d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae

Analysis

max time kernel
3016856s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae.apk
Size

11.9MB
MD5

98218a556e2f63ca741f9a0ec9532a9b
SHA1

306fbf1276c923124bbb8092bd1e8f077f48e075
SHA256

d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae
SHA512

2226496bc89412a39c32328126c8d1cd1f0842e05fa4a3bc4917df50b86ec51cc2464a1e6313fa487435fac29449d23c3f840a2c5de432a1dfcf51f2ff119922
SSDEEP

196608:d99bQ/v/caCRGAzQScgJI65Jnr4YJecGGLxQRgKuulF0n6WXI8Pdeyq3jQoGdKH8:VbQ/v/AzTtJI65JrfQRduDn3I8WQPgfU

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yundu.YaLiMaino1691oApp
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yundu.YaLiMaino1691oApp:remote

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	4289	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	4263	com.yundu.YaLiMaino1691oApp
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	4323	com.yundu.YaLiMaino1691oApp:bdservice_v1
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	4363	com.yundu.YaLiMaino1691oApp:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp:bdservice_v1
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp:remote

com.yundu.YaLiMaino1691oApp
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4289

com.yundu.YaLiMaino1691oApp:bdservice_v1
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4323

com.yundu.YaLiMaino1691oApp:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4363

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yundu.YaLiMaino1691oApp/app_push_lib/oat/plugin-deploy.jar.cur.prof

Filesize
4KB

MD5
f7cff987f1805184c74107a03998169e

SHA1
cf6978ce1e15bc05c9821b44cb874850bfa69844

SHA256
86df900e4ecfb85be7a0a33a340cab0e52e3365b8a439dc0e5f95f1e144adabc

SHA512
c35e2e05b118a13d682aa5acdd108292f196a3a5e36d4d66093b257904fa8e70c042bdd4d0ff432b6cb09e8e4223e38a2e630e9e39f730006ec0f59253cb7e3d

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar

Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/lldt/firll.dat

Filesize
76B

MD5
368347daa2dab4d9b8c3be1ab410faaf

SHA1
2277aa59fd76807db8f191f412a6d99e636a396c

SHA256
62609af42ba6184976a476ca4f7c94d48de19fee7369c58dd7706f873056a4ec

SHA512
0f0788a37be4bbb7eea271f135a1bc64b153623ff99ff00b877f8fbec5235291b8d113d07119a9eebda1c5fad31a02792ddcb01eea4baf01c86dd0319fa6f513

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-journal

Filesize
28KB

MD5
4cbe63ee5822ea35b35d7db1321d0511

SHA1
8b0871014bfd09ed39e86a37a38aab07106489b9

SHA256
e7f95f6229c20ca9a645cb4e0904d873aab01b83a81a673a6664a9c652d1a12e

SHA512
b5b9ad7690d77932c52443ae49c051a135d8d2957e580a7714707d31c42d4e740a8fac4419e5b771de8af8862f5ac9b2f63029412b7d9affe63c925e3cf33f66

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
ccee2de11455c90e2f19c6cd0fb15f56

SHA1
1615ba7cba0a2897b7ec166efb537c474bb24e9c

SHA256
0e08d254cb61147cba58874e472f782a08e5c58ac700d2b4787fdce33b8c0840

SHA512
26f0b612e122cfd4741b81a25dfc8e02ccdcd725879f9140f4356ae3dde7d6a2b61fc3ee8a8bf4599cea7e3d1c8d59ead7c4dc197574fbdee4446c0f3bf1b5a5

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
166ec4d8771d87d904daa2f407ee990c

SHA1
67e5e210e938d4b0c60395a2593e9d7baca5b8eb

SHA256
6d3056834fb337ef5920eae72d44e80ade034a2e1faff55ec3f94c6f21a6dc84

SHA512
a182befb27d2a34c9c39ff1f262bde05012531b9f1507c2b6e7bd0aef5d6a34169aabedc45bc59d4cbf9e56bd08cf4886a079d508c09d953e2fa5f3508da2874

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
4545996282b24d3817403e5aec7b29a7

SHA1
461b5352c36ceb03642f47ac712934a385e1055a

SHA256
373645171fcb11f1cb47f423795eec43c40a978591b76c9a104a4635270f2e65

SHA512
223ca10f52c512eb11a4165e425d91869b3ca3c38b48645f8dfd1b768e4f46138c8acbece50170c634bd2923863b4ae52ec63ec4cd2459881721910a3333a0cc

Download Submit
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
5597a541eabd3fb792c581587550dc4a

SHA1
6500b0ff20c75717e1cb67dcee76b4641a4e8a35

SHA256
473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

SHA512
39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

Download Submit
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db

Filesize
20KB

MD5
f26c53cb972680bd57103488e067696e

SHA1
6c2b35331bdbd46782b33bdc2cd83bc5a4e94c0b

SHA256
906ca0ee78406d8e2ed9eeae5e6b78e445cf443be8c3a8fa9f9f5ac2406615ca

SHA512
9bed4903db2253ea518f187b8d1a7cfa4448918b8397d7173f916dc68dd9a896c3c87a0682c1468ed5889adce76420965a4128e79bcbb478f31a4d60879d2f23

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-journal

Filesize
512B

MD5
84ff047c754e68c42c92dba6b14bc29d

SHA1
160b43699778f44aaccc2f98afcc0e631f1f4bcc

SHA256
d36623386a50b95bbe06580397ba318c97e3021603f1f7ada8139e52f811abbb

SHA512
dd7a401c2332953404eda1bdfe6680a91d57520c8d47638ae097502c832a47220661efa2f56448f8a520ab0161e5377093dad0d955ec77e41e0253292b66a6bd

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-wal

Filesize
32KB

MD5
53b88e691a3e6f18406e8126d5d1bbff

SHA1
ad16805f79351ec34e701224c3605052e0a35cf7

SHA256
d6bf71e421dd46cb832558c4679beaf21d2bbfa1f62a337aae38677adaf7731c

SHA512
0b0ec24a719858198def74b4457be7dca3e6fedca007679418f2f8055a1f8ba3c0eefbb20d8417c4fed76ed545fcd65ae9981802b20a64ab94b3fd06440ee704

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/llg.dat

Filesize
137B

MD5
3b2d049d7acd2b74c4d13ccbc823b54f

SHA1
84c452730d43caa8e3ff079acd44baa2b7292049

SHA256
5318f3b85cc67cd35eaa81a0e534231ea372a006965b31cb1a101f7abf48607f

SHA512
a24c96bf3b5dc60f73097b431a007bab105a8a0e5bf66dde400de7df6d27522ca88224cdad399f65c351496fb7da311f4ad5fe77e20d5fb2cc67d2cb5a5edc2c

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
7bfeccc564895a28d7a37dd3cc633417

SHA1
29895067eac4d859a616bb5e914a897ec63c5c46

SHA256
c4dbd5e42202f2ac687b41e5f6977b560e729ff3c0bd2d4a13b5e96f345a8885

SHA512
d851cfecb73516845d19f5ee8758d51c0031c42c74dd9b55bbcb7d4f87f3b52ca45b5c44d14f022b5ecf44de0ca01ff6804a9a95b6cc2c87f6aad0b0472e589d

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
512B

MD5
21bc6708d2edb3beb17cd61e374ad924

SHA1
5ce7b7bec9f56bee0f07598f941457c1af73426c

SHA256
66fa6646496de337e13563c05642d77186fd50b24b7c4a2864c3894c2185008c

SHA512
9237540e625a06e427eb62a905d5594d699a1c6abb04d30119dad555727f5b6546a2ead4a46ef3f1a01f8c25c111352656979af0e87b43a9c6feef61a5d29fcc

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
efc40f697fb530abf131c344dddbb6c3

SHA1
1eb09532a607e8f2adaa72afefc1c2d8cee3a7f3

SHA256
ed3e99b890e25268d81b21b110b262e956f5305d3060aeb2e97125627df1b8b3

SHA512
b9d8a8ba06af696bf90dd4184d03c2508ee3200a70f8d9cb7b1ef21dc19d4b0882757aea717544c05c981fc2121a758420548065986bf78370370a5ff1883c3c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
ac2a43070b6d92d0af4a45e7ea20651f

SHA1
9fee0d48ddd378c0f6c4224c058054b848a70cbf

SHA256
c95a6d332e3ec81c225ed450d3adb0e5ba14cc59893da702a3544d7daf096ca1

SHA512
c2da59f981bb082c3f4d012a992444186cf77037e7a6633fe8907f4c0ff9d4a8c4c1cf61ea12e9b9228014208caadfda14a36d73d470bfe1970a78669476ea1e

Download Submit