Overview

overview

8

Static

static

6

ab17d7e005...1c.apk

android-9-x86

8

ab17d7e005...1c.apk

android-11-x64

8

CommonPlugin-2.6.apk

android-9-x86

1

CommonPlugin-2.6.apk

android-10-x64

1

CommonPlugin-2.6.apk

android-11-x64

1

FeedPlugin-1.2.apk

android-9-x86

1

FeedPlugin-1.2.apk

android-10-x64

1

FeedPlugin-1.2.apk

android-11-x64

1

FrameworkP....3.apk

android-9-x86

1

FrameworkP....3.apk

android-10-x64

1

FrameworkP....3.apk

android-11-x64

1

TAEPlugin-1.3.apk

android-9-x86

1

TAEPlugin-1.3.apk

android-13-x64

Analysis

  • max time kernel
    2918961s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24/12/2023, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab17d7e005acecb1c8dc464d56fdfdfe146505360e18000c91b2cda06a6b901c.apk

  • Size

    11.3MB

  • MD5

    cf5da1edd261672f11acc99c951a1d3f

  • SHA1

    dfaf4f1d9a9703a8dcf00598927fd2d623dcdd35

  • SHA256

    ab17d7e005acecb1c8dc464d56fdfdfe146505360e18000c91b2cda06a6b901c

  • SHA512

    ba0d333ab4a65c100af8063e5419243e27843bc5822cdbf83b38eb42279749ebd2b06ced2680baae40b29c4fd74665a08c854859131a26d3f0a82ea9cfffde24

  • SSDEEP

    196608:ruKkfY2xIbu+VPtbdCqadsNEebsCZsY9PgTGDGjMTG2fL8Eir:lkfjIuIFdCdsCYvRYbeG9Eir

Score
8/10

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.ss.android.article.news
    1⤵
      PID:4240
    • com.ss.android.article.news:push
      1⤵
        PID:4307
      • com.ss.android.article.news:push
        1⤵
          PID:4425
        • com.ss.android.article.news:remote
          1⤵
          • Requests cell location
          • Uses Crypto APIs (Might try to encrypt user data)
          PID:4476

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.ss.android.article.news/files/lldt/firll.dat
          Filesize

          56B

          MD5

          6cc79b1525ff8cb9ebf0587948276694

          SHA1

          a6f2ee8c5d4060e41110b0e570629a57da89a5aa

          SHA256

          8cbab81a5f355d426456beb4bb81f58b33bc7da8fc66f396da37ab18455d1a6f

          SHA512

          6447b47103981d3981c7e14a5c9441c5f0ed6d387916597a5212a9566c143eee64dcdc82c68adab07078fc248d2b37cd778a4ee651f4e065cf8b80889e85048f

          Download Submit

        • /data/data/com.ss.android.article.news/files/lldt/offinfo.dat
          Filesize

          44B

          MD5

          4ddbc5dd33fb4974390075e721bc74e8

          SHA1

          b068b63288988cc2b25c5d5c07a92494bb6bde7e

          SHA256

          71a190fb80c3462235f2570b3cb3b3bfe71029bf27d3ef018b4b61bcd8a049dd

          SHA512

          8d273ade647b790d90b1d623f09e6630afe7504d72ced709c8551753475aaec4b6a5f0774e3387ea7ab010aef084bc9aaa046272bd39d0a848baa7f9e8f82649

          Download Submit

        • /storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat
          Filesize

          36B

          MD5

          f4fc6a942489dcebd1cd3bdda07c0f21

          SHA1

          80db68c4d6d3c5152ae4e492b2770ddfe63505d7

          SHA256

          040987197bd4b60153e037a626d4af1ba1c9e8b9ff25aed768002fba3c61e6e3

          SHA512

          fc8b51fc5926f711dc9ad5fddf0e60419884826d582cc8133a7c91554d938cbcb3e004e1fadb9f65b3fa9bcca362c76a41bfd87441ad508247864de299302ce3

          Download Submit

        • /storage/emulated/0/baidu/.cuid
          Filesize

          89B

          MD5

          6f780ab575401b4038eff0ea64118a20

          SHA1

          16c91ecbaea330d61b4ee49fbb909feb7aca1751

          SHA256

          773f22988d2425af69bba7b2758001f8143b3f9dc6d29e3b9179a3303304b765

          SHA512

          436750871809c5d8f413858f621a6f5160bf7e48920564df9d5462c983d29295d50942e0053ac3390ddd4a904b1c3287941fb4ac797489566518c1a283be4af1

          Download Submit

        • /storage/emulated/0/baidu/tempdata/conlts.dat
          Filesize

          12B

          MD5

          8d80bc8ea90e9cac010d3ddf97bda5f5

          SHA1

          f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

          SHA256

          f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

          SHA512

          9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

          Download Submit

        • /storage/emulated/0/baidu/tempdata/conlts.dat
          Filesize

          164B

          MD5

          814a311e9de0e467007d33c96d5f2bad

          SHA1

          0c500d71e8689538c2ae8e7689923b32289c4d72

          SHA256

          57b93a8c78c976e2fe4bf1b13d51503ca32e5fe511cc9fcb160edd1814be8246

          SHA512

          7af19b4b89e20ccfdef7ffca472b9f7c7d54a5e615c1d4753a80ac9da2697964c99ae4b35dc43e36f78514bdfab02d2b6a451c76f4b219679ec688348d73ad1d

          Download Submit

        • /storage/emulated/0/baidu/tempdata/lcvif.dat
          Filesize

          96B

          MD5

          515c9c185d063e723b77afd5ed8778f2

          SHA1

          ff12c6e18de7be239cbc7547ffd277c421b8927d

          SHA256

          998e2c0d020b5c66a8fef0e5bc5416c5b37a862910a989a8fe3e592c01fbf772

          SHA512

          91ba902219eb098f652d233e9dbe2f11280882c74815df3b3579200ed9bfb9dc8763b02197c86f0e85e5b18a4982069c577258ea063c7174561262944b379ef7

          Download Submit

        • /storage/emulated/0/baidu/tempdata/lcvif.dat
          Filesize

          96B

          MD5

          8a0ab053157251c79cc9cfc45014069b

          SHA1

          9d57faef509817d472c7fd17158b674503c25cc1

          SHA256

          ab47f2c435112e3dd53e9a5512d37aa6d8171d972b3d31fbeed322e82b20ed9a

          SHA512

          4f188f11b0b44007fadd5187e1bfdc1aac74d57b62578bba06478a8d5d54385870ee7e8ea7d1e1f199626167c840bbf4acb4a0153faf33ff5ba1f49bba392c59

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db
          Filesize

          28KB

          MD5

          0d3e99204c6401ea499fe9e6d9855497

          SHA1

          09829f00ca458eab7374d5079393a2cd69a2348a

          SHA256

          63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

          SHA512

          8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-journal
          Filesize

          512B

          MD5

          2f0a934c334e04e84690f73a5e6eaa82

          SHA1

          fd32466f251bdb167a3dd9f78d0720236e1a4370

          SHA256

          f0b1376435add859d53040794c69be5007567eaccaae26313bfa86a7059c1a12

          SHA512

          dd013375ef9e05b2cccb1a0fdc60d35b51d5f0143babc25e1bae2ea6d9f3bdf4649bcf2eb81f36ab143a64809dbf6e9438fb9d3e68400f8c1a4e7da8bbb78544

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-shm
          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-wal
          Filesize

          52KB

          MD5

          5f6acae5abb025ab0b0b450dbaac5a63

          SHA1

          955e7d2754fb1e0340384625a0663ad3ee7a9b4c

          SHA256

          aa90d3041e82cbdd67c21bb67c59df648a7b670bbf021c1a7cdcbdcf3d425e5b

          SHA512

          091398844064eb831e06db8bc69d9790b1ca62406c9e514a8fa5fe0db3051d405816b9dbb3d5b230ac80bdcc29c21f3b9f2b219c5f5579493b02a2b20f89e416

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yoh.dat
          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

          Download Submit

        • /storage/emulated/0/baidu/tempdata/yoh.dat
          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

          Download Submit