c5ffc1f962f5f28562e7990aa9a31bff46a6c97f3e731d373d56d0a15f7e3ba6

Analysis

max time kernel
2983681s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-12-2023 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5ffc1f962f5f28562e7990aa9a31bff46a6c97f3e731d373d56d0a15f7e3ba6.apk
Size

14.9MB
MD5

40afec4801a73afbea9ba6e6b0d843e0
SHA1

45593e4d7e2d0ac70856b1c0edd09ff187c117a0
SHA256

c5ffc1f962f5f28562e7990aa9a31bff46a6c97f3e731d373d56d0a15f7e3ba6
SHA512

d2f67c775a866b05165181247926276ba81d55ca74ea7dd495ef10737ec8803d10ca6e18483cf820c01087d07967f312afca169d74b8b95cf592016b377ba9ac
SSDEEP

393216:+Ku1717icuOBysQER67voPVuHoXGER677PCsCXVlZyeQe:lu1RpUIhwIX4CsmV+he

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zhiyoo

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.push.apk	4243	com.zhiyoo
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk	4359	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.zhiyoo/app_plugin/oat/x86/com.anzhi.plugin.emoji.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk	4243	com.zhiyoo
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk	4387	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk --output-vdex-fd=75 --oat-fd=76 --oat-location=/data/user/0/com.zhiyoo/app_plugin/oat/x86/com.anzhi.plugin.h5web.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk	4243	com.zhiyoo

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhiyoo

com.zhiyoo
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4243
- chmod 701 /data/user/0/com.zhiyoo/cache
  2⤵
  PID:4317
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.zhiyoo/app_plugin/oat/x86/com.anzhi.plugin.emoji.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4359
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk --output-vdex-fd=75 --oat-fd=76 --oat-location=/data/user/0/com.zhiyoo/app_plugin/oat/x86/com.anzhi.plugin.h5web.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4387
- ps
  2⤵
  PID:4413

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk.raw

Filesize
547KB

MD5
1a76c771497132c0bf0df89f777ca3d4

SHA1
fe869d37f4ad19683e8ac9d6354eb45674d018cd

SHA256
da31fe21a3855cfbe4fa239d322bd393cbbd64dc69f05352b9d2b677149964cb

SHA512
953eb5f3ca2e3fbb58f9878fae5e197cf8f45dd727aa6a8646f3950d3fc483d0dc2112f2e1edeac3fffc0a622316e5d7b3f4f3d287e092a0bc428fe2c676f648

Download Submit
/data/data/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk

Filesize
444KB

MD5
d934c2a7b1ecdff77771d09ba4ea939e

SHA1
14af3053b3360e99faf3d843fe9e600b99195939

SHA256
ebe0c2a7bb7e2cebde53676dd98a7551b9ef534020dd71a02946d22d82c22e0c

SHA512
05bc229d55e79bf9f98fe5931805e2b6e4f0cba2333d387fc2694cc93a15d05c7206d31ac06d13cc93562ad22d099179a879b051a70cac9bd04d6e62f5b448a6

Download Submit
/data/data/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk.raw

Filesize
516KB

MD5
1ba169861b6b4fd2e6a6a91eb73c9117

SHA1
e674280130d155ffa42ebee57bf3cd7121d35054

SHA256
b7aa919306cdc47c791429824c6191d3ad4a6e87cd8d37824147683b75d9c8bc

SHA512
540e4396fe6e3522ff1e4732873dbd4925edba955d04b4cf3cad8f44fff0c591584f7b723edaa514783b5f55d36a2271da005b3dca8ccbd8dabcc57dbfb740a0

Download Submit
/data/data/com.zhiyoo/app_plugin/com.anzhi.plugin.push.apk.raw

Filesize
71KB

MD5
b3f5384377ddec2eb5d0c861d22f7c30

SHA1
8bfbc1de2237e1a6580e3cf9040876988c573cae

SHA256
2efea2ebfc39b3239396e1e410553e4a815d3729bf5cef04410458d2b4cc1424

SHA512
298696fb474e00396445511f5c3fe7caa5ea0d00010a5b0b08c3d14cdeeab21ae450f27af6e9d79acc241471dfaba421132c5c0d302e7ae4527c6d42f4947a9d

Download Submit
/data/data/com.zhiyoo/databases/az_download.db-journal

Filesize
512B

MD5
020528d187fa4c2198ac9fe407ee646a

SHA1
1e7f2e6bf5b240644ac19f4453426095294fd018

SHA256
3f94687d38d585319883c8585de7f1fad389ea58c21b8a3016d76e0a7e840549

SHA512
825a55bec7706b61d353852144582ba1cad8514c858eb6ac1c368ac1a59eb1c9fe11b36a5b46f6e3bd484ff0e778736aa6ef153af51c6b3e9b11ffdb8e9321fd

Download Submit
/data/data/com.zhiyoo/databases/az_download.db-wal

Filesize
48KB

MD5
8eb1af7627167ba4c45ed98fb1eba266

SHA1
fe7835a0e15fc3f68b769465d37fbb9be721a1f3

SHA256
3f14dabd8fc3e69045effe6d546ec97467eb9414ece632faf51850d4899702b6

SHA512
a534dd0f1b7502df48b309ec48252faa1009feb8bc70d156bf641ca495371e1d6cbbce36ca54caaf9dd43a39b90032f7c839496d95b01c011177b85a19a01158

Download Submit
/data/data/com.zhiyoo/databases/ttopensdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zhiyoo/databases/ttopensdk.db-journal

Filesize
512B

MD5
4cdb69b888c19c8a0aaa13dd3783f383

SHA1
2dc9badcb336daafc34deadabdd7c64040926ed4

SHA256
976c4c2a6e7208258d4ab56482754fcb6b1a5f5eee7afee80363232fb57a1f59

SHA512
d355e8a3eb57cccfe207fd1bac773584e910eaccd43a05a3de26e11afde39cf03d0ca196c2b5c85a165988377991c12ad7bab190ba9917f13fbdc942a79a4df4

Download Submit
/data/data/com.zhiyoo/databases/ttopensdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zhiyoo/databases/ttopensdk.db-wal

Filesize
52KB

MD5
8f40c11e584521f956bc9a617b3b6c7d

SHA1
2ffe53e3246a916ffd1f4402f3866526365e9ef0

SHA256
60a1a6aad4fb33f6e3ab164925d5fbb99e0fd86d4369d1c353a5b07b91ea9fea

SHA512
b36b98f75b77b67572bd0fa1769a18659a43ee4ebb7d8102e2063682142fbb93f90b2cff0bf497535ea1d8a3952a3aead1c832b01f82dcd694efc0bb2f194543

Download Submit
/data/data/com.zhiyoo/files/__local_ap_info_cache.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.zhiyoo/files/__local_stat_cache.json

Filesize
596B

MD5
1a0100f19f9742ea78b3beaf269f0971

SHA1
83bb1733d23c39662c019b7e7607dfe631a10e9a

SHA256
2c28ec4241708548cd946cc7259f248867fc54bb64408775cbc55d1b1bbf4b7c

SHA512
0e5018380ddb0951650107ae8ab1c86dcc11c59233cb624fc1038ad66e5d5f3b4b69484a66b4fa4c9ff0764a9fef72818804c410fca2470daee72449c55ae1db

Download Submit
/data/data/com.zhiyoo/files/__send_data_1703790711223

Filesize
632B

MD5
4591e4a19f29ab858ab120903ccfeae9

SHA1
3628075c4d2766113689d5ee95ce9ba3ff699c87

SHA256
9acde2e81b83bc4a7de52eac53315eeeac015e411e55039ac285f3c5406b608a

SHA512
320b7aea9a46a93bc932b7afb472778f30e3eec68617b129952870ecedeaf927a534c1d52d2af3d827ec73a68971ee82c029299ae188a0184d5e516651906c7e

Download Submit
/data/data/com.zhiyoo/files/libcuid.so

Filesize
129B

MD5
056332faaf3a08aa7f1d519b54ebf272

SHA1
b13daf7e298cffcdc46e2e7309260b2b37d5806c

SHA256
acb5e4255e33bf935e26aa55c51a4a4bde0b10cea8c390aa1f1121f2a282e035

SHA512
78a43cf14052fe8caf41917eb4629f7e1cda62838982363ed24cbeb544ca544ca5e9e69d1718e3d152cf8bb365573f9bc8d0b1b85f6f52a608a7da77086141ee

Download Submit
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk

Filesize
337KB

MD5
aa5730e72582bf54703c6fc3c4d67bb2

SHA1
24ae905d7344b60a15c953ac2639b4ea1e01864b

SHA256
1aca963ec348e04fe6ab4eb974ebef2284e9ad582007766c261a0eac74e9ef96

SHA512
eee2f7364e3ea684e465ff7a4e0104edac266c30134fed776e4ca28e370da3d7259e715e0e001e550b50b7a88e1d2d97cfbe8500b57b2ad0367a31a491f20381

Download Submit
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.emoji.apk

Filesize
337KB

MD5
9365f9fea925cfb7c677fd409eddf667

SHA1
0c988fa5a9091cdf0f7522fed41a335e56c5756c

SHA256
a8eb90f35f6203a8c9a13a064d80d4a7337b14d793cfabc2614e417020ee6688

SHA512
5551d4a96c0e0cfe6aa29c4f808c85694d6ea1ab9a05c43fd249d838c773a41f5ce1a601b0707da937df9312301d45064dc5608eac4f3ff176c7ff0aa5d38fa3

Download Submit
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk

Filesize
1.3MB

MD5
40d231fc3ebf393af5cefdee27bd561c

SHA1
e605dddf98019c3de00758281ce9a70bdd6807ce

SHA256
cb35692a60fa70ef3ffbe0265c126e574dae84d2cbfdd207508f3bf50b78b862

SHA512
77557b851f1c1578382e2174ff568c6255a55db761d82fcf6c46a1b1efc0a03e82ff6a633f029804b90d5652b57f26c1c21a5d87fa78381e038f960f72939abf

Download Submit
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.h5web.apk

Filesize
1.3MB

MD5
e9c6e4811e997e386a49ee6b33ab4699

SHA1
4af468c63a1d77342d752da78fcbf6ace85e7f72

SHA256
8aba1cd16a2ce44ea9d6202df005ab4bb0f2bea723d1710c2259c16b947f5c39

SHA512
a0bbf62c0d392c5bed787304ffc0ee0fe80e2c6280df184f27146e25292dcfef31e0b7d8a498424025696f4d7b4979c18d92e176fc65afb441e90f78bfd3c910

Download Submit
/data/user/0/com.zhiyoo/app_plugin/com.anzhi.plugin.push.apk

Filesize
159KB

MD5
f23016e1ba8aa1b53bb5ff140693f13a

SHA1
4f560dc83b8e34411d5e34f1436f2f5487b2d380

SHA256
aa1e0d9032eab434f447639c35bb0f293b76f8ebc7d5e0943bde121c98435b62

SHA512
b46df2f8ae4d13907c8d647174675a4f77a95702be6ec334cbe1b03c6022a99d64c7f8bf717a65b226f4356929fbe184d6343c55360aa53b3a69f9c135ba7302

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
afdf5af94ab778a46fa1f3f6bc3617a0

SHA1
a268a1b94a7e77759032ad0b9a91212cde4ef21f

SHA256
5f799c5ce8654857e8226d2c5ee97b7135009e2d19e7dcabcab0494f8b3607c7

SHA512
ff5de4b31a2d0dde3ed20091e2286078082ac9b1c1dfe7d841152b43f290840c90efd039a03f783d464871f9a4e4407dc84d7d4f6e2fbdd02392cdc0ca0570cb

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
55923621b66b89d2bcb3226796538513

SHA1
c24904af6bf2db5a2269f187e02c87ab669de605

SHA256
2cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6

SHA512
ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
28KB

MD5
b588e2490bcce471506ee6753ce4bf63

SHA1
3420e6a0337dbe618b2c16c66b86c8f0f2237dce

SHA256
f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59

SHA512
f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
28KB

MD5
816ff04a41fba81c20ab950b475dd261

SHA1
b60c36d9f3cef4828056099c0fa3a834cac9d098

SHA256
a517420473674e9d5fdbdb65569fce3e542635dd415ecc0e934a87e184513f48

SHA512
9853461828103ada2a0f6a4e014b4fdac0e1f73e43241e643b6b79e4f12ef6c7fa127d00af4095b72e168a87cacb5cc16be77e0c8e18272c3ba8ea697b279ef7

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
32KB

MD5
fa8659431632b78f04c2cc6e56b740f6

SHA1
7e4a7d900d7c796b1b8b441a0a2c60eef347d306

SHA256
68743edb0d68b93105abe9eaa8cd8220389f0401e2b9bbd0575199b82826e5de

SHA512
80da6b9a31f03480598eeaefa1b3349a5b7df55ed8038aae1da713b3919d3aef12d78c6d6fbadaeca44e7b6cbedafe12212f44c5aeb83a66b3fd3505b724f9bf

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
512B

MD5
0da286c8ff56087cf4a616b80e2e390d

SHA1
6811aa3958291b0d7977c01aa96e9da0254e6102

SHA256
31b89fae2b69e21d189a01582e59a560e4810f016449e86897049a55fa4390a7

SHA512
d746e40a7f9a7326a9e4eacfddb13ae727fee8142950de4356b1383f4b129e3ff9dfb67041d8de90274165b7787c0d5ccc087c4a02cf23224ad84b9c63e85541

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
195185d44116f09d9f5149cf3b5174ea

SHA1
240e92129ac4d12c52a66bd1f8f14c2a5013db5c

SHA256
0d2730bd94e003584f6b5ebad27c9a771bef4ebb4805d0d4978fd7a18ce53b53

SHA512
2d65adfb78d5c2b175685d3fe3ae8f4bc9577c7148468d7c16dd3715942bec6c13c9194a890766fbdfa3e7229f39041a6f7739a9fbc162d4955e78cd406560b5

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
d36c67f632975631887caed014ba9a58

SHA1
cd4e03b354056f27bd58f27727a474008cd7c4ac

SHA256
209a5f230886820136a63934011ffe1c3bede9791162b065012ab67c8e482f6b

SHA512
d83f417d38db9af122c9cc75c53da186da5f28cad2dd67ec7dc8e57770bcacab35ff8a8d5840f5689ca1faa85d7bf8d27f428a862cdd97a7d7bb57bdcba4a469

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
c51ad16d6dfe34aaf2ba21d3e6a58f6c

SHA1
351b5048fcd17d42cdf3f1dc3c530b7e00a9678e

SHA256
d3cc2f9d81797204b7ee297cfa06bcef16af81b0a6ae3f7b1eb73cca0dc976d9

SHA512
1998276694079518f63f24e5e609c99f8dceff2622121fe768c79437761752df3f9d2936816311417d0c6490eb7608daa4c7f06da06452af3632b7c3117db1ca

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
f57f1400d4844540e87c4519cdc8513e

SHA1
c025813fe4bdaea74f6423c78afd5b01fcb2a26f

SHA256
84435039881ad91e2c9a3fc9b69e6685914ee3f88a87822eb6850d3ac48d3822

SHA512
f04a005da2cece3b538d594c73636909cc0313c0bbc220782b5c56ec5eac69f4015fd31500178d8c7fe9eee12c141582fb373bf78b04bb4e610638f43fed8fea

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
25B

MD5
26b6ead3bf15949e1851d1eafcd5f33c

SHA1
f1a21b5bdfe8f81affdefc27c04773b670b3b605

SHA256
fb247f5ae5d585d4496954ac815e71404ab343ff7d5ae864b6220671faf81014

SHA512
c12f0f4348f06e13f0464db74bd9b8a6eff237b86a2a69f79326d40bcd2cda9c16d1842b44e2844b1949cf4f569f7fec2465423b9eb8e928e98cbe013baee07f

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
50B

MD5
7e6bf1b4c37ca3831a04f006d42fad85

SHA1
74c8d2e12f70897c360abadfe53bce91c272fc57

SHA256
f65cf6dd6f8be8a4da32178894cb701ad21bdf4ef7bb37d92111d7e9b5780ba5

SHA512
53c2a87d3521fa0c22f48dd13ddf8a6d70cd752c3aa3af0718b689e3676ee36588175fbb65f9ecbb596cf579f26fe5a41f20820e423e6281367bcee423672ae7

Download Submit