
/data/data/com.quanzhentan.app/app_tbs/core_private/download_upload

Filesize
56B

MD5
741aa1033901b673e6324f9e438ffce8

SHA1
e4c7429c4da517d4f6c270ac73883565a6ddef60

SHA256
33e44463cdcaa791e0ba956559408d9c61121f6326c23bcb0e83c308b52d0c29

SHA512
a2ed567ff483a5f75b6ce23d8d9dccce7b7982064b970826b060152d176d0f662dc718ac3f5e9d6c50ec9dccd630f1d18047a304d1db0847f47cae1ebc0b429a

Download Submit
/data/data/com.quanzhentan.app/app_tbs/core_private/download_upload

Filesize
84B

MD5
1d35dcb39f7eeea9d69bc31911ee67ba

SHA1
6b89de75c39d5ef2f1365e932cb38485842cda31

SHA256
292db94d0209fd819bf4b583f027bfdd6c7f903043dc2032206836cf7725c90d

SHA512
195f329bcab0bbba452f8c7a4556cefcda1d4ce1238c1cb418f6fe40deecac0ad14fc0913bbbabffec4377a21161e50922b2582e5279e1c552a4f44270b62275

Download Submit
/data/data/com.quanzhentan.app/files/jpush_stat_history_remote/b096d3e8a71c1793f815dc10/active_user/nowrap/33c20533-06b6-4eea-b1cc-f42f09420ebb

Filesize
159B

MD5
a4c3b08f5495dbd6a6bb758f8978f931

SHA1
09be1b8644e9576c599d4dcb1b79dfa5cfde4cb5

SHA256
576eba0590ca37cef33025dc9a2c5b5a1a839fe397c2f8ae8bddc9e1d25bb723

SHA512
8f4a7435cca99ef9cadbb9d49d1cb4a70fd55da6b61287c4442d37b8bfbefd30152d894e7bc5ee40678c1c52bcb79ba8608acdac572a27142ccdbd68dde87eaa

Download Submit
/data/data/com.quanzhentan.app/files/jpush_stat_history_remote/b096d3e8a71c1793f815dc10/normal/nowrap/64c5785c-4dd2-42e3-9be5-83d77045bb8b

Filesize
7KB

MD5
9f3a6e075798609b337131ff0140d238

SHA1
5a7e77fb4663153ab6de3b28ac2668579a91bba4

SHA256
f888ed6ed16935d24d9005071f99639ec83a2a671b48b7c23a0f086cdf1ac2c7

SHA512
48e0ff7bc8ee718b8c36d6b8f5ac7e3842687a4b76d1e99bc22cc8f99d9ba0b086b5fe90befbd0c221503047e04dd0e8199262d338e5e01874fb6b09050a20f4

Download Submit
/storage/emulated/0/Android/data/com.quanzhentan.app/files/tbslog/tbslog.txt

Filesize
2KB

MD5
9bc6e92bb43e8a4263e213155fe83504

SHA1
b5d52b5dd4f133ee843ed16b886d2dfc290b4044

SHA256
bf4ebbe3d817afa0df2adcb4f66bca168f33feb6a1a85641ae9e0d358de68230

SHA512
aebd5d7bbb8935b40411614716492837be38da847c3c57e54be6c970c23b6ac3305e1e529ebb94af5735cbdb39cada8e9117e5847297842c3ec50a40f7a6f8de

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
f647484991262901ef729fa7a4f35310

SHA1
e50ad1adbc7482135b0d1b1241a088bea316d46d

SHA256
6fefdb1502dad4dc598baaa9889bce43174d1c09d7951fffddb1886d0990eecf

SHA512
5677ffae18e3b37994d0c11cb0dbbf0a25afd9a5f4dce42507e91efdd2564d4b112f2ff9cea853181c826d82919c0001c18a11bcded5e701b49beb2e206d54a9

Download Submit