ca591d8e50356f5aa9d2c57e4b56e552ad9c44ffb8c42c9f3ddde0c01a226f51

Analysis

max time kernel
2993781s
max time network
148s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca591d8e50356f5aa9d2c57e4b56e552ad9c44ffb8c42c9f3ddde0c01a226f51.apk
Size

9.1MB
MD5

c8b6d2ed4d8bf485c4f9e61cdd6faa04
SHA1

f767f7bbf81cf667b2a7122dc276fc5f3c2ab8e6
SHA256

ca591d8e50356f5aa9d2c57e4b56e552ad9c44ffb8c42c9f3ddde0c01a226f51
SHA512

aaaff312c3f2ccfc7b8f995e8fb99c8d46a42388fb53c11e827b2ce7d8ef06f80740e35a7191f7d139526205199514f34dbeecb1ecdebf77902a7f493a07aae7
SSDEEP

196608:jsHo4EJrLolWZGrsjEpErNorxl49yrp8XdSUdyJq:YcJXmWsrsj6uNor71EnL

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.snowfish.a.a.bg

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.hgsqj

Checks known Qemu files. 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.hgsqj
/sys/qemu_trace	com.snowfish.a.a.bg

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.hgsqj
/dev/socket/qemud	com.snowfish.a.a.bg

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/Sonnenblume/res.apk	4310	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=63 --oat-fd=64 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Sonnenblume/res.apk	4253	com.hgsqj
/storage/emulated/0/Sonnenblume/res.apk	4340	com.snowfish.a.a.bg

Reads information about phone network operator.

com.hgsqj
1⤵
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4253
- cat /sys/block/mmcblk0/device/cid
  2⤵
  PID:4289
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=63 --oat-fd=64 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4310
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4454
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4504

com.snowfish.a.a.bg
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4340
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4472
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4546
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4599
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4632
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4679

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hgsqj/files/duration

Filesize
12B

MD5
aba4e0795ff0bdd22235fbeaf0c00221

SHA1
e49d295f33a2151259c3127aea2d925c0ec35757

SHA256
0cdae1f183317bbb84ca1136eb64acf7f1c14cdc51e9689a1a42567616984a84

SHA512
8e8e44800e2cad294d4f78c3e14dd17fc107ccbf404c065383da8a9a4a6722bac5f3e16f2f040bc04c82c7a2bce23e8bc32a7ac2970f26f4db117b5008cb1ea8

Download Submit
/data/data/com.hgsqj/files/duration

Filesize
12B

MD5
501697862a80b50882b167db2f07d565

SHA1
c600598428b44af27369e14ae8d4885e139f4979

SHA256
c9204cf69241ce9564dfb0fa4be6af8c1387bcefbf9f430f693a6e01109c639c

SHA512
fe3bf3efa4bdc03d522ddcf27e4ad0ce78a423abd42d684ae10f2507023686293af89e88652f1185792efe60d453f8e35f684c8c5ae3e91272ab58169f89502d

Download Submit
/data/data/com.hgsqj/files/duration

Filesize
12B

MD5
34893c7fd7e8d9f2a6553e70b6cbe28a

SHA1
d327d9c48a7729ee0a762d922fb52c75256e74b0

SHA256
29db202fcc037437fccb503a8a55962f7730060f15374e26845f7181d6e6dd46

SHA512
88b32fe41bbbe735bab1e43dc7e5a9702d229ace14ba2a477aa50aac2347e7e70a19f35330e6a65dd766c12e7e3fcb52cd140dcbdccefb95e38c77c3ddca6d7e

Download Submit
/data/data/com.hgsqj/files/duration

Filesize
12B

MD5
ed65386d689437310e5435c1a1960ca8

SHA1
a25d34c3245a3661aa48c8eb2df7e9f9eb37f953

SHA256
da3069f2e704bf6166923c7ff03bf3f51b7d6b2f11516d2a7a4e2aa83098758a

SHA512
8a0c8224b35d3b99d0a35646cecd7bead56cad4693bcb35c39991eda9c3c33fcfbaf31ccb9d7b0056edafd653d4bde0574618ae03b1fa8463c56c5c2f6c7337b

Download Submit
/data/data/com.hgsqj/files/duration

Filesize
12B

MD5
07c85431954822f77a35dcda4f2aa7cd

SHA1
f589cc0e5ba32e9ce99dd457c7c7ab9c10d73a64

SHA256
f527277440a170efe075ed617063a0b121e619c0ba746410aa28e7dce42c9d15

SHA512
bd1678aa029b0ef34b1cbfab35c357e659fa0b60291410bb72108dc44ed4f56dfe618a08f74677ba91749178403758e892ea9f26f7f6d5786e8d61f6f10fb4e9

Download Submit
/data/data/com.hgsqj/files/st_database.db

Filesize
28KB

MD5
48a6312a99d6ce83cb6ef8c80d01b609

SHA1
dcb14ab73d78bdd11831d2ef2393137897df9149

SHA256
daef498e4b3dcdc7ffe747cedda639ab575ed55bece0b3dde880e0902afb6c1c

SHA512
61bd96abb425a11d066b541f84b20cbd4f193188c24013b77a207c2322be216e8c58410a0497a2e79a638067cff8c85daf15a8ec3a9a03fa380aa33f04cd3b88

Download Submit
/data/data/com.hgsqj/files/st_database.db-journal

Filesize
512B

MD5
671b3d8271ffe2b432cd6365ea00de5d

SHA1
02a5a07de0d0c3917dbf9854a74f89e42a8bbe09

SHA256
6f8331a73485797e1d1d18f328e2409185296808c8013a59b03963e4d6eafb45

SHA512
ce2790489600a01690d9eea0c875f8251b162c886a8e55821e6a9c1b09d529cc3aa77405de82ab6150aaf634906e2726b32fcab180acefad2c8da194d3d1c485

Download Submit
/data/data/com.hgsqj/files/st_database.db-wal

Filesize
48KB

MD5
2b63a43f4c159375bbe10ec7202becc3

SHA1
8e2d26df922bf17e6c1c74e79a7ce9abb8167b31

SHA256
153c44da4bfb34aa885fdc98ed1a4e471b093d4ed07978c7ef8e67d571c28d82

SHA512
336687e1a13d88c1dd808e80c2807fd2705fe0ca2cd0a1032cd45dcb923258fb99a5112f09c6126f826d8bda20e4c92b827e65f2a7c4c99b03c516cc46315e99

Download Submit
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44

Filesize
121B

MD5
d64e2090b3656d5ebaaba60b781acb1f

SHA1
5417c859cdfedc368937d9d212fe64225a1add56

SHA256
b294b7fa7f8d7107855e4d6b396ec2b6aa474b711dc6b7825e7847de038a816b

SHA512
047e7391f6d5bdb77da6332b9485f1e34e98bd7d7f18dfcd2bae20e8df4e91e8a7e51900a81a04b5a3320162f0cec0cba1b4fcd9e3983f8e291d2ab330df25a3

Download Submit
/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66

Filesize
512B

MD5
1a4189ed75cb8a0dea62a5998697b522

SHA1
1005c6fbb41ca119aa7d1bd8322095e40394a585

SHA256
2b90f26dd611694b4e1fda68763fbfa3496972810524a86af90eed3d8f42cc4f

SHA512
67b4ba4c3717ecc1a6f3284e4a64cc82681fbb3dfe12724ae5c1abf6f53bc4e150428f635912790a650099949f087fd4c0f106568a594235840f90f679ca5502

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
317B

MD5
40dfce16e0305644cf609019d85c89cc

SHA1
9d983e2f1d15410d1c9e2d7ae772d631d67ce8e7

SHA256
488f93cc5edee2730289f8bcd7b9b639c214c2fec2ec1201872a743abf578265

SHA512
0342cc59f77b7bf5fa66b94dab581caccc923f2436dfb07fd2bfdafc9ce4e27d2faeaae22f549e76f9394aa89968964630b2474b3c0504320956cc2d76485f7e

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
353B

MD5
39c596c8a69d9112fd550f1770b58a6a

SHA1
e957bc1f3655e7d0dfc3e60630806b7f205a6a0f

SHA256
c7bf723b4a0095acf6be42359471bf38b3ddbd70b93c2c6a742edac16c4743df

SHA512
270a378dc6eae6cc5a99c9a5a6feef89a9c07153d5b426e880920a5e6b6a188c825ea3c5dd4364e456b17f584e719355bec9268281d6742cae07f9073b9453b2

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
28KB

MD5
85c8a4471a21fee5b1c939c2d850195d

SHA1
b216c5ac9bc05fc2974a1c9c2109f9ae2bdc39a0

SHA256
73ae735f0f2753c40419ed28eba2b7dc689a8c934a72f2ee9df7eef4adfb2b2b

SHA512
93ac178b2a7a69caf74692dfd465291e273a221b48fb17651ca402c57cd51420be282941333c587154dd667976f323f7ae172e9bb39fccee00789a1222042409

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
48KB

MD5
5749a49ab5d45a9d6d1023848bd5ccfd

SHA1
58b34bb443adac88421432edcb90b36fcae9f193

SHA256
91c5be9b36f976c393499114aa87e6642fb1de700e93b9033dc3efb9731409e3

SHA512
1f518fb3c01be0d1d85804de444ad14edc39103cb0ce932957037c7b0741fd45da8314c63b3dd4dd09f510a72103f5e4254a704ccd49efcd1932f2ec1fe9ec0b

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
32KB

MD5
2084d6f741e80469193224117eab13ef

SHA1
9793e96e103a62d4757bc0dc01fbba40a54147fe

SHA256
d85f4e42fdf27a24ea65a0c48c4ba5ff54a114e42fd4c5460ab1da19c882e7e0

SHA512
02a53810ec429130a053c56f8059cc47497201bb65f18c6423bddddbc4ae3fc12a580b7960092ccb7dfc872e07d994874bbad3459e35bd72ef319e81b0841f95

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
353B

MD5
ab3dbc7de10cb013da2c4fa943617311

SHA1
336016a930b87bcde60063935cef06a427348ec9

SHA256
768d83981d1401722141c9ea5f19bc854aa2dcfd4351fd0a24a8ee3ed740c828

SHA512
672225d4dc8f3e50e86fb535066dca8da55b6ecd6796922edb0e77c85d8cdc998c632af820aae272cd6587307ff3e100af30b3777e5af8d45b7806377fdcecd9

Download Submit
/storage/emulated/0/Sonnenblume/kb_sn.ini

Filesize
40B

MD5
9d0c5c59f140acb33f2fc6b76ef099f3

SHA1
70043490430447a08b99f71d7a2051eec15b4100

SHA256
a93668d149accb2bf23a11f8806822df57f865209ce3bb2b598123663586fca4

SHA512
5c2d70c7cdc9edd1f08ac705cd660465b1fd718da0422ca6f37db3e0b71508c0869f1d109bd374dfad9ba561a21e277dc3b46aeb4d22dd41099c93792d7e4016

Download Submit
/storage/emulated/0/Sonnenblume/res.apk

Filesize
433KB

MD5
f619f2744ecf318ddc66a6649ab0303c

SHA1
6f831b3a13716c1cd4836b0e16d867ec816b3b78

SHA256
b0911522dbd8f142da6e89d45639377af0ba89ff43184dfa3a03b215052c295e

SHA512
c5bbf4d719519d3e0a7715ca6dea48f76d0b0a52ea786d65bcffe13e6d6daea493bd250fd87ddcea24455797604c1c0ef00862d5a24e8b1cd77c0056d53b1258

Download Submit
/storage/emulated/0/Sonnenblume/res.apk

Filesize
433KB

MD5
2639a7fafd82266d6313f59ac1c927cd

SHA1
1a0d135ed060c236ec35aedf25ae2b481e0c226f

SHA256
e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2

SHA512
e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u

Filesize
205KB

MD5
dafb7d4b90ea8d376128c625183dd9ad

SHA1
883c9b0586e740e9fb976d27a437e84fc26e92fd

SHA256
07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b

SHA512
56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b

Download Submit