c3bd0bfd1737bb071453da9529655b7236368743c5da4f99fbf19fb02ebfd876

Analysis

max time kernel
2978378s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 03:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3bd0bfd1737bb071453da9529655b7236368743c5da4f99fbf19fb02ebfd876.apk
Size

13.5MB
MD5

84cdb258ab47b8107187dab5d798b990
SHA1

1871c6f16c77bea40220738b84dd5eb6f95a650c
SHA256

c3bd0bfd1737bb071453da9529655b7236368743c5da4f99fbf19fb02ebfd876
SHA512

c4ee04674f63fab3b43fac40b724fd63f8e5a34af776510935766d87e612e154c64e65706b39d88d44bc4a2193ae736d1a651d0515b25cac66724192766d5aae
SSDEEP

393216:aKgMcEasJ4sTtoQi4abWwz9zidBzVCUMWo8Bz6mbIJ1kW:Z7cAT758tziPocFwVkW

Score

6^/10

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bonson.bfwsapp

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 5 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bonson.bfwsapp:pushservice
Framework API call	javax.crypto.Cipher.doFinal	io.rong.push
Framework API call	javax.crypto.Cipher.doFinal	com.bonson.bfwsapp
Framework API call	javax.crypto.Cipher.doFinal	com.bonson.bfwsapp:ipc
Framework API call	javax.crypto.Cipher.doFinal	io.rong.push

com.bonson.bfwsapp
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4249

com.bonson.bfwsapp:ipc
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293

io.rong.push
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4310

com.bonson.bfwsapp:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4337

io.rong.push
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bonson.bfwsapp/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.bonson.bfwsapp/databases/TestinAgent.db

Filesize
24KB

MD5
513679b7e26e018d1d90c6b8c615fecf

SHA1
f910031278deeb10abb30e4911c0bf206266ef0f

SHA256
508946a90d6e0892f1e351e7002a7ac097ffc157e86eafd66b4a737f44401932

SHA512
d3e201ac4a5a92a4cfde08a3544b48180616fdf2ae6f500f48d553f23d38b3a96eab56d7051c7b327f47cd13ad4feb5d6a3cd654da1901da0a653cb8827f0e05

Download Submit
/data/data/com.bonson.bfwsapp/databases/TestinAgent.db-journal

Filesize
512B

MD5
fd888a5e69da225b62feac52c85639b4

SHA1
1274ac0bc896b5a806d70f4c6d57ce109ae4102f

SHA256
250b42c8b7c71f964839edb7ba9c124fb0975fa0c4fac52b3430650390b732fd

SHA512
2733b03295a63eab2209b40f01aadd4dba3b693f68fb971b96a03c932e33967b94a6fbda25419e411cf1b0eff77bcd1659a707c9ff263718031cbd07480241e5

Download Submit
/data/data/com.bonson.bfwsapp/databases/TestinAgent.db-wal

Filesize
36KB

MD5
cf6a7bac3be0b010011d58ccb1ee9c4a

SHA1
df9f42cface450037571e6831843672f2a33e392

SHA256
b3e45d7f7c5c827e4974978656a96aedd71277088b49d50afc6789107df3802e

SHA512
51417d7b10a666f435252d61dec42f80012e0870cf509b82fa66991530f6dd46d02b43710aa9ea97abc253a906e292b3f8927d2bbbbc2ffea2dcb8361b68856d

Download Submit
/data/data/com.bonson.bfwsapp/databases/bfws_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.bonson.bfwsapp/databases/bfws_db-journal

Filesize
512B

MD5
048765712fe3d30e62dd8dea218aba90

SHA1
189b68a15e5061820dad2bf75259549e203c53d7

SHA256
236190eebe466910c8518f3198fbbdb701431d0f9aa76fd113bfbd94c1cee210

SHA512
204c2b1a7834232c226f294db95b9ed75a278179fce1d193c9b8f347297855741512fc818955f5cf05ca5c745275d13dc8b141d3ba8aa4fdd7c353fb2fa48954

Download Submit
/data/data/com.bonson.bfwsapp/databases/bfws_db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.bonson.bfwsapp/databases/bfws_db-wal

Filesize
20KB

MD5
f67fa6c7a720bc9baf3ed0db377fe7ae

SHA1
f1fda5726b6379aa9a5d93d9dd859f95e47b970e

SHA256
4771cba2cf7d22356481bd36e61cb6051db263310f3bfdd539d5e6bfebfc839c

SHA512
82f8e2ac549960352e50247f2672329c283df5aaa225da82f7975e481b602b5132344f84762a52adde5beb468b3b9e2a277959cd411114aedf005affb942d824

Download Submit
/data/data/com.bonson.bfwsapp/databases/pushsdk.db-journal

Filesize
512B

MD5
af20ddd2a67386abb913b6e2c2cafc3e

SHA1
a197e3b8988dbc2114458a1a59cef179983e4941

SHA256
9862ede71f8d0c962a3786c522665839fc8c745d46d40927afd936eb6898f727

SHA512
8c3e43a09c6fe3cb83cc79d53fd350b068df118e896a06809070c3e4a969b1b7a4e941cb7d177e787921b930dddd97d650590e9e8eec47b0b9ced20315914ada

Download Submit
/data/data/com.bonson.bfwsapp/databases/pushsdk.db-wal

Filesize
16KB

MD5
df80c2f145a901db0d1b83120823bd04

SHA1
87dbc4729e673a05b4e56e6e3b4bc8127dfd49e2

SHA256
2b510c62f23eeb1f951dc10c7c68c7a315e0c4c83203720c979aca3ae38cc2d5

SHA512
eea06276d8ed9c48cefa4ccb985bc4fffabe943ed9fccc8892332e6918899aa110c3c4e3080da487ef40cbafe325d1d615df8c593cd55fb58487875ccbf14984

Download Submit
/data/data/com.bonson.bfwsapp/files/init_c1.pid

Filesize
129B

MD5
fc23b53b02637fc74584626e878a0500

SHA1
d3994c886cd7035949565f2462db8ac9620847ab

SHA256
eb78bc6cb1974f443eff449b91d72740724158b80471e4446c6588b325ed6e01

SHA512
2651a8e7e8944b80c850eee5c466bea5830cb6b172c820b2187b638216e83b70e33532108164b68ae25950ae741ebece3d5632fd5e877d8e5d0bcfbd18319217

Download Submit
/data/data/com.bonson.bfwsapp/files/libcuid.so

Filesize
129B

MD5
0bee873ae854927563d106b2c7066c53

SHA1
fed5bef7bb38d37c2878887a5e5ae2e36ae397ad

SHA256
f320955555fd2bab548758613d1b4707a29788416274b00b7ebe26a988547547

SHA512
0c98cdb5d444e960a5a349f43712e2bc9de5e8323fb247bd603571224f538c0f954cf816da20a6b7132caf58a59562f932e4751460d5116d7029f9daaa74fc8b

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
82d2c8cf8eb6e86f04377ab9686cc5d1

SHA1
4269d659ad6579cea83170d6a4762941b29646c9

SHA256
0b11bf689008bfe2e3be3346e53db0cad8a6f8155e7ce5a18fba469fc85e431c

SHA512
1c0ccf67884f8ac359c1e24a00800ae12aad012778e99014f43f5b9685afc1841e090ca62e83f8b78e69c5de0efb774ad32a050cf8f4f989d45797c7454a2a30

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads