6abe98c7211b748f39258c83483dbe2e936e17c237666827b61799c68c6d0820

Analysis

max time kernel
2593786s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23-12-2023 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6abe98c7211b748f39258c83483dbe2e936e17c237666827b61799c68c6d0820.apk
Size

13.1MB
MD5

1ae940741bb8492c5e95a942141ad9da
SHA1

c321593fd33d6bed06ce2e076d3a655756018863
SHA256

6abe98c7211b748f39258c83483dbe2e936e17c237666827b61799c68c6d0820
SHA512

73b2a794815f7011fc9cc57e05097b8aa2ccddd313629203ac164eef6ceb7ddcef7a144e19532027a354bcfc946c3d93be17379dab342f838f550d7175c312d2
SSDEEP

393216:2zoDEjIW3eNrL8MrdKLgJukkym4dvdA/Te3pUHtvv+JVp0bXQa:2z+EjIW3QLzdKLp4dlue3ix+ejb

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sunseaaiot.app.lark

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.sunseaaiot.app.lark
/system/bin/qemu-props	com.sunseaaiot.app.lark
/system/lib/libc_malloc_debug_qemu.so	com.sunseaaiot.app.lark:channel
/sys/qemu_trace	com.sunseaaiot.app.lark:channel
/system/bin/qemu-props	com.sunseaaiot.app.lark:channel
/system/lib/libc_malloc_debug_qemu.so	com.sunseaaiot.app.lark

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.sunseaaiot.app.lark
/dev/qemu_pipe	com.sunseaaiot.app.lark
/dev/socket/qemud	com.sunseaaiot.app.lark:channel
/dev/qemu_pipe	com.sunseaaiot.app.lark:channel

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.sunseaaiot.app.lark

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sunseaaiot.app.lark
Framework API call	javax.crypto.Cipher.doFinal	com.sunseaaiot.app.lark:channel

com.sunseaaiot.app.lark
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4633

com.sunseaaiot.app.lark:channel
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sunseaaiot.app.lark/app_crashrecord/1004

Filesize
36KB

MD5
6b30d3d9e811ba72b5f102557dd2f2b6

SHA1
b30e741f404ebf06287775b6556cb068e3fb0556

SHA256
fb99707d91f1c5d55c44604bfeddcb80e137ecb33265f3ac538cd869cfb88f3a

SHA512
3173e1c4b0629e4d6b9f7e305ba99f9fe584d0ebd735192bd806117fc014deabb591c9245119f46c57c144d9734dbcb41706484513cf561e67502ef713c3704f

Download Submit
/data/user/0/com.sunseaaiot.app.lark/app_crashrecord/1004

Filesize
8KB

MD5
bcd32e5d2022d346140eadc9077959d2

SHA1
31d9f7dfa1424ef3880e93df762675eed00fd0f6

SHA256
a41f6d3a255373d6dd61682e536da7635fde01efd7e7a70ba755596b0a3ce72c

SHA512
c0f47a2fcea9998c0c1141e54892ce00f331d2674f004b0e54f943e363173c18e5d1699d0f2bf750089034a6fa832c9882de5e1f3cba0b7bb0f8cfc484d9f313

Download Submit
/data/user/0/com.sunseaaiot.app.lark/app_crashrecord/1004

Filesize
52KB

MD5
6a92e2d1cbbce32bd750cf0135b2f0a3

SHA1
f49e5b95e8aa63c398c95b503d233f765b3e808e

SHA256
8594155c436cfb0bc50a1ffe4cde928e92df7c3fad1666f87963c2e82a000029

SHA512
194cd9141054602b69b5a13d6b11d20d4cdc21eeb923c6780acfc5d058fe7c0716dab2d529489e412aba45f6bc30205df98765bd3d5dea69130f43ebaaaf671a

Download Submit
/data/user/0/com.sunseaaiot.app.lark/cache/tomb.zip

Filesize
8KB

MD5
11626fd9f79a49a626d427cee7277479

SHA1
ec5d01f91ba3ece3dc45ea3f29fa52697b85b034

SHA256
0d31d8a6a0748383905ced2411cab8deaa482ecf3c8d697a97d2fc26de65366c

SHA512
276bc6a7e557139510525f791deca6e63c44914d44d9372059d926edcddb09eb1d8bb81ef679d59a262a29e5ffece25be852db2d976222dbf06e28586f832061

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/MessageStore.db-journal

Filesize
12KB

MD5
21090591a3d419b1edea6b093dab2c93

SHA1
8d7f6fa76e2f07f8cce2b74511c8537ccbe65be3

SHA256
c6909742284f3072ec40851d9b3b2106654b0de5a0fb38daa533f644eabf986c

SHA512
3cb1766637b5e0b5381d376247a1a873fb74a203cccd0c3237cdd83cab9383b55067765c92d722944111e1f0e3be578649f6cad50b2da5b0ffc2e91bce2aad2d

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db

Filesize
12KB

MD5
ee14bfb75bbdd32b5acb572437f7501d

SHA1
338957bb71cbf728e4922dd905ad3dc5c89544eb

SHA256
40fa851be0b1309da95bbc3304bd94b32cc81d3456b4d9608a418e255dd0f707

SHA512
9f35f19135a466d5d950c70b6238eee9140dce1db436a79323bae73c30ccbce11eae02906e97cd136eb7be02470cae00e8da4866beb906c732365984cf69a0c6

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db

Filesize
20KB

MD5
0c9dc74a245c7439d1cfa0af7724d05f

SHA1
856e0fd82020c6b7b437e3fbebdeb80a9b821219

SHA256
6cd69ac83f7dd16afb1a787b55e8191fcc3b60ae648cc1f9911230251e39eef8

SHA512
56b09fb176611204acf34b95781d140752da3168e701b94171120c8a1bc1e11869fb49fce2c01befcd33ba7b2d0343499b3fd96032cbf033cf97fcb37ef1824c

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db-journal

Filesize
8KB

MD5
53a0f418c70b5bfef5292c8a1c43d724

SHA1
dee00d450b21750eadca3c0fbb69efd532ee7f33

SHA256
17884cafbc1f1c48b36d65c48efe1d509fe4811825cebf83d45098cfba6693fb

SHA512
4c2a007376819f7147c69b4c8bda7de3611100a1dbb8ab0e00fda3a1b345b411dddf02f46cbe6a18d35364688008245162afe2cada81020cc5032d873bc4d91a

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db-journal

Filesize
512B

MD5
baf5541e6d7b3f20da1f3bcd9c8a612f

SHA1
c22338dab06d08497baa01119bf689218087ba27

SHA256
3f1f402f2e287bf9aed53dccdaa439fbea8d0e4c67be6e0fde867d1343b2b4b3

SHA512
1be65d2c03f203d8657a7100542331b69f1221c3bbecdc66dfddd67f430203c6a40827c83f40114bc53baf60a7b15d8f4cfe65fbd4ec48c8704d13a10ea04c53

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db-journal

Filesize
8KB

MD5
cf91b31161dba401c0aedcfb8e1bd715

SHA1
5d9691050dfbdd4d4804280d0467a7691b6e47da

SHA256
b33d7caed11021dd927469eb1c69837629b22a03d3602f9f6a0383916a8977af

SHA512
ee822310f36497ab47f01648cc353bc3892f007989eed625275f4bec70ec0d87a052a3377439ddaeb2b8882c25a25ca99ee4ce9e3833fe8741c8ae66d9553cef

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/accs.db-journal

Filesize
8KB

MD5
2f2279f0fcb7c897883d9fa7a7da92b4

SHA1
e9d6960fd1cfa56bad7393aaef181f351b045cdb

SHA256
1e17d759c0403fb766bf7a1f76f538888ea8c9f144d0f9360573592ab553ba86

SHA512
d387407de00d444bede8c1325636b27e799a81a0ff1be7bcd4f752c8e74d381341f305353c430b7b38940cdab12941bd6eed2f6a412583b655b95a9788b14ee5

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_

Filesize
56KB

MD5
2e23851758c0f394229863107efb4c63

SHA1
5516a8329ea4ab3a6dde3d10f2332e6e6688ff75

SHA256
014168910ccbef177a2196c7594bbecfb5c456f651b4b3f9471d91ae2ad44ff3

SHA512
d944e1519784094a59b15cad2d9b364530f25ed64440228e9cd08c411b4805bb8c9355fa0edbd8598740bc1bdabc9f4619a62fcd9a6678a0a9687ba74d127888

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
fafa23322d3a78c2ba66430f298a76b5

SHA1
f507f2a22625d934daac412c860d335de0ebe968

SHA256
0e96a63e403e608d7d67ba9018814a7001441351ebc62ad4e39c770d10be1dd2

SHA512
6aa4429f7b5677fff22631e3e00dcf0281f8d26c34938c6a2ba9fdaa78031479899075ba8f3163dd4d6b276b7431a1adb9de6b21b4da9eb9bf022abb66dc1e13

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
12KB

MD5
b280ef86e2e7ca245e7c2b4dc58eb6d2

SHA1
1f62a8a4d5ee65a62a9072b90c48aa3673923666

SHA256
8916448679c0358bb56cd0959b520ba1d034e2cc88e925d8bf157c86efa508bf

SHA512
0d77948b9eb1fcc3cf78ae79813849431eef070c1f33e1f305192825efedafb32e06a44259e37098d215729cfbf797c90ed29fb09aac33d3fe73f6586c3499af

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
680ee2f4a8bb1fad8fa24c1252c4ef7f

SHA1
c92046dc01c5b5d26d740350905df270100136f6

SHA256
c9b2b2e3f3641dd4fca9401b80595c27e0be733100acf7caf68980e041f87555

SHA512
5b15b8bf16b012007ec53bec2c4d68f6fca36a315ff6a59bcaa2475f9f1afeb19db1e4bf8154de5f96d580747feef0feae8eef4f036616c85ad49fb81b7b9c94

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
3576d9418f2be62582a7a9bfecfa6bf6

SHA1
a648a57083d7b7ef807341014ab752d54938ed29

SHA256
a4b627ed5a94dd6aeafc4d17b377bf56f52fbe90c8ea99641fe3d9514937e622

SHA512
b9ba7f0e74f4cd938a6afed3e05a304836d0482ff6defd7921382f659a8244d877bebc4aeb161508def571b8bfe0fe7ce520b2c4c85cf48da77204c6cb3b0659

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
19d385e08a4ab3ac8ad936dfd111dbc4

SHA1
cb179c2971fb0ed172cc7d57c55133ffbf5ba1b4

SHA256
3f0216a20af6574f0fbabcff2237082e6a6e9e687af52ebb18cae6526a4ac151

SHA512
04490b6dd593272b012e5f6d2279d02adbbb2e1a86bf5e81ca434aab7b80382bcfaf4f9f794cc491416442d8b6158c8622ed2037f62e28a800a1d9c1de38323a

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
47d75d4ca3bab770d130bb00370b35fc

SHA1
ea2a139039f140fd5a542eae2277cda9484007c6

SHA256
2ae3ca5291819901a8e73e9df3fb75224a484a5483944949f895cb060458cedf

SHA512
9f9b2558ab907fc31686adf3fbd50c4063f3fd3be37473c012734e62b5dcd84713cc3c45f897cdb11aedc49dfa8dcf269bf273a249996b0e772e6d91c3d950cb

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
10KB

MD5
adf62dc0a3e3f6e600ea3fd3c7171b90

SHA1
9980f7f90df8819c02f159deb0a3cd1dc3928bc6

SHA256
7d59058af099608c17120cfd5f83c49ca151648488294a8a9ee5559fc91d8eaa

SHA512
52658748e4ff1242c79c637b369c9663261fa31f56eee31bbea300284c08af455fffea8b8e7ad0b257055d6e8223fef8b4c6bd1730fd9cc92428aa0d0919ad30

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/bugly_db_-journal

Filesize
8KB

MD5
b3d7fd144bf3963250cc6a3878ce4d3c

SHA1
3b7d67e492e235a54c71b6e57561bda29917b76d

SHA256
41401ffc9faa676e5333831e1bfebcd7a4d2d215a6162e76595751eb85916f0b

SHA512
a28b9f9a58b68bb306549812ffd51e15bb69065457b02f0def5157208ba92d58566786f67f85740f499815ec480a0546c0c151b61ee6938de05d8424df5cb473

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/message_accs_db

Filesize
36KB

MD5
7c0b5c6d1120bf3635cb815eb5e29f28

SHA1
cbb58092e164d3d098e750a608f3833f85a06476

SHA256
f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b

SHA512
151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/message_accs_db-journal

Filesize
7KB

MD5
be70ce886687dd196f98caec104b3be5

SHA1
3c8c8b04bab1d143e139b83764ce41acde383b05

SHA256
53333c8ad2c61ac9fc72707ec2358a5864b5c032d8b050c40796da5de8f9e1d6

SHA512
c022fe093822b3081ae7753792bf144a3d74f768c8a8b997116dbe65f1c4062441109ae0ee9916024ccf39151a76dbd5262eae471a867640731b92d7c24f3586

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/message_accs_db-journal

Filesize
138KB

MD5
c70674a065bfb5c564a157151d45ca85

SHA1
93a369ba2138b1ff96de1b26608b0129d60dbdd8

SHA256
cc116b3141a02551e8981bcc1af7976cf94429f8cc5249a65b5fe81bd82f196a

SHA512
2007920d51ddbada5c07cefd213cf85a2df60a304b45bd344176c03cab0db072b4740f918654150f7505778c8d1a2cd8515af727ee4d76b4480a0786c9ef748f

Download Submit
/data/user/0/com.sunseaaiot.app.lark/databases/message_accs_db-journal

Filesize
8KB

MD5
11efe17621d7304e9e5ef9be2a6ee2bb

SHA1
3cb1adb6fd5d57cc1fd7a32c5c133d2093e790a4

SHA256
6c292be13d6d2346c9457ef2ecb892475f39309785ffd7b160392aeecc54cfbe

SHA512
8405f8671efd28ec7a16dd8a9329d9c24190a410808de6f5b632219a88f92ffcbc8fed6a737fb3d851cf0c964b62a1d85b6b5fb4b8d8de722fc9a75ee91cc761

Download Submit
/data/user/0/com.sunseaaiot.app.lark/files/agoo.pid

Filesize
6KB

MD5
653fe80e872abc0d5d3fae52df624cda

SHA1
caeaa31559b15432c32c369c3b7c11993159c3ca

SHA256
9f3066d31512016a4f0305f71513aba922a13137bb9f8862a12a1d5aabf7d275

SHA512
f8317d0a0ad93925ffe71bebea879678525e742a1ee43a940a797656c6e6546342cb50ba981afdc46a0cb6114742eae73dcfe552ab318f87df6f45b48ac4b7eb

Download Submit
/data/user/0/com.sunseaaiot.app.lark/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNDAwNjkzOTE4

Filesize
1KB

MD5
b01c60fbf8d1a9388b323d0c7ed9d452

SHA1
86b4335a7d9cedb73cb6e385d9c84e87b771064b

SHA256
a348df9c92e8aae2bd47f96365be6428fa5b1566c83e9d4fb5580342de5b68d6

SHA512
4366aa2df8571fb755cd8ed048ce220df7c1fc08a2cb2732985097910122e7bb3885693ada08544c2e92b41c96dd351e8c9a5f2f199b3e8a6e1bc79c60d94807

Download Submit
/data/user/0/com.sunseaaiot.app.lark/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNDAwNzI2MzM2

Filesize
1KB

MD5
f384d068ae6272145b85cb3a1a1b8c00

SHA1
e65a3de8c9eed550d7c885c756767a3aa813bd42

SHA256
6f5d1431365ef32670a1517cb675b2bf86dc38fbded97f3dce0f7f7abfaf6036

SHA512
9f995f08aa5fb489d512bb01c4d5f08528a7a7351ca0c1fc551277aea5083443b88d78b6a215a69bc1aa32fdefee872b7fca8c61d46853570fedd636f81534af

Download Submit
/data/user/0/com.sunseaaiot.app.lark/files/umeng_it.cache

Filesize
433B

MD5
3a3bfc047969392bfbc40e01510f7200

SHA1
187ef2144aca8a440df65b5344a7d29184e22a13

SHA256
f2d119f890c4ac62cdc8ef4f21c68cfa05227bf292d2998c24f1f8a283254b9c

SHA512
5ec8fa20383024c3904e0d683cbb0314d9e93aa9daadc453d86f69acdebc1ede321c791e07760dd4d827f9d1c0a0acce11bc6def0703c783fc2a59bee9fd77f4

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
191231a0931d7614d44bd3ef198b1b7f

SHA1
4f46205948f283b045e4d0d208d6d4baf0e294cf

SHA256
46b937943806b6501bc22c2deb96465ff73adf735d9f428d5ae667d15947bb96

SHA512
c5826c08047256e389bec9045ce44fbc200db5b41418ec12496111a65ee2af5db429c5feba392ae1eeef16c5344a8dfb3fce2c228c6b6b8fb82b64957b5df6f0

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
46bf5989640723918b1e725e8fd6e6e5

SHA1
4fd75ebe2fec19241022566cc8cb89d93a2feb82

SHA256
6f5a49bb287ff3f9c98dddc6177a0bef0c13b8b9af6b3bb6289d094c4fe94faf

SHA512
b1957c6a2b16e8e631260ead96034ab952088b8ae760570a4b7e9651bf46b1eca02ddc23ef1a0b3d3dee908bc059ed446e9d29b0ab04b3279c8210b4c97ff342

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
025daf0bb1fca8a172b11c91507abaf7

SHA1
3692223aaa45408b596738660e54ffb03cbdf241

SHA256
6538559618fa193e030b6bf76473ccdcdf1343ba0c3b428ca6193e3a774ecd61

SHA512
8cf9abd2461e2772caf11ce503f0a0157ac00fc4d40496b312301a11d515f03e06233e903909b1e6b22da1500f4772471b0102f84b14c9065a7878dc31527378

Download Submit