Overview

overview

7

Static

static

6

7b8e865460...1f.apk

android-9-x86

7

CommonPlugin-4.4.apk

android-9-x86

1

CommonPlugin-4.4.apk

android-10-x64

1

CommonPlugin-4.4.apk

android-11-x64

1

FeedPlugin-2.6.apk

android-9-x86

1

FeedPlugin-2.6.apk

android-10-x64

1

FeedPlugin-2.6.apk

android-11-x64

1

FrameworkP....3.apk

android-9-x86

1

FrameworkP....3.apk

android-10-x64

1

FrameworkP....3.apk

android-11-x64

1

WelcomePlugin-3.0.apk

android-9-x86

1

WelcomePlugin-3.0.apk

android-10-x64

1

WelcomePlugin-3.0.apk

android-11-x64

1

__xadsdk__...__.apk

android-9-x86

__xadsdk__...__.apk

android-10-x64

__xadsdk__...__.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

global.apk

android-9-x86

1

global.apk

android-10-x64

1

global.apk

android-11-x64

1

Analysis

  • max time kernel
    2720879s
  • max time network
    162s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23-12-2023 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b8e8654605e24e803af8f94fc629b9187718f032cf58dd3e265216362468e1f.apk

  • Size

    24.5MB

  • MD5

    e4e78abf55a3e2ade6a1652a8d2c7cf4

  • SHA1

    fd6897308aff292b046a567a6257cb67a4cb72f2

  • SHA256

    7b8e8654605e24e803af8f94fc629b9187718f032cf58dd3e265216362468e1f

  • SHA512

    bd860748b7d9a859743a7bb8f5820cb6eeabe643fde21950df2f616c8dcfd09b639ce51e6333e3474844d7f2287e5b3c43c894cb5f5a5c75f06879d830298e94

  • SSDEEP

    393216:bCJLfYjtPBMGKD6ZPe+gKspThWJKTbHwkcyi3e6jWSpV0EhipvYvtRrWACmbxQIg:W3n+I+9tKT7AvO6CSpV0rt/mbxQ9

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests dangerous framework permissions 15 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.yx
    1⤵
    • Loads dropped Dex/Jar
    PID:4248
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yx/files/mmplugins/plugins/CommonPlugin-4.4.apk --output-vdex-fd=139 --oat-fd=140 --oat-location=/data/user/0/com.yx/files/mmplugins/plugins/oat/x86/CommonPlugin-4.4.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4452
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yx/files/mmplugins/plugins/FeedPlugin-2.6.apk --output-vdex-fd=135 --oat-fd=136 --oat-location=/data/user/0/com.yx/files/mmplugins/plugins/oat/x86/FeedPlugin-2.6.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4637
  • com.yx:push
    1⤵
      PID:4281
      • chmod 700 /data/user/0/com.yx/app_bin/watchdogd
        2⤵
          PID:4439
      • com.yx:hw
        1⤵
        • Acquires the wake lock
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4318
      • com.yx:bs
        1⤵
          PID:4402

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.yx/app_bin/watchdogd
          Filesize

          17KB

          MD5

          c9b1fcf356b956e59dd79429a8b445f4

          SHA1

          a7f06f232634899dfb2c49bc6c034e638d14227b

          SHA256

          b2a2021d36ba5ed48dccb27c72682cf3654e7528bfc1431c3abd9f8f4760045c

          SHA512

          ebf474642db93b8d7b42003b89683dc9936079294ea2a27b0fad45a3afc99ca03f43e93d6372b02983e86ec22abefceeecea723e8d0da072ed4d75b55b57e7fa

          Download Submit

        • /data/data/com.yx/files/mmplugins/plugins/CommonPlugin-4.4.apk
          Filesize

          527KB

          MD5

          31b1c9c7bf5548dbcd03f35e01565b46

          SHA1

          0c50f07520a40a0db28e6439d4386fad47ee1b8c

          SHA256

          1bac6e3aa07a0fe1d29316d93dad4f3d82bf92f761971b61062a24a48296769a

          SHA512

          56ab20a59808a11a4a0c5408380a301d0887807262332671f3cec8fe8d5338f360edbdba7fa1f3c8d3007888706545927126266cb98713ee21017fafa2d999d7

          Download Submit

        • /data/data/com.yx/files/mmplugins/plugins/FeedPlugin-2.6.apk
          Filesize

          59KB

          MD5

          582ee59f5208a26fc218828b585314e8

          SHA1

          17534c993ad38669840a520eea965b17f7cae343

          SHA256

          e03cb8b88534ae28e95dffdb5fed9c9eb416106431eb87242c3623e488491b59

          SHA512

          19577d3c00eb6d6f8636471aa07807c204357e1d7e8f6b73baad405c3e7ce2e262d776e68d78d9789f634b84dec4753756411a6c3bbc3a1a4373a0de53b6c446

          Download Submit

        • /data/data/com.yx/files/mmplugins/plugins/FrameworkPlugin-3.3.apk
          Filesize

          18KB

          MD5

          b5d09bda650ec2bfb081844aaef26650

          SHA1

          d87a19cbf278b3e14309e9714aadc2b139cc3ddb

          SHA256

          47de5b649090505e1c7054bc3152b6b5f360fe90db35d2e32acfa2c5f7664ebd

          SHA512

          2e16d25e8ae1d6d39c11c6a81745c8b2b66efb4f10472ccb97dc02224a5dec6634ff1b682d93d5172f878c1c10ef5787e234b6995194da4c786f037ab77dc5a4

          Download Submit

        • /data/data/com.yx/files/mmplugins/plugins/WelcomePlugin-3.0.apk
          Filesize

          34KB

          MD5

          53b5892acd6483e96ea19addcfe67da1

          SHA1

          9225a1b634136a74852dc556f38adae3a9b98530

          SHA256

          55c5682f6b1046c58d71239118e34ae39c478458077855ea138472fe15972db5

          SHA512

          1bdd98905c1083aeab7f8170afbba375928b6d979425eb5a7823ebc496639380e677a4b4149cd9ff8e65cd1e1234074fc2b2770b1f956dcf30150e2f6b8549a3

          Download Submit

        • /data/user/0/com.yx/files/mmplugins/plugins/CommonPlugin-4.4.apk
          Filesize

          954KB

          MD5

          ac7578e110e8f77a576a6f17898543b2

          SHA1

          ebe4729a430b96e3e6ceb6dc0c45f09dc09d8192

          SHA256

          a1a714988061aa11c89b66d6953ff6f1c624609929e76d251b0651499920e54d

          SHA512

          e4390b64e81548de7a292941be26232716fbb5e57cbc130c0a8eb40b18e49264883f8239c3d5a768f4a1d7fde959fb491daf0dfae9357197003375b9c8c42441

          Download Submit

        • /data/user/0/com.yx/files/mmplugins/plugins/CommonPlugin-4.4.apk
          Filesize

          954KB

          MD5

          8e9a5c92465e7d192f28d65134a7e8da

          SHA1

          82263bc635eef4733cd42c24505d22716a3c3544

          SHA256

          93ad58103c7f502d0f52191dca17572b045623fc95663f31e29ffe5dcce7aae3

          SHA512

          f7caf2fc4ade3effca5a1781e0c543859de277a06a951f13e0f0c7e17be597e199c3885293365df6cfaa1cfe9135be4215ff2f107a1f1f5aa2de5e5011788ac9

          Download Submit

        • /data/user/0/com.yx/files/mmplugins/plugins/FeedPlugin-2.6.apk
          Filesize

          97KB

          MD5

          9ce1df60ced33226ba66835928783636

          SHA1

          2eeeda0c38467d8d009ca9d8fdf8ea3ecae29788

          SHA256

          03fea6df5c53edabb38e0d0d83fccdbb3a982b5608628e3c4c4c04635c166bf7

          SHA512

          29ff5ee4bcc7355cbb575f8a996c55aa052b8407e334e1efa53f5cf0f4d0c5ecc6547431f78186341a86c4872fb4c891576c792af39bab768543cedffc4164e7

          Download Submit

        • /data/user/0/com.yx/files/mmplugins/plugins/FeedPlugin-2.6.apk
          Filesize

          97KB

          MD5

          d80551ddf0dc76697cda354b4317666f

          SHA1

          3baf5410da0da640fcdffd6f4b6ce79093020d17

          SHA256

          59f6de13c72d67996a8d0eb248a9c6fdd5e82b4c25666431ec1e6d012697874d

          SHA512

          aca5fae176e1f3b614dcbbc9b823b6bb7ab4bc0c6d96ca24ede5c4bbc87bb8b5b9db7411b37f6efa9e506aabc1766cbf1808ba73f8faf93ae41712e02c8cc21e

          Download Submit

        • /data/user/0/com.yx/files/mmplugins/plugins/FrameworkPlugin-3.3.apk
          Filesize

          31KB

          MD5

          1587722fd6bb9c9f4c44bd781b5adddd

          SHA1

          58ae431bdb6bde42a1a211b1fb9bad96437a60dc

          SHA256

          9e50c350bcdf1516340c1e42299cc2df2ca2327c370e28184156d11bcbb79b94

          SHA512

          00ba9ee11b59879e35bedd364244ee8d6693e4d804b9ec68fbd6f4c15a5b04bbf34558bdb22059e15f5c27d8e08f83dc3a366841bc94b6a8b92a3ec90f04f94f

          Download Submit

        • /storage/emulated/0/AboutYX/log/CrashHandler.log
          Filesize

          1KB

          MD5

          2b1878d9d4702e4b951abe2e2f5a4c6f

          SHA1

          1815fc6da07c28aac95a76c668a70c36e4a9b4b4

          SHA256

          47d2314ad33987f779efad431b09e3af4b366f29461c87b72869258c9445ad0e

          SHA512

          ecdfa4a1979cd5b1cec3a8e0c4475758f0af0aa5def66527bec87379c88e7bab319995b532ca9291f93d217414866c66d4a4010872c6cfb8ed08e235dae5c516

          Download Submit

        • /storage/emulated/0/AboutYX/log/HttpRequest.log
          Filesize

          68B

          MD5

          7ec470a594ef5455e85bf21eddc738ee

          SHA1

          d403daa0c24f3735b17fb3b8db30861753893ff5

          SHA256

          d48055abae9e9fadab8b6b633368d8cc93fba337e6d783e5aeb3c4b304a870ca

          SHA512

          55e1e975953f73a75e8f79bb9122463a011fb760513c95249d533bb2fe7ac68b8bc8ede29277061f92153cff0ddf6549386a14486c7ef183534a99cb55b1d240

          Download Submit

        • /storage/emulated/0/AboutYX/log/TcpRequest.log
          Filesize

          20KB

          MD5

          3928f98a496f06e7c7b0e2325005b6ec

          SHA1

          a53ed0cbf32afc2dc95712a525815207620b88a5

          SHA256

          8852af114455b06482988a815eee21a43389752afef3c6e03aaece3df322e0b9

          SHA512

          a46403dcd463b040f6b39b86f7296fc91f7be84fde44f794bc54b2624fd6a89b9c8a2c6ae0657ca5ffacfc46cb461bf03d6b3df033ed695f583c1be40efd4901

          Download Submit

        • /storage/emulated/0/AboutYX/log/TcpRequest.log
          Filesize

          82B

          MD5

          7aa65050dd32537ff25d4d89cbad3966

          SHA1

          5ed38ee082880412415c60082fcc096063365f23

          SHA256

          e1e001a9bef6a36416d2fb7fb6a9bbcbf3d431d820f984497db7e59378af6381

          SHA512

          1db3dac31458e6838f1faa6e8a31fe0a6a257c3772fbe4c42391fcfdcb820c3bbbdbaf9ae88d9178f52e8d863e332645d03389d240d4565086c6f2afb2f0af8c

          Download Submit

        • /storage/emulated/0/AboutYX/log/YxCalling.log
          Filesize

          625B

          MD5

          5d80483d30491f0bec7183a4af1a480b

          SHA1

          6a2a45694f9bc59dd42bd5b47a942faae870f71c

          SHA256

          903f8f2a9d49d9ea8b8bfcb6b13f7584c3a46dd9096bd0284d9129f39f3190cb

          SHA512

          d18ffaf85add6fe9b70f30c116c12938c91046a08f36ca11b01dd7b2dbce8224b04f73822ff1db8d5af87864842975ca595bbc0d29c5ac9a9550fbc9d1744d4b

          Download Submit

        • /storage/emulated/0/AboutYX/log/YxCommon.log
          Filesize

          67B

          MD5

          ab02e8857f76588dbd17a60361641a02

          SHA1

          fcec5390946635ced5705645bdda0926870cd154

          SHA256

          fe1831829d82c5c024b9d1638094a8c73046d60e33dba109e25d69f61367b06f

          SHA512

          418355874d0367eceee787ba37035b2e9a40a707de1000a66e165dd235e67d611ee9eb9d4b8d3e3b6d622538cc3ded78405d1e654f13400adb078866f9a8cb16

          Download Submit

        • /storage/emulated/0/Android/data/com.yx/cache/uil-images/journal.tmp
          Filesize

          31B

          MD5

          8c92de9ce46d41a22f3b20f77404cc1d

          SHA1

          8671a6dca00edb72be47363a7071be65cf270373

          SHA256

          68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

          SHA512

          30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

          Download Submit

        • /storage/emulated/0/hello.txt
          Filesize

          11B

          MD5

          5eb63bbbe01eeed093cb22bb8f5acdc3

          SHA1

          2aae6c35c94fcfb415dbe95f408b9ce91ee846ed

          SHA256

          b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

          SHA512

          309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f

          Download Submit

        • /storage/emulated/0/huajiaosdk/log_folder/chat_log/CR_2023_12_25.log
          Filesize

          90B

          MD5

          ef1867395df694a935cb90c39603159b

          SHA1

          28bb5c0eb1eef5449944aed77b2a542665ccdfeb

          SHA256

          47f5ab99e223893765f471daef6445c041d9b3f6a24e8e9a9a676ce00fa7c65e

          SHA512

          09a7f0a6eb1d24e3d5985934a68faa4227eef03d603a472221d2cf5f1447501b8a5d6c06ccb7c7b33110a9bf7b3281ec37e874773e03222236c4d00d92affd29

          Download Submit

        • /storage/emulated/0/huajiaosdk/log_folder/chat_log/CR_2023_12_25.log
          Filesize

          85B

          MD5

          20e0b9230621116dabd01eabdd61cce3

          SHA1

          fa6ef1dfb719116fe458ae0e042c1765dacb5739

          SHA256

          fb3480bc6e91b9341f9e0eaad96d3959c38c062dbf06ce4710a23392b849b750

          SHA512

          4330c615d21e5c2ff725ca7e465b70a4d7992945d115eb1a32f68a0fc803321e825f9b00586c040fcb1da9c9b27c912ca6a366e7b52383059c97a869757a1f56

          Download Submit

        • /storage/emulated/0/sdk/BG_2023_12_25.log
          Filesize

          512B

          MD5

          3809b515723cc0c5a4567dcb68570ec6

          SHA1

          a81a860060b71aed7553d8fd92fc7bc5812f9dc1

          SHA256

          f86684778868d8ef9e19f184bde517c9c1c5da902586b3024c480e29da7761a5

          SHA512

          faf610c5e0bd000649cdf381ff0244173d92cb4b9b5cf41048501c5451bb75ee21a62513a7126d7eb345b41551adbff031b468725a50a1eff76c0b2a2243cc93

          Download Submit