b9bf4cb9cd2c2b20dd3cb48d20d89cdad443f7a5cb741950ce9dc43eeb153897

Analysis

max time kernel
2955413s
max time network
139s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9bf4cb9cd2c2b20dd3cb48d20d89cdad443f7a5cb741950ce9dc43eeb153897.apk
Size

11.0MB
MD5

d7aef05a31824be0dd51d723b44985b8
SHA1

8d8ebf646b22232ae8f6ebc0de3ad6495c63604c
SHA256

b9bf4cb9cd2c2b20dd3cb48d20d89cdad443f7a5cb741950ce9dc43eeb153897
SHA512

517bbea4e5a4ed48e5ffc1d94edffb1877f2bee05ad29569f141323f3832e7f5135fc2c869f3f8d44e9933e13a2ee77b14082d074984ef21c76aa33a4eddba46
SSDEEP

196608:1KhAMGdd/c2wD14ZnxZcPEtMtSLnC0FYhzABolc+kQeZ4W2Zid7feJPTIEjv10r:oXGPs4ZnkPwMtbiD1vP2CWdTIEx0r

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.tieniu.lezhuan
/system/lib/libc_malloc_debug_qemu.so	com.tieniu.lezhuan
/sys/qemu_trace	com.tieniu.lezhuan

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.tieniu.lezhuan
/dev/qemu_pipe	com.tieniu.lezhuan

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tieniu.lezhuan

com.tieniu.lezhuan
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4260
- /system/bin/sh -c getprop
  2⤵
  PID:4315
- getprop
  2⤵
  PID:4315

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
228B

MD5
d9815955c5b568b1544b3ab31fbd0baa

SHA1
466f7e7d9c3cc402e77f751bd97b9c7771a0be80

SHA256
69e6cdbe2e53460cc197ddcf42b4343e36c26606e7530bb05ccabad669a33354

SHA512
12be531b898f5c12faef94bb3040a01be0e8767eb6cc4ff1d291db1db17b33152b5d6c4b4c8604a85df50d1b366a037b36e160820de053afe57e87f6179282e4

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
16KB

MD5
bc75ab44910d2f8ca420e72e82ee0a0c

SHA1
6745bdf249745d5fb9ad178ca90e414d6dac54d5

SHA256
63e2932a216a8bf550c0cb41e73a1b4ca294b9d9b0445d07e37dacac5893a276

SHA512
e0e150b048756b640128891597226aa7c12e979d3a5741038bb146f7f608dee9c7ce5fdd55549b81ead151971df03230ae72fd185d5171dcfcf1db9c8bdd24e8

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db

Filesize
16KB

MD5
091372a902a347549315ebe031cf9deb

SHA1
f64636c25b8537eda5c90960a4d9f9bc7e7989e5

SHA256
5b88b73d014e136ab35b68d7fc0ed769a615e3ffc7d55367a5284dd70b329322

SHA512
7930502d74b7239fba2f0d2b02cd7ae309293a04d1bd25ded01e669d2665af51404910f091bb16da12f1698d04a2eb49067c0999150e7714bc636bcfbb8b2305

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-journal

Filesize
512B

MD5
396407ee6e503f8f682326505d98e369

SHA1
73d1688afb2dcbe7d5b9ac3107d911f19e98b1b7

SHA256
ffea182b602f29ae75ff4728dc64cf8d64cccb72fb4e00e147077f39f838618c

SHA512
44282862a41251bb1fc938aa12b6bf60d8e01063c20027aaa4b12c5d88c9aebdd27236a63124734adb693c13976ccd441e034e27ee0abf9b4d5d8139bb6ee258

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
16KB

MD5
bcfecec131517028cdb8af90bd957b74

SHA1
5872dfd8ea5b0b5b2605700c24cd2f2b783e9fdb

SHA256
316d6bb25cf685f7518304d6c0032b364375927bc0640836462a3b53bb0927ee

SHA512
a07aa6f21c48e04a1dde76ae9364f7a0bae6f3e7f61a2b9339b0c400e67fe1247e523b1c530cf5f525d064c5de1a2bc64d9c598b0dd96697428fc0933ccf343f

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
8KB

MD5
8fa5c41bb76f171c202f74dee976ee39

SHA1
b4c536fe9e5eb97ebba42060d1f8e3a7e691247b

SHA256
67860df22c141cb0a73f9d8bdddd457b0d84d83a1b38f70f6d39490fdd4c9d88

SHA512
fad70e6f2b6bb3afdcb91da9f25e603134943edd9df7fe295c52bd012b6cdcec1e1a3117484dbe5c3f3f9ec0889070f3b15f641f1910cf08f7c00d6b8e54aa0f

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
4KB

MD5
1fa0cc8484d12ba78a32e6d05cf30330

SHA1
739b74e8b580f18a45c4a95f8533843a7a41b154

SHA256
b5ea0af38766fa028edf4d34cfabe1b4d1150ba17ce959be6527b26dae264abf

SHA512
0e081eb598aea4f703db7ddcf4676513d83ff6673693fc39297e301338dd3e1171326ec2319fd91adbe7cbc68501bf64836cb034e94ad389b6605978704771e3

Download Submit
/data/data/com.tieniu.lezhuan/databases/.ua/ua.db-wal

Filesize
4KB

MD5
2da1670b46d079087aa1a3cb5b25498c

SHA1
d7f0cb817d3ee9ec549cc9793854727bf86b2008

SHA256
b3f4ad082140b5362bbebe36176e79e14bc47163deafc21c8dbfad5beeebb9f1

SHA512
333899012a95ce3a3effac759ea5f5dcffd5fd5167e9ba7587b30e3403c637f921b035820113ebb536fe659af0242aed6dda2e0f346af5eefcfdd355ab54fa39

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
512B

MD5
151d86ec5a83a5ad82d55d76cb3fe598

SHA1
f93d6596d6757968b1e09611c7fdf1ed49308946

SHA256
62d790091c6a41a574f60af268991078d9b000c9bac5bde8e7ba2fcecbc12c70

SHA512
fc0d86b37fba3eea93f1d63be2cc7f975d13366d08020342bb0a3573435fa96d604818c2173b79da2fb46aa157cd6dfd24a253719aa1f2d657f1195972fd968a

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-wal

Filesize
68KB

MD5
113fe32b69c9c5e116539a5000db3fd1

SHA1
04d431fc0ea316647f7c3bff2bd412170a057d44

SHA256
e387c961663e92a729b18720bfcf50400925c2fff4f8103ce1b3891ef59264ce

SHA512
b76734ccce0f4181c5785d275c2cd718cb8f67ea77c28a4030e6afd0f95a02a53c4a003b02f341c3965180e6a8007b1d3c48eb09d8f11e769fc75af00b1a1a62

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-journal

Filesize
512B

MD5
fe35d937abd0afa2d35d3e827fa0e6d0

SHA1
890b38df9da283aeeff8f3d264346cd853b545f2

SHA256
f5174ca257034cc42bfadc912dcf6247e2369e157104c01b3519a9a9dad2a09c

SHA512
47255c96e29569e2a1cca0d32ee413e17a082578e21dec3fceee38ed2d3de8b2c7f8805fc802caf5d942f56cd460a26ac0359dde12a906dc0f32db29207d35e2

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

Filesize
48KB

MD5
8502055b5d5df72b98521b076d9f9955

SHA1
df9fc59e969df248c338393c2b29e29b566a1ba0

SHA256
cff3f10f441e4322e289483d62d64a2e4a6c9f89fe71f34406afa46dd78e760e

SHA512
6dcd64a58358a261c1d48a8b0c0936a978b6fbee27c6bf61435da2a8d2363ac819e8d67632c8dcba77fb27a86496019cce30f2ad7d605ae44c25d100309856b6

Download Submit
/data/data/com.tieniu.lezhuan/databases/cc/cc.db-wal

Filesize
16KB

MD5
d84d3a79604d96cda17422ff1fc92d8c

SHA1
fce4b37d0f0b4a622b58cec6c23812c95c088058

SHA256
e96a44c142702331d3ccd2ede1208cfc93054728dec6c0dff5cf8eec2c58f948

SHA512
ce54f7ec34f3b6af8d6e5d72361473c842ccddf0b828f3c6e4ce324226a2f20a7258a2a78c99984a5d379d622bbd0c6133d9ed9c8ede248365da51c6da075d91

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
512B

MD5
27e0c9a619b1662b778afbea40ad995d

SHA1
36b90e7cfa56a830f242a28692ab4d137b96858e

SHA256
d8418284a2a09277140a145f3dd5cbed9524aedf38a233dcdfd6bcfbe1bd8efc

SHA512
12469e54ec545bd1181e8b7926641b568dd77789dfb8a3ba06cc1382d69ee703c6e6ec2a7118e83331060a5bea96a6cfbab5c9614a743ecce0bc5c1e83d04e3c

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-wal

Filesize
16KB

MD5
e1c34bd0dae2bda006d092ca856bcd81

SHA1
e3404c409ed6260fe49bf068d3eed292ee1fa27f

SHA256
432dffb982be97063d1a77e69b925c19dc89586166b45f6dee143133833fdf70

SHA512
f03453eb6b91428fdc61e037aed7fc58ab62c590c79017b9ea16af1ae48fd41e1185adfe4f9faba6d7cc9ca52515e56c4126ae247969a17aee6cb50e5c568924

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
512B

MD5
24c6673e3ee04ef896298c36672bb39a

SHA1
2a1102464ecd1a6fcdbcdb2577452011ea425d5a

SHA256
9d4502a0e80c47c2de5d453de8f2c7ed370960357fae7dee59e317e008410d8f

SHA512
b1abe8aafc13153a0bd82888fd710ebf3ccaaf7051af0c6782c8471fdeba0f37c3104dc8ee31d4a8feccd3f7d18594250993d975381061af73be177a9c2ee351

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-wal

Filesize
52KB

MD5
1d1e78bac2df3b3efd9df6c563e22538

SHA1
edc9a50ee854eb008c631632df1d11e3d75c32d6

SHA256
34c5d3e0419ab4966249d69e7a3f45256147fbbb4b519d52fbedfa0f4b28da6d

SHA512
259bcbe109595f8e9b66c86e6807b5bf46fab1ed8f3a0cf5f635a391341de5f25231800833121d11c561a02a1ab1f24acd22c8a6816eae606c0e9aa9178acad1

Download Submit
/data/data/com.tieniu.lezhuan/files/.um/um_cache_1703762462416.env

Filesize
1KB

MD5
15d9754d843a04e94a1046290a938bb1

SHA1
c4bdc9263022baef40016ac74ebe2ff336b589b1

SHA256
4aa8fae1a0003bfbde138174d81459eb0f9b9748725017b2063d14759a53638e

SHA512
193ee09ab8f13821bc8f5fb05e1b5431129b0713ef99cdbf048d9ca1d2d90562be669c758cfff693b5da42286d2564f6fe60c5692cc011df99033b2f18eed49f

Download Submit
/data/data/com.tieniu.lezhuan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
955437bf65e01015ee85e50aca2a7e85

SHA1
94f3a7211a2cf169d18cf8603d5cb442f71b12fe

SHA256
6446e9ab826a324062e20407d25def43f146c1354564b65460d8671b694435ed

SHA512
c4fec4b4b8626585d6f2fd0c65afad0c69a95e9f61f9dd3d57d3cc5c400e2451727817f7476e618dc2d02fc914019c8e4f98183d8c254dad921690f0db6545da

Download Submit
/data/data/com.tieniu.lezhuan/files/exid.dat

Filesize
60B

MD5
52a8d35b2f9e80640379df5bbd1e6112

SHA1
2b758929dfc4ce37ae4801c3b0187aa362faa2d9

SHA256
973dac26be358bd9c20817ecfd89bee90b0caaca8c1e00b8b36e2372e6e038c5

SHA512
dfbeccaea1dcc5705b785e1eaeaaa067dae6ca59f57ecddae809046ce4b8d2aee7685c0d08d7f3d862f909f259a1b4f8b02e8870f2479056078f1c506701aab8

Download Submit
/data/data/com.tieniu.lezhuan/files/infoc_sdk/batch/86_17a23623-e3a1-41e0-b217-fec01d5bdfb7_1703762371535_0.ich

Filesize
238B

MD5
77060b8da6a113d3b98322936cb59497

SHA1
ce43a104a9d8cb198cf3980a9d987b7e0c56ac9f

SHA256
0f97cf88144bef55e2bd03d282ea25e2ec3486b88a7f7b962cd257e101e70bcf

SHA512
a3aec39654fc1811fb364bcbd3d9f3b21b913bcea072ce5c8395d030aefbd5921436e9d83adc251d603e83afc078f2b3e3c889a0fc13082e8c45650a46044a25

Download Submit
/data/data/com.tieniu.lezhuan/files/infoc_sdk/urgent/83_2434df18-22be-4395-acc9-b20f3226a0eb_1703762363209_0.ich

Filesize
200B

MD5
26c7714b6f2a3042bb445131d3bcb06d

SHA1
2e0cb1547616ebc9ed3f573e4a5d34cbaa182257

SHA256
52183d051da5cef9ce91a0822f3319965cd412fc4b51cc7891785f02e23b8d36

SHA512
8a56decdebb77b320d6afcd49a11a94930f7e8b14fe887aeece8789681c4ced1c4b2a4f2e5261cee4f4deba869491512e649769f6389a05f0cd49299c194a1a1

Download Submit
/data/data/com.tieniu.lezhuan/files/umeng_it.cache

Filesize
498B

MD5
5504065301f0635a272864a95e04e60e

SHA1
8fa94e3b38b1148584f1eb827c19a918023a3ce3

SHA256
840464302cd3b5d5dacfa0809f68269336f88d05497dbfba58834dd3bb52f6e2

SHA512
2998c3898f6103813f2002a01f6f27e6ef3babc1622b470acf7fdd735d3f92b6db50adcfcd0a1fac43a9b7d0cd3ed5d0d6a3150e3ab27da83666ed9a17b796a6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
bf1774f7b36aa175390c330553a8a269

SHA1
4208f09b50740abe0ae9044da24954cf44868db5

SHA256
91fdbfb2b97f6d700a4a32be3e59e5ca96bcc41282a11789dd9c22a1e9997b14

SHA512
35982b6cecc2795132fb2cf4c4decfa0654a57fe4838925c1e6765da9b20bcf711fdcf09a58c09614f6fc93393fe5a46bcd8ff37efbedda3832e12e1cca1a0d5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
e4c7e533c414476e32867a88ddba2356

SHA1
56848c0a2e742e664bfb01269ea91f14b94554c8

SHA256
13358ca29df0dc672e968db03f4716f48fef2797b31d90f124c846a5ad4eed8d

SHA512
3e1c898d3a8140cf5d3f45b57c70ebc69b6d287141fcdce576bd3e1f0476c4d647b38625903c370245ef0f56799e2d0c37a2270508359f6e44edbedb426faacd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
c0fa02f622428836eeed356a35846bb6

SHA1
98121fa5c5139eb9cc7fb734c3e45da391549a83

SHA256
4fdd42a3b15172793d92d1aefe2a335ab87034f588eae6b67265bfedb30cc5b2

SHA512
d66cc9e47dfa2cdf2a53cfeb2b0b2951b6e0fd636ecbc13db25e36841ad7cf66a2639bcaf973c877ae932386b7b2e0b10739d7ddc6e42daaac1c98577f84b22a

Download Submit
/storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
81c233ab39a49c5e1804695652694a44

SHA1
bf4f2988a1c6c395c13540e2bf28bf2fa4f9eb1b

SHA256
11e46fbbe530ec0e8405fbf05a12ccbe41a71d07a5a8375c3d3fd1cc5c85c4c4

SHA512
d8f4be78a6ac599f81824722d47a93a387e09d01bee21faa47def64ddd14cc2d1efc6529bcbcd8fc92012658c6a27fe2cb02cf85ecf6deb7b9c2ca1699c618bd

Download Submit