abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3

Analysis

max time kernel
2728367s
max time network
160s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
24/12/2023, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3.apk
Size

14.0MB
MD5

423484f42cba58793efa99734a542c84
SHA1

55d85c5466ec9819b8f4c0b4bf6cca0fa042d1d7
SHA256

abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3
SHA512

376b26181a95bc11850b7b1f674d41a32881d24632bcf98ca667c050ada6781ad52e897c76dae4df2815d34cc3a515812f2628053c5f0188112f86c538fc1663
SSDEEP

196608:4bxggqDMys8FRC/FwB9vFVuVljN/MKWr+wk2QqpmXHwS8nXzRoDqW1BPeqkNpr5c:MR8wiBJal5MPrc2voHKnXiDNApr5d9K9

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yinglink.caseshare:mult
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yinglink.caseshare
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yinglink.caseshare:mult

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.yinglink.caseshare
/system/lib/libc_malloc_debug_qemu.so	com.yinglink.caseshare
/sys/qemu_trace	com.yinglink.caseshare

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.yinglink.caseshare/[email protected]	4989	com.yinglink.caseshare
/data/user/0/com.yinglink.caseshare/[email protected]!classes2.dex	4989	com.yinglink.caseshare
/data/user/0/com.yinglink.caseshare/[email protected]	5081	com.yinglink.caseshare:mult
/data/user/0/com.yinglink.caseshare/[email protected]!classes2.dex	5081	com.yinglink.caseshare:mult

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yinglink.caseshare

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yinglink.caseshare:mult

com.yinglink.caseshare
1⤵
- Requests cell location
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4989

com.yinglink.caseshare:mult
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5081

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yinglink.caseshare/.jiagu/libjiagu.so

Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
20KB

MD5
0e05b5d1dd97589aa73127eac66526c8

SHA1
f014d154b710f64ac8fbf72acc3165fbdfc73e8c

SHA256
0a2ef256daa85df492b2793288dc98c731cc3efef5297d091363376c91990276

SHA512
3d49be643b84506635ea8fa427f126852825cc723aa65c59d77a5fece0845b83a61d9a35a1af53a1c99bac7f11296927fb4513cace71420b0da92c2e17fc7431

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
4KB

MD5
c89212ba1a2838a9572eaef7407bedee

SHA1
8b3d2052473067e1cc57d418ea02691595a66d7a

SHA256
dc69ebd7fe9f58d68500230714dbad383d51f92d351f0e979e4d1a1854bada59

SHA512
4cc44a2c4856c828344a3fb90a8d9908d6be733c83e525abfa4ad994a7e970ba50b45dd8cf39e469861b1c3603634f0396226e86a1fb86b124496b3301443555

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
16KB

MD5
0c3fdb31aa3e4e85ad4baee5136d16f2

SHA1
9a337db3f096ccf0bacb0d0c687df7914212cdf0

SHA256
4fee05ae56212f06fcbc6858443f51af2705b6884a1601729c32ec99792f6b74

SHA512
ee4e6b92a5a4fa66c73768a44f1a3ec57ccf6f112c0896f0190cffbc1abd9a6ee8df201e3a060f2a31faa39422ea20ee33826fed354e551af6953a8fcf386659

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
4KB

MD5
e9d43ba1387b51dd3a094c37a355be3d

SHA1
32a0211cd01e7978087d7b62a7fb9b421cfa8c14

SHA256
b9972e3f87fc18ac319f6d82df633faa2c3a6c0bbd9b35137cb37dc6296e2f01

SHA512
b5aa071ae3a89d272356785080ac4f92134752ae8e2611b58676a30b3c5597537f0b0a77d14ba3c8364e0376d6288d5f8d79a141c2e2aa9a43647ee3c6f05820

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
20KB

MD5
be87422925230de367f7ed5cf5db6970

SHA1
e85a07a421910b4e03d94ece06b8b798fa9c5bdf

SHA256
1e525ce2c1953f3d1c76693600f38a56c8ccbb9437e67a55b6a054db03722c9d

SHA512
10bc55cae2cca64de778b6cb1bf6714111d44780a86b9e3086a2c8f793dc5ce8b38bd0672ab4460f6260753b8522d3ea706a000ed8e1669d36e23a8a4ab18543

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db

Filesize
20KB

MD5
075b104338294be8a2e89f2c7f677168

SHA1
de24a90edaa01cb0fd9d58fabc2f5430b771fcff

SHA256
49d9f6ef603fd99369efb7cc616bb03d3759de06c7e833d1276c986e6ef14cdf

SHA512
6a160672e4afd8650f75fd89357f9d68a85585690330885ee6515030495800c8bf5ae78c3afab7dd97aeed0a33b5e7f982c5d60b5026cdb23f146db10a6830ae

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
512B

MD5
acdc3c6defc25d66fd6f421e442d9e46

SHA1
1b3ae5350ad24934884fe2987a36f6aaa231cf53

SHA256
bcded7684a2081cf9a02d2b9f5127814eab914e817dc756d1f79a2bae67d8760

SHA512
299d10597aceb25a9fde0d91965ee03f7e5501243ec957236307a8879c6e58718de02b33468f7fbd46474805a8086e0a367e45fba12f0b66a161ff88e4b3bee7

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
8KB

MD5
1838ba21a6a290d74a7b9ad8a1712319

SHA1
46f34920bbbca5040ab84373eb6e05f018d3c083

SHA256
dc59357434fe5d39526806d6be5835f6e2b56c9f0dd335e26562072158904ad7

SHA512
a3f9c40c92696cf401b2e5f85a4723e66c8572c91d51770cd9173ea963c56d46002eb65026e3ce40de41d78eb5ed88e6cac1b61e442f11ee0805348859adcc77

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
8KB

MD5
45717d0a1d1714a5abcb04ae35d75e8a

SHA1
f10636171b8e8683a6aa909060d7bb225b8a0cc1

SHA256
4dc1f3b8bba3da8e2289dc2420133eabdb85d9dc85f51879ecec9cdca2b05ccc

SHA512
db73af8315a89c2921d8579c19b128029a81b0ce6613d6fd8edd1bb736205f7b1c985defa097690e6d85b33213e7d8c3c62c96850d4e04a89713709caa96d21f

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
4KB

MD5
e12bdaa5003061aa98bfd9f2abefd2c5

SHA1
caf6a50fa901c8bda24ac475a40faac92bca8267

SHA256
dcbeac8cfa6694db7d14e39199451d5627bf8dac1c73d2fb35d6c3f948ab8a49

SHA512
814a672dba4a0844ac2b3e289575d0ed2d6de2eba66bbeae4f4b1898a4a4131f6a329e9c523b2d043b1f7861f0c4614f8f6b3eb1ab4cd4940e923406d7d34c62

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
4KB

MD5
a24cb8e897dfd7d8b9dd5cea5b832c5f

SHA1
236cfdbcbb63b708b13a6f84e9a0dd7736c44ad1

SHA256
a3a42c8c0cf9381a96ba628949b2aedd3e17ee1fd6be0b6fe6ab341918999587

SHA512
e30f506c8870dc135336951b9e516889ec5937e875b2f73f039aa9e32de8955b53e5a937c48aae1bae698ef9c632b1ca0a070ca619dc1e35b9d7f94d4c124fab

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-journal

Filesize
4KB

MD5
2acf60924649ef8a428d1a0a27bdce19

SHA1
a6b3a7f8b6017976ea34c1d349f44cb8f2735cea

SHA256
9f310c55f7fd29dd6d030ebef8742221d8be043e268de0c6942082ef17dd730d

SHA512
9239d9403c03fe5cc5ac3a94186dcba38d0d232447b47dfa49a37abf27c63fde84a55cb37bc83e22fecb879528ebbc37e380072ab9e360d788feaf7473ba468d

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-wal

Filesize
8KB

MD5
24fbcc9cfed96ef14f666241cced375d

SHA1
45bb2e171dcb102f812dcf834d5305256954616f

SHA256
435e53676e5908a84d58f67ed09079d362d10179079e7f0ecdc01168a15a660b

SHA512
e90127ef8d1617adcc98af0173a27e95103ed7648a6bcba026cff3318906b994eb189cbd9840e4172e482e00e817ca6bf540ba3fac0fcf684d8378cadc264347

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-wal

Filesize
4KB

MD5
ea528ff5fcab8bce5c33ff0dbe6e86e3

SHA1
24628a14faa137f3b0fb25d5cb812eb1f8ba2a1d

SHA256
53e26f372d59872526c0c95635224abfc79578466813bf4a428f9a371c959151

SHA512
fb154f84372cfe12b6ed2f32a225baed54907bdf109b9fbd1cbb6487dbe33cfdaa85b2217aaee0a0c2f3e7397248bafc35e05e90279407d809be5f54c0d86e88

Download Submit
/data/data/com.yinglink.caseshare/databases/jpush_statistics.db-wal

Filesize
8KB

MD5
f82ad6fea06132426ae47bdaee0024e5

SHA1
3144edec9ad9dfe784bedfe350d0b62c270b27c7

SHA256
5ce6561745e20780956c0a41bf1570f2a3e18a27d5a12f6cc314e0af8be8fa6f

SHA512
1cac2c1b2705f2bb2c1745ed59d376a93b9bd8ee614c1bb79f34e698d8f36ac5a0b971e6fba39a01ea093082baa767df5a7274be55c15ae59e728c6ad84b236c

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ac

Filesize
32B

MD5
7c07c00418883fa6f2a6cc11b0b33f91

SHA1
c24afd00b294e83a2ac2bc1a27c97513b4a7db5c

SHA256
b3ca00696567e5867b0dcc313f1d6b7d0ce14bd783b3b61ba89ba9846a715ad8

SHA512
d6ebab6e8b61a883ab350b7e66b6c8a6ddfd234354afeebf9270972adf636a196701f4ed7cf0b67583e38f9a9846397a26c1f9b1fa38387b6e984430f9ddc67b

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.di

Filesize
340B

MD5
c129535c109915a1bb990822e509210e

SHA1
574120dee07e9b663ec7ef54276b881fe834d7d1

SHA256
fbaa982a0fca0464b97983fff72011d502aafce5eaa0f0f585e916de5a51ce97

SHA512
4bf6064200466fa22143fc73af992dbf802f14ba52f2ac4d0a64bf865e1a64845c7232adbf6e383305e006bb8f2c90e38ecf49449286747c35ea02aa50c0e453

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ic

Filesize
32B

MD5
747922132731e5df517f88ced5a552c9

SHA1
15dd7ce497634e593624ebe7b3d042b26c2c86fa

SHA256
d2d387380b1da9bf377dfe670a6a1382eb50b8caf44aab3ece52d31719489c97

SHA512
f87c90468fd03acf449464f552446ff0eb081f53fc023b6a85df1404a14197e2d48b8468c92ec7881a8731e0984ababe5d96df1e811bae9d7fd559579b3ef025

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.rd

Filesize
32B

MD5
14f1a89cd99d991a197f0ab14ca82789

SHA1
391026dfaa5fb3b8d036e257a7614df7d1d466b2

SHA256
1cbcf358283040052dd0a93f6fde93b779894bd3c2e9f576ca33d81313cb47e4

SHA512
c0a9f09d114908e7aaca9a0a72a707e7239332f21b0802fd287d35c37fbe60720cee93a6fd6417cb3295585648d5302b043d4b8fad7ad71a5386477ba561f765

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ri

Filesize
314B

MD5
d511ed3fd394e73e0493d211cca79652

SHA1
5317789120eee17e9105b2ede0b304aab3a54754

SHA256
542e3e1a6d7b3c3c1a2292316ab04c482c1d7caa1a8f38edce4f964902beb8c3

SHA512
05cc6c08cf10364899525740081a074dd4ad914234b6185f43383b9e3c45f050eb10e36d93af64388fd06a792da031bae974fef4ea3df5fb9fb98723799a8132

Download Submit
/data/data/com.yinglink.caseshare/files/.jiagu.lock

Filesize
27B

MD5
c9c0dbf8ebda9ab7c78a04baba2103dc

SHA1
5a69ebe090413dea2bae7137780e0711b7953ae9

SHA256
13ee406330c57c828c2f1e753742fc5835becd45cc9392214ef3e9402190d535

SHA512
ba1f14d2f38588fa570a27de3a41617c2c68afffe7e03e4ccde376926658983f34cefae2d5c13451f5d6b131e59396d054fb517bea12ea8e6387637612c2ee7e

Download Submit
/data/data/com.yinglink.caseshare/files/appPackageNames_v2

Filesize
5KB

MD5
60f19fdb80ef30e3ec925417e70cf880

SHA1
0907f57e89e65045a1d58a32cc7221e06457eaca

SHA256
7128ddf852d9857398b619c9e1867ad1026e297bed2c155a68b793dc04b501ae

SHA512
d75883f2d1dd4ea13bfbf1fd45e46f48971d456e5585a10870a58772de61d63f16cbe7091383aadc0ed201d4d287afd43e8a8a64eb563620b856ebe398973c26

Download Submit
/data/data/com.yinglink.caseshare/files/jpush_stat_cache_history.json

Filesize
164B

MD5
e5f5bda84e0c63c1eb8d91fdcd456318

SHA1
a498081b76e7d5ef8188c7a86864f568c3f2c0b9

SHA256
2b1b7de96d8947eceb7f75da8e88adb31ccca8ece242cb539ed223b3cc11625a

SHA512
eff59df5bb365dfa17c3a2891df25a36912da5a4ff438dc1d45f638691e15867c1fbfa4762efe894a2323feb927f0834052bff823a154f843549a01194ea73d6

Download Submit
/data/data/com.yinglink.caseshare/files/jpush_stat_cache_history.json

Filesize
338B

MD5
6e103e1efeaeb25b8427685ff5e35414

SHA1
d782bc9338517015a83ef44d58a7c57f692694ff

SHA256
7335363699e20d228f53fbd7f62e7884d6283efe084bcf45e5ced9c8712c0156

SHA512
52d9e0942ba9ac11eb5efd51de225f4f8da707192533cbd2b749e6c3dfd6c993de350ef3fe839370272ff7ea18a032e5c775db98b191358196cdf52a0a5a7920

Download Submit
/data/user/0/com.yinglink.caseshare/[email protected]

Filesize
5.8MB

MD5
5b83e51169936fc7ecd684d57b47763e

SHA1
94077f8470809a1b645cf32a9b19928bee0a30af

SHA256
517ed8e348b6f4f58b9e3cd3747543055e5639109f16633af129842a1c75a733

SHA512
4ec2f7f80d223025e95b11268e6d8bb7e1c1f9014a39473daaa0c86e186793d6c5fc60deb7a95b7f524e3016dfde6a8c3cca903589136caa191f19ae7026fca9

Download Submit
/data/user/0/com.yinglink.caseshare/[email protected]!classes2.dex

Filesize
5.0MB

MD5
c6c2a302c53b69a26982478dbca49af8

SHA1
7df5d7463f0203095d7560cf9cce186e134acdb5

SHA256
bc72b88e559d273dd6675b1529442e84f511bc1f37bb1508ba80b4f034ba59a9

SHA512
1911b54a49443ee3ec8149e02a0520135644409dc666490803b815f066994d85fba4f75d29f0b36ffad3f9dbf0bf29c94caf90686c7e9ac177bc9c622bd80f97

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
a2766bd8baabd652c7300e8412a6fbd2

SHA1
2e7f7a7f25bfb6850753a931be196ae676dae5d1

SHA256
d3266bb9e50a64e4be80d710da52ab8dc9adb072958f0df9dee758110dae9c55

SHA512
b5e0a1103693170161603ca81416aed10f0a5963c4b0d1daf0b034b015595154e1a1a9c1ac96965ac7ed6d800a68fc8948c5b13ec50e0de4444388896f9dfd66

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
9acfe6e1e1cce32e6ace93188335f0d4

SHA1
3ee411b57023f7c78352dd74c0a8a46ebe771ea1

SHA256
a6fe0a421da4f2f4c9c500e6b12f344d6be5930464003650b3b63aa4be78ce1e

SHA512
0dc7004b8ad5a479fe25a46b98f13ddc8b671ba0deee351c7c325134664be86be25935f7eded10cf519f33b40f33bf9140743db789d72d57320eeabea0e1cc37

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
340B

MD5
368076532903e27298bf566aafc68a0b

SHA1
f8d9f18baa4d9ffe33c1f33df807cede309e24ab

SHA256
ad7763b01857427c14e659dc86ddd738bd75e0061613d96509db7a5aec7cbe3b

SHA512
4196b0a826e19bc65fc7c3ce9b3485c00f2f0a1a7be393a3bd0db38ce20076a2c80cf21009af66391f4b3297f133bc02f06f09179b64a1f850a54ee2d5652251

Download Submit