90a0d85d94e05981b9e478f26b612ea64bcb8aa30b8a37a9d91f2beac9539a59

Analysis

max time kernel
2773167s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 21:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

90a0d85d94e05981b9e478f26b612ea64bcb8aa30b8a37a9d91f2beac9539a59.apk
Size

6.1MB
MD5

e05fc3bb6a36c6691a8c82560197c3bb
SHA1

ddb8971d26fed770f44209c5c3db9a352aef1cc3
SHA256

90a0d85d94e05981b9e478f26b612ea64bcb8aa30b8a37a9d91f2beac9539a59
SHA512

dc07fb6bb6f96a99ef3578bfe291e60ddf1cfcaead95a33cc69b6a278f4912d417aab48037e26a35a39a302e3c0ec0317b4656fb424a2c01e3a5d7f33e0ee20b
SSDEEP

98304:luRflPsvQ3sLJyx3qqujRS3XAWkwOOUKe4o3/vCwOWHxwR7R6368iuMA/Cq+XI:MP6ox3q1V+X/IG9oSfR16li+/CLXI

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar	4364	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/oat/x86/a.b.c.d.e.cache-10-10-100.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar	4274	com.tnsdk.yymcm
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar	4399	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar --output-vdex-fd=47 --oat-fd=53 --oat-location=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/oat/x86/a.b.c.d.e-10-10-143.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar	4274	com.tnsdk.yymcm
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar	4274	com.tnsdk.yymcm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	ip-api.com

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tnsdk.yymcm:multiprocess

com.tnsdk.yymcm
1⤵
- Loads dropped Dex/Jar
PID:4274
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/oat/x86/a.b.c.d.e.cache-10-10-100.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4364
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar --output-vdex-fd=47 --oat-fd=53 --oat-location=/data/user/0/com.tnsdk.yymcm/app_plugins_v3/oat/x86/a.b.c.d.e-10-10-143.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4399

com.tnsdk.yymcm:GuardService
1⤵
PID:4303

com.tnsdk.yymcm:multiprocess
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4341

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar

Filesize
71KB

MD5
5cc833906958f10ef78ba2899a97c4de

SHA1
a72f1928f4ebc9e4a0a97b35d10f7f1faec2778c

SHA256
d5b786917c192711903c500c023b96d457ed97646e024665b6e2bc9b31b8032f

SHA512
9368a958d8a57de177c0fd717221ce2e781a8e2e0b16d2f044f954641d627dacd2fa0fe5eb20814150f760b5e5bc6fe4d968de8b2d6bca4519a139e21f754298

Download Submit
/data/data/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar

Filesize
31KB

MD5
82e95643221bd49928a85d8960088e94

SHA1
18aeb5282e46d3ca6b4280ef3f972c6c9d447256

SHA256
e4fa449a63b98ba6e6b9b0801c727371fb3552232920a5b7ea91a37d32afe147

SHA512
4da607f2ad08a33c2da3fa6784a2543169f5849999c89c0d33f448a9ffb177c35804569500ade9d08ca700a3e3a3b51aceb2fe6af8b4a64d9d1b4ee9ae40e6b4

Download Submit
/data/data/com.tnsdk.yymcm/app_plugins_v3/oat/a.b.c.d.e-10-10-143.jar.cur.prof

Filesize
406B

MD5
775ae445e3b8487a30bbb78f172970e8

SHA1
911f1a662d7b33742f84a085d350b7fa02cdb956

SHA256
b2751bd9d0d61c55784fc8940dd65233570a2bbb5610b862c334ea98bfe55a3b

SHA512
6ee39e32cadb9c811c3f9e3ff433a70c4b93036a025f6d153ecd000da01ec111887ad4b64377ea2c53e216c1979018adc1dd383fae134a7dbbd8d376aad710d8

Download Submit
/data/data/com.tnsdk.yymcm/app_plugins_v3/oat/a.b.c.d.e.cache-10-10-100.jar.cur.prof

Filesize
261B

MD5
ded29d610c23c190d977232794e12d14

SHA1
464c664ff2279efeba29f5a1bf8b01a7d187d066

SHA256
9d374d823cbf44ae861206883e2a552a7f5e9007c0804223be2d459d63a93609

SHA512
aeb4e26d99236e9b6cd876d2ff6a84834fb17a2a9d90579f48fed3f12f0914db6dd6f385da68c7241a017ecb196396cdd601af60d67bb90625d9ab02515706f1

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/-106815946

Filesize
49B

MD5
fb71b8395e073f73d504e0ad3ad5d929

SHA1
70e2e9c5a1c9b090332efb956ff9b39085edc7c9

SHA256
1ace56344bdd1d3f20ea7b0caf3a991a39c61ad26e9cee88eb3fbfa9fd4fb430

SHA512
c9a92ab65ab8738c2c107a3e8f290dbf2a65ed96dd256882ec6baf20724583880746697b361e96b91f631c2f86250eb38291fd8f7d5b6203b79be2897fb7f337

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/-1256049348

Filesize
31B

MD5
b95570cb89c3cb21c84d6d1a87e1c573

SHA1
bf09e1c02adbb4296d6508536e687814cc52811d

SHA256
6fafada4cf9f71dade3932c1b64c745f0315d27bddf5b4379d4588dca2a74dde

SHA512
c923e06daeb85efeec6fb9e7f954b629b2237d277d83486df665e0e7105b97027a7a6238fadb0aa45126d1bf26bfd7ec0f2ea715bf782652a62cdad280924da6

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/-1795434967

Filesize
16B

MD5
f8f80ad2548f2939d74cb85702708757

SHA1
81c9dc6e0307300d5a463955f2150c73e3e0d639

SHA256
0ddfe620e22a99b3ffe3e37ac0402a9243b648e1efe77ee0f83e799a6cef8073

SHA512
c78419286ecfdf5fbb31a6ac9e648d1f7994aa9b831d7509bef00658880f75bbc3c77b3fe1dbe7c30e4d512ebe64a41701cd46a4ec207ee9fe09956a8904a374

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/-1813379398

Filesize
17B

MD5
26c276d83df2ecd7b9aaab972103b7b0

SHA1
0b71f1940d31c492a8a9576d39ad4857206a1369

SHA256
9984f3e228d14a1d8a710338f52f3c39513c9cf85138920f87f583ef04d30269

SHA512
d5f0db41dd6a0a5395fd855cd488cf7eb8246143466513445a5d12d29345181fb9582b3e3bb16508a830fcadbf130c9254255e808ab2f891685df1acf741e726

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/-894512560

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/1391917710

Filesize
47B

MD5
fe7aa46943ee7a2a7ddfe309d7468510

SHA1
580593250eaf52f6841f1734ee433773c77b294e

SHA256
98df2ec897fe794cbdb5366333ecd17dd763d65857f210f310450de69874e35c

SHA512
6923de3c1ff867c94af1d88eac6a541db3a4908cbf2d1706172e52717a3ee307ba314274cffe6bbd4fc87599410a31ab089bcef65c17ed192e9bab58976bd47f

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/17195168

Filesize
5B

MD5
68934a3e9455fa72420237eb05902327

SHA1
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04

SHA256
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

SHA512
719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d

Download Submit
/data/data/com.tnsdk.yymcm/cache/ACache/2110136299

Filesize
28B

MD5
570dbe5b27f3d4937a429874c4f1485a

SHA1
a6d32ba22f1d5f72304446d5882312424e8b877f

SHA256
c65bce40676fb2f02e0839bb615454b52f8c1f823c2a7343d534d6b4607559e5

SHA512
026c9f67d965121bd1fff50967f07dddb3bf4dc0e0d0e09195a39ba39bd8f743aef80a70d3c9979748370e5c5058d1e3a0ce220fd0c33295011f3ba5821762b8

Download Submit
/data/data/com.tnsdk.yymcm/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
f7b9eae3776e98c3150d3f7b73d3f16e

SHA1
b328418f3c969625befcf59f657525d28bcd058e

SHA256
a5f002fda94dee1ef13406439d87684b6fdfdb2b65d150f7de685344fd78a36c

SHA512
8abc6ae85dd3d1c4570ac2edb9fc79d7c4d7e15354e64b65a8321bd182a98b612f1efe99a3494a3015d7be7e167984480415bb0b395c22cb13509f690fc8e294

Download Submit
/data/data/com.tnsdk.yymcm/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
691ecee50d4a627bb0ed7b288878acc8

SHA1
13276925a8e0eec32e3612c8441e85d118c57fc6

SHA256
dc126838d3911901a6e2b56d539d6fed8ed7eebc2cef8d4550927884d61de33b

SHA512
9250dcbd9814bbe821325e53cad3920aaf0440317460bad6ebd378ee648d08e0d8fb365b9cd47a5312d4646dbc4a9a18711225c49556f8d77e9a8e2491ba7675

Download Submit
/data/data/com.tnsdk.yymcm/databases/_nohttp_cookies_db.db-wal

Filesize
36KB

MD5
a92984f9b46f08c7bfe44aae51a411a2

SHA1
bb38b9f69e1673c793b57e9bae5d301f59137bbb

SHA256
3bdc27ce25c8b38c207866c46947dd192ab4b9453a2e2886e2d7414eb47177a7

SHA512
8cb31610c69d0c4cdbb00460ccc76f202377e09538b3544101432c2240ee02c19bc29e527148334ea3788632216a77eb2fa015ca009a0347380550ae8778c1d4

Download Submit
/data/data/com.tnsdk.yymcm/files/jpush_stat_cache.json

Filesize
188B

MD5
26d6819dc7e21e14dee90e9fef87508f

SHA1
3b40b84960c1c31176a1fe5a2bea340ce3a16c7e

SHA256
86ff4d3a9900ec1d4c24ae551acc9aa4f9b0a99b8877fbb8b1edac53c63672c0

SHA512
414f370953d48dfb75b92cbfbd5f99003cf5bd0f6e17bc4cc75e8b45770acbb8df9c85a665bc460c1da2b1fd8dd382dbc5c9bfb0c1fff2f36b8a3706ba1128d6

Download Submit
/data/data/com.tnsdk.yymcm/files/jpush_stat_cache.json

Filesize
262B

MD5
ec602f31c2aaae7d3816041707a7684d

SHA1
4cec9fd0b77567d92376434f9d5600708232165b

SHA256
c792f0ccb683f3a9175e0a74c94f31e2818967890ccb92f261d5691c6221a239

SHA512
aef2627b8184d658659b0c340a5654b2f6b503cebcb04343e3d53868236b3f50cdf5c738205b16daae1eedb1d3366a9388191260a1dc0d17c1d8010defccef1a

Download Submit
/data/data/com.tnsdk.yymcm/files/jpush_stat_cache_history.json

Filesize
491B

MD5
c5f1bb6259f38fb931249c773845d49e

SHA1
7f806ac3e0cc2f661767c9290b6526c5bccf4918

SHA256
144b30e579f5cacccfbe113a7d4d4a2af64e44a52d169b513bded5a841b12282

SHA512
ffbfef6737fb882963bf019a4b65469d579fcb15427f216be8cb080ca447dd24e896c47b2529994007a1b359493f019b6bb2b1d91b82f6aaef4866c76120667a

Download Submit
/data/data/com.tnsdk.yymcm/files/jpush_stat_cache_history.json

Filesize
31KB

MD5
f189059d30ccffac535b1e541a0e61a6

SHA1
9160ff9871319bb9248d604fe9c5eac7f86b944d

SHA256
b9a13892d8702819665217a2070c0acd1628b8205559f8830ee6eb191d095809

SHA512
085bf101de5f5a0e76441a57420bdd2198b23031a95d946b559570c66da666816d728c60c7fdd6229decb8a62100c657d57494b903add2be96f4aa9facc7f4f3

Download Submit
/data/data/com.tnsdk.yymcm/files/jpush_stat_cache_history.json

Filesize
345B

MD5
fd3522cd0db95c079aed1a711d4702eb

SHA1
2ac3f58fedb4a6155ada314b56a0735aac603e3b

SHA256
d0041865634c37dde53ac95f0a1813f586f7559af14e24da14c3263d2c77007b

SHA512
7a796e8c498abf237baaa5b45cf23a1f6a424d189fbe86783a512ef7f435b954daba80c9750815a6859df50271022deca45f5381254a132f4ace1878e1d0f8fd

Download Submit
/data/data/com.tnsdk.yymcm/files/plugins_v3_data/a.b.c.d.e.cache/cache/ACache/-1795434967

Filesize
18B

MD5
cf7a9ee135960978f36c500b6f89bf00

SHA1
8c4beeaf7f38283e8d2b615f42ae5bf1c37c10cf

SHA256
7bede90dcc8eb6aff78333e98db34110c4e64e20621a1ff93e360f0258f9adaa

SHA512
164406b4b1f23e1b2c6177cd41ed886fc07092711a13e780ac1a31e77e41b0536f4a538b1ceae5be414665da93bce564f0e0c8e3eb8d5f4a38fd9cd2acb4b8a6

Download Submit
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar

Filesize
209KB

MD5
38ed4703735fa53e02f3e29dfc4aab59

SHA1
be04797a2b96de223d992af52d04c287cc50af64

SHA256
f825007a039dfe3c36e19437cc8e51b96e7d481667078f5273e2acea6591bd51

SHA512
9825ebbbb7b7dd01aa0568700d854edeb3a15f68723f38c9d17bfd950976c20b49e0ff1298c2e398851ce377310207210484d2a8b5e06f4bef32884dec2925b6

Download Submit
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e-10-10-143.jar

Filesize
209KB

MD5
efc83697e3e2cbc04245a568f4648fa6

SHA1
bb2cc21c62633b5e06bb4b9debb08d6a0f170e8e

SHA256
eb00e6da82d5beb8d8afa9cd17f1829822bff2750154e66852531d5bb5b0f17f

SHA512
1fe04e7a1649c549a43fd37e6b5166c01f2b76e22273eb114f589b8600b4e500c1436c49954853b571b79c5ea7dfd5dbc0c9683e0518f8206a3b931500085cf8

Download Submit
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar

Filesize
87KB

MD5
8d4950b71650c8e83c4a7561b6d2863e

SHA1
162acadec50187d6aaeeebc11ee79cff5a3e465a

SHA256
58a42255740c6082d04d43acaf65aa285791ba1a8ea5118455927fa68c27444e

SHA512
be61c8fd7ee1079f9d10d60c917dfb09c06eb5e8a96bc738de0b9d2a88e007fd4b1718f3b541386d65d462af575f2f46d173a200c76a1f47cbf9f58e4f2c351d

Download Submit
/data/user/0/com.tnsdk.yymcm/app_plugins_v3/a.b.c.d.e.cache-10-10-100.jar

Filesize
87KB

MD5
f1519e6fc9e8827ebd3a77d1ba18e629

SHA1
9ec36f0d8bb650df3804599b8598ace6d5da7d14

SHA256
cdc20eb19a67c060d60a9de1a594ad3c3874ed61009ed754f653517bc00a31ac

SHA512
1e7f3a35449fe6ea186dc09c14bbcb772970089fb131503b56be0ae3f6870157fd8ad284444fa9a3eaccf2b855868c50b4e151b39633a8809a914d92141be9f2

Download Submit
/storage/emulated/0/Android/data/com.tnsdk.yymcm/cache/ormlite-db-date.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/Android/data/com.tnsdk.yymcm/cache/ormlite-db-date.db-journal

Filesize
512B

MD5
6f00d683a4384dc06347f8c607fe5e24

SHA1
1703dbcddc989a21782c5286bee10152dbc1c016

SHA256
8cfdd7c11de87538dd55814c5f02cdadd381a615c02d80d4db559575f807bd0b

SHA512
dbed52638151de480945083782e9a574584438bfc937c9815c3e0ad6d75a0730efd40c0a7cd9477b67cb37d06899e2a9a22ffdecac1023bc8056be97a63a299c

Download Submit
/storage/emulated/0/Android/data/com.tnsdk.yymcm/cache/ormlite-db-date.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/Android/data/com.tnsdk.yymcm/cache/ormlite-db-date.db-wal

Filesize
76KB

MD5
d1abd5584301123ec2c5a1bcc7bc67ab

SHA1
e73c5c2165febf345e829b98d199c23328203d49

SHA256
490ce2c3f411c7a593361429b3e1e2928dd223122514e755f9e1cf9193634ce9

SHA512
d3ec053a6a38a59c18179ab63f7200794b4ea77ae900decfd42d4cac73b1a2cce4029f1d81f73807455094e91b4bf67fb7fa38f846609f99d22becace5d29638

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
1132b7e5de3ca0d3bcc1ddfb29ce62a3

SHA1
b6725153aea3102f42c3ad5431300e8f41a62b34

SHA256
7ca1a775e53b068c300c2855a0a411eddf69164ed8b06d9640636085092f4bfb

SHA512
37b2142aa59edaac8ec7ddf6a34b6c4708f879870825d246d25fa992153ca730e95b7b3d2cb6df63077bc278acd02bebde6813accde31255bbca20d12230f1ab

Download Submit