cf2426d2eae1b266ff4ed88b25b4dc8edc05a4a7814c09e20812077afdf8d52e

Analysis

max time kernel
3003308s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf2426d2eae1b266ff4ed88b25b4dc8edc05a4a7814c09e20812077afdf8d52e.apk
Size

9.6MB
MD5

dcbf48a5e782e9051c0b5d2d8ae64643
SHA1

f07c5093ec6d2af260157a63c62ecd53d7f41902
SHA256

cf2426d2eae1b266ff4ed88b25b4dc8edc05a4a7814c09e20812077afdf8d52e
SHA512

ee60add6822f668998d2606730b9828390aacc428620de8ec29c5ceb278a66c5c438878102f473a775557506305e055836975cd26fb090eb6030f7fc27a9549a
SSDEEP

196608:bLALzqhLXx9VPmjVABCNdX5a9OPkZFdLrd9wDIisa+7UNElfxRkhnSDIdsiV+7y5:b8MkjVABsBedcMiK7UNElfxRkhnSMdaK

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ymz.ok619.com
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ymz.ok619.com:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ymz.ok619.com:remote

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar	4255	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/ymz.ok619.com/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar	4202	ymz.ok619.com
/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar	4311	ymz.ok619.com:remote

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	ymz.ok619.com:remote

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ymz.ok619.com:remote
Framework API call	javax.crypto.Cipher.doFinal	ymz.ok619.com

ymz.ok619.com
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4202
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/ymz.ok619.com/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4255

ymz.ok619.com:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4311

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ymz.ok619.com/app_push_lib/plugin-deploy.jar

Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/data/ymz.ok619.com/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/data/ymz.ok619.com/cache/data/app/ymz.ok619.com-D2JUk9tg_dytXMOWnImQZg==/base.apk/journal.tmp

Filesize
35B

MD5
68c844d96a756b2f5000b125f0d21351

SHA1
dd2ddfaa833d837e7100d7b00e7bdeab157ed837

SHA256
069c83d2132b032231299f59d72e15db41c6c6f7b2cca795aa90ca171d12122f

SHA512
71d37c84f5173fcf29d9f4b91b7f36ae1a6f66903215471677ea610900384b48c59ecd518e3dcace6974dace03aaaf199a4c4a3a0e7f2871bb29465f9a54c6c2

Download Submit
/data/data/ymz.ok619.com/databases/ok619.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ymz.ok619.com/databases/ok619.db-journal

Filesize
512B

MD5
01386324288cb0c5770597b727b28741

SHA1
7cbaeb5f6fa634c8836a77940a52f63c3586ff89

SHA256
5535f1b69a015e89a40fc00b5fce4e7893dec9bffa528a6d83c0f6ac45b4a18c

SHA512
f1b0eec306aad026935834bfd232d6986ea644b3a4dfe835c1a0deb1afc8d18d169e960a62d8b0ccf4f9b333797f06f757d172797e2cb5de8c5f9865cd7e5db1

Download Submit
/data/data/ymz.ok619.com/databases/ok619.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/ymz.ok619.com/databases/ok619.db-wal

Filesize
68KB

MD5
bba8f757da3799163a63c7ab4a909969

SHA1
e734b4d0bbe9da2de358bec10bd862f01c6da987

SHA256
3d7131dbe224b898463f7a282eee942135df9b1b121664df2c5549d315e33522

SHA512
017e9aaf985ac35c1a27e70fee5ebdf53119118e363402b88c5ef0a965aea2ffbd7f5d0399a78d85ad24c894f1beac87b56a778c50faf367f35e922b68940228

Download Submit
/data/data/ymz.ok619.com/files/libcuid.so

Filesize
129B

MD5
5678fd93bb91c70f3c8961b3d291d786

SHA1
8688f5e4d46bfb5b3dfa2c7cc08d0b5cf0cde2b1

SHA256
2510df1d7509e741d597976de665942a9c03ab6f752b46f5ad301d2eb2df9724

SHA512
9ae716b84b57920e6917f9a8afb4aefe2a0d9fcfb6f26b7c40d84001c6e2cf459c8d0c6b6ece7750b86fd3d7deaa638cf0eacc66703a7196f9277849592de7a0

Download Submit
/data/data/ymz.ok619.com/files/mobclick_agent_sealed_ymz.ok619.com

Filesize
156KB

MD5
8a9ef45a9a705c71d92de56fc7a75db9

SHA1
51d3e765abd34fc5e33e6e16db35722306633b1b

SHA256
2cb0caed1ba9da3f9d631a6647b3e40baab8b9d26ae0337e4c3c3783c4440294

SHA512
97cf7c5899900d0beb8b766a7e9db56f2c4176757e34a3aa78827f96279731aeeeb82b8adbbb3468a91bb65b0fd0adfe17a1de02147ac1a0d8e31c54bbbbd279

Download Submit
/data/data/ymz.ok619.com/files/ofld/ofl.config

Filesize
235B

MD5
bf33f07feb12ce8f33f53e6dddb586e0

SHA1
82fa4c2ff4afb2ba6e773db165c8884aeb91eb72

SHA256
16b7bb3d0e7d430e0a09146e22a353a94ae37b5fe2bd03ced6c0100dab6db26d

SHA512
5b6adfd96071d57838a6993e7767f56ff04c689cd11ff4d978ea639b69cd4263742f7f83de75d2cf22d5f479bfee666271176795b0aac21cb1b0011bbfc2a42b

Download Submit
/data/data/ymz.ok619.com/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
30ce3ae640ab21543e598985f5f33fd8

SHA1
bccb819e93da75c1f036fb015941d264421f5602

SHA256
a89589c55ebff4f3088e54bc61529cd7f111d5bfd679a9cd0c9ac812e1ba5d68

SHA512
92deb2cbfcadc1d86a3fa76dc1388160536566660c99f81423670550946f45866c5ebda2d272d30fa0632f312c5b0f66fc18db4e08521ef5a01bd048d6e04b4c

Download Submit
/data/data/ymz.ok619.com/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
06580375eab31bb5e0c40f82deff2e57

SHA1
d50210e3498179c0cc6b5f0783eb940f8ea391b5

SHA256
8062cb444b997f8a2f452f150bd9caf7f07270859528bb79049de8ba549914c1

SHA512
b36a6380b8183d18ca73ec6921e5fbef3601f8018137ae71b0254fd395715ce9afc7ba19cf9269fdbba84f416284c84dd799f3f3e025e457257f63df52d01d21

Download Submit
/data/data/ymz.ok619.com/files/ofld/ofl_statistics.db-journal

Filesize
32KB

MD5
1b4809c8258340489f3a792135bb1fab

SHA1
2b25252c902228bb3954bea91d742635c87ed807

SHA256
374d82ac8af4d9d412028137ff3f8dc2e58d6fe5618e48bde0216f5d7612428b

SHA512
b83312ed63ef1a8dc7b2ffee57612557f554ae4b9f858d090a9ccb690eb185730092938558088dc7994e5b95500ab8c9226ef5bb64008e4bd2ab37d4e42835a4

Download Submit
/data/data/ymz.ok619.com/files/ofld/ofl_statistics.db-wal

Filesize
48KB

MD5
0aa4cd1056f3088559b68e62f37378c8

SHA1
529de07e15688eaa7c34e76bb72ec5e8b21d656c

SHA256
d46b34bb95bf6e8ac8eecd5a3962a086a40739c4a1a17ab9e04a73fd2151561a

SHA512
3b90c9d4919be0b83d5a87f1fcaa5175dcb4dacc47e8f8e9d5e2afb87168ca36c5dffb27e43d4b9f3aa184574344c6591a644e1d7168976907c9b4d3b8435086

Download Submit
/data/data/ymz.ok619.com/files/umeng_it.cache

Filesize
211B

MD5
031d429563f9f32e231a01ffd2754dee

SHA1
1f10e4fa02cc5f6734acb575f1b5e76703006fd0

SHA256
c4e94db4e49a2a8b9a5e89145b98f97793a27c7b452f9cf78db2f3ac71472cef

SHA512
0a6146eb649a8fe3666002c15ff2691a5930ac7ff16b701d2f2464ec54436f38b61f521f0580ea12826c962f23d5cd7ca93e48b1db2e9c140770ac32c2c905ed

Download Submit
/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
5597a541eabd3fb792c581587550dc4a

SHA1
6500b0ff20c75717e1cb67dcee76b4641a4e8a35

SHA256
473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

SHA512
39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

Download Submit
/data/user/0/ymz.ok619.com/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/storage/emulated/0/Android/data/ymz.ok619.com/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/ymz.ok619.com/files/baidu/tempdata/conlts.dat

Filesize
150B

MD5
d078516d0b6bc1c70f2b6b1ae9b0292e

SHA1
81e743fa681a14d10fe98fdff6e4ef1b924e9c40

SHA256
c9df89448f4870fc46e44dd91489e4a1cd664c97dc834771046bac57786784b5

SHA512
0296f52d78e5174f9affe71c2157d6ae68bffef15ea94484da50b021eafc0fbfee230375a1b8528bbaf6099aad9588062eb23cc702b06a32456034e55ec2410f

Download Submit
/storage/emulated/0/Android/data/ymz.ok619.com/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
01a92b67edfb3a1348a99b686abec709

SHA1
9d4ab035739d73e5a8cea9b75a0e324533acde5e

SHA256
e17865e22cb2527a9d7f73fc09d089dcc6b73af318afbdf1e8329d5d6e830871

SHA512
5947437fd16ffd941be2aae7514b3c9f7df0039d671be171b4815bee215858dc6f247774b45cc92288a471521d6a590c624ae1377a311dd49b6499e93673d5db

Download Submit
/storage/emulated/0/Android/data/ymz.ok619.com/files/baidu/tempdata/llg.dat

Filesize
2KB

MD5
643bb8175efb4f19d9cfefb5271f2fb9

SHA1
7b814999f7c03d55688c088c68e0d58e6c6b37e7

SHA256
9c5c206636cb870f29ae86dc70b74d541c1bf61fe8cd71c9ff2e176e5dfff153

SHA512
077733e0aac7f59dc9d6220a64c786b02bfc996a31412f872112d9bd01e0efa8e4398f278b91b09c9f90e706e42c6552f9acfdae674e95cc2f0e9fd66e48e324

Download Submit
/storage/emulated/0/Android/data/ymz.ok619.com/files/baidu/tempdata/llg.dat

Filesize
3KB

MD5
c075adaa435e1ee9576ca17442f01993

SHA1
c26dcbb6988c51a72c55be3173471926340c5f46

SHA256
115b23ddaa36765b7f5279a55e296446d0ca0d1d607db33f3e74692ae51d981b

SHA512
7902886f42079d6b8279265c8bb56f262684d38f85b3c46c6261b21a46ea9ca3b6de3c5eef5a22446d12f6db9045241fe5ac825b88e486d86c731262f223f0e2

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
6f6bb27075011d36a140d0f5ec6507c4

SHA1
e8fba19762b9ac5f478aee80d5c55c6f2d98c0b8

SHA256
7a056ebfcece2136372983ddc43f2f343489a87368647dc4a3cc564b8b442d7b

SHA512
049b456ddf5fda1833a33d96c627dc53fb9b08750b1c41820e98880863bd839678e985b4c4b7b37fd981becda73024824e24c47d588699db2924aceaf0379d32

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
e7a3c70a4ac78ac1f28fb3e4c2d50b97

SHA1
7fe1c4c1d92d7e6fb12cc993c6ecf19452f932b6

SHA256
c48dfee3a0a506b0f84b8e3456763921ea185347b4dd670b2991a2bfd772ea02

SHA512
af0df4040460f1cc2bfdd06da6d3e9c53a541c20d2ee99fb34012c392a59d4c1209cbbf9ef6ab5f5ee225fefa76ef92d897f8de9eaf254ce667e235a2be1e9c8

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
1a8b14a2ff4ed6931a0b4cab4372adac

SHA1
20beb103c681a7d6c723737f6db7f7319c2ac116

SHA256
9a257a5b4f2dc0adbfa2bc3d9102a29a10be3896c6e41d660c4bc7d383302c67

SHA512
a963e3d0a498c94e286679f2a55bcd9587445a76a90e3c05fb7d36e7fbca3a2652926def5f4707f72f8769368bda0b360875fc9e056b3997c48e96cb944d0cfe

Download Submit