afa82c6d0aa8ee8d3b10249b738876556526aa29c640279a58b0c6557415b05f

Analysis

max time kernel
2931901s
max time network
141s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afa82c6d0aa8ee8d3b10249b738876556526aa29c640279a58b0c6557415b05f.apk
Size

9.5MB
MD5

138cb475fd2cf3b5d6e465218ee77263
SHA1

1bca27c77653c5c4559411d49120c39414a5b91f
SHA256

afa82c6d0aa8ee8d3b10249b738876556526aa29c640279a58b0c6557415b05f
SHA512

c5a19543eeaf93b10aab984fb9958f8868d4b083ec842b4bbd3fe3f55b38feb423cb55052357789c14d3721729ef1f61483e3d5e3677b67d5b5c98bef8448211
SSDEEP

196608:5QT+d6JVPVgZkHZIUbLrOiDXsb/hahNZJpu0w6Xt:5U+4PeCHnSiDuIvE6d

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar	4276	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tsingda.agent/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar	4250	com.tsingda.agent

Reads information about phone network operator.
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tsingda.agent

com.tsingda.agent
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4250
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tsingda.agent/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tsingda.agent/app_push_lib/plugin-deploy.jar

Filesize
214KB

MD5
394bd5d7d2d595c19a27fa95959efc23

SHA1
1c19442c8f05af69d8cb01b4c0836dc836c66b8f

SHA256
af090825241b7b0c0fab2f6fb72601204fafab385076d3a54c00711a52784e27

SHA512
ef9b2484f0e02c6d53ce76b4daf0182406fe72674bf051abdfd8f5148805342c5468a48d92eba5ebee3172cb546907a09b9e731f6b60e762394514f8e56aef82

Download Submit
/data/data/com.tsingda.agent/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
a26e6353e7f666766a37bf1454cdbc64

SHA1
28289502c5514f908ac6a976dd8f5cf4394f79bf

SHA256
9730af348d9c0d7b366e8eaef67b03f88762424539026f5018db2283fefac855

SHA512
f1a5f41fe956a591934cf36907483b85bb105b3f557da67791c12cd81c99632c39d7bc740007f91b1b6b3336b4766304cf02c0742f3f4ed0aa89ffc475ec1f98

Download Submit
/data/data/com.tsingda.agent/databases/agent.db

Filesize
3KB

MD5
9f455f5ec5acd900e3f7c5ccf43d9861

SHA1
fed771c21daa0573de84e3ecb17ad46a54f3cb1f

SHA256
8213430ff990c507f75738931bdafa08c4057142aa8eb9d4c990ec6391b5ff01

SHA512
5306528fd4ac9d279464dc1d1d872cab0686659e4db3f9a1366dabca81a8b1af0ef605f324b9ebb4361750691c6a8d8784ee4424b6a1bf56b9dd2d620ea6eb72

Download Submit
/data/data/com.tsingda.agent/databases/agent.db-journal

Filesize
512B

MD5
f1a473873798447b887acda3e2dcc217

SHA1
441bd20b9e4c060c26a815246243a24b80ea804d

SHA256
6ca15f74c486a623786b84b6427cea337438ff0226a7733b4cd5164dc93cbbd2

SHA512
124709ff1041af602cfd41202f56db00c2faab59ced35e88437e59006f87e5d825099a7f78ee7da00275ff37cb6a340f3762a4b549310a47538f8b32d1cc93d8

Download Submit
/data/data/com.tsingda.agent/files/.um/um_cache_1703738950219.env

Filesize
575B

MD5
1bd9718b33ec7e02b3f19f021c7aacec

SHA1
f857ccbcc4e74c6363430eb619c0de6c8c32c7d2

SHA256
6b2c0c01a8cec190e6ac4e88e212d0a59f65a43023c9fae603acb3934ea1cd4f

SHA512
c6004b8759d9921a24c4667f718fe10cf91498ecdccce85818232eff7a0a69419aa582bea283cd4a0408d42431d47c4b6b5cb0aaa4866a785952021a994a0733

Download Submit
/data/data/com.tsingda.agent/files/umeng_it.cache

Filesize
310B

MD5
c7c75558cba5c11febea7dfa10bae298

SHA1
1de5022af9d6af0b9e744251433fc2e28b1f3120

SHA256
d72ebef7987ea59dda840da871d85ef5dd52e1235ddb34498587f02f4cf79656

SHA512
9a734d1211392b040e3a5d647c42f3c4fcd629918c85889e52ba5d81ac5bc940ba2c5b5decd6944c6c20a1694e3e4f1e030ae7d04255425af683c3b12a424394

Download Submit
/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar

Filesize
533KB

MD5
8baab4affef1f7aa4c9b43f59205b5df

SHA1
14aee85b8f086144be31c2e05266b9e0ed7630d7

SHA256
27da44e5bb58606ac446196d8aea16a0bae93252064fac017f91646efe6dafdc

SHA512
0668400ccdb91a42eb10b1ecaeb1821934aca9598812b0f9c7247b1196c2408edc520c4fab7fb967d185a275bb10b7aef1bc4040c70e4e26445609204ab5f350

Download Submit
/data/user/0/com.tsingda.agent/app_push_lib/plugin-deploy.jar

Filesize
533KB

MD5
cdfdbe1021a6269c6c5d5753d8f91f06

SHA1
173bfd5a9fc6681eceeccccd73460076f94906c1

SHA256
3923d4f2b26e4969819e2c791605959ae7394b91ccafdff76dd765b2d61a8f18

SHA512
b80bf59fdb2a19fbfbd53325a86d71df0912ce4e7c86b59813528b863c500f816cb7b7ffcb52881cba3475b0ebe3565ebb8864c59b507f214dcefd833ccf807e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads