d51cfc8f7402dc84d72e159808dbb283b4e3da5b4778fff92019d6e9d102b21e

Analysis

max time kernel
3014573s
max time network
149s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 04:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d51cfc8f7402dc84d72e159808dbb283b4e3da5b4778fff92019d6e9d102b21e.apk
Size

10.4MB
MD5

56d78128a01455d2a7bb7f86f278b886
SHA1

b115e2f62586d6e894c475b0f0949052d67c85da
SHA256

d51cfc8f7402dc84d72e159808dbb283b4e3da5b4778fff92019d6e9d102b21e
SHA512

3b0cec2c966dd596193a358e54bfd91084c4238cd43b88937510e9d9c105282bfc0fd3a315b3ee9099049356f41499840394960f64e5c6172004e400571c74af
SSDEEP

196608:UT2sIhGAemgMgtA+Rkwxjd9eHOkmDLKeIxW8Idv2in1t/hzSlCkIVL5wi:oGkmgMgnSwxZh1KhtIMi3hx/N5z

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.yitao.carprice/mix.dex	4252	com.yitao.carprice
/data/data/com.yitao.carprice/mix.dex	4351	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yitao.carprice/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.yitao.carprice/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.yitao.carprice/mix.dex	4252	com.yitao.carprice

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yitao.carprice

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yitao.carprice

com.yitao.carprice
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4280
- sh -c getprop ro.yunos.version
  2⤵
  PID:4301
- getprop ro.board.platform
  2⤵
  PID:4280
- getprop ro.yunos.version
  2⤵
  PID:4301
- /system/bin/sh -c type su
  2⤵
  PID:4333
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yitao.carprice/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.yitao.carprice/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4351
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4447
- getprop ro.miui.ui.version.name
  2⤵
  PID:4447
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4495
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4540
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4559

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yitao.carprice/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yitao.carprice/databases/bugly_db_legu-journal

Filesize
512B

MD5
b7a967ef75ac2fb06201c5b7606b67f9

SHA1
a782e360fd9aadb1b996c8bc215d1f9732f60121

SHA256
9a1dea3a5e2f21cf81ec784189781bfc6895691a7dddeae09a5326c214df0e70

SHA512
7763d92049f77a0a5234f8be92c37964019dbca901571c0e3200ac2471f0f0a32d8ce20cf1718e623a174a052de2a66ba676cab729349db73810c0c85d412f14

Download Submit
/data/data/com.yitao.carprice/databases/bugly_db_legu-wal

Filesize
92KB

MD5
766e796ef3e48a9a662ffcafaf3ac841

SHA1
ac906292ba747c0bdb90b85f1e9d38ab8a1f988b

SHA256
de8d03e3e7b9638f6a2aff0ebdebd5b1007a59fd33ff1fd461322e3eb6870408

SHA512
d2b560823fc3ac130ebd786837fc53a2607acac5951dfe00976aa29822aefcad7d8de290e20596c2149b192c75a5738e38dc1cef07a30b823158a0d58c73b79f

Download Submit
/data/data/com.yitao.carprice/databases/legu_tencent_analysis.db_com.yitao.carprice-journal

Filesize
512B

MD5
60faad250c0a5a2c14a07c68cb70bf44

SHA1
84d63c7f1d18ff93e3f4f7af873f8872d4b10566

SHA256
d879712ab2570d11fb12a36dcb796605d06ce3e48e831f7b2c337ea4cb12af4a

SHA512
ab03c060c261c89f9830e2d5a1bd4f98aae608e12e43186b991274872025105a6aac2345ddc7442011bc1664b229a268ae9da567e629f31a982aa60392a12705

Download Submit
/data/data/com.yitao.carprice/databases/legu_tencent_analysis.db_com.yitao.carprice-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yitao.carprice/databases/legu_tencent_analysis.db_com.yitao.carprice-wal

Filesize
16KB

MD5
af7f8d0886cfca5c9fa090e875d6e3b9

SHA1
7ab3c87546138b7afd0ce82b9cc8152a85282519

SHA256
52845b4654c44fae59ab9bdba0f33abb90af5be221f2a7775e63810524f009c9

SHA512
871862cce5030aa6b19a56749883cb365b38a2581473de582720b76a22a7ea889de312c089172d896822831e94191f2f94d761c822f926950e67126a13aba295

Download Submit
/data/data/com.yitao.carprice/databases/ua.db

Filesize
16KB

MD5
e86da16aedc0ad0365ac705839232cc9

SHA1
cb1e9d68857aaa075c79ccc871d76932227c65ab

SHA256
ea57710b2655a81654cc6eeb54d19e1be65b4f001e44d5b3d47107612657b3a4

SHA512
ccc450551aeee54168fa21ac098897376b537d64143332bcce7d97439bf827e5329d3587cb7b1cdccb7d78f9e28775d650523df1425cc62888edccb62f062e00

Download Submit
/data/data/com.yitao.carprice/databases/ua.db

Filesize
16KB

MD5
0b529a3635718fe702a725108718e66c

SHA1
64a5c479fd6e09fc21837232f5242e78cd8f489b

SHA256
dc0c2daf6b65e4741b92c16e3e0d011d098e4ced695f6b1b943b6ec7636d3037

SHA512
cc1f7409eb4818c7b82b60256753bebd39d39644f17665f7415235e02eae34a465a31d0ae0deceb07469715fe5f68d235d98e48968387ff3b0014d53df345275

Download Submit
/data/data/com.yitao.carprice/databases/ua.db-journal

Filesize
512B

MD5
4154138aa3bd03db0b4865f26ba607f7

SHA1
658df5057425eae25ed837ef77754a6bac64c7a1

SHA256
0f0eab186a23a6c3220f19e3cddf9ced9248286807551429e9baddf38d3ab29d

SHA512
4a165bd4bb1bb8be0d011da7794b8ee2ec8609238b79260b4a420168ba167d7a7335797dc6393b396e01166c2c677c0842f190d80cd63cbd3360f86de555b664

Download Submit
/data/data/com.yitao.carprice/databases/ua.db-shm

Filesize
12KB

MD5
4072783b8efb99a9e5817067d68f61c6

SHA1
7cb41fea50720b48be0c145e1473982b23e9ab77

SHA256
f3cc103136423a57975750907ebc1d367e2985ac6338976d4d5a439f50323f4a

SHA512
b9b362ac8b88c1eaae1fa87f8498050450d7aa6c7d07698c3aaf8a355b603b6d535e74b47f6da4b4798b04df58b3b6eb1dbc4782fa07756bce10933ed86017d3

Download Submit
/data/data/com.yitao.carprice/databases/ua.db-wal

Filesize
16KB

MD5
dc7ee4580c72380eb19043cdcad089f9

SHA1
58435467e7b25298db8b8f95aab20242447aa0c8

SHA256
ea550f95a625b73c5746d2111d0d859ff6099c286a67b25dee662c80cc2844bf

SHA512
6c07f082c1cf93bda45e020dc3b0d10e12fd95c0967651ba1561e6c649ae6eeedc33286411215557682b1f24668ff5c2d8fd5feeff5bbbd53e4cf8a074113332

Download Submit
/data/data/com.yitao.carprice/databases/ua.db-wal

Filesize
4KB

MD5
c5ca83e9964c848bbeffa86a068ad703

SHA1
68ff2238adb6e0a121a2c5600a7020b21f42ad25

SHA256
55515d2674fe9e1a74b0dbcfdfeae3b61094ebd23320ce8fdaa53b9fe2f37e75

SHA512
4b32fb04d697efdbad1e386a84ed6592898e8424c8cb5a2e451bb982c1653819c18bdd4189a1dc62d983a6a85cd573147e827991ebb4ba6a4ce4332dd1881d20

Download Submit
/data/data/com.yitao.carprice/databases/ua.db-wal

Filesize
4KB

MD5
dfb98fad335218ec11410aa52487c9fa

SHA1
4b9dde75ad97cf466b3211e4cbbe6bbba98aebeb

SHA256
decf53ea772d4426f5ec8e5cfb2cb6559ae2ad579f999c0ae6c76de640a75394

SHA512
64e2feaa14f27769f9a53e4d44eb278665b8217a67c29c4fbad3da2758888fb723001da8230fa6e6ab6aaab6841ce89fe2e10fac203d453f9211dc41010cce28

Download Submit
/data/data/com.yitao.carprice/files/.envelope/i==1.2.0&&1.0_1703821484341_envelope.log

Filesize
2KB

MD5
883349adb0973ab08542daefbbd362ac

SHA1
50814345c3c17d37ed4305fb722a96997b2f3969

SHA256
79d4587b6dfb83fcbdfbc63931a2c129d5e42dae50045f22b99444c2c2138b08

SHA512
305f00a71272ce46904d65604ee0df4f885ae2fa0872c3a4114bbc1ce0794229851f83b2dda2d6f9591767ef23391c0167f827cd0fbac3378aca58d3af55c5a6

Download Submit
/data/data/com.yitao.carprice/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
a411400d0bb47dfa24f64706dff29091

SHA1
008af80b972e88b0b89fdcec6cfda02a92da65f1

SHA256
8a41e43c35cb24396b1bec437bdf861beb5882077fc99274f32e2ca3f11d0c72

SHA512
e7df4e4b6ce46505d0cf35a461ca16bb67e7d668bdebabd78718056c9055838baebf836f9d49400cf925128f90f669ce4f540af48b68cc73092e862b1de872f6

Download Submit
/data/data/com.yitao.carprice/files/exid.dat

Filesize
51B

MD5
e24b58975a4a82121e3e38c05b08ca12

SHA1
887dd27be4c23ab1f2486f4da34e083cc7e8a43a

SHA256
6fadb95b0c0fcf45cb9e4ff709e1798394af9e1c253f2fc2a598b71d2a2643d5

SHA512
0d3520f82945703b01797212381900b282161a5fd381c322084f5e0c517ccb229cf23c11f945eeb5536dbc0ac7d763ffbd13cc21d93238c61156c6e9e896ad9f

Download Submit
/data/data/com.yitao.carprice/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzODIxNDgyMTA5

Filesize
1KB

MD5
911dfea5d40e2b7b8e48f8af0921b408

SHA1
2e53a4b52b286a56e9e98595d1e33a6a31fa0695

SHA256
7513d00644393bff78d362d87985cb676af6062cdff15700a9c35ecd9576965b

SHA512
f1614707d7ac636a333fff789ce16883e0204b9b01180db0c95bd9686c90059644bcb2fff188c96a9e234236e695870d51f2570651494bacfb56a0faa6c90a95

Download Submit
/data/data/com.yitao.carprice/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzODIxNTEyNjYx

Filesize
1KB

MD5
47decbde840b9c976edca7379fbf4660

SHA1
d60564cd4af0768aaf8836f1e9b29249ea372f85

SHA256
48dd7bd67a77136dc36a37e6affb49d17019679d4b51d2dbca0eca654b6588e2

SHA512
001b085833c0baf1658b5ac7b6bb193375d9a4e201250ce680372f71a167a9de854a3df74de14f560b7b004f4de8cc94f4d982615ea09d84b129eaeff806fbbd

Download Submit
/data/data/com.yitao.carprice/files/umeng_it.cache

Filesize
415B

MD5
dce8625eed58a22688a009e86ab1647d

SHA1
630c3a03e15be42fb4b0e5fd00490724ef5a63c7

SHA256
2d5ddb5fd371904e0e856fc089dc960b2f0cc88f33e575c3c2ab5a02685320ca

SHA512
e25c7a548c586dde75a6695c79bc92fe1765ec3effc4bd5dd804b186b804ce5c69b74196218120df0212fb62ed22aee5018dd20502f7afbc9e046fffc5dc86bf

Download Submit
/data/data/com.yitao.carprice/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit