badcb40f82a75cd376f4db300d411ba0c63b57365d579ffae0a3a054c3513a2d

Analysis

max time kernel
2957620s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 02:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

badcb40f82a75cd376f4db300d411ba0c63b57365d579ffae0a3a054c3513a2d.apk
Size

6.9MB
MD5

2ad0a208692aa8a6455f6684b2a284be
SHA1

6a77d74e805bd105d8ef690c4acfb85929add745
SHA256

badcb40f82a75cd376f4db300d411ba0c63b57365d579ffae0a3a054c3513a2d
SHA512

9add7b0d2bbab8c83cfffb71dd36bdebf1b769f3b556f675974ce33acaeecdb092a8732ae7a8c88e1524a9528e6ad46059259db24f88a80533e1e417d32949d2
SSDEEP

196608:XcWql+PYp/mJjnuGkcjK2fjZUFLnkRduAwJqW1y74NUT1F:sVlm8sruGkcW27ZbduAuqW1hmF

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shoujiduoduo.ringtone
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.shoujiduoduo.ringtone

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar	4240	com.shoujiduoduo.ringtone
/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar	4437	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar	4240	com.shoujiduoduo.ringtone

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shoujiduoduo.ringtone

com.shoujiduoduo.ringtone
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4240
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4437

com.shoujiduoduo.ringtone:pushservice
1⤵
PID:4286

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
77KB

MD5
bf2976b9ef3b018cf41051ef1f1f83b6

SHA1
ff4bb278a6f3a5e4d862f9da722292d509123b8f

SHA256
8fae52cbd54cf9619643b1dce93344184e07dcae1206590a6c5c7700ac5bfddb

SHA512
f44c2b0301fe4853f51cae29444e0e9a69731f09da57040135623bc8c8d98f8fdc517f4b97a4afce5cb58fae9aae0206582a7ff6b4e7c7adb78d0bbab5f3dc90

Download Submit
/data/data/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/oat/__xadsdk__remote__final__builtin__.jar.cur.prof

Filesize
207B

MD5
69e54a001c21fe5f6e4eb7ef4bcb4b91

SHA1
8b00fec34de20bfcb7ce21bc11beecc2b8d0c5d8

SHA256
d219033243f01ad4139b303bbf9fc29242302fadf083ee4a373ce35d70c8a8cf

SHA512
9102182b3705372dfb8fc28d6f2fb7a6cb8025cd7b037f556163d7888e519f22b68509ac999912f9a8a28ea94b033eae7ae71768df853d2a2282c5e9fc656c7c

Download Submit
/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
88KB

MD5
0586f3074966b353fe050ec4055ca09c

SHA1
645839dc107ba400711b8f4d8e4495dc29ac8ee0

SHA256
e365ac88dc01033ccf02fe965d5e1eee9044c4ca1a3d9d96085be6a427a5274a

SHA512
e76d878ec99c64cff35a11a5837237206bb02b1cc2d35ff2c0f03c72519bc19813138f54a6aca6c775b33de532a011dee7949ecddb7b57e4264380d70b81e4a5

Download Submit
/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
699e9ea5895aff53aa41cb2c23b2cfdd

SHA1
1ae2d824d32b9267624706518abdd1b2e61407d5

SHA256
1bb5e5d7be28b110a3638b7657c18a67b22371fa92601e55594e27d7acd86d2b

SHA512
8c34dccc08066bd25957cec4d35bb639faf25cdbbb163a09e27456050617207b1a73654710d54236e9bf6dc6e1bc119abde676b5578757f38daf8e2cf496e62d

Download Submit
/data/data/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database

Filesize
24KB

MD5
e829ad625a3ba53dadce6d2877281816

SHA1
1ca19fe41ad97b58123060dcc98ed92576ebd6ef

SHA256
37203ba5debc1206d57c1fc4f1e77b24aec663dccc2f9e3ed821d6ce19767587

SHA512
2dd87664e61eab148e33c1ecff85766c102829ace51f48f87b7cd849ae10ba21203a0841c91a423292d44f64d0b629a0ee5eb28629cefd2acec3de9f817cf6ff

Download Submit
/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-journal

Filesize
512B

MD5
982d1f1acecd104bd7c99148f68b7143

SHA1
6b183418ac86101330241937efc28aded1152d01

SHA256
42667b1fa03e119d5aba8e362d1aefe8826cc69297963134521f43cebd88aa17

SHA512
d67b5b3290411b810dcc5fc598428d3774e1ff282b5c8edbf415cf0665e258b15cd6c7a885215bbbed2d05a8630f74c536d2213d8b044a8356eb83199150db35

Download Submit
/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-wal

Filesize
36KB

MD5
b5e6189242e72f64c321e9d6d1cdadf7

SHA1
7814700e779c5984b967fa66c318c8f52a52caa3

SHA256
2c004527b59830180991aa0d2bd4dc0bb83ec332ea407c189ead01a1b335d2f1

SHA512
d045d639cab13dc2cf4ec7a2d02b1f836ea682519be0a999ae6518622719766e2f3209d31caf8d01a0dcbf887f4ec58b536ed9982fb3e75f1ec5046342be53fd

Download Submit
/data/data/com.shoujiduoduo.ringtone/databases/duoduo.ringtone.database-wal

Filesize
12KB

MD5
42ae01c9a1a45a3f15ba86f88a351525

SHA1
33b2a927d0ed1b4bc2a0e68fda182aad2e0916f3

SHA256
feab9913521f596ec145a46b19b3068b4532322a4facfc0f1ddbf2efb1f611ac

SHA512
13f2a9b51167fae5cfbcc55539de6c402f0fe7230e3cd6c3d685556df6dbf65816ce925a414b422130af8b4b828fb9640716277954816c58def502e203d382b5

Download Submit
/data/data/com.shoujiduoduo.ringtone/files/com.shoujiduoduo.ringtone:pushservice

Filesize
1KB

MD5
6d116279a8e1ee64de8e43044f6a5a91

SHA1
cbd991360cbc80d7075ee89db1df514c7ce27169

SHA256
f0b8e25a676a6bc14089d6592132eb57e58087220082b450ed53bcd81f1e26a3

SHA512
49bddf6bfab9e9135c59ae6363d7588c369c154159ac3c777f6f62c4f1ec62445a97cadc0f472caa1363720f66abc3eaade5717f4b2bf70e5d4c90b29a2caa40

Download Submit
/data/data/com.shoujiduoduo.ringtone/files/com.shoujiduoduo.ringtone:pushservice

Filesize
20KB

MD5
73e10a0006f364b781a9682b39838849

SHA1
9fd13f7e8eea81534ff7d385f166454b45e452b9

SHA256
5f18d86196e5f3d147b62214309a7f9e575ddac8971447bcb3972aac972526d7

SHA512
9fd8e35230c31ff33afe42ec17aa58b3d357843f2b565f7ebfaa1591464a3f95b852e732cdbd101012412b34076ee5077e7b79a82127b56ef3c7f87e399b64ba

Download Submit
/data/data/com.shoujiduoduo.ringtone/files/com.shoujiduoduo.ringtone:pushservice

Filesize
1KB

MD5
e7cf100d429567bf114cbfb249e7d3d0

SHA1
85905e81da663d578ec8d53fa33bde93902e2ad1

SHA256
7c4f67c8b028357b5ddcea2abcb4a1d1a25fdbc1bb377b5d50554ca1fbda774d

SHA512
2c9b4d37e60bf04b0b299dc6dce16906f6901d3d11bf53bf38cf4adccefd0f314c171260aaac5e669dedf602be4431b3eee55170043b607a66f50e72c5a4f7b6

Download Submit
/data/data/com.shoujiduoduo.ringtone/files/umeng_it.cache

Filesize
310B

MD5
274246931860835d789a6334c4568c16

SHA1
aca250c6013bddcf2b9d035dfc379b3507605c6d

SHA256
8b16e45611f6e6b84e2d0f12b56cd6583e704920aaa26e076222615241a03ac4

SHA512
db50b2a8605ebd652fc3696aea6ef02ff634eb94ecb0bcee577f72c350ddea4683faa4965322b4f00131172b290c9fb6fa46d869a49fdc892f55d58a1a1d2d16

Download Submit
/data/user/0/com.shoujiduoduo.ringtone/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
190KB

MD5
1f9748e1a9a28255fe477992b09453be

SHA1
c86cbace78a06284fc3e6e94e3f4e292abb6ef48

SHA256
36321570624ffd531669114d39db7c89ac806a473508bd367da88dbfb07ce8e8

SHA512
213b7a64e5a40ff207cd77e07cf3de805715f9adf543e64a7e01bf9d04fda27e378c6fc8063a9e29563eb661a016f710403ebb563529d7374d33a7715f4d2780

Download Submit
/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
211KB

MD5
acb2efa1335ce991f18ebc580e6d6482

SHA1
cf0e4b2b0bed06e85e954ee2ea56b6988527bbea

SHA256
849a7b5736705e4be9e3ea3d85a11ca932a3e740788f804d16a7b1a9cc45e2a0

SHA512
e10d3bd12ea7358582135a30493764384df7e5c578fd19dbceba153f47dca3e74f5625648ff65a61fd414ceecbef539605babdb1996402187126b6598dbc75ed

Download Submit
/data/user/0/com.shoujiduoduo.ringtone/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
211KB

MD5
9098c379328df32073a84197b8536b32

SHA1
74324d0f1c3a9cc3a11f41c732babe1a68eb9f29

SHA256
10aa54efe543ba9bd20c215e3c66959342b59794b23af8aa1bde9ae18f7fe0be

SHA512
9dede8d1228d9db534c92ac6e898aac791c29ac296e55a3db312fdb3d57026676138fed3cc59593e9b8890b2f60c3a041c074c200cbb9926a532976410c3b89a

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
377B

MD5
c0a4d0929bba9abc7b6000c54611f425

SHA1
9ce6ef4094488cdddebefc3ec865b5e28276e592

SHA256
d0c7be1555b95a08ef0a9f523e9c630fd6a5477e72c31b572b47ac50e1232e49

SHA512
abb20963507f3c40f8426b21f1eedd094a4f2bfc6a142f64b25f1eacf23e2eb3d1af72a996680a89aed3789f199b92c9d5d9c09e8ca24c7c569709b11fa0cdea

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
251B

MD5
38134fe8a4efe344692311694362f14f

SHA1
e50d69267b32e0ec5ca58b3072e94b233c06143d

SHA256
9b3c4889f6035e16549d83e7e7fb807ae1e9bb8412b8686e056634dfba57c884

SHA512
ed7e633eb58b85f6d470c6bb873408229145ff905e363d34fab554181980032a16d67a501721c955e29551fcec4e806ee9c7d675eefadfa9cdfc007874615d5e

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
309B

MD5
c7cb9f72b0ab1b1d74a5669f1d3d430b

SHA1
05c7f25735ae76c7a1bab6485acbfcbee9630290

SHA256
dea9439081f3ab60091f86910c72ad37f13d63c3e51c81798ab11503e815df95

SHA512
7230fc6cefcde245cfab34692515b25c6fbf3d20f1361f35014b866b7cd726bc4ba9b2f9c9ca1997b56f25bad8e7ab2d583d6b18159b5f421c8649798d0e61ca

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
1KB

MD5
cbf8bf44b4ba88adccfc4c59873ea577

SHA1
87244f0923a6fe26ffa850370d72d701151b7123

SHA256
a624610a6ee8feb44d82ce81a16f9dc9463a5a22f85bbf85d3caf2f382c1239e

SHA512
858da52c862156fb70246685725dcfc8f75638808d8e05572da51bc0dccf24985cd257365cf54c268b9a010b41cfc182ddbc01d8cac5eab5d70425acebfe75ba

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
77KB

MD5
bf33e00e8d051d186779610d24ada54b

SHA1
267c1d1ef45b9be4d46828e133ec648202e3c1da

SHA256
5dab0f542e33932b0efb709d2bdfd005a6f7294881411a950b6a10e6f5d814a0

SHA512
3e03cd0b7b34a2fcc3160adc93a79958adda670cbbc168184daf6ceb84f88917668bb901ff958ae8bfefd1b11afe54a0b268e3628464f7b44962a91666adeef1

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
186B

MD5
a5a014263eaef74515a9a736e4927fde

SHA1
d1114a5bb70ba7048daf39834646a1449e903ea9

SHA256
4c7c9dac8b4f6cd0252d676fdf7eef7669b1730ca243ef68bcddfbab48a6c7b4

SHA512
012a5e4cce48bb15af7b7cef44be27493daf3bffae643ea5f0d6e31c361769c1ebc279ce8d8022f1aa1951fd7f4fac0fb2cc70d18ca920ac8ef9ae5c640c5833

Download Submit
/storage/emulated/0/Android/data/com.shoujiduoduo.ringtone/files/MiPushLog/log1.txt

Filesize
188B

MD5
65f2fdd1c7f985c2b87ecb17c813ebb1

SHA1
071bf83e55cf498ced1ee9b7c782252c9a96669b

SHA256
1dd2ffbd26708c02ddb4e04e520686bf496ea027aa5f11508327fcf4115b1025

SHA512
638480b948161ee048faf7476e694594da41cf4ae406617186e26c7a80ccf83264da63f12ff0008a7bb7971776247c6dffe67eeb238d1393240bf857138eb50e

Download Submit