80ec07fbc05e83ce43bda2e577c0cc02757460b0d21ca5ca396c2b5850a6e6ad

Analysis

max time kernel
2736956s
max time network
152s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80ec07fbc05e83ce43bda2e577c0cc02757460b0d21ca5ca396c2b5850a6e6ad.apk
Size

22.5MB
MD5

6441c0591a61134422bc44d1a2f79f03
SHA1

886051fc91d170fcece3a76417911ec5d7be5f9d
SHA256

80ec07fbc05e83ce43bda2e577c0cc02757460b0d21ca5ca396c2b5850a6e6ad
SHA512

3180fbe672ba036c0e64c8bbfc0b745f32a400f12832a0b921e834dd9d32efa36aca216270b4441ae4629c3bc1b958c807faa907a6b4a42b042cbded579469fb
SSDEEP

393216:63JHEEVpWPTbqYmnTok0vv8M4A0Qw70MfZFv/P3pwgk12NC6SCcT6Im:eJ5ivrsTok0vU7N9vOlU

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dexun.dxzqgw

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.dexun.dxzqgw
/sys/qemu_trace	com.dexun.dxzqgw
/system/bin/qemu-props	com.dexun.dxzqgw

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.dexun.dxzqgw
/dev/qemu_pipe	com.dexun.dxzqgw

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dexun.dxzqgw

com.dexun.dxzqgw
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271
- getprop ro.build.version.opporom
  2⤵
  PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dexun.dxzqgw/app_crashrecord/1004

Filesize
235B

MD5
b0acf36b5f7b651b461bd6acea1e5867

SHA1
07cd9e17211810e4856b9e2335c6fc71cecb8068

SHA256
4d6d661a3c40636f4a01510a39129620fbaf83492ce06a7ff10c9e07f5cbe29f

SHA512
2ddd21f2a6a1647405e142aa96505a8dc651a58c4e1fadb3e862f497e387ec71c78c9beb5118a1dcbc6383f98f6c28f8dd7a8878fc7fbb3b521a549cd99f3473

Download Submit
/data/data/com.dexun.dxzqgw/cache/tomb.zip

Filesize
512B

MD5
3428cd4e953d1afc2c0abd2d5ce8597f

SHA1
82ac7f7035e3623f64757aa7a7acd23ede206c06

SHA256
86911875543be9dd98569188fa1a9bed4061d20af30586f59b0cf24aeba9d153

SHA512
d08bb9c3ab8daf6ef23c117ba234890eae8b9d8052622c636eaad26d62371def796a6f3f58eb4e621928f32d1fd67b3e1fe1bcf4f2f832884ac70febbae0d02c

Download Submit
/data/data/com.dexun.dxzqgw/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dexun.dxzqgw/databases/bugly_db_-journal

Filesize
512B

MD5
2547fd007cb8f751375e86817f43fdbd

SHA1
206dca0839da7de4848ba87b00bf3d654cf1e837

SHA256
343090265b098ac33145361b355465597f04164297ad72aa3852456c6436a4bd

SHA512
52e4055e11d94c9ebbdba5e6d6bb906fb96cb1b1eda2805a5fe4da4e1b61e945663031fb2a57dd4d11a641383548f1e07dc560adc292b933cb67bff7b31380c5

Download Submit
/data/data/com.dexun.dxzqgw/databases/bugly_db_-wal

Filesize
16KB

MD5
b310c9d80461d9ad24f185a0e307981a

SHA1
69b7bc49c162b95bde3d4f7a501a5b3452683e43

SHA256
6d0137f8c8a4aff4901297e377adc3ee80584301a3a8f1e9c36827cca87986a1

SHA512
4c0d9180887fd4b797d41e5837003c163ac124779f4080e61de68e95139cf11dc8afc40c62f29c3a9bd157c7581a679df852817972b125a4741967301f2623ce

