b1128285fb07db8666fbd5465c02e68dbe372e1650f1043a317f176bddac04d8

Analysis

max time kernel
2935484s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1128285fb07db8666fbd5465c02e68dbe372e1650f1043a317f176bddac04d8.apk
Size

31.0MB
MD5

6174eaadc858b09c70513387cdd35fbb
SHA1

2fc5320f901a7ae7cac2c2d9cfb2d0103709d91a
SHA256

b1128285fb07db8666fbd5465c02e68dbe372e1650f1043a317f176bddac04d8
SHA512

83da6f0a34c7244f188b06e7f0f315a891f6ec605328b5624ca228ede6cf53f87242aa9003d7297f1e539ac4e092dc1a25f6ce40638fbf04d3137846d8bb3983
SSDEEP

786432:iOaN74d0NAjNf0R1LqTo1IlpMq+frGOfoCaJwq:VaV4dwmNfG1LqBlOqORPq

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.a365691287.zfy

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.a365691287.zfy
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.a365691287.zfy

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.a365691287.zfy:remote
Framework API call	javax.crypto.Cipher.doFinal	com.a365691287.zfy

com.a365691287.zfy
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263

com.a365691287.zfy:remote
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4303

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.a365691287.zfy/databases/hmdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.a365691287.zfy/databases/hmdb-journal

Filesize
512B

MD5
9417ef56ade6275ba6a8de1af33fbf52

SHA1
e5c08be85bc1e4f981aa5bed3fbdae8ce0a2a1d0

SHA256
9a45bfd4ec83d4afa483bb1803bea8f520249d071ada34281b47844cfdb75445

SHA512
d11feb6ed7ff5f16d8f220940635ab97937450e30aeddf63e97b191410907c8675e1cce2abf9e3d127c8802eaf3f1426f34fb73c39e7d3ba11e2c84f5bc05c2c

Download Submit
/data/data/com.a365691287.zfy/databases/hmdb-wal

Filesize
16KB

MD5
09279da3afa5a65bb9abab083208dfe7

SHA1
6ea0aea90996fd5c0e5686c7f9874a8df43f8b09

SHA256
20a3a589ab169d68ff96a58173277cadeb855daa744e819901c793b7f2b0bf52

SHA512
e6c3be27851ee241f2d7280aef83aef25ffd5c3a549f86380511d4f541b6b84aa92c379c183b3d13abe545a1359adb4d6f9d7636cbb6e7ac28bacac6c71fde1d

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db

Filesize
20KB

MD5
9984aa01eb1b986df073a937a672a352

SHA1
379efb11b66d2009ce3f4871fd83558515b83f9a

SHA256
ab7053e5a386b1865e40aa9f90edb6076b7f9a2f503a2f70b390215cfb15aef2

SHA512
329fc6ed7735d0d69cdf5e28d9218c4fa2fa6b59f6bde595ee43fead26fdf9a073f6cac06c7f77fa11c11cdcbe03379759c1179cd9b62b0cb4c3df0663bc4804

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db

Filesize
20KB

MD5
46a9153b5a79a932512ce0edf7c02697

SHA1
e404610bf83d2862ee01a3194317f37adff02c8a

SHA256
eb7d5c19fe52cbe11171a4b9de16fa4e9a7284e197a7a5288b4ab4468e67d1f7

SHA512
1f519bb6268f839d7a61e8c87ea7c1c441e4cb870a81bd1e8e5cf99d288dcdd7e3c4fc84b6c7a8e91e46ea0ced47c84c46da7e4ac823f5a743ef82c049ce0d57

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db

Filesize
36KB

MD5
a7b5debf648af8527d38065f285c6754

SHA1
ad8513c878ca1483a2472c7f8dfc8a416418517e

SHA256
0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5

SHA512
c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db-journal

Filesize
512B

MD5
668a68762d2cee67dcf61a52b61bc672

SHA1
885402cff999f5c2ac9e50445e9e725b28354e1b

SHA256
243192d000cbeb818c6cd7e0135b5c71e9c9bd53abd3aa3d32d5574983dfd530

SHA512
0a9871e55c32ea2faa5b2f2235c6b9ac6966d9b9b95bdb0dfda656a481394f0c9b6ae513c6a0a830e694f7fa64ba8bc9a42e0c21cd2f3effb0b4c960d5e9869a

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db-wal

Filesize
48KB

MD5
d7bb1c0f4658ec33ecf019380d67e98c

SHA1
ea527b093d0f5b81ccd78c245030580a12ce49c7

SHA256
38e712cb142e62f1d9080a05bda8e8fea9c7dce0f66d64fcb799d4837b8fdfa2

SHA512
c07dd228d260adddef32b69ac0e054555bc29ab7e95f93e8e9c0d40c5e7c6d78b6125b1f16dd56585f052918173fadb099146d9d47d9e48f88d3217f00a4c20a

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db-wal

Filesize
8KB

MD5
cb38a4d716c3ec4aee5bd92af5e53a0c

SHA1
6e29bf8bf87318d2a6c20471e434889e088d6edc

SHA256
955409c1ee1abfb2d8066d13ccc65b0c4d696c09403b7730fde42c413ec607a6

SHA512
0557847dc060cdd8146c2b71f538cf4581f4d8f25d41db3fb650accc5b0e85e9609156e23666d47ec2b0a02b7926be69e9c245f198f35852cdc33d8e46e1d68d

Download Submit
/data/data/com.a365691287.zfy/databases/logdb.db-wal

Filesize
8KB

MD5
25192ddc68f285569585be45bf0d8dd5

SHA1
a8f031a3082b63a21edebe58839774ccad0589df

SHA256
bde4ee6d3471bb098358c340e6e9a54001e4cc31667d60d1cd71350823e6d469

SHA512
8959a430a57de576b4a687b94b4d95d0db7ff21899f7fe4720c10244b83b362c695cc8536b72337d7a00618c195ab72a20b7acbde64539c4e1f86c7add6292b1

Download Submit
/data/data/com.a365691287.zfy/files/a/b/302ba74a656c04e34a61632854136ab2.0.tmp

Filesize
567B

MD5
57d9ef4ca962135079a69222cc2ae4b2

SHA1
4ab33cc94d88880b5c402f9e6cbbec5c213b4a50

SHA256
e7498393756be37d2418bbd29c9f38dc546a2b4914747a00e8ca6f5a4e5793b7

SHA512
e00c9bfd9526f4e64efa37c3be0ed1ca138426c8ebb66dc37ac82fd024bc3f9bdeb53ea9b2ace1da382ea90eb997209d4c58a3cadc5abdf11a110d5670fb1d8d

Download Submit
/data/data/com.a365691287.zfy/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

Filesize
567B

MD5
c218bb16ce8bac00def1f643514a8db6

SHA1
c4052417f5069d944ffe2801971f072e76551056

SHA256
90c750e85f7a492c668bbdfc92a82cfdf8889832a4d7c9f023656c6afd60ab44

SHA512
00d8c02b43582d947f44dbee9676955578033beccc72685aeb2542f0268e426d1b29c2855fddb4bd29674e2bb5a57a52586012cba368ec56b6f4ae110cd27f4d

Download Submit
/data/data/com.a365691287.zfy/files/a/b/5ad6cdbb45b4a14283563bba26a5e0b7.0.tmp

Filesize
567B

MD5
3965a4c6ddf097a2c9fc4ddf7022e346

SHA1
d3530e8ce53f48146bb1e42069cf65155668dc51

SHA256
3299fb08e6a5229644e8d82e3da9f8d92736929298ad0cb772b053d114f2038b

SHA512
a0eca8577ba6ff372fcd69c4572ab1ae37bd1e2529bd6b57a430b913f2dcd22d742ef773064c2cd3b8b0c7fca7dc9cf81653651bc7b128f0225fae80e88e19a9

Download Submit
/data/data/com.a365691287.zfy/files/a/b/journal

Filesize
195B

MD5
71f6d92ab0c026c080b146fd16205b3e

SHA1
860ef123417c3005d31e8ec22e7e3ec70e07e132

SHA256
a8eb1409fac1aa8351b7b137f30d664099b47db7318f65cec4c9793bdedbc304

SHA512
5685625ceda7a46a35859bcc863fea11687d586dd197dd70cfacafbc9f898a2d50822056ca40e43f8a4063e028f8ea2a6455fb62bd9d3d834bff06c81ff5f3d4

Download Submit
/data/data/com.a365691287.zfy/files/a/b/journal

Filesize
39B

MD5
82cf23becd87275fc2ab982fb9c048b1

SHA1
9daee40416aeb7f896df7135fadb0062f03fb98e

SHA256
5afe1e034fd1905d6db47e709127c410af19d4ffd2b438faa0239e935b7c48c4

SHA512
5ce60d6b38480246bb4d7062ad85e07b5381dddcc6fbd26b7501dd3164b05fb4124870e6a6e6097391315468bd9815b17af21995f126b0372af870217cd16413

Download Submit
/data/data/com.a365691287.zfy/files/a/b/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.a365691287.zfy/files/a/e/journal

Filesize
21B

MD5
c135cace2f7c85eecb84860ce2165844

SHA1
568a27ff9e87f11dd01cd311d14d3925ed994069

SHA256
7fc386610292a5136e261cf87e2de8d5ed8c84880e2a9adbb4527629ba4d5de7

SHA512
a8e863a347a2485812baa7174e63eee7f504640f55f9959fe4bd8d0df5717ae4a0b6a2920cf5991eb0534d920f00d69a5d9fb5f9d6145c063e730d92a920049d

Download Submit
/data/data/com.a365691287.zfy/files/a/k.store

Filesize
32B

MD5
c0f7510fd575951fd9f99c415d42c2cc

SHA1
622721b3fbf4f77e4a05668f3bbe4067df6267af

SHA256
6c21e536f8ce74218a2211234c8b39a366bb8d8594bc8bd784431d7d6d1c253a

SHA512
e6d37d814b7ca31033e8c8f0f7910374126832e087fd32fae20d6739a94b4c7abb443fba7bda538806978db8e0f8c453ddbf7d6e26a645582a5fb0fd51714307

Download Submit
/data/data/com.a365691287.zfy/files/jpush_stat_history/active_user/nowrap/f8f33b48-ad6f-4317-9b8f-f36bbe5c8c02

Filesize
159B

MD5
f1d6310db1bcb28ef2c644469b2202e1

SHA1
aa03d905e18ff10b30fb8ac0a3ee3af3f6bc6de2

SHA256
104ee6f0f93b8fd258929d770406a85d1995c0ef9bbbcc9bdf0f4c9a59361a06

SHA512
8311b2d609a91e333f357c9dde7ba33bc224314245059063e96da39b6df56965aa8465b5d4edc5c419f947c5ea97b3d47189f8e6a3dc95348b13e8ceead11319

Download Submit
/data/data/com.a365691287.zfy/files/jpush_stat_history_remote/normal/nowrap/a1b965d5-d951-46b1-a944-68de30354405

Filesize
202B

MD5
79bb6d90af4bb095c90c4472ca3e0d38

SHA1
5cead34587b0413c4f5a1fd3f90166e103bd0d4b

SHA256
d28ba0dcf988c2f10c0f59e2482b9485fe7aa33f111baddae3a678d6ff8915bf

SHA512
e5f559b5d0ea0aa81b907ad6b22b6c9ad146ac1effda8a5056cef55de9a71baa0f5ef27ffe75a8516e440cfaddf2ac5adcb87d4ac3951c5e2f2807027026e682

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

Filesize
20KB

MD5
731fba9d21f23915576ea5dc2ea3ffb8

SHA1
d1fdbc209db8b71d1b4e5341e75b8cc88647146a

SHA256
87510194f38897a04cd1f80bd6fffc3344fa8ef21baa61de020a2e790a7268ab

SHA512
b643177cf3a30543342d3a521a2dcfce70df4ec450b040e2b61d8692bbed4b3cde2f9f304cbf496869b89455e3cc6a501e8ff720edbdf0f6898e6a5f31fec25d

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

Filesize
512B

MD5
dbe6f7bf8b0b18171e2841a45e35fc25

SHA1
bff54e311705894376f491150a89ee829d5bbdb9

SHA256
f8ee85398c1a4d494ab15e5c2930e8552526967448fcf1a81b82a97b5259ce15

SHA512
3c5ec78b8dac9141ae74a3066528b90481549b236c285ba9c2a4b5ab101969884e7cd03d18d12b9ae82179fd0b3ca5c568c1078020d5f681080d5ea1fad511d0

Download Submit
/storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-wal

Filesize
32KB

MD5
26eeb8b4164dc948d45871602696a670

SHA1
8da0c7344fb54a633486a184516c1af747a73c43

SHA256
e74ba19c04d9b330264c4a962844b460575791a9a9f36b60ce94b2365468608f

SHA512
9d5f9c51d524b4e5304c628ceb527d6156545e2d9971c025178a1c3c9517c2c330d89de1f375ea69aa3270efbbb04f403122193c5b4466f6d76b64ce32f6149d

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
1886383a3e1508d75e6d6c3b29eef6bb

SHA1
43552dc6b71b852dd6749678c495c1333a25b5d1

SHA256
0a0f3c8a39448240f4ec5037ace9b1fe6c09ada667f4218d015c93645624268a

SHA512
9c96fd69dbd69743b4aff81cb8a1d1ca81c657b4f52dfeaaa4e81c60bef5b0b9f76e21c1e6d0694056b6ee05fb80fe67fadc2922b4b5869ff2975fdb184e76a1

Download Submit