8e2bd41ac6e036386d0844450233a6607f910819e562fff8ced9dd42cf6ea6d6

Analysis

max time kernel
2766739s
max time network
154s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e2bd41ac6e036386d0844450233a6607f910819e562fff8ced9dd42cf6ea6d6.apk
Size

26.0MB
MD5

97891ec1674a40fee8d65ef6835bb643
SHA1

b5e62dd833e50dcd54bcf755e28d386b0cd42366
SHA256

8e2bd41ac6e036386d0844450233a6607f910819e562fff8ced9dd42cf6ea6d6
SHA512

bebb92ec361dd76c470c58a84379d45e08021357bcef87efc59180144bafba0fe62d0e891c2d24896975401836eb4426d972b7fb043c60084a32ff43fe00028b
SSDEEP

786432:YoAJY7I1IzOK24IztnMnCCws20pQXMxKoNacM:YZEI1GOKJatnMCCqX8dNaZ

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.n_add.android

Checks known Qemu files. 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.n_add.android:channel

Checks known Qemu pipes. 1 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.n_add.android:channel

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.n_add.android/app_SGLib/libsgmain_312768000000.zip	4898	com.n_add.android:channel

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.n_add.android

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.n_add.android
Framework API call	javax.crypto.Cipher.doFinal	com.n_add.android:channel

com.n_add.android
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4507

com.n_add.android:channel
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4898

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.n_add.android/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.n_add.android/databases/MessageStore.db-journal

Filesize
512B

MD5
e8590e4dd8c24f7869ebb44e5f5a9938

SHA1
b13cab9c599ff5c3c2c7e18a09d46bbefa321b71

SHA256
14fe274379c57c55e302721c8737d220e0b268f961ccb4da26301cd8245ff09b

SHA512
ae64022e9d652a3bca8c17556bcd78e17d8a3909225342690de9e54e943435b9dd65ef1b8989edd301bdefefc285e2223f2846dfc31106844557660ccee1ff0b

Download Submit
/data/data/com.n_add.android/databases/MessageStore.db-wal

Filesize
48KB

MD5
b8b1443c1a974dc8e4203dcbb204d119

SHA1
4c326039803d39c62e304942942265392d4c4838

SHA256
c048135cfd27fdcb47f638a82cab669f6578845153c53e84ab7bba9d59ba9cce

SHA512
a3e4e4e5f492bc5c5c51b208e6c1a9bdf642061535a1419b5314d043aaf2a128d8f21c4cc64a7cc676b486cdc3b956aae2a6825eb067cd13231d8d2cd86f4346

Download Submit
/data/data/com.n_add.android/databases/MsgLogStore.db-journal

Filesize
512B

MD5
a60bb2ea9c5b0abb8d6de3f55c5a8665

SHA1
0797876aa3866a96ddd8c5def8664ab6bc38208d

SHA256
0ecca21b9ad7d46ce550d1e0d77d601a941d3bc22436d984a7862c3f89a7042e

SHA512
9b66927ecaafa5d059ffa6eb3a71a7d297ac8355b281a553b2f2f80a1fc58c8b6146e56eab06518c813f96cfc3245a8ee8a8fa6df2f89a16dcda911a3e297a2f

Download Submit
/data/data/com.n_add.android/databases/MsgLogStore.db-wal

Filesize
16KB

MD5
2048a82ad52874adc79222641e67e89d

SHA1
c42f6e896360708d565dfff90feae55108af76e0

SHA256
02bb1f6c9b253de53274a0948224d26e8a6c8556833e0e04f760236523379c16

SHA512
86602bd15d42b63290d972d190a4c5ead3b457e17ff56993097e1c2d00838deaefdc71e7b1ad4780fb9c762a8588fa9ecd82dc0712b2b91ee284b77202a48bd9

Download Submit
/data/data/com.n_add.android/databases/message_accs_db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.n_add.android/databases/message_accs_db-journal

Filesize
16KB

MD5
2ecc1111f51cc6f803c789580ef4d999

SHA1
bdec9484fe54459268ff352096519a4596985846

SHA256
153cd1c5460a5ab1ec2f16661a92b314f46782d62832719d3393f92d7b247fd4

SHA512
7240a7543cef0233be4342c0b228e05b5f90c6d9aded294383436b144021ffb31d35f25c0217d26b72e0967f1274987533b2997722e9d50089812fde4fec66c5

Download Submit
/data/data/com.n_add.android/databases/message_accs_db-wal

Filesize
48KB

MD5
431e734fa5c266656da5526a9f143958

SHA1
3efd2bf014d023869158ce6bbe8222cc4852636b

SHA256
014065e64fb5cfcce93bd447cd6ec39629a9487f3126a088bcb5dfe4022e040c

SHA512
66d80f78e2920f8aae42221d68e5b92d32080bb74ef74c6203a5e0110f8d74ca62dd7bb64da38afd31a7cb48f10bd8101b9eae7dd9835476827b432e47967632

Download Submit
/data/data/com.n_add.android/databases/tray.db-journal

Filesize
512B

MD5
0410be82c0764f1a3a4e35496b8f1c6e

SHA1
17cae10c74f014a6cc3c007dd3ca2a7fb6d7e6cc

SHA256
788b76baeee286fa9ae2488599b2b1607c129c74f1a75a2fe928ba546b684404

SHA512
5064bdbeba652c1549c662bfa22d21c65afd8ccacb0699d2afd8f80fc26ad705c396a4ba7ba91fec71ba6092593b858663b99334d86bb9bdc55ac36d44fcd026

Download Submit
/data/data/com.n_add.android/databases/tray.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.n_add.android/databases/tray.db-wal

Filesize
48KB

MD5
298e0b9c33a46443ca83086dbfe8a6d4

SHA1
39710b218a9c632b4bab7b715818cd1850be5ebf

SHA256
3579f2656af98dddd6c2543c135f600f2b3daa0adbb39f37f8ce9022d84de660

SHA512
2c6cd1b1d38ed818c091fc64ea701fc2e649402509d41733ef5cbbe09a8e19bcd442af3aa4398791cfc2a899646e2e74b8294ad314367c1902f2350fc4cdf39a

Download Submit
/data/data/com.n_add.android/databases/ut.db

Filesize
32KB

MD5
c7299b75c89973f4a2ec5759c5cc2e43

SHA1
a288ca80e35e05ea3de48a1fa8645be7dc134ea3

SHA256
e0bfd7f99a551a57c78d232549dbe5cd6cc88359992058ea4be024699f6e866b

SHA512
988f825839e357e8b2d49b0a3cd6c61ddb7031457980eff0fcd628b85b39344d83ba5ee8b0a95f1e5f57694bedacd3bc5e3c93391773d102089131054b21699f

Download Submit
/data/data/com.n_add.android/databases/ut.db

Filesize
32KB

MD5
ca069edd83366575fa6ed02b8bc33328

SHA1
378bbf43587d35091ddb0cae8ecaf96cf5066c42

SHA256
3273a05e773b52e458f964391e79ca116e0ac42c66ec7df976af6e65a50b6e01

SHA512
cf28fca4377439e2fedd67341bc8bc15106f3de49c0d623fa432ea451052759c3112751b125426d75ffb8e02b91dd9747a18e7c048656807132ccdc249359abd

Download Submit
/data/data/com.n_add.android/databases/ut.db

Filesize
32KB

MD5
88ee2adca5dbe4280e8fd9b5287c6a37

SHA1
208ab9c2db2bad5e6e848bd45e0c206301e71635

SHA256
c99ef409f84a24dc9f41a05a475a9fe2451b4ef8e4a176cceb6d4e2fb2f6a527

SHA512
574f5fb5e822c21f46bae95863ff2100d80334dc55759cb00c476439d3f1b20d59bbdf50f2a985c3c9ad74fad692e190409e1a4f46531c1ef75595733edf6314

Download Submit
/data/data/com.n_add.android/databases/ut.db-shm

Filesize
48KB

MD5
b5900b2d52f8e2c32b8f6ff4ded6666e

SHA1
e6fcc26a46cac49312cb52f0907831781d2fa5d1

SHA256
6cad4829f5b0fb4d65fb4ab6dc929f5a15d8f94fa3c8a8a36f3b2a9cfe69a428

SHA512
b5c6c5b73b8405c2108cf6e6cb5953f6d4910a039d57e837df319f3d522858623784d3e1c9882c56cf0adb3ad9ce24b2a3574ac551f69076a1da0c828498fe95

Download Submit
/data/data/com.n_add.android/databases/ut.db-wal

Filesize
24KB

MD5
3ba87c8fe8a86e4a8c4a8d2ca5f71440

SHA1
af71a2b2bae36bd05ff2fbd400c631a4be563663

SHA256
a5bd0f2d73d91396b382eae337e2d52bdc6ceae0cae91fa03301fe941b9b6f93

SHA512
f819be0fcaf5ea6a7209213f28f7ced3d8af30c106b3ecb9c954e27cda0476e3ad854a7449d073d737208fabf297ae31304aba6f74fb7d0b75b63a8a4bb14541

Download Submit
/data/data/com.n_add.android/databases/ut.db-wal

Filesize
8KB

MD5
8776061bfb282d1fb7f34d29d941c38e

SHA1
99fe49e03e19802074dba7a07ac9f0af16dcb5a5

SHA256
a8c3a73321c6ff2c1072b4bd218e81ca88194f339bc183f43abf3fba1f49188c

SHA512
ce34ff58d63344f4170e183e66d39e54302226b3bd04966f9cf35379c829c2fc7c75cd2bb405c645b4a5ddaad962eb0a24e7205a6f111f8e1e6af00e86d898c0

Download Submit
/data/data/com.n_add.android/databases/ut.db-wal

Filesize
8KB

MD5
3cff08cfa31b7ceee4557b5141573efb

SHA1
3be45c146f4c6fc75c69ba0be6286220b180423e

SHA256
99a381fcba391661bdd8bb5e9a3b9813d9c909c29207719b1fbdc244185f7db4

SHA512
a1b6337b71e98fb4fbf6c81f448194140359200d4a369422698d032d60fced8e571d71925f67d68cf8809cdf67060a24a364f908d1bda418bc3481758c50b5dd

Download Submit
/data/data/com.n_add.android/files/SGMANAGER_DATA2.tmp

Filesize
607B

MD5
4f67c849713063144e3371ae94de8c71

SHA1
ce5f1efa3f3ac946976bfa311a1763bb910e4530

SHA256
4abf2f5a50011d861503ea05f032e77f5d98b7aa9aa3e90df5ecb9c8050c48e0

SHA512
37dde105bafd9005c362cd4157e9281de1943e2aa6509ee24cee1bb7996b52671ba570d384c7d4012fe7ae3c5190d15d85bcde98f571d1bea605767b9f5001ec

Download Submit
/data/data/com.n_add.android/files/SGMANAGER_DATA2.tmp

Filesize
913B

MD5
abe9b172d64004f37459a3134447209b

SHA1
0a1b72626361af6974a9835e02d4e8d3350c9a48

SHA256
28d93fc767746fa5dbdd1b09c72c93a11870ef0a6329408af1faaf8b0aa7a76d

SHA512
8fba2e6ed0fddfca8c5ebf6a0d63484326602b83771b1b3bfc9593ad6d80df1e4a332d11095b54d7aaf9439236715f8b81a46aea4ef53c51a2848060f086184f

Download Submit
/data/data/com.n_add.android/files/agoo.pid

Filesize
4KB

MD5
ea294c29b8d61c24ba5a1c7a73e0715c

SHA1
03952755dd0ce5fbb383d0bd94d2791344fa8e1c

SHA256
fcc1d42e2c1d036e84561eb8d67d3335f7fc0c85eaf28f55153b3986935b9d57

SHA512
6bd9b44e63cd5c69609e8d5786d3a74679065647c5bc9c1faf7a082ebc29587ebc95af3b2b329d8e6be3f154bca23565c3a60cf43b3584d1ec47249ed9b63159

Download Submit
/data/user/0/com.n_add.android/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
0c2f2989749ff3910446998637c28286

SHA1
054aba5cdeb4e66a4473b0a81680bc50f6a0cfc3

SHA256
f3c52a07c3cb0a749aa880b5819ce43a5b76065396037f5f50c4577ae522d49d

SHA512
72acb607e89f7dd62c21e9449ceba58c8917afcf4dc32c789f515d6a866e6549b2fd53e90cffbdfb7a62d577534bd9eec052d1ec9a912321f9bf25e7f719a70f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
44efd7beab46719f93f5b0dce59bd5d1

SHA1
c7ecf42660115f3c8adf63fbecfaaf347290a787

SHA256
a71826c31cbe9c818f7f18c9ea10eb1480d0ffcfe16e8f19f9183043254d0639

SHA512
6a622d9460fa6e26da5ad18674e717d2ce38ac9037e52dd7aa4d670dffcc99e8641b8d7e0c083763fa44f87c7c7a864fd1ec96b739ce952779a382f142ec3b3a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
0265bc6831ecec07d0c2326b32db856f

SHA1
0eb13665f6d19032db381d526f9308bb29f1733c

SHA256
29fbff92625a8714c8f4ac823627138bd1cdb0dbecfbf1530e07634435f5a681

SHA512
b2869586eed044b0ba4591e1f3a6b44deb9a706e09afc610ab757ba877e0c47cbdc2c89887cdb8ce7a3852139dcf8d6da91fa30e37f41a99e05d42707386b2ce

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
512B

MD5
740a908d11c0124b8e2555d4f1db0dbc

SHA1
80dc23280557a71f100076163eb22048026ff8a1

SHA256
9bbfac1abad8ac06447c132db7c70dfb16cf8e9a98ca81447bfcd061066f37a5

SHA512
2c3d4397923817afdc4987806a562d11bf71aefc1c5bdcc7f451fd44f6ed945c70bc70408087c2dc22920312e0b3c4cfcc74622b89480e41c30da4708e5f0f45

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
4KB

MD5
dba36ff2316cb72f89a68fe42b47669d

SHA1
386d0cd0e6896d098e36c4ffc2c440a6a8bf5976

SHA256
d8987ea96a4ea7b6b00982fecc1692342da828af3805c0572926b8267a497277

SHA512
525b1cf5c435d9b748a4bf64c99229e2312dbf29b5d9c9f7b31d233617d24223be4182c5a450b178c6b3dd4e9c93ebaf0f70c1c4a4e458f23b4a12f2c8c97945

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
0d0332211ec71d9ca26d612ce40a1932

SHA1
9ad5891c9c15621ca0633e0a06beb191841c247a

SHA256
e38e176048e7d8dfdbcf61b790126da884e3087e5c3e16644ee5e457143377f4

SHA512
0c876e752ff55f39c67f5eb7a41d95c6de2670b9d348155132a756820e64a098e2f8063ca24e1017efa7d31bc0f2b2c3d868403306b14e5685e05006de32f4fa

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a87d07e913350bc26e4d187900c8bbff

SHA1
0e0ad3eea281c3f8e72d1f1524d49f31fbbfce18

SHA256
8348151b2f49d83866f09b739b44a272b853e368599fb6c56c2a834ba51938ec

SHA512
96fc73dd1a8c1a2c086d1c44d0b185fd8d64fd111d72909818da54489915194b73ccef8fcbee1d5e04486b297131b5b62f4cd20bac9a2fc9fcce8adc6a98461f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
686cb46d93986b5bfd1352e8730b601d

SHA1
7bb6482ccf9f0ddda60e6e92f1e0923c395a0c4a

SHA256
cff2e3c618bc4b5a5f96c5c6d48aeff8698334c574542ea86ac180490159fc2f

SHA512
f7899a68d7bcbf74ed39a5d3cd8ded9334007a3da20f48f68f3f17004c58f6a48e5a76143856f43c97de0933ab85c638fb3e6b517e702aec2913234ecc60cd9b

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
cb03e58edeed495e2237619a7d04cad2

SHA1
8a373bf5129b7923bfcf059aeffd983a5e44117a

SHA256
bcdf2a7ff73177625db6ef7c75c88a20eac98c924cd0d03380b281e9ab2fd379

SHA512
e2e0de9992a87688a1721f0e9d8a54a09dd3454e755f73deaa3f1035a15992aefb5cebcb12076c599e859d3246d6f2c6a1143885a2f32fa3b19b145f411c4b7b

Download Submit