90a83004b95883092c3b363ecef92f322c1bc99acac841a19170b69aab817aaa

General

Target

90a83004b95883092c3b363ecef92f322c1bc99acac841a19170b69aab817aaa.apk
Size

13.4MB
MD5

c0a97d2f15a2a16c503f606c68286f7e
SHA1

eeeb415c46ca71f8fbb65ffbc5095847c1997422
SHA256

90a83004b95883092c3b363ecef92f322c1bc99acac841a19170b69aab817aaa
SHA512

a0338498342fd621524d8bcde8e73862afac71668b780fe256fb2c2b85ed1566156c82f7e94ec7f07f268565d2ea573c3636c4457e4d19267762ae88c9a7b85c
SSDEEP

393216:+tZHuQqU5GpE1r6DwaTIp8Ojp5yN2vUqhJi59D2kTR+90V+:+tFDD51p6UaTIPl5DsqTgh2

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zh963.H5F86700A
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.zh963.H5F86700A

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.zh963.H5F86700A/mix.dex	4243	com.zh963.H5F86700A
/data/data/com.zh963.H5F86700A/mix.dex	4327	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zh963.H5F86700A/mix.dex --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/data/com.zh963.H5F86700A/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.zh963.H5F86700A/mix.dex	4243	com.zh963.H5F86700A

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zh963.H5F86700A

com.zh963.H5F86700A
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4243
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4275
- sh -c getprop ro.yunos.version
  2⤵
  PID:4291
- getprop ro.board.platform
  2⤵
  PID:4275
- getprop ro.yunos.version
  2⤵
  PID:4291
- /system/bin/sh -c type su
  2⤵
  PID:4339
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zh963.H5F86700A/mix.dex --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/data/com.zh963.H5F86700A/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4327
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4412
- getprop ro.miui.ui.version.name
  2⤵
  PID:4412
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4509
- getprop ro.build.version.emui
  2⤵
  PID:4509
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4556
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4556
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4601
- getprop ro.meizu.product.model
  2⤵
  PID:4601
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4626
- getprop ro.build.version.opporom
  2⤵
  PID:4626

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zh963.H5F86700A/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zh963.H5F86700A/databases/bugly_db_legu-journal

Filesize
512B

MD5
13979cc6745605591c4f0919e4e9ea2b

SHA1
c79222dc702bc1da68758f0581da336f0ac02957

SHA256
31ba9d4940f832ae5ae46af578c3705e77ea650152a77806d97e8dbedfd357f2

SHA512
d79c9ad00466f65984259d4ea24947b0ac7654a79260ded69151d5e2b7c8c0745279e44eef0899118933b5d3b287619a30738962379bb315e34fb2f328580a18

Download Submit
/data/data/com.zh963.H5F86700A/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zh963.H5F86700A/databases/bugly_db_legu-wal

Filesize
92KB

MD5
9def4d55074735c434bb72201b218e47

SHA1
068232dcbb62652df0f849b6517faa84c7539823

SHA256
e3d513fe42998efa65d7600133cbdbfffa421a433f169482ca7362e9dc1e0d1d

SHA512
f1cd9aab1ff2bdfb7faf616bee4c98d6cc4e369fb020fd33774efc6298172502545a941fcf015017f27ea6fed83accc5eba4a32a3ec40d7a0d28983de3a9cc22

Download Submit
/data/data/com.zh963.H5F86700A/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/data/com.zh963.H5F86700A/shared_prefs_ext/test_app

Filesize
24B

MD5
cc7f0d5afae07bccd9af5110a556481c

SHA1
ccebb8caa573cc65090aa15fd936a9aaee86dc9d

SHA256
37fdf374dfa6a434e23f2c1cbe6eb56544ed0f9560d3a6c6a0d6af064c4f6640

SHA512
94fdb245fa1e89cbf8e4d230bdad79cd6329c615c65ccdb03d29918bebee1eca22a378764d2d81ff0a56194cc4e13ad39467814d67286eeb9a0181dda95fefda

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
be673e76e63e47d81c2d963ce786b77f

SHA1
e6007c05eefc3550ee6accd21b3788c123b4ec2c

SHA256
462dc23cdf7553e2b24eef03dd9cc0f1949cb8a3c0fc22ed80948844799c0f97

SHA512
d076c8c41d60a4efb69d0e380b8462f9f553b2a884d89db80ce338efbda39c8423e377306f531d04b96624c180d2617ab9e015654881ff755d5d9f8fe49b868e

Download Submit
/storage/emulated/0/Android/data/com.zh963.H5F86700A/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit

Analysis

Sharing