6041bded6e026beb20122beb79d06814751a3bc899d329a0a4f457ded0a6819d

Analysis

max time kernel
2619606s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6041bded6e026beb20122beb79d06814751a3bc899d329a0a4f457ded0a6819d.apk
Size

17.9MB
MD5

508ec16322e8d0f8ba1bc615409b30a5
SHA1

793175d0d29dad059226deea9131dd210d8918ff
SHA256

6041bded6e026beb20122beb79d06814751a3bc899d329a0a4f457ded0a6819d
SHA512

0f0b0b0e7763da640f4618f05ed87eb599e266f19ea1e30de1e8ec3b8eb6eb4dd8ecf15a4de88ade04c17e7855d62faabdf0218b1f49ec1f9b56c6a32226b77a
SSDEEP

393216:agJOqCvsN9Uv15PdpEHon/yv69ilzpEKWpbsHa4DB5F:OqAsK15PdKamEnpbs6E3

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar	4373	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=111 --oat-fd=119 --oat-location=/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar	4248	com.mitech.bbmar5553ket

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mitech.bbmar5553ket

com.mitech.bbmar5553ket
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4248
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=111 --oat-fd=119 --oat-location=/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4373

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/4248.yaqcookie

Filesize
8B

MD5
9c280c7f2577e0860473b698fd65e887

SHA1
61ec0555d5b5d38bf4525cfd19a166bb0331a7e2

SHA256
0aec609bf139008c1247d09552a3b2a0499d72f59890c73150bb9d40db740e4f

SHA512
9977abb2a9b055f54e4d3675638a25f41480966ed9e11a9ea6c08ba6238093c1981e66e472e87c298f6615b7e4aff8a380af2705e5a069e750f4d1d77c37be7b

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/dexMethod.11475203.dat

Filesize
33KB

MD5
82e43aafd579433b3c5cc25af3b80854

SHA1
c3f1b5346e96babb77bbddc7389575777093cc9e

SHA256
f16eefa5335aa38eaa1ecde3d44abd059d03cfcecf0ef96cca30eae5b010018c

SHA512
1c3701568ac2fb5c6d7ca44d312930ee67033d25a42426b1af817801384436f696dde2e25a1d94bae713861258c8161cbce2f5cd29c9fbdc67791b926bf5e332

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
590KB

MD5
a20b450b9eddfc89b600595f52e69835

SHA1
8fac99e31e63859f9779ce28e526b7a7bd5e1033

SHA256
cbece95c97f4e62939f1623c2cbdd9c3271a6600d35d756a0cd9795bb264b690

SHA512
c135b78fa9105bcd61807c52fb3bee327bf000b8d88676be69f6128062cc53fcb2ebb866e8cfabfb2afb3fc96b06ca9394bf60648eec7e783ecdb7862bd45a59

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
0fddd6bed2bbdb1d9e283824f83e8e8a

SHA1
7758b58ab7b52810e09ed2d725cb959d1bfb2ead

SHA256
4c8ac02deacf9ab7a4ea1ab1d237ff3d4cbffb30b9ae13c5057323b578e124ef

SHA512
3a6d9d4899b241e10ae06e72ddabc1560efb1891dde3f497be18448ae8c9dfc2911a59b3820a3e6a0d21507ebf0793b6ad0da829a2943a2f3b78ada730456507

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/libyaqbasic.11475203.so

Filesize
110KB

MD5
4144e284745f6f7ee9bdc2d16cce411d

SHA1
fed9eb6712f9fc18970196fe220dc19f527de922

SHA256
8789e00f27cf25aa90d7686019eff5bf5a2077d6196c17d84e83b49e304719c1

SHA512
a0cb225484df0475a786bc94618337fa2100e87029eb7c1611d503952bce2d258d3ca27ac614ef65924e503afde41a738b1438984e8d9cd0b67591f7a00d97b6

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/libyaqpro.11475203.so

Filesize
109KB

MD5
f76d598f53b2d1c2774c8d15ab156f07

SHA1
1756f36ffd19710b394cc751077a05f0605cb7ee

SHA256
4e0d2af8866a08c7a3a59d62ccce8b8b067dc7c6dbfc4a2a8af9c13f7d936523

SHA512
927a46120a3e67b7b974a4361437cf3ad01745a9211e278f8f0549f133286b3b9db4e952069d21e4fe6372e51b5976941c3da3e652af2e158067b54e2671e5df

Download Submit
/data/data/com.mitech.bbmar5553ket/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.mitech.bbmar5553ket/databases/cc/cc.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mitech.bbmar5553ket/databases/cc/cc.db-journal

Filesize
512B

MD5
de2ab3310110929af51d019a782bb86e

SHA1
9d071d16ec9a6fafb781c5a6c448707ff16b79eb

SHA256
1f9bb7513e185601fd004fe067b7db9fb653767d4ee63b1145fe7697efd356e3

SHA512
1a12cc3d3fd0c83cef4a8edc528cb5898ad36a7403d2d9cb529648b60f704e501bfe75274f8951997f65c05c3246861c5bf9e2c39568aa6949a1135efca29c86

Download Submit
/data/data/com.mitech.bbmar5553ket/databases/cc/cc.db-wal

Filesize
16KB

MD5
9c6ac9c1074479022806cacb2929517a

SHA1
bf7debb95b576a832dd071faee9b12da08f9ecd2

SHA256
80a1ecf9442ac20ccd0407097e9ab725d0b770371848bcef1a58db46585561c4

SHA512
88d86c23086835cecac0e13493d4b6698b4d79606f34b1acae94d48bf244e09bf3ba6eff13d07ec969fcc9ef32aeba5ccb79ba832ade734223e20bb8de97c960

Download Submit
/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
844KB

MD5
6a0ed26a5083b93288909bbba957b534

SHA1
b7ee827db8eb8eb46ed4b40cf0ef83b510feeb2d

SHA256
4d10480f1d0da1381ade866a512cbfdace4f9c406bb0cba62ea0c1cfe8370d38

SHA512
c3e8e2f5f43781b47313b05014bccfdcb250877396f80ffe47a304646a8db18fae8879d881acf7bc34820a03d06143cb05000949704aa708b27408a438a1a949

Download Submit
/data/user/0/com.mitech.bbmar5553ket/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
844KB

MD5
3e22adb647163c2fb7a9ed27d5b0de22

SHA1
26ef654a96871be6c8474fa12aa0a45ca8380720

SHA256
cf8aa48e762886905513b2d9d793ac6fdbf3f696adc95f4de511dd53c997e25a

SHA512
5f5f782fd4c271a7f962e72db01e4d0a4e18883e74b8f8c0c637fcaaa5b569ef37190343fd66f0e5fae319627632360150ffa0d86968d5a9d52ae15f21f89ee9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads