b37622f1fa9196f37d8254ff061ccb327d3757b9a89112f86fc82cdfa92688c8

Analysis

max time kernel
2941443s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b37622f1fa9196f37d8254ff061ccb327d3757b9a89112f86fc82cdfa92688c8.apk
Size

25.9MB
MD5

2437e5a3ee7355848d60b1d524b88b93
SHA1

cf1f2a95834cd409be9c20c8fdf676dc498d82ad
SHA256

b37622f1fa9196f37d8254ff061ccb327d3757b9a89112f86fc82cdfa92688c8
SHA512

56bc7f89c1d0a7378d770c0f50a84a6ce6142f7ecff7873d16bb14e068b3b4a8562b294eecc93cee7880664c5c1bf60f2cbed43d08b07e622c16c1ad4293ad23
SSDEEP

786432:s0B2HCOja4zcNb6HtuPmBI86tnQOTk9WBn/rnJYT:s08HCOONeHtIO9WBn98

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.mag.user.a112
/sys/qemu_trace	com.mag.user.a112
/system/bin/qemu-props	com.mag.user.a112

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.mag.user.a112
/dev/socket/qemud	com.mag.user.a112

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mag.user.a112
Framework API call	javax.crypto.Cipher.doFinal	com.mag.user.a112:pushcore

com.mag.user.a112
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- /system/bin/sh -c getprop
  2⤵
  PID:4343
- getprop
  2⤵
  PID:4343
- getprop ro.build.version.opporom
  2⤵
  PID:4460
- getprop ro.build.version.emui
  2⤵
  PID:4480
- getprop ro.vivo.os.version
  2⤵
  PID:4498
- getprop ro.smartisan.version
  2⤵
  PID:4516
- getprop ro.build.display.id
  2⤵
  PID:4533

com.mag.user.a112:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mag.user.a112/app_crashrecord/1004

Filesize
228B

MD5
2eb3722c411bc543da7e9eb744f43e6d

SHA1
920a953bd84f076fbc7a3d509d58480d60be2b0f

SHA256
dd4c5e3b1ab4460a8b4e00a04ce6a6e3716b68be15c8c1c04af1135fc9e1aeea

SHA512
1df375e59ac7a6168e4a176d6ef62bedcf240ea4a7e8195f45d4ecfa0445937c64084db978e5b437ef59282d1368bd92772c62c432c55a7fb8961ec959955f36

Download Submit
/data/data/com.mag.user.a112/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
20KB

MD5
249e034c9703afc1fd6062371c7f3da8

SHA1
9ca489179488e0fe5a35f7c0d5887f163e4890cd

SHA256
18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a

SHA512
b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
24KB

MD5
8c7f6e3b52e6e841b895bbd13644ed43

SHA1
ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2

SHA256
6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c

SHA512
cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
24KB

MD5
0427d1df139af61c7b78a8fbaa565440

SHA1
084c4a61dd262f64214f06a48bf998647382479a

SHA256
a1585d6dbb44b8be9868ee9a5188e2c7987054ae1b43401386a344117bbf6d49

SHA512
f602f26348dff1eeb9168187ee35eb4d7a92f14ca324796c25aa7c766a86e1173a360af64af2315299a3740c91af230ec4bf2695a706d0db8a934cba1a511ae0

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
24KB

MD5
aab258a2450e5b930a1a9c8df116b425

SHA1
fa9445252a526f2d4ab76656c5c9c98cebf24809

SHA256
7ffdeebe00feb0878bd77a4e022a45603089490206182a84f424fbce9dfcc724

SHA512
a76011eaf58f7ea97509fb462396a218f2cd0ac80d4421f99781c96797c032d164fa905322ef85385f23ef95ac479f3abe16247b05b313d25eb2d3b4a67542b6

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
28KB

MD5
24a229157982615b0802efa37c177951

SHA1
3a4613cc3a231d89cc21a844800f03dc00eb4a0f

SHA256
e9e6a1d2ca296caa6462bb946a0f13ad449dc3c4786fe0839d1210d8624b1800

SHA512
814198b23a27a545195a52275be82542e2c1315a840f36612a61a2cdcdd038db5d746adcb7867eba4e530d7a2f3167e966dfd09c325f0a693cd8f1faedbf38be

Download Submit
/data/data/com.mag.user.a112/databases/.confd

Filesize
32KB

MD5
669098b8676ee52ceda72cca9475a99d

SHA1
8bbad79a9aa392bb235d2f93645e252f6fc06da7

SHA256
30553890a2064153f5f46298386d16221fecc867e65c2352dea6c2015e82289f

SHA512
ad7b1a60953f7cbef04791a0203db84bae5b970c90cde888ec90bd654ac654bec37b96eb743bf5f9dc8929b0efea723f071130013a7f6e0aaf7aa54e35274e8f

Download Submit
/data/data/com.mag.user.a112/databases/.confd-journal

Filesize
512B

MD5
752002079bc1e9ae27e256ffed80ce0d

SHA1
1a8d069b8e81cfd6f6710ca1b8ecf93e82aff8c8

SHA256
ccda72ae9450078d8b6364eb1c49c38e110fe216fc9f997ddd4fb685503e4140

SHA512
e9b0554a70c0b063854b23f52522ecb2486987ef2d52ecfa90dc1729f401bd392002fe66e1a516905fb2de6ff6b51209759b38f8c067198ab977b0e3846dde70

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
36KB

MD5
c561bd98476b1dc40bb2646fa4713fed

SHA1
933a80ca0cfd37a8796040b46403b3e3346f60ee

SHA256
e124d9115cfe7d9640e05c235d4ff07d0dc20522829339a64a222acee8145418

SHA512
77bc014fe840a851f5f0078f0d093685737e70e8397d21bc5785a40ed3a2dacfac8e13b61f5f77f8e09e6cc5180df4c5aa2719329f78a5eeb47880952486e7ac

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
12KB

MD5
36618e0ec4e7924cbf614d45b633df34

SHA1
7ff057be274330eb82a1674dbebc653960853afa

SHA256
949c293e44db74886d01104c1a423fda7be016aa531674774535df67ac44da85

SHA512
b87563f4a3b08d6b3c54e3763fb8ce98e7c30a0be337ae6c5a31fe6dc751b63d8bff8b5b16c4554f8f796236e29244ffb43ab446f24c75509fe79de71df5cd35

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
8KB

MD5
d60d0ef25758eddf9dfbdf31c91c42ae

SHA1
2db98cc494119385d82bf468c390dd1ee464c3fc

SHA256
5a0f77a9af086b1b302154e7a3d24329e883d4334188ca1cf081d8f9b0ff6ec9

SHA512
1b036f8ce9da23ecf7e8504ab2e14477fb5abb7e29606f188e28c7c5471e46f7bc0b4c8242dc0893f42048767aa2d5308caafbce7b5725a1262b2f2923f45ac6

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
8KB

MD5
cf46b8587264e31d195b65d4ac9e35d5

SHA1
d7d472a323170afbeedd021aad262400fe6fdc87

SHA256
263ac8e3dbfdd7f9cd61d7bd7e50b0731f84d96565ad2a6ff2939183beceaa09

SHA512
d857b7c46776c7f1ff413d72b3645bd080edf15190ba1ab6c44668fc997a46268f6b8ccca55b04b9b8f1dd9cdfee17e6e23dadd25cbdeecbceb4b198c4d247bb

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
12KB

MD5
d16651d69a9b59a86a4ea8d7c438aa20

SHA1
f544caad7e20abc5d72dd75d275f7733699b76c2

SHA256
c2ec00ed08070e6ef990f213606715edfd6e8e5389b0e54d33ff82837d6a746c

SHA512
2f1d89d9987bdec8f3d38469a091b4abc04d895a212b453084c5698c209b1e5df83988bf4a87da9c8eb655a1d507ab6d02fc65d570f38bcc3aac533b5049f238

Download Submit
/data/data/com.mag.user.a112/databases/.confd-wal

Filesize
12KB

MD5
c3d1aa8540424d6b2d6b96aa11bc0d16

SHA1
cd896ac5ffd66dfa03c1147bac1c7b32d83e389f

SHA256
a7365d1372782317d60487bdd5ad422422d1decf0922f20b614aeeff1d5221dd

SHA512
b7d80597c3835dd42fdeabac7519d6e5c7f8146686a2e6484cd25fef0e0c6944afc5c37031e3c300c2112a318e21cfdc653f7f4cdb9b4117d274cde58a81bf3a

Download Submit
/data/data/com.mag.user.a112/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mag.user.a112/databases/bugly_db_-journal

Filesize
512B

MD5
4070c410fb623b7f6acb253c65d46828

SHA1
4766369fab32707a7310cd65bb3bb45e2b97012e

SHA256
cfe3f5b9f79ca0cb2e9ca091d28cc32f41708d3364fba2d964a4a1f9dbdf5767

SHA512
946b7d08eb617ec5837b88d149c2d313f0bba19e747deb03c8f663c4d50b0f6ba9fa2d41ec60012217ed3e75e55592aeee55e514d4e45b902c422d9f5c7a07a8

Download Submit
/data/data/com.mag.user.a112/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.mag.user.a112/databases/bugly_db_-wal

Filesize
68KB

MD5
2e6229bc74a55009af799c7c68d2e439

SHA1
59c8b75e64d190166104078b77bd64f87cc91539

SHA256
b37155a91e467503a32b5f5d3b14b09f504fc70b9743660866f94539af58b5c3

SHA512
447e5369d9bde26208d266695002b581c5f0ea4f26183bf14f9d6cf22bbd3d542d2a48bfa85c7886f8d6598fa69248db95ecb1b5238dc5a0ba07230b46df2371

Download Submit
/data/data/com.mag.user.a112/databases/player_database-journal

Filesize
512B

MD5
ebdc324135e31118ec3e49f1693025f9

SHA1
668969d0202d68952f71bbf252dcb26310cb89d0

SHA256
6489befb1984468c8df4550429eada1cc61aff2ff5e548a7d2efaba4de282def

SHA512
32e81aaf3fc68a163b620294bbd5ccea16df766e3fd5301a001931c9114de4108c8a9dc3a21fa76ef1e1792a02c3591ebf74bea4961112c4272c635d0a03edcb

Download Submit
/data/data/com.mag.user.a112/databases/player_database-wal

Filesize
16KB

MD5
fbd80f2b9623127d740f158d09f577a9

SHA1
d97ad2031d97c41cb8156c733ebabbe6e83cfac3

SHA256
8fbd06be9575abd751a6f4ebd7aec0bc110b469ec854d28a422dee88f21977ce

SHA512
1b2111cfd1b9010d5ccbd3bf4d663fd85ca68c18ab7c63df744ec143482165b0db0a7a014a93e36453c25a07c734453cd532140aaf5644cf0cb773b4d1cb90e7

Download Submit
/data/data/com.mag.user.a112/databases/player_database-wal

Filesize
60KB

MD5
ce3d4cc0790c8920dfde3d163c514ee5

SHA1
71e58eee13822866e43e2eaf23a54ff430085bfc

SHA256
8a22536562276fdf95cf9a83a98b3408db27db97124266a9ba7f036fd9a2a4b3

SHA512
c9d41baae9b0675dd75d37e3091e8f287b014515f0cdead4385b133f8e4110055501578831dd78acc72d65fb85f06845e62211ca8378165e4b64c262d8045807

Download Submit
/data/data/com.mag.user.a112/databases/player_database-wal

Filesize
68KB

MD5
8493473d452ff98d2a97d84487e238bc

SHA1
e4817ff52856f08b34a1fb7dc241a07892590ccf

SHA256
d07dfa686a1f8977e24154f3a3a13b74e5387f09ec3bfaa52c2ab8f04b559028

SHA512
15512cc8dd9c55842577c75b4a4f8fbd6e6385b4792b21d01f0d93897aa36c715972e974e663efaf34e2a11319594e977930dade8f396b80c178484228bef20d

Download Submit
/data/data/com.mag.user.a112/files/.mtj_timestamp

Filesize
25B

MD5
963c3c22c8246ccb75e67c8fdcf3a09b

SHA1
fc8a7f23b603aef9841cb52551d6c1af8e9aee96

SHA256
6c72c91d6d0f7ed9bca140f8c894cd404a6dbefc96af22be91589eb941a67776

SHA512
0cdb6f287d91046857ad7a74a4b83ee1779764a61c6bf62c276b2a9b40242b8d317ee491c41cb47a494fc20fe59af8be27b8e6ac6f0eaa3071f9b03e93c81dc4

Download Submit
/data/data/com.mag.user.a112/files/.mtj_timestamp

Filesize
55B

MD5
6c1456f78c5e6df8f22a38b54a612bea

SHA1
e48d4fe89a0fe5a9e1c84a31f8cb0897c27adcba

SHA256
38dda5b3bf478bdc215ae1857f5df4d24e6858f1108df760b38ac8dd150445b1

SHA512
c7973c26a764d7caeb60e19bae985541b857fe0ff3326ba6f0c232758e6db65c7f88602c0932a446bdf64c4b56dabc84cb2838e122832aaa0c671aae3be580e6

Download Submit
/data/data/com.mag.user.a112/files/.mtj_timestamp

Filesize
84B

MD5
332c31b2c27605f6528599e0bf3dc3de

SHA1
efc16a456426688cc0bc5cdb404181c0d93e8657

SHA256
44865416fbdbedd2cb757a42755bd8d53c3549c163fb06f3b8009fb8bceed93a

SHA512
3d59184379c8e84df3b5d855cab70145e839ec102d2f4af141bfb7dd2ddfc005e685cc25dbfeaba48fe115cbb03fa98d34ebc2cf0276f1e3dd49ffd68bcfd777

Download Submit
/data/data/com.mag.user.a112/files/.mtj_timestamp

Filesize
114B

MD5
8c2b2b210699664403f1a8cfb9126a08

SHA1
84b170f2b871368170569690894207221f8ece50

SHA256
08e0a77e0e1f0c4aae0cf7ddefc820b658c154b87725c8c957acf5e21653862a

SHA512
68864f352c5e288341408b5bc7315a3b833f2696285f787496970cbc10a7922510f2fa1e660bc4aaa808494a61aec67fbc969266a8a60a94fc22ce947124bc76

Download Submit
/data/data/com.mag.user.a112/files/.mtj_timestamp

Filesize
138B

MD5
e850086d150aecc5cdd02951e838f38e

SHA1
5a6b70b63035eade17cc21edff4a3f1849052ae6

SHA256
efa2a2b2be564abc06d5b2885f632409adcebe0d262f9350e1ace9f0985e71fa

SHA512
0d42765365c7fcbc6f9d38e8278d70a9f5d2c6b8ce8aa419e5e9d20065c640637683339dba74c0032b6500033659faa5e675e90ad1dd9bff43b849bd8ffa19bf

Download Submit
/data/data/com.mag.user.a112/files/__local_ap_info_cache.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.mag.user.a112/files/__local_last_session.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.mag.user.a112/files/__local_stat_cache.json

Filesize
770B

MD5
e9f462db2a676b1fc5286ab3e789d343

SHA1
51f969de1afc3b9c41e8859a123b8211a9444c18

SHA256
f2ec2d3b01cd51ab9d3bc72f58ed6f9297404d507af1d67f690b0a87be5e49ce

SHA512
6f9b03cb2cd12c4d1c507e5b72e59f5ab7d1100c1b396aa534df0876adf65b07c57053f761f78b5d265ae7a4286146b818eb1e0a3705be70233c1472e72dcc50

Download Submit
/data/data/com.mag.user.a112/files/__send_data_1703748351337

Filesize
958B

MD5
e8e5247c616fb3ceea8763f7712a1f6f

SHA1
eca5b0a7d2ed303a1919c154575d137bc8b912b4

SHA256
5629c4f0bfc4a186f082fd1e3a6198086665621f6fdb375fcdd6463c1bda880f

SHA512
a7c6a2d907332f74acb85def35a35151b59e5ff51aa35ac59b771c38af2b5fd66b3d1ffba2ba4e94dcfa0a7606c8034c3462c799a081f2b4177882f674e78b65

Download Submit
/data/data/com.mag.user.a112/files/jpush_stat_history_pushcore/0781e27c9ff604d1fb4f8d2e/active_user/nowrap/e46ea716-160b-4c79-8932-c5dbb611f497

Filesize
512B

MD5
c31090f8d31bc124eacad8aafc36f8d1

SHA1
b28fcba1d9d6dc9608c16e69d32e8fec1e8e393c

SHA256
3873ac56bfff291a9394577cca49a69d34f6ad216bb6626448fd9e70e590ad09

SHA512
b32be40d0bc5134a3b59fc39e1a18d91144fa7c2697ac8392aa0f7936d6bf50570b63ac0156609e654019b56d0468c2bfbbca3fc9468dd31358ecb565b5d5f6c

Download Submit
/data/data/com.mag.user.a112/files/jpush_stat_history_pushcore/0781e27c9ff604d1fb4f8d2e/normal/nowrap/98d5891f-dd3a-41a4-bf04-2b2bce1ceb18

Filesize
4KB

MD5
67770f5513fc78b3dfe06104c01de204

SHA1
c02ae01e81b85087af512792099b63a1dae0951f

SHA256
c34e365c2e3b20bf098d82fd84151ec2c154c47e1df93549fe4983739440f41c

SHA512
7fe7e691b0e21481f285a632606daf46d344254a18656aeb31683220767c91a50c32dc122c69a5f91d086d1bbe7e9b20eb1fb6b1aaefe2a2eb8e591267413a87

Download Submit
/data/data/com.mag.user.a112/files/libcuid.so

Filesize
109B

MD5
5c844f9404f5ff2452e043ebf1c5e29e

SHA1
873ce167471a88f1b627e1203f8324f1d3a4d6f4

SHA256
f922f3ec431994eb3a3345901c7b98d2b363f1c09009f63e05171521fddc38f9

SHA512
078dc684e10337db50d276704bff40ab6015f899c5bc68f500c2a2000937b3aa042a76cbb4c8cd0083ede859a7e9a8f459a62229c30aa829542889ffcc01c016

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
0c74b8bc21bb2ec50ac242fff5f95173

SHA1
2ddddbd8c05b904a766e1b7673f6469ee2e4c113

SHA256
1ef9d2108fdfd8a71092fc8cce83ee238ad7c6c9d215aca108f267bd6fa33ee3

SHA512
0886c0ee2505e749913be82f0a9fcf664ee8b620644ac46f56aa9bb1c7186eab61276e0553f08fcb2c0bc86bc2aa490d4b96cdf95469dcb5b1b213617ae3a32e

Download Submit