Overview

overview

8

Static

static

6

806c04c7de...68.apk

android-9-x86

8

806c04c7de...68.apk

android-10-x64

8

fasc.ics.apk

android-9-x86

fasc.ics.apk

android-10-x64

fasc.ics.apk

android-11-x64

fasc.jb.1.apk

android-9-x86

fasc.jb.1.apk

android-10-x64

fasc.jb.1.apk

android-11-x64

fasc.jb.2.apk

android-9-x86

fasc.jb.2.apk

android-10-x64

fasc.jb.2.apk

android-11-x64

fasc.jb.3.apk

android-9-x86

fasc.jb.3.apk

android-10-x64

fasc.jb.3.apk

android-11-x64

fasc.kk.apk

android-9-x86

fasc.kk.apk

android-10-x64

fasc.kk.apk

android-11-x64

gasc.default.apk

android-9-x86

gasc.default.apk

android-10-x64

gasc.default.apk

android-11-x64

jasc.ics.apk

android-9-x86

jasc.ics.apk

android-10-x64

jasc.ics.apk

android-11-x64

jasc.jb.1.apk

android-9-x86

jasc.jb.1.apk

android-10-x64

jasc.jb.1.apk

android-11-x64

jasc.jb.2.apk

android-9-x86

jasc.jb.2.apk

android-10-x64

jasc.jb.2.apk

android-11-x64

jasc.jb.3.apk

android-9-x86

jasc.jb.3.apk

android-10-x64

jasc.jb.3.apk

android-11-x64

Analysis

  • max time kernel
    2736507s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 19:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806c04c7deaa243750047c7d5031e2dd34f21a312aeec70bac441be1fea4d368.apk

  • Size

    10.7MB

  • MD5

    1325669a1a73de1c21a55407732318ca

  • SHA1

    65034008ced68f5e407dba94fc11e086c1735870

  • SHA256

    806c04c7deaa243750047c7d5031e2dd34f21a312aeec70bac441be1fea4d368

  • SHA512

    392ce9d13a04fdbaab5bae935cfd5cc64cabe55eba950a33d4cf211500f90ed384a9d3a588b9af06bc1449930f08f4186af3accd42bba90a25f01f9e442098c0

  • SSDEEP

    196608:aFIz7Dge/MH3WODuWNaqH7puSv5yJ+eyCVe4YGBEI1phKV0GaCeG9Wc1:aFIHD10HmOffpuaPeyCBXBEMphKSGaYn

Score
8/10

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.duowan.gamevision
    1⤵
      PID:4245
    • com.yy.pushsvc.PushService
      1⤵
        PID:4305
      • com.yy.pushsvc.PushService
        1⤵
          PID:4350
        • com.duowan.gamevision:remote
          1⤵
          • Requests cell location
          • Uses Crypto APIs (Might try to encrypt user data)
          PID:4481

        Network

        • flag-us
          DNS
          oc.umeng.com
          Remote address:
          1.1.1.1:53
          Request
          oc.umeng.com
          IN A
          Response
          oc.umeng.com
          IN CNAME
          oc.umeng.com.gds.alibabadns.com
          oc.umeng.com.gds.alibabadns.com
          IN A
          59.82.23.79
        • flag-us
          DNS
          stat.game.yy.com
          Remote address:
          1.1.1.1:53
          Request
          stat.game.yy.com
          IN A
          Response
          stat.game.yy.com
          IN CNAME
          stat.yy.com
          stat.yy.com
          IN A
          14.17.109.72
          stat.yy.com
          IN A
          221.228.79.225
        • flag-us
          DNS
          shijie.yy.com
          Remote address:
          1.1.1.1:53
          Request
          shijie.yy.com
          IN A
          Response
          shijie.yy.com
          IN CNAME
          www.yy.com
          www.yy.com
          IN A
          103.227.121.120
          www.yy.com
          IN A
          106.38.197.51
        • flag-us
          DNS
          alog.umeng.com
          Remote address:
          1.1.1.1:53
          Request
          alog.umeng.com
          IN A
          Response
          alog.umeng.com
          IN CNAME
          alog.umeng.com.gds.alibabadns.com
          alog.umeng.com.gds.alibabadns.com
          IN CNAME
          alog-default.umeng.com
          alog-default.umeng.com
          IN A
          223.109.148.177
          alog-default.umeng.com
          IN A
          223.109.148.130
          alog-default.umeng.com
          IN A
          223.109.148.178
          alog-default.umeng.com
          IN A
          223.109.148.141
          alog-default.umeng.com
          IN A
          223.109.148.179
          alog-default.umeng.com
          IN A
          223.109.148.176
        • flag-us
          DNS
          alog.umeng.com
          Remote address:
          1.1.1.1:53
          Request
          alog.umeng.com
          IN A
        • flag-us
          DNS
          oc.umeng.co
          Remote address:
          1.1.1.1:53
          Request
          oc.umeng.co
          IN A
          Response
        • flag-us
          DNS
          android.apis.google.com
          Remote address:
          1.1.1.1:53
          Request
          android.apis.google.com
          IN A
          Response
          android.apis.google.com
          IN CNAME
          clients.l.google.com
          clients.l.google.com
          IN A
          142.250.187.206
        • flag-us
          DNS
          android.apis.google.com
          Remote address:
          1.1.1.1:53
          Request
          android.apis.google.com
          IN A
        • flag-us
          DNS
          alog.umeng.co
          Remote address:
          1.1.1.1:53
          Request
          alog.umeng.co
          IN A
          Response
        • flag-us
          DNS
          stat.game.yy.com
          Remote address:
          1.1.1.1:53
          Request
          stat.game.yy.com
          IN A
          Response
          stat.game.yy.com
          IN CNAME
          stat.yy.com
          stat.yy.com
          IN A
          221.228.79.225
          stat.yy.com
          IN A
          14.17.109.72
        • flag-us
          DNS
          shijie.yy.com
          Remote address:
          1.1.1.1:53
          Request
          shijie.yy.com
          IN A
          Response
          shijie.yy.com
          IN CNAME
          www.yy.com
          www.yy.com
          IN A
          106.38.197.51
          www.yy.com
          IN A
          103.227.121.120
        • flag-us
          DNS
          shijie.yy.com
          Remote address:
          1.1.1.1:53
          Request
          shijie.yy.com
          IN A
        • flag-us
          DNS
          stat.game.yy.com
          Remote address:
          1.1.1.1:53
          Request
          stat.game.yy.com
          IN A
          Response
          stat.game.yy.com
          IN CNAME
          stat.yy.com
          stat.yy.com
          IN A
          14.17.109.72
          stat.yy.com
          IN A
          221.228.79.225
        • 59.82.23.79:80
          oc.umeng.com
          240 B
           4
        • 103.227.121.120:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 223.109.148.177:80
          alog.umeng.com
          240 B
           4
        • 172.217.16.238:443
          tls, https
          858 B
           40 B
           1
          1
        • 221.228.79.225:80
          stat.game.yy.com
          300 B
           5
        • 106.38.197.51:80
          shijie.yy.com
          300 B
           5
        • 142.250.187.206:443
          android.apis.google.com
          tls
          5.6kB
           10.8kB
           17
          21
        • 223.109.148.130:80
          alog.umeng.com
          240 B
           4
        • 223.109.148.178:80
          alog.umeng.com
          240 B
           4
        • 103.227.121.120:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          300 B
           5
        • 223.109.148.141:80
          alog.umeng.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 223.109.148.179:80
          alog.umeng.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 223.109.148.176:80
          alog.umeng.com
          240 B
           4
        • 103.227.121.120:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 106.38.197.51:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          300 B
           5
        • 221.228.79.225:80
          stat.game.yy.com
          300 B
           5
        • 106.38.197.51:80
          shijie.yy.com
          300 B
           5
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 106.38.197.51:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 221.228.79.225:80
          stat.game.yy.com
          240 B
           4
        • 103.227.121.120:80
          shijie.yy.com
          300 B
           5
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          240 B
           4
        • 14.17.109.72:80
          stat.game.yy.com
          180 B
           3
        • 224.0.0.251:5353
          3.7kB
           11
        • 1.1.1.1:53
          oc.umeng.com
          dns
          58 B
           116 B
           1
          1

          DNS Request

          oc.umeng.com

          DNS Response

          59.82.23.79

        • 1.1.1.1:53
          stat.game.yy.com
          dns
          62 B
           113 B
           1
          1

          DNS Request

          stat.game.yy.com

          DNS Response

          14.17.109.72
          221.228.79.225

        • 1.1.1.1:53
          shijie.yy.com
          dns
          59 B
           109 B
           1
          1

          DNS Request

          shijie.yy.com

          DNS Response

          103.227.121.120
          106.38.197.51

        • 1.1.1.1:53
          alog.umeng.com
          dns
          120 B
           227 B
           2
          1

          DNS Request

          alog.umeng.com

          DNS Request

          alog.umeng.com

          DNS Response

          223.109.148.177
          223.109.148.130
          223.109.148.178
          223.109.148.141
          223.109.148.179
          223.109.148.176

        • 1.1.1.1:53
          oc.umeng.co
          dns
          57 B
           130 B
           1
          1

          DNS Request

          oc.umeng.co

        • 1.1.1.1:53
          android.apis.google.com
          dns
          138 B
           109 B
           2
          1

          DNS Request

          android.apis.google.com

          DNS Request

          android.apis.google.com

          DNS Response

          142.250.187.206

        • 1.1.1.1:53
          alog.umeng.co
          dns
          59 B
           132 B
           1
          1

          DNS Request

          alog.umeng.co

        • 1.1.1.1:53
          stat.game.yy.com
          dns
          62 B
           113 B
           1
          1

          DNS Request

          stat.game.yy.com

          DNS Response

          221.228.79.225
          14.17.109.72

        • 1.1.1.1:53
          shijie.yy.com
          dns
          118 B
           109 B
           2
          1

          DNS Request

          shijie.yy.com

          DNS Request

          shijie.yy.com

          DNS Response

          106.38.197.51
          103.227.121.120

        • 1.1.1.1:53
          stat.game.yy.com
          dns
          62 B
           113 B
           1
          1

          DNS Request

          stat.game.yy.com

          DNS Response

          14.17.109.72
          221.228.79.225

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.duowan.gamevision/databases/afinal.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.duowan.gamevision/databases/afinal.db-journal
          Filesize

          512B

          MD5

          b0f123d10d532b82ee7b7ee61b24cbee

          SHA1

          ec1bc687e098a39d474d5ad7b5d59412fa08e810

          SHA256

          364812d34a26990299b7f7deec97a2e23f6ea559fb72e6d5c934c2c6c6291910

          SHA512

          826548e5198921386f7b9e60d1a1eba1cf2fd32cfcf21288854b2334402bd6ca637f2397a81d2feb4164b3e3154766d901545ec9d4fca1d3f937b3ccb110625c

          Download Submit

        • /data/data/com.duowan.gamevision/databases/afinal.db-shm
          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          Download Submit

        • /data/data/com.duowan.gamevision/databases/afinal.db-wal
          Filesize

          40KB

          MD5

          0dae4035af51dac27ae7cddba5b1fac7

          SHA1

          e9fb775eb9e13d93a479e2cd842cb499aae0bfd4

          SHA256

          d901573e2ae7b70825ec61f0e46d161982d2d2c8b44b6f834a756a0bdfc75f58

          SHA512

          1d00e03b6f7a7a26863eeb5ee0946062eca7d584ed4813c1670858a8d4b9d8313568ff811739ac9d4945da4b48c4075e4f19e4443f2a4d45a6bfda5ab6e3fc58

          Download Submit

        • /data/data/com.duowan.gamevision/databases/report_11b226fc-f9d6-41fa-8ba0-955c4aad9bd52.db-journal
          Filesize

          512B

          MD5

          9d08ec1745e150342c793fbfc5085fa1

          SHA1

          d86376c7acbeb8d6e7c5df3f202362e26251bd16

          SHA256

          ff19c2fadec8a8c8e7f325a2c420c2402cc9113a8c86eab7c699e2b1792ffc5a

          SHA512

          0613b01f7bfb3087b11e679fe3e3d3cf29a6b835246e346e5d8de4b42ea486e65498cbff820dc2656be973debd003c7d493976b5c1731996aff4951d91d36ad4

          Download Submit

        • /data/data/com.duowan.gamevision/databases/report_11b226fc-f9d6-41fa-8ba0-955c4aad9bd52.db-wal
          Filesize

          16KB

          MD5

          eef3ed2e1259a786ada14782d93e638d

          SHA1

          1a9ec6c5f5ec73495a2e4bd1895a0fb96e45a819

          SHA256

          ee3a866e6aa1d82c4c723b4af99d534b94f0c72893eca34f7f5aeb98fa40c1fb

          SHA512

          4de5cb56d5b183d782cd0d63c8e92eeb320d1b047be00969059b4c7269385aaceb3fde5db9453ebf75fb453a253fa7250e326dbcd254747ac3d15600974f9131

          Download Submit

        • /data/data/com.duowan.gamevision/files/umeng_it.cache
          Filesize

          211B

          MD5

          bd286cb91a50f4c4cb472b779b161f05

          SHA1

          75b058f6f1c8aaa12fb18323a172d8c40d87ee2e

          SHA256

          e52477eee192dfa0c66202a4bed3e1531e2ed157282ba9a3d0aa07e3ab4f5da4

          SHA512

          546ff1251b43a28c02b3ef5a18a235aa944efa8748f6e0255cc4ddce091af1b25f093a607811c09544568fb9c4e95e923b9884383dff98b1a94a6c161f585fb3

          Download Submit

        • /storage/emulated/0/.android/uuid.bck
          Filesize

          32B

          MD5

          33ca7a9bb6d3ed6007692bd03e461619

          SHA1

          cbb2a551e1ed54be63947b11040610972762729b

          SHA256

          043696cb78e64a6059f5ed133520eaaca6e029244e45fd04dffc0afd39b6dc4c

          SHA512

          a49af4c7c3ce3ae194456182a535ff1a7ad858c522625473a1d4638f34b2dc60fdac4d7c2f097db2e0c2ad61b2f6892fbece58e3afbc2554c07a8861aea41ac0

          Download Submit

        • /storage/emulated/0/baidu/.cuid
          Filesize

          89B

          MD5

          fe18cd48da2bacd2af92ea0b09429e1c

          SHA1

          36b7ae75a29edd3992ef42b7df37c402567cbfec

          SHA256

          dfd8d4e4972d2726d449ea5824b61c21141256e57bdfc47f1b14d830fcb641d3

          SHA512

          8a341d90c428abc3e1f90e3f298445b0c7af9785bee57b10169a294792d98295b0fabf2547dfd4a256fd7e16ff6879dc451575000a4981a1d8b1ccbf1d618b1b

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db
          Filesize

          116KB

          MD5

          e93e5b40946ea813560c265bf0589659

          SHA1

          2e648c0d29278184061636eda63929a741f2d6d3

          SHA256

          c16b14a03b97b34442f348b3565a70a1cf2208ae0a4f94c69053c5bf05863917

          SHA512

          ad35e04426dd4eb9422c49c73011dc0934e6c6db5b0a38528721bdc40b458218b38ec170d5a6f03b02442b6ce6b82b21f1d24291b9fd3be54438e7f0b966e08a

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-journal
          Filesize

          512B

          MD5

          22fae2514b086d45d73114e205a7cfa4

          SHA1

          146544030bac01c1ce9a86717b1adbbf4eabfd24

          SHA256

          373098df2b1d97825cc46619566fcb925cebe85cac41f8243a4604155ea9e618

          SHA512

          a5e8d578e9a42f7f8f74daf96a3b7d07b738c2b5458b6c5a8ea8cf278fa39543eb5915a15cfca7d0430c57277a25cafc3b4b9ff1df2c263d0fff600580c7d700

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-shm
          Filesize

          28KB

          MD5

          7f7a386311b4b8085fd3b2833e33327c

          SHA1

          e59519101a4b4339842125553ee3cef5fc644724

          SHA256

          35ac0f1f2d826952c4e833c66171a008da3459c04370a2c2b03e2c4f477d9675

          SHA512

          f43e45fc2abcdcc77d3ab0937b68c15340a9182e1ba508ce254829df981afabfcd9aa713855a0d474d530a9146227636647748f7848ffc77e1c0841689416f57

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-wal
          Filesize

          52KB

          MD5

          44543a47cfe04ff71dc2bfb00dadc9fb

          SHA1

          7f1b9aa26fc45d02bb3aa16e79c7572e16c29a8e

          SHA256

          3818a1ea68055a35863db647d305da66cec90ef619070e2b416db89d2de149c5

          SHA512

          226c3e5079c9f736864b48e2ae77bd8c70128fa3e38f8cfd7553787fe1b93908e5e30f96bf6a98d31109605af803e55585ee97aba6357d84e244d80a7d56d84c

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yoh.dat
          Filesize

          512B

          MD5

          dbbe3032b5321f0ddf6a4d0e03a7b0c0

          SHA1

          1e5d02f4c6ab00bd167cff85b152801b1a1db9fe

          SHA256

          d9fb7c30168eccddbc606e1d977e89e17a02bffc8e8db3edea067b807f34cba0

          SHA512

          6d81b0372564682b6918f0068a37b09cf96660f7f32628f9afcee5066e4217052fce7839aebb05f665d26c2cb5447dbf3ee6a8f82d0ace455978b998d587f2c8

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yoh.dat
          Filesize

          40KB

          MD5

          cb37342d0671cc7d8579b8a5b364fe5a

          SHA1

          dce2211fc1f42718342002e7ca397c8e7644ca4a

          SHA256

          95f390f8427e82221b1191514a52147c42fe700e508e1892ffc0598f8ab92ee3

          SHA512

          9d5f457b441fc473f0518dbb3ae10065ea3c8c158565ec6505afced5ff8cbcf936135a059235dd075de24a8b9b66cfb4cd22c42b5ea418ba1de1d521e3e0d7f7

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yol.dat
          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yol.dat
          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yom.dat
          Filesize

          211B

          MD5

          09da955f63c9fb42ce25e04a30c463bf

          SHA1

          3faabf97122de9e1ce499388ff6699e39af643d3

          SHA256

          f633234c8c5e134783ee47fd94b1fb274f34ecc65b86d31aa770108bbe77230b

          SHA512

          e859ab2cc68a84f6b142482516f75e4a3023b7f440859352e38e411a56c6a7de083bff70f51fa94e0b6fd82e884567ae16d301034f8923b749a93877d119d67c

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yom.dat
          Filesize

          556B

          MD5

          75dfc4b04be3c8439930299394279d44

          SHA1

          5c9f1cdda1ab8fb310a2564dae5f18329cf79874

          SHA256

          5794c8e1cc29003815d51f034285a8a4dabe1bdfb7e495eef8d1d63161785242

          SHA512

          c3ee06552690f7785a13bb8143cafe2b5b04ab70426527dcda9f5b8ae17156987a3e32ce7b457671d541c42217129d261793c03f89fe82559d39956318d3f050

          Download Submit

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.