Download Submit
/data/data/com.dexun.dxzqgw/files/libcuid.so

Filesize
129B

MD5
10c8d09774db7080283483771ace53f5

SHA1
97a09debff2226ec7de9c1774067d42b2f69ff41

SHA256
2506fe28af004455bcfba2ca1f3618c3e3f55b16f822a4eae2744d7eb8a46614

SHA512
a1fcacfb0c13218dd3a70b9d4e473de01495b48ab7c083eacc52bbe1df104a578411075fa8b04e99aceb08cb7d1e80e4c853f5525072a3822ac8e4a0b712fb19

Download Submit
/data/data/com.dexun.dxzqgw/lib-main/dso_deps

Filesize
280B

MD5
3cfaccb82b0dd03c34fc68cd0d5276de

SHA1
aa4ad375c16ef759e334a36f18d54e5244bd349b

SHA256
7167dc4a928b9abfb28ca6165aae0ecf902db119431d8db7a5388e6124dc9d73

SHA512
688ecad1b9a67891b29bf9833a0c80cf297022816b9cf0015ee938c4ac8c1ddf8ffd712813cd3fca07a2b0744e929af08f12bfe192d075c1f44fefff0492ebc2

Download Submit
/data/data/com.dexun.dxzqgw/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.dexun.dxzqgw/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.dexun.dxzqgw/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
8c7f6e3b52e6e841b895bbd13644ed43

SHA1
ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2

SHA256
6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c

SHA512
cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
34e48d11a8de4b03314f159aa5da3d6c

SHA1
5fbd4de16f77ca4f470bca714fd9559830e3b3e3

SHA256
4036beb4625e18e7bf8b74019a3a4e9e4826e0641cfecdcb24d449e1ad8ba72e

SHA512
4e7ae2039de65e70c4b96074131d1454b3936a3507fb3207ca2230b6a1ad2c52d3be2d47ab8f40ae5b6cac1893aa68f49a6a7c78d360f15ef71a445a91a2684e

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
eaead9e7e10c0f0d5b7625e0472a8f76

SHA1
83fb8b63bd8fce0b55c622d67f94623b22648c17

SHA256
ed2b995afaa2eb7968299046f3be3a1957070e565fee8c568a3f12313028215f

SHA512
41ccb13fabfe784aa3d1b1cdd351d802042f0dcce39ee0c2bfb0a9991dd0c3b23e2ba6917a3e0cf91a44eca17544ea874de775c225115653afbf247d28b109e5

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
32KB

MD5
54426a1e63829b2afa6c11f1342264a8

SHA1
b0c64c5163f66c24d2eb5ed47b30c3c4600034a8

SHA256
83fb25ecde1c407af3d0d9dcbe50c40dd2d264822c0cf9d56c5536793d107810

SHA512
864ddce02514d57e8fd2fc99a6404e4a924a592206c9ed23edda27db6741f47cb16e70d7df47eaf412cca1b4bf1c4a6f1be47f414288f8d8c8c9a0656b5c9416

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
512B

MD5
60c9cd52174491507ac7c0c6a9126c0a

SHA1
50a51aec524bf21736a4475517387b108c00720e

SHA256
09be9a5e16d6d8605295ecfa65aa8be28e5ca058639003242f9df36b22309864

SHA512
5ff1509b9b1b253d051893ddde992496fe675ba5ef0571df27a57e75cdafb00b767391918a0583f2938bb0378045edc9deb804ab6d5ac80f20abb83bb8cb8659

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
36KB

MD5
480d1d2ebb924364e1567f701e1cc265

SHA1
002797ef29a98860c74f425ec32c7cc3b9a70ea2

SHA256
507a872b6782b87d0677130a0594a32ade03023211be49f9c24a27295d1ec33b

SHA512
310d524bc4b4cea33e9cdcda12be69105aab5fa8828f846575b52ff87ec795c23a9946a96128ebb7497dd8e61099c65c27153212ab7a84a0548ebf0d9b0cff47

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
2711b5090dd01488ea0937fdd8612f5c

SHA1
9ba43d2c384ecb9048b8669234af46e4d68ba071

SHA256
31ede88b39f688c6db1700b68d19bb580bd060c08cc4982cf87715d975b2c60c

SHA512
fb9468afb49dc520585109ce6099b8156a3daceb46375a2d313df9424d4b32f054ca61d9db2d79aa8ca17e91dbe097a6f59ef60fa43a04b1af7507bc9d8b1794

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
21fc4d35159da03e508d3f07a7f0d0c9

SHA1
fd26341ba9ec77711f30a07d1fb57c9728ca6da2

SHA256
65860a83f4eb847762902ea8b84d1b2b862fde5b5b272d8093a3879dc518ce7e

SHA512
5be9cc2370ccdf015c66d5b65f210a42debc5f2124675a104f97fdd0167c207c84eece73139e1a8b471da5f6c4b966329409f13beda1268f81074b87493f3e5d

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
239bf12a2eb262e6086c86f54379c6fa

SHA1
a93493d4c5dc714c41cdd99fe346b7293c1d4811

SHA256
9d7404a37933d3b65766d9e499e84bbcef59eaa4322c1e705fa94498726495b7

SHA512
054b3d5c0e69c4b340665d90bf5a70f7fc04cca7dc379c5bdb788f00d8137699385d88560b8f60a8f33cce606754f132dec25ac23fcdc94ddf8e2f98e5645cdf

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
25945c9f6899a8f30fcb2706075f51a9

SHA1
4907c13d1f51b9ad28aff3568b45dbb3a1ea41ac

SHA256
31b95cde61e7543d53a259e4c1816c2a9ac5bbca46957f5d43891ffde7d004b6

SHA512
9077ea5d61ea6863eec114196a438b04d2b23c006254475c71ac9028983d6f3e1d0f2500def48913c1763273586d9eb11b814715f0b8cd5dcb98f57f980b50f5

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
77fc34fedf3fb2871ad1eecdc751e5d7

SHA1
d3b4206e3360deafe464ff6354ba1562d01bca0f

SHA256
c4c65baa5fa84106941420d97a78a316870a66068051f0641ff75cc5efe5aca9

SHA512
abb05d3ae78e527093fd1b879e732464ccb1314b9cc3a36dee8ee09856607d425a41ab38eff9d8b459dfd04efa6abdae57ae8e931058c116536ad5a5a1e1156a

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
4b4e7cb163a8231c030060215db7190b

SHA1
4ee71362b1a9a502a54ee40e1c47eaf686208ee7

SHA256
fc5467760e73dceecce598bb25ad5a12daf30bf4baa6dee44f46d7f2dc0f44b2

SHA512
89a00e625efa6ec1f9f8e4072fe4f9dd446c7afd40fdd6faf3c9af212c8ffda73bd7c8419418291d5bd93aeb6d2a09866fea686b7fa2312f80ad0459aea1e83e

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
25B

MD5
d10c0be76e2e43fa21b86b0c332a1abf

SHA1
7cd9c3444d7a0bb5d4240585fc21317015407019

SHA256
0ad81c710db2c9f86182d0eaa42ec316b17755dd90d01426d8192d737c1fa28b

SHA512
748f0b25f6b9c54b8ad06e1dcbe420d1f9c3bc74920eb1a106af9d9aa7b2133212274d1225259f654c773bad91d8487369f64bfb395913ab16c535b206a12d63

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
55B

MD5
8b376dbec30c5a9bb2e89b76392dd3e3

SHA1
703701d717c0ce0291f69c9557a1987e4457e6cb

SHA256
d4fce972bef346b0559a25861189802bd561ca6b5459d3346ab3caf7b4d19e0f

SHA512
acb594b54b51bd3d60144d009a344e3c516f007a5473554ce0af7322f95449378ada7ee8252ada81ad4e18de58b573c88f968ffba0fe2891519ed64411a6c79b

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
114B

MD5
1426cf47d614f5a856f0a37687606ecd

SHA1
079654064e1de8fbe01dab8338a49d5fa03b460b

SHA256
18808f5dbe69c2d93f0bfed8e06dd8354a4fa6a800b6e968c92d52dd7c42f5f7

SHA512
57233fade6c62f93635d92fc8cb051805d9c524a236c8759cd5b36abf45b6ee56868b1bf12b2af73f468af4a97fe0503e41dec2eb3204e83b0b1c8955dfbd17f

Download Submit