a5e513bea95ff8ed59d6e4a2b26f03e556711d0be75bcfc63e8040b0a8f5dc75

Analysis

max time kernel
2907522s
max time network
144s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5e513bea95ff8ed59d6e4a2b26f03e556711d0be75bcfc63e8040b0a8f5dc75.apk
Size

18.7MB
MD5

a32baf0580f20cf469bca2ff6504c042
SHA1

38238d1061d1d7df5306a7a027a73d8a133780f7
SHA256

a5e513bea95ff8ed59d6e4a2b26f03e556711d0be75bcfc63e8040b0a8f5dc75
SHA512

a76ffe7ddd049ba7326b0d54b0c40f3c218d19a264be22c646b8bebdcaba4aec43513fd986986d473d9e08163d8b7fdcedb4dc1c77f08e777da076a4dc0edbd7
SSDEEP

393216:15cHE4/74Fphk5FgLNNcAHiiYM2GbLX4U4w2Z8ZroxTZ:15AE4MFvk5FgLNNcqFbzH4w2Z8Zral

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.xinggaogou.gou

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xinggaogou.gou

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xinggaogou.gou
Framework API call	javax.crypto.Cipher.doFinal	com.xinggaogou.gou:remote

com.xinggaogou.gou
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4299

com.xinggaogou.gou:remote
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4335

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xinggaogou.gou/app_tbs/core_private/download_upload

Filesize
56B

MD5
384273db32ecb4cf6005ecec43e850cd

SHA1
68db9e3c7d54ce0f89fe2673938b73ff1da4dc5b

SHA256
00252d2b05d4556a311932a0ba9bda8c4bd9d39cbb9ef951a17155077cda5f86

SHA512
4681cb24f47e8ada528abc6f995424a0acd687be8f89cda025c3b2e704c68cf3a4cd4adf921a6d99263146792ac69ff72a4c37da4c357d747e4bcce407becee4

Download Submit
/data/data/com.xinggaogou.gou/app_tbs/core_private/download_upload

Filesize
56B

MD5
b92c4570ddc279d8355a26e16b72dd6f

SHA1
30797b81c15580364ba8e94cf9bde7b7081844a5

SHA256
ff982ff19103ef921e944801be2a4b4e87c8da550ba1e3271fab98e30859ddba

SHA512
13586e073beaaf9c8af27575e7792083f060f1dba70bee2ad9dee0a8be43040dd3c37f0d8f731387100fbd00a3cdebb24f7570758e083f628321cf08f1b09e5f

Download Submit
/data/data/com.xinggaogou.gou/app_tbs/core_private/download_upload

Filesize
84B

MD5
95bca65f8612640d31b62ae07c049a99

SHA1
da9241ef8eedacb5072e3134f6cff3295a755265

SHA256
df5901026ef69981725c6d9c2e4f73a83089abef3c594ba5a15f448085f04561

SHA512
1750bada055897b7ca55e524255182cc43771acd4b07725dc5352a9736aaea7edac2853f84007b2dd6bd8c67303e00db88193e89b25a3fb42bfdaf1df7123431

Download Submit
/data/data/com.xinggaogou.gou/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
3a47e430398998cbf134a5f1a2c0381c

SHA1
04a82be079f05f8f3d732e496bcf2e94dde9b6fc

SHA256
ae7f7e73389552bf8612d9c99feafe093c371a08eaab1b86aaa24fd5a1005c8c

SHA512
e7ad78ef701520c52fab4a839c849c1c9f9d8998685665e1c0bb0377f47d0dffc82ac4f51a61d888e73bdd855cf7e84067de4c4975d6df02dd435882990fbde0

Download Submit
/data/data/com.xinggaogou.gou/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
7eeb8ae05234f8b9c25d569fb95fcf21

SHA1
df3557e42204d16e1868aa60b2f01bbc6997ed38

SHA256
35b3064cc55b34324764553ff1d94b36833f81ca7acd2d06bdbbaf890611b48e

SHA512
bce65cb63db302bbf54a9c2f1016ba9833f00947b19e5e38812d91ea8021888211c974c8bbd17684972811cec69d38b929b11f0e23bc218314e07e362f5615cd

Download Submit
/data/data/com.xinggaogou.gou/databases/app_sql

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xinggaogou.gou/databases/app_sql-journal

Filesize
512B

MD5
b199ca3984b116bab36a97b9ee988b24

SHA1
3a6d373c525d7a8197a6f2210e060cd63f7ee548

SHA256
5c333d09caf2f8fa5e67797930564f1a44a131deb18d35625b9a9d9e1e0ed63b

SHA512
918905e6cc9bf4d53c62a32cddf6c161b91180b9c9ba03ff81aef2b006419abeb537db26bf9cb957fbb8cddb6d07529765c9a97876e2d49fef98983167a7d57b

Download Submit
/data/data/com.xinggaogou.gou/databases/app_sql-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.xinggaogou.gou/databases/app_sql-wal

Filesize
20KB

MD5
1d15d485206a8a1109b087be4ac6e849

SHA1
b296dbe098a5e847d8fd92fca488aa368b8f669a

SHA256
117f8d4bcf6f2073b2530079bc84f53276b4ff09d83d1ab63f5e926a6ec3d7ab

SHA512
5b3b214bcd1b6f8e59c9c16ba18f6a253116369e1e9c71d8630257bce45c7936686a83e8df2c5e535c4de64985db15d6bbaca48f128d5e274ac2dc24a9d92a7d

Download Submit
/data/data/com.xinggaogou.gou/files/Mob/comm/dbs/.duid

Filesize
132B

MD5
556474609706583a56c27739025c0079

SHA1
9876ea8d1fa14694148e2fef32c920e5c98d4ea0

SHA256
d1b5a2d6f5a23a6ed030ffad120a91fc684afed55aaac668cc48e6f237be4c38

SHA512
90a146b73f3570208f181dfd3f2212e559b8fd922a0020e5b18079d11afcce648100cf2b5f8290d7ed12e62f9fba3feaa22a73ef22c34553020f707610e87bea

Download Submit
/data/data/com.xinggaogou.gou/files/Mob/mob_commons_1

Filesize
39B

MD5
f88e34bc5549a10b9e1b8df71b2b54e4

SHA1
d35e7f30ed7774684bc725ec25ab7ce89d781bfb

SHA256
3ae49cf81bf15fca27a63792502b55ac6fe0b02a7816dcdf553d81fb9ab88a39

SHA512
6faaf2c95d400361644af21a4680f3ff27140e06355d44b9a6fc44365cf08b6bc5a7457dafd05d180e714f50d6b240e460b9c02c1733cee90aa1d4f766786601

Download Submit
/data/data/com.xinggaogou.gou/files/jpush_stat_history_remote/2c767af1a634c5aab7572477/active_user/nowrap/e49b41ab-5861-48a1-bfd2-522931358c6b

Filesize
159B

MD5
5ce0c3b8d635408453c6b557d619ef61

SHA1
23bdf8259400fec0b02f92c0d2fe2b9910e2e85d

SHA256
9fcc32db6c27e02cc393635e15893022ee05b3f41af1bcaff175e3b23aa508d3

SHA512
4fb72c1531729c0d9a7b6cead3b82c6917fd72b61fe126126d7946ff704ac65e23a72604acb225176707062bd87122ac02df5a8fad33fa75ed9d7d44ffa66c72

Download Submit
/data/data/com.xinggaogou.gou/files/jpush_stat_history_remote/2c767af1a634c5aab7572477/normal/nowrap/43580271-e1da-45cb-8ce6-ef2fe938b5a9

Filesize
73B

MD5
2f4d99fb81c79320a9c413e5aa107f95

SHA1
7a1c357f360e8f7a1d2423c67e90b80863da6ce2

SHA256
9ab5721835b809b5e726e67beb963893cf50ea7c33d6bd152e27b5201739b30a

SHA512
e502a3ce751cddd4d523e2fc4fb9ac1e80800b45716bb6ad4bacfa48d8e7d84c838c079577e5d91ec94f9efd8c65c8496e135a05194b62761a5c41bb6eb59edc

Download Submit
/data/data/com.xinggaogou.gou/files/jpush_stat_history_remote/2c767af1a634c5aab7572477/normal/nowrap/ad6c4c2e-a3cd-484d-9c0a-7a3b2a6a8fb5

Filesize
170B

MD5
dd0c96363ad46d4e4d68d0d380e7c237

SHA1
13702bec6da80f1a0e6e0ab688ad3c42c068c976

SHA256
66b433064daf340b5dbcbe612566b29e2018013d17dd437efd22f16030bc67b1

SHA512
87ca86f6aca9b1b2bf4f68eba1df09528f54ad9d2c838351fe1dc2d16d9ff2ada292416df0806d04ffa5f3119826e52f0b2ee1c55449924623f9e778cd89c629

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
130B

MD5
f321656a466363e5192773d92000e401

SHA1
3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

SHA256
53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

SHA512
fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
146B

MD5
f64aeeba14668afe7e47454f76657715

SHA1
bb9f11c479684db4bf903745849633d3ea72043c

SHA256
bac7bf768d80cbf9deeeed770f1b77c0426069457ede1fdfd69322524acb2a8e

SHA512
1b1229a8b3422705e3ef705fb84685c77dbf18178a99b48bc67830b3b6e852756f01e4e90ecf2be4bcf7e17aaa5f912e4d0ce660e722981e5d9f973bf411470b

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
194B

MD5
6f19fbb63b3311f7868c1850172674f7

SHA1
9e2a7c71cb8ef254dfba3188f94c36fc60d3d884

SHA256
47741ab6f7c6478692f2a3ab14c7166d5ad33cd763c0b8d2bd9bec69dcf15ab8

SHA512
f47d9dac8386f1240e0907f207c1b5c774613345decf5a35b4285626aa61d37c011107e5242cc73e5c66228f65adea994875058259c754574049afc47333da07

Download Submit
/storage/emulated/0/Android/data/com.xinggaogou.gou/files/tbslog/tbslog.txt

Filesize
2KB

MD5
eadc1141d925ef5b851dd264da1845ab

SHA1
cacf89f22b2b3e9dd709697b2c1881392297cd6b

SHA256
2a62398b7e784f0e9122f74ea2232f6e39fd00b398b5df26491dfdaddc434a37

SHA512
d24f9a66c4c327e3558ac4980c339b5044b671a0202f82709ed1b748cbf9a7942557ee20c032d5dc2f5bb6389b471c1b18e04c6d454a01dc023588843892e65c

Download Submit
/storage/emulated/0/Mob/.mcw

Filesize
82B

MD5
2a7e283a772d7bdc5e999f1848318d1a

SHA1
773c3c02a80d18d42defffc0b5596d99be9f804e

SHA256
effc5d711cbdd6d5cfcbea3ca0eb73ae00b2732b694b2264438e35b54a71e076

SHA512
5cfd14b3fa623eec0b2a1eca876077c1b3e0b8efe012d9ca8b7a39d63f044a6a1b4516f31d30b4b51cf913069973997315184b721911077f46307cfaed1946ce

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit