bfa420bee51b3918be4d4f70da09b9054a2929bde725464d70eef6d81aa5255d

Analysis

max time kernel
2959885s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f28257ff8f1860776b8122d86c8df92b.apk
Size

6.5MB
MD5

f28257ff8f1860776b8122d86c8df92b
SHA1

846deea4fe82a5419e5ca9d846a5c4b9ab7b43a6
SHA256

1f74c6657903c4bfdaa62aa6e69402f72dca6a2bdd250fb3d0bcdc3aff647f9a
SHA512

742e801cd53acf4fea8c5668e67d68683d33708b9f1653fb8443b15338d72f2cd6d5cee9738a20fab875cd89a469a7181a39b7a5acd3c1a5132619a6419e715b
SSDEEP

98304:qTLmimUog/FNQgMo6cHcEBLWYgRQPkvzAhxuzp8XedPi5L0bzEb+aT2xCxK1Z1el:qdTog/QBcHc44WxuzprPAL3vTiCum

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.pvideoapp.app

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.pvideoapp.app:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.pvideoapp.app

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.pvideoapp.app:remote

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.pvideoapp.app
Framework API call	javax.crypto.Cipher.doFinal	com.pvideoapp.app:remote

com.pvideoapp.app
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474

com.pvideoapp.app:remote
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4649

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pvideoapp.app/files/customConfigdir/blackNight/custom_config

Filesize
2KB

MD5
1aa5e2663dd6c6f08b60b0461758d1e3

SHA1
0345413f496acf37fd3dd37cac1a3678e7bb49c3

SHA256
21799a1a187da799d62d4bc0831585aff0d5b9392dd76dfc6276c176d06a4160

SHA512
0e41e3911c25b2125344dacf1c3ad0ab1007c879b51aa3c4326cf73a83aa25386e69333e6ecb658254f46bc37de483c8b826e9f49d338c85920ed9dca5bf490a

Download Submit
/data/data/com.pvideoapp.app/files/customConfigdir/freshBlue/custom_config

Filesize
1KB

MD5
7d53282e76c3f4bcec580896bbc660c0

SHA1
49946ae6a66c8cb024abfc053443fc987e15bb41

SHA256
3039ea5064f590e5d078ee01e9b00a1d3316c542236ac0bd4fbb8ebe084f1fb6

SHA512
05726c3f1f45b9d90f81ca107ad9294187698013ddd411fc13fafc65843c060075acad4e878b5b268d536499e7a87160a3b614bdb55c8e11b91070022144a01d

Download Submit
/data/data/com.pvideoapp.app/files/customConfigdir/midnightBlue/custom_config

Filesize
3KB

MD5
65437cc6c868ebb7d60b235bc6babe1a

SHA1
7ec6fa59589421ca585e704180a879101e901fd9

SHA256
c4a9282866f01881677847b4bc0337f528444f2638f33cacb72f6b974124b5bb

SHA512
22a6dfa234206f2fe45300d60585bc360f80212b1056c6d504e2ca63b0ec01b8dfd8a99a241a5264c8638952b6a62926be7156b14438255ea0669974d23131e4

Download Submit
/data/data/com.pvideoapp.app/files/libcuid.so

Filesize
129B

MD5
9d1b41628ce85f2541154690562bacd6

SHA1
05b172ec998ee67ffa8013b667cf38da0d7a0202

SHA256
672e0853ef56f9ebdeae7298670295bbfa1700f5102c6e41d959ef3abe8d4f5f

SHA512
2db15a4b0773196ce82cc3abc556e6844319431ad4ef7be4bf0f71e4b1af5ffad138ae46e32d8859022e1913721a731609d787a04b5fc6a0dda9f88e19b9ce8e

Download Submit
/data/data/com.pvideoapp.app/files/lldt/hst.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pvideoapp.app/files/lldt/hst.db-journal

Filesize
512B

MD5
30dfb03654ff1855fcf327a3893e0ff1

SHA1
4318a007885ea85ebe2d03ddf1f710dcf893d683

SHA256
1fb51edd1ce28c997bdcb2fe48daf39fa72a90834e2bdfef666845b251840b87

SHA512
a0bf9c7d83a5ae7038b495022412c49ee9861c93bde29a460ae68ec352de8f84152626c57a47240b7475d67bad002bb860fa7507d5a976c70ae112ef50f970b9

Download Submit
/data/data/com.pvideoapp.app/files/lldt/hst.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.pvideoapp.app/files/lldt/hst.db-wal

Filesize
36KB

MD5
a6aab485790cd04d942c20361641e459

SHA1
ae8f1a6d60cfd2a600a693952a0581365790066c

SHA256
c999e9bc34c1e5d632840d46602007c40e034ab9fd89b10f6eaa9cb918dd5269

SHA512
426988b998cb1544ec4a857a179fd3605fc75feb8f1da53e7cb61f8c5296186e35f60ff809f4442b7271c8f52437db56a2c17a32d8ac8d75a68e22d734c97934

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
b29e3d81159d5e91aedde43ff96920b4

SHA1
531098a723edad2fbca5fe824e2291e4d1ba1816

SHA256
2672378dfcf91eb89002e2f4cbcbeebf95aba8f3862e863ae4854548777fe911

SHA512
7473f9bf88f60cb507263b4d59a2a929562aaa8f04a83279da35e14aa35eb66073c557143bfcd304a80d39c83cb9ff0c618953f10e10a668552ad77272a1a39f

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
9943526ed81459836f17de540ab87574

SHA1
6e270fb85a9843657d2b456a3a92494575eecba3

SHA256
8d7a5f76fe3fd3db3357d727721914914c5940001187889aeb6ddac2c448059d

SHA512
a714f52a07e28caceec7df1096ea0a3c75155be5b12b1062e655b45cb77929a1e919524a04aff8046e0c906b109399385d235973ed3377c27ce7f1035931a8a8

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
2bc9a0f7569d11bd3815164342523756

SHA1
8bb6421182b37a763c3767fd1cabc94cc3b3e464

SHA256
a88698dfb8ccf026afdcfe837c63b8efb5c9f3f361808d090c9783d82d97a695

SHA512
15a14d89623691e4dcc03e365f4ee1247f54c0b17bdedabd4a2d3f9d448c71a12c49e5cde0717066676f30dcf151c26a62c7ab5010b5b36c5b57cf466d6f0f22

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit