813c82aad25cb516dec4903a34dbaf6bcb92d23a9ecef3d36d3681b6322d0256

Analysis

max time kernel
2737217s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

813c82aad25cb516dec4903a34dbaf6bcb92d23a9ecef3d36d3681b6322d0256.apk
Size

28.1MB
MD5

453adffd2367e51b2e6754ecc039facc
SHA1

b54ecb2b4a197d71855f80798b470599f512e1c5
SHA256

813c82aad25cb516dec4903a34dbaf6bcb92d23a9ecef3d36d3681b6322d0256
SHA512

47943b08acf48b2fd602f5d25e97f219a625a98c834c5c97c61c094244229d8cb3ee6b52998d72d6ccf9eea6c4b355ad1094ee170f7621b958138a041ef5b9da
SSDEEP

393216:QM9JxohGsdFrQOpTV3QFp63yl3EK5jS6DXvjsEWH+oOtJlfVqHCSqusxTPMz:QImdFQOpp3QUytpTW2zqbsxTkz

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar	4314	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar --output-vdex-fd=54 --oat-fd=56 --oat-location=/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar	4278	com.vs.micha

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.vs.micha

com.vs.micha
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4278
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar --output-vdex-fd=54 --oat-fd=56 --oat-location=/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4314

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vs.micha/.00000000000/39285EFA.dex

Filesize
69KB

MD5
75a8168e7080b90fc2956592c268371f

SHA1
3702da56d31f381525473364f031dc884e37076d

SHA256
0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701

SHA512
33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

Download Submit
/data/data/com.vs.micha/.00000000000/39285EFA.dex

Filesize
69KB

MD5
02f69eb4fe05ebc6c9f736d83e5f7e26

SHA1
777d75e14a73f5721fc4ae34f49a9a4b82311373

SHA256
13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042

SHA512
7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

Download Submit
/data/data/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar

Filesize
480KB

MD5
fb04b38541cc0f62ce007dabebd25f63

SHA1
76681b71e3f76b596efedf2d5294208864fceaaf

SHA256
f3173b5e7a5233d2845991822c9e69f1392330b2b016815e314a8c95c7aae247

SHA512
0748ee80bf98fe343b86e4c84a219fd8016d50b3c097b2c07ed4891b8ef0db7165a62d72fcb8c8da6b316a9d971fccabe2a81b5379227df3e9d63e30a242efd2

Download Submit
/data/data/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar.sig

Filesize
181B

MD5
3cbb760fd5557b5097b1a2c851eae01a

SHA1
f6043e7964092e52b3b30fec74f93a75a39b15fd

SHA256
bac24f87da19ddc7d93b7fdbf23d6af46ad7f7528bba9b8eb704864dcaa55c02

SHA512
4f5096f6c626f5404fb02edf0534f6624a517457f6f368214e4880fcf4e237e6efbb549fc6f82ce7b65c09c85db6e71cd708dee9ae238626779a022372784729

Download Submit
/data/data/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.vs.micha/app_tbs/core_private/download_upload

Filesize
56B

MD5
c1d9ff5ebd6a016a4a6b670a381f81b0

SHA1
2743cabb2be3922b46e5d380848b91d4f7f2081b

SHA256
cced65c801f4906c78003f934860e88a846917b287edd48c6486fba1bf8109d3

SHA512
073b563fa1ae5072b1347e843590892fb879b8fcac87d4fb93c52ba01133210bf5d182c5d7c4fc0c621bf090087a134cceaae1a7f2310ecabd5c276eeabd7103

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.meminfo

Filesize
329B

MD5
d81960434cec7dadba746b78d453d936

SHA1
5f91a48fa767b4a686548b44068a94cb2655ff7c

SHA256
deb2b857cd4086960a9bb9374620426a065de948e0fa2cdb6f21fa6842b14ad9

SHA512
06c7c82d4677455a9761eb1ecb03d682f12dd71a92f77540437e6d9ed77705cd871f6527472f9d29639e563fd94e2af24f67cb5dd395011ad2a66a77b78746de

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.pid

Filesize
4B

MD5
97e48472142cfdd1cd5d5b5ca6831cf4

SHA1
e3f06811b817600cf25c6da93912d4d29a6de682

SHA256
a138ab3bd14d1133a8dfc665d1f840382c0e76ecbdc44a00130198c329888dde

SHA512
a7366041c424766fbfe6725675e524073c731826843c2682508961618b5e534de24508f61970f5dec94147098564958bed5ca22532c21a536c9abc0dc6d90bb9

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.start

Filesize
25B

MD5
de70c0394b79a9e1d54b0c894035d9b6

SHA1
ee9d2eba63b96dd2a433cf740e1c3d205efca4a3

SHA256
96f0fafbe616b5c6499b75d0cb28b45015415ff664587987afb10072bdfdca41

SHA512
afb7b50ff3a83c19ae8b34329d389f073e40e71adb889866793c0848c9361a2ff676c0d937f09f0f4d77c05cd6533ea7dfecde08553b58560f096d69e7753595

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.status

Filesize
276B

MD5
040dfc602f053839b81c5969a3e889dd

SHA1
8ff670e5fb477aa1db747290d4b1d79ca8ef166e

SHA256
53d03acf14b2d97d651ba692b1569eec76ccb4e054282ca9ed1c5a1d55b97ac4

SHA512
e332e94b6e9f48bc9c3a4e543f4eeaa4120615ce48cec1b9996983fc1d07503d6d6fde595f6fdab8290f89301c4aaf3eef5ac56ba3a96178c6f4283d5265c995

