b33f1618b22380b4df70bc948e753c59dc47ad84b94f75d72a01ba01c6d7d047

Analysis

max time kernel
2940230s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b33f1618b22380b4df70bc948e753c59dc47ad84b94f75d72a01ba01c6d7d047.apk
Size

7.7MB
MD5

12f0bbaeac1466d6a90020692c12fe81
SHA1

bcc2780ef498efb47b0f5126f12ff10cddbe5ac7
SHA256

b33f1618b22380b4df70bc948e753c59dc47ad84b94f75d72a01ba01c6d7d047
SHA512

e925e7ea9ecc91f3971657f87632cac64df0ddb2a441c2c7e324369f6df575ea055720f7dd353def92d765493edba13c5b29a6f3c3e67ec17face7f1ca4c33c3
SSDEEP

196608:M8LyKr0TnGyAAC5j5JcFeWPDZHR8dpGbM:nqLAAkcEWFHR8fGbM

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.deesha.sh:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.deesha.sh:remote
Framework API call	javax.crypto.Cipher.doFinal	com.deesha.sh

com.deesha.sh
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4471

com.deesha.sh:remote
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4555

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.deesha.sh/databases/sharesdk.db-journal

Filesize
512B

MD5
e88fd1d09bd76b764382c81833013e93

SHA1
04704406ef66e23e051b304e8b7e211498930cf9

SHA256
82b6f024a9a0d4b01978181d2ac9dea13979c0c302a929c6abd6c30581a181e0

SHA512
b46b5b6525163d01a43aaeb4f842c3770207deb308883bb183a96467ce9b5f339fb03110479d4d358feacc92993dd9634160e8eaaf99bfbf15b4231e16fa2a09

Download Submit
/data/data/com.deesha.sh/databases/sharesdk.db-shm

Filesize
150B

MD5
1047b88fdf187efd14d997ebd5bdaf53

SHA1
769c13c3bd1f72a51038dead4dbbf888c17774d5

SHA256
096aba247f417e1c80030d543a3b80cf65ecdc76f5e896141d30dad72d985215

SHA512
9cebb7548599a11f5475159b4e09de155b92fb0d25363191ca43763a577541ed6a2f387c6509804837f25bbc7380b7ecedfdcf01a2cad67a7ac29e0f680b218d

Download Submit
/data/data/com.deesha.sh/databases/sharesdk.db-wal

Filesize
32KB

MD5
12644cea9280801f398c93da4c3bae79

SHA1
d4dc5b4a93338c5cb20ae59d8cd5a9913148b2da

SHA256
5b85bbce0550f41aeda4ec64e29b049005e3984f771cda5836c2f382d062cb7b

SHA512
8db187b0f312f3a2ec2dbcb5d7c52d238e85f6e1fcf12dd4a74232dad23256136ece67f4634880c3a2c2cb56e2cd85ffef0a49d21b5b02feb44b505b98c43b77

Download Submit
/data/data/com.deesha.sh/files/mobclick_agent_sealed_com.deesha.sh

Filesize
32KB

MD5
69ab931d7a5b68a35ccef5a1b675157d

SHA1
df41382262ce59d65ce119aa09a27386f6a2ae4e

SHA256
2614b58ae072296bb72d5d882416a91e5e9923b5a1969e831a48f2741a87d6cf

SHA512
ec3a9ccea2f814905471eb958de290ff37645bfb8218fe15ce405559a6a469b431be7ee73eb864d75059675bac94413325ca273dc1cfc46122189df0d19fad1c

Download Submit
/data/data/com.deesha.sh/files/umeng_it.cache

Filesize
211B

MD5
3982bc8f0104f47181c957890b5e2824

SHA1
18a88695e7ff74f4e29d52878deb3621e9af612b

SHA256
24ce1fb9f8bd9444b154c8d000cefd0206509e53c82d3eb8a096ec553bd1eb1c

SHA512
0dadfc86413b3adbe4eb336274d91801cc458ff1cedf49ab13f5788ae6ad6405a28e9ca28a82f0ac96a3fb0cb1215afae558e3b34635a5d74eae9cd68aeec090

Download Submit
/storage/emulated/0/Android/data/com.deesha.sh/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
c9383021bd97affc44be4db7018c4d7b

SHA1
7e680409d1c86e35149bebc22f2cf8c484f0d23e

SHA256
b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

SHA512
7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
41b175faee3bc732eb85d4fd3b707469

SHA1
913e3defa7c3eb88514914113ee8a5eea184cf5f

SHA256
0ff4ecb20694fdda3e85580b3cde9525843eb8d4d7a2d3619034b66653085b1c

SHA512
772bc6c03470bc519521fa3585fa1eb9de86050f04e0009ca468bf043d9ebdb5c9f9fdd8f2da8103d0dd5d652ea84a5a99847786ed50ad5b0523c9e7f14422bb

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
150B

MD5
12e9a69078e0ef3a6560198f38143a99

SHA1
9f12ca1b34e508f0c929edb74b97f33c74ad540a

SHA256
e4c0f59ba0e97e0a7a846fa5744c5330a4ff649696a731f8f53f61070dd600da

SHA512
a5d5d1bb8a7bbb6c14d50a1a5d657869cb2916b6ac9b37ead6e52c31ba07087f647f2bc19d470d8ac0b29b41175f40a24608422994798b928a44dedaac16bb65

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
26185cf33ac4488743541d4f568772ec

SHA1
7fd80ab6c06ee55111c1af2e03e3e6a67634afd2

SHA256
4b4a5baafe35a248fe013b4b08ea890892d448d2616fefd8afdd9a91d7fc57d9

SHA512
425f5a46dcb199c3f6298685d0a5756a78a4089d1d57c7bd836bdbc9b7ece0f09a8b91b4ea4c40d6c561a42826d7e5308af5cd6ae94caea4f280747400afc038

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
ee6f272153d21187343da0ef91875feb

SHA1
5d37d231068edcd43b49dac4fbe0bd70b8dfc7ad

SHA256
eeed3bff9ba6353fd225f4fd905a84b5340c18118373255ffa4d443b09e4c937

SHA512
0145a8d086f38a37ca8780b4eeb27e050028ffb2c6f331b3aa5ec42cad08b5cdf8c857300ecaa09d308543af1f1530c5686b9b84d8a2266de2aabc6e529a44af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads