Overview

overview

8

Static

static

6

ab17d7e005...1c.apk

android-9-x86

8

ab17d7e005...1c.apk

android-11-x64

8

CommonPlugin-2.6.apk

android-9-x86

1

CommonPlugin-2.6.apk

android-10-x64

1

CommonPlugin-2.6.apk

android-11-x64

1

FeedPlugin-1.2.apk

android-9-x86

1

FeedPlugin-1.2.apk

android-10-x64

1

FeedPlugin-1.2.apk

android-11-x64

1

FrameworkP....3.apk

android-9-x86

1

FrameworkP....3.apk

android-10-x64

1

FrameworkP....3.apk

android-11-x64

1

TAEPlugin-1.3.apk

android-9-x86

1

TAEPlugin-1.3.apk

android-13-x64

Analysis

  • max time kernel
    2724333s
  • max time network
    167s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    24/12/2023, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab17d7e005acecb1c8dc464d56fdfdfe146505360e18000c91b2cda06a6b901c.apk

  • Size

    11.3MB

  • MD5

    cf5da1edd261672f11acc99c951a1d3f

  • SHA1

    dfaf4f1d9a9703a8dcf00598927fd2d623dcdd35

  • SHA256

    ab17d7e005acecb1c8dc464d56fdfdfe146505360e18000c91b2cda06a6b901c

  • SHA512

    ba0d333ab4a65c100af8063e5419243e27843bc5822cdbf83b38eb42279749ebd2b06ced2680baae40b29c4fd74665a08c854859131a26d3f0a82ea9cfffde24

  • SSDEEP

    196608:ruKkfY2xIbu+VPtbdCqadsNEebsCZsY9PgTGDGjMTG2fL8Eir:lkfjIuIFdCdsCYvRYbeG9Eir

Score
8/10
banker

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.ss.android.article.news
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4513
  • com.ss.android.article.news:push
    1⤵
      PID:4600
    • com.ss.android.article.news:remote
      1⤵
      • Requests cell location
      PID:4696

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.ss.android.article.news/databases/ss_app_log.db
      Filesize

      12KB

      MD5

      171aedf968e17a2744d2585715606cb9

      SHA1

      bbeddeb3b89fcf809619c35b4a318a80e7d5b029

      SHA256

      d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

      SHA512

      78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

      Download Submit

    • /data/user/0/com.ss.android.article.news/databases/ss_app_log.db-journal
      Filesize

      12KB

      MD5

      8d9c36e48e9abc62a07e2f9a01f831f4

      SHA1

      cd22d3941699d5dec057f2cea52c7e61cea37b72

      SHA256

      7afdfd05670d247459cb19d2dc74da04e9d7f5cf3c96657f7e2fd1b6017e5a89

      SHA512

      32e35c4ad98f5be4f58667f88aaabaa18e2cd09ac0eff863291140c1e191e2c3ae7c00aee558e01794ae19f1eb39b465c221cefedbf16d5640f6a29f03bc91a0

      Download Submit

    • /data/user/0/com.ss.android.article.news/databases/ss_app_log.db-journal
      Filesize

      512B

      MD5

      084d94228e43ec8a9a76618b7dc40ac6

      SHA1

      2d7b04f91d1ff1856684c075e72193d275b94eca

      SHA256

      341f476276bbd5f83183f2e5dde5b6cc3d1357ea49fa069599eb3066aca65b5b

      SHA512

      2608b9ee804f0dfda8d6433b3c7566e96619ca3bde54f1afec4134420231d4beb9b60332ae2fcebc8c6067a97250ae97689d14327826118ccc3163e88e2ad1bb

      Download Submit

    • /data/user/0/com.ss.android.article.news/databases/ss_app_log.db-journal
      Filesize

      8KB

      MD5

      606fba43448db99534084875eecdd90c

      SHA1

      0bcbe7e6c0f6cee57eacaf8a61eb2bf0eaf54d20

      SHA256

      3044ed6d09137eddf8b8f83c239a3caa2b4b32cd375cc1a29d1645e4b26a5249

      SHA512

      bf8158861858792bc7ff661151f0deb634679417429f9977fe8bbf91c54b1ae382008db032fca9bff8d3b7b09b7494a3d0c19a488750927f2dcea559aad29db3

      Download Submit

    • /data/user/0/com.ss.android.article.news/databases/ss_app_log.db-journal
      Filesize

      8KB

      MD5

      3e7fffad5d2c999d64afa7ffda45facb

      SHA1

      0ca80697bc29dfdc0064588ec672ce20416ee358

      SHA256

      82dc7e2116dd34cacd799981b33bc072c8a83533e7471c29bd9c62a4d0b55fd8

      SHA512

      174c11036672df0d02e99312c5fb1a199532d85b5c3f6caf9d7be83f554dc206e7b79fc7a3f9904d272e84d1876aa749a1a08bfd1d556250504c4af63fde9a40

      Download Submit

    • /data/user/0/com.ss.android.article.news/files/.imprint
      Filesize

      772B

      MD5

      b29df48a9786c979db6a4ea48a9d8df6

      SHA1

      b8d68ca47bed05035227d97df6038a8f6d454485

      SHA256

      5b8bc2a247568175954c44616d54f1b54a5edc8b1e4e31def0ab06b64d279471

      SHA512

      47e5c03236938dc3049a4031b0cd11e3a5649a44c20b52fb818b3fa07ca73f8a747dd3abefe0b95e5f8a666b028283ca72e41030600f59e29f560894a4dfc9ba

      Download Submit

    • /data/user/0/com.ss.android.article.news/files/lldt/firll.dat
      Filesize

      480B

      MD5

      26df155a1daa98b7010236a56911afcb

      SHA1

      45351b9ec1667574a297d876ab30bbea2e071ec3

      SHA256

      5dbdc6715784ad9939b4eb70059d8a0ac8261435783b2e1b7e7ff78ecfde77be

      SHA512

      53e3da4b7730f1c9e6be1af31092c28c8cdcbc5a4c5c1a806182120bfaa34923a0aa273e0c7f29a558fa802630279b58cabe987382d0ce4864e4531800b3c008

      Download Submit

    • /data/user/0/com.ss.android.article.news/files/lldt/offinfo.dat
      Filesize

      44B

      MD5

      4ddbc5dd33fb4974390075e721bc74e8

      SHA1

      b068b63288988cc2b25c5d5c07a92494bb6bde7e

      SHA256

      71a190fb80c3462235f2570b3cb3b3bfe71029bf27d3ef018b4b61bcd8a049dd

      SHA512

      8d273ade647b790d90b1d623f09e6630afe7504d72ced709c8551753475aaec4b6a5f0774e3387ea7ab010aef084bc9aaa046272bd39d0a848baa7f9e8f82649

      Download Submit

    • /data/user/0/com.ss.android.article.news/files/umeng_it.cache
      Filesize

      148B

      MD5

      a815512dcd5f3e1ad09a533c139d3a53

      SHA1

      7a4189133e51f80244c47ca60af0de7917f7ba41

      SHA256

      088909cc4f5f07118b2895ea05e806f1f22b3cfb765d539a783228fcdd7ccc9f

      SHA512

      a37b3cac9843d3848a07021727f34732afa9a0a470a2afc8c8f7b2f2d344396764173aec0d74f278af2e42cf1bbf0078df917cc0a5579d6d2bc07df6b12fe60d

      Download Submit

    • /data/user/0/com.ss.android.article.news/files/umeng_it.cache
      Filesize

      76B

      MD5

      ff8b44f31892aebc59c7ce00f94d78c0

      SHA1

      46feb83c629b6e4a87163094940047cd39fb7ee3

      SHA256

      348790d5c453265dfbbc68b4e01dd8ea7e77436637600b4e7f5b467ed69a2c10

      SHA512

      d38095071fa51a2f0d13e95e3921938b6b075a7c62baefab938fa1c80d8ae6e488169362938a50965494c25403ec40cdd73a7ed42ad225049ae9574df8be271f

      Download Submit

    • /storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal
      Filesize

      8KB

      MD5

      9a869335281124022f1955f9cdb1be05

      SHA1

      a960965f2438bff331376f381c54b73a8bfeee37

      SHA256

      83e3a2a9d026b948c184aa286eb631a29edeab5ca8d2e0443f1af9d5b2d47542

      SHA512

      d4d2150c1c0ee1db1493a6d86a6b76b8cb96690a1886ebee57ef8976ac471accbe2a06fb595686c8050bdcbf40da8810985b70c97e63804d37572db79137d1f2

      Download Submit

    • /storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal.tmp (deleted)
      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

      Download Submit

    • /storage/emulated/0/baidu/tempdata/conlts.dat
      Filesize

      12B

      MD5

      8d80bc8ea90e9cac010d3ddf97bda5f5

      SHA1

      f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

      SHA256

      f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

      SHA512

      9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

      Download Submit

    • /storage/emulated/0/baidu/tempdata/conlts.dat
      Filesize

      164B

      MD5

      814a311e9de0e467007d33c96d5f2bad

      SHA1

      0c500d71e8689538c2ae8e7689923b32289c4d72

      SHA256

      57b93a8c78c976e2fe4bf1b13d51503ca32e5fe511cc9fcb160edd1814be8246

      SHA512

      7af19b4b89e20ccfdef7ffca472b9f7c7d54a5e615c1d4753a80ac9da2697964c99ae4b35dc43e36f78514bdfab02d2b6a451c76f4b219679ec688348d73ad1d

      Download Submit

    • /storage/emulated/0/baidu/tempdata/lcvif.dat
      Filesize

      96B

      MD5

      318f41e59e1497f107fd94f798af4028

      SHA1

      16825399b5e0a4316b71f71933335898422337de

      SHA256

      0614697bbaffaf6646ca6c9159bec1a8991e1213080ae6f3c3ae41b16d5f71cb

      SHA512

      b86c9c014661e221601aa6a66ab1044efccf938179b8bc8a4750a159324c3a5a197ec0805669c2f3d2ea63a19dce4c1bf7061b979bd9f0ce3ed82ecda962b8da

      Download Submit

    • /storage/emulated/0/baidu/tempdata/lcvif.dat
      Filesize

      96B

      MD5

      73a270394f61ab40f385cf7d25eb259e

      SHA1

      71f9621f51cab5175cb4509e1fa078780d64fddd

      SHA256

      b6d8a5e4440c760d20962f016a6ddc35f8b55e5b6944f8801786432560a04f7f

      SHA512

      1e455633e64fb695ac95a7ef7416c08848e63baa282800df2732fec1822d6ef704822e965274952c5bd2f795736b78e3f9da74e4a95e9efb6356108eabf1666b

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db
      Filesize

      20KB

      MD5

      4f91410747bb2ba7a43ee7b298fc9417

      SHA1

      597e95133bff38aeb4154b8a79aaa0d31ee99fcc

      SHA256

      4e93ae7c16a145783f04d535aad7112b561b401ebbb01cee861aeb67f01984cf

      SHA512

      c13d30e367c948ac6899423954fdb0ec3a47b74bae428e0ebd8c7bd3544f21953d22a1632ce567fa5b7c999004d53add84a7bd0e226c40de41af04ef86a64ca4

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db-journal
      Filesize

      512B

      MD5

      10088777332d9cd448e5ddfbdbb4b0db

      SHA1

      18dd266c3d0a56f265c70541ae7e579d1bd18bc7

      SHA256

      a098426ae7f223129d3475392e89572bfdcd6f1d91e19637ef8e5fe18b660a98

      SHA512

      4768e3860c65453169481fcb0f917ab726d17f462605e0669403f0c3d14154caf7d4e754fcc990f29828d1af37351de0a16e53d760562a7aee508bd4eb899f7c

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db-journal
      Filesize

      8KB

      MD5

      f0f8d7bc8841570bf2bbe35a8522cdbf

      SHA1

      b9c5f057d546dbca47ed52812bd5da225b7034a7

      SHA256

      501bd822c53ef0c4a84d2dae002f6aaba25120fda1a24149c7ae1898ba8c88e7

      SHA512

      cf4a3cbcf0bea5b104c77f96732d45f7b427030ed39de0f5fc0e13ddfc7aae3edf70fae066faa30b63e4e18fc631cd39fa219396718b8524707fe6e3a962a7b4

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db-journal
      Filesize

      8KB

      MD5

      9f71969cdd1b0c8e71d4ba63a845b109

      SHA1

      28d4a5964f4b439ba85f04644dfe9f2698f9614d

      SHA256

      5c73a07337019d3209f1536e205c1965b03aa759b9d137e40fc037beaad07dff

      SHA512

      fd39e5dcd27907ddcb139800c65b197b4ca8a14bf1bb1d61a8a5e1ca4d0355e89e53fd5c2afc8033f36d1cde02ec31a1107c6d003fc084cebe5950864ca5aebd

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db-journal
      Filesize

      8KB

      MD5

      92702069b58f5714fee2de9e35d69042

      SHA1

      d32f5402c7912740a9883bb7f23a6360b429285e

      SHA256

      6a1c7cfa72eb1c0411d0093dccb5ca26eb03c2a2bf37f7f724cfb646fd7506f8

      SHA512

      5d660f6a2136f54757359cc8aca41ecf9de39a9d6dc7687e2f4f5be77ee1adf6f6135cb0f308eb3d99140bbf19495ab2bc10a076c953411be1a4cda15df9dad3

      Download Submit

    • /storage/emulated/0/baidu/tempdata/ls.db-journal
      Filesize

      4KB

      MD5

      0402976bc17eac288372de6b4e0623d1

      SHA1

      89d866b00763b0fb7d62ddeb605075f8c37e3c69

      SHA256

      d142cb505878aac41b9e3cc8a8a584deaeaa9e1235629dd9f8ea48d5add02f04

      SHA512

      e32ba252333e144ba8bd871f747f5759a7058eec9269c0af0691ee0bde6677f96b0911f89d57ed71f118c244348017e868a32900f01c911cd0afc746f7268aa9

      Download Submit

    • /storage/emulated/0/baidu/tempdata/yoh.dat
      Filesize

      24B

      MD5

      a936690571e9104e1922dda4a0ba5bd1

      SHA1

      65f49c57edde2f96be2a1dbdfc3f7351f1e66554

      SHA256

      f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

      SHA512

      3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

      Download Submit

    • /storage/emulated/0/baidu/tempdata/yoh.dat
      Filesize

      24B

      MD5

      1681ffc6e046c7af98c9e6c232a3fe0a

      SHA1

      d3399b7262fb56cb9ed053d68db9291c410839c4

      SHA256

      9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

      SHA512

      11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

      Download Submit