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.time

Filesize
14B

MD5
6224ba1a9389a518b840f90cf7e7d75b

SHA1
29752273e948bda9b3c2659f233aac043ef80e90

SHA256
c1806909c31b3471b3b6cfcd5c77ad87481e25bad22603011824c5ff262355bd

SHA512
ebf29876ad3fd9ad96769d2d660ef4df06b553538441d5a8c946917cc0939c5d43dd8a7dbb3d4f17d0dbd1c0bf890fa2956f2815c584b064ccc247dd12ada26b

Download Submit
/data/data/com.vs.micha/crashsdk/tags/AHCIM0SV0MOC.uptime

Filesize
19B

MD5
5b368b12d9b7e6ef3a2825a73ab1ca24

SHA1
29773f49de95f16d11cca991141affc6898a0d7f

SHA256
8619bf21f34e2ab9b023b81635718cfb35f55b3e36ed6ae3a75a387e109040f3

SHA512
97fd3df0b595e2b6ca13c0faa25ddfaded02f54500b409765db53efa8f9ca690828193d08dc4cac06a5b742a7281058d2f00ac8e8c479ee60a2db6df161e81b0

Download Submit
/data/data/com.vs.micha/databases/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.vs.micha/databases/androidx.work.workdb-journal

Filesize
512B

MD5
0beb69ed2065a9715171db90d5364212

SHA1
d39160f10ea7815aac014c8d369ceff3af6a9723

SHA256
0ab074205ee87fbbb718ebe00cc1d2c4bc33228e08f84ef63dff38201e1574e8

SHA512
552744783abe0f02c031b12cd5199af74c4623445d1f8b94ed1b5a4e7a71d6e6b551aa76a81ba837d76f32a0a422deaf8ba434c4120a4ba20b70fb454e3de747

Download Submit
/data/data/com.vs.micha/databases/androidx.work.workdb-wal

Filesize
16KB

MD5
2dbd2f5ded85b263d7d9f464148273e2

SHA1
435c2c35d79b635b7c759b7b2f390e434ce2842f

SHA256
c2e730d6dd93dd535de9e9b0eadba30870daf207b87902d0566f40ba5ae713c9

SHA512
73ba2dc20e8f03617f8c53053ed1f183bffa3b9e6b1af162ecd834407f7aca42b20a369a479ffa1d0f2d4ad5ac7532d980fc1fdf43f88e31a25bfa081a63492c

Download Submit
/data/data/com.vs.micha/databases/ttopensdk.db-journal

Filesize
512B

MD5
50c25a2f160b0b3d7849d93f6e893ee4

SHA1
fa32a08e45398c98f0672203c709492c26f1b89c

SHA256
cea8903262c341cec01c2b2d45a4234264763b8ccaf67e98a6303d76adc831c0

SHA512
2442885c236fabf384400746d25f85839b4b0110cbb1606f618017309f496b02326b22bded0ce64be6e45da89f6b40285440c80fea594d6262e587814cafd435

Download Submit
/data/data/com.vs.micha/databases/ttopensdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.vs.micha/databases/ttopensdk.db-wal

Filesize
16KB

MD5
8f1390a0b2d3e17ac588967f6e0670cc

SHA1
92ebd484ab98ad951cb88e8641e87e7598cbcdc9

SHA256
cb0a8a8995bdb7ce768b3a6915a9a8b23554a35a45b738b2f1a2d5591447fc07

SHA512
a9c190b97630a1d568e77d7ee9d8c7dc82456eb51f9f77bc95c0967d566b7227665470106b86fa5e2c0c0fa914b6169fc70fdbb8f6fd1c9530347b0a88151710

Download Submit
/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar

Filesize
1.4MB

MD5
7bb4eec662228d121ff7e5e0b0fd752d

SHA1
5f2669f80caf6702d16b716e89100690a805d3d0

SHA256
cbd662efdf8de197bd14068205aba2973699cc64337b1b685a9c06c11cf1bffa

SHA512
c36684f6d8c288ca1cd416227013c210acb767ef15dbe82b55830ae79776768eda53d1311ff557c3aecc7a38efb668001f9a01623ebcc19e2085cbb76b1fc694

Download Submit
/data/user/0/com.vs.micha/app_e_qq_com_plugin_fa9a19f315b4a1d2b4fe2f035b3b9432/gdt_plugin.jar

Filesize
1.4MB

MD5
84aef58d92df80c80351d83aacea2cdf

SHA1
cd98224d1164b008b2ecf252dcfc3cd9ab4c2017

SHA256
60116698377b00160e3b0950d82c81a03ba41004bac7b10de6b536e5328e30be

SHA512
53c86f5fe5046b4be266a2124e328f82fd3c231a915197814be523a2fa94f17842287294e9d61955abcc977c20d1debab0457d1e2a812d7dee3c02bb62015608

Download Submit
/storage/emulated/0/Android/data/com.vs.micha/files/tbslog/tbslog.txt

Filesize
1KB

MD5
c82701c3bf2634f312c92af0e47f79af

SHA1
ce328422c63cf89575e59578afdb02f9ac5eb6e4

SHA256
f414229506f7a007f5b100caed47e567fbdffb321e148af8a01cec979a7a1255

SHA512
76eacdb9e1dae732d9754f4f20b946f7cf78dbc575e2034824fda8cd3d56f77829e818ac8daa21902ff89c86e599c6abfab33027a182888967dd4126926b98fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads