d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae

Analysis

max time kernel
2772683s
max time network
165s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
24-12-2023 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae.apk
Size

11.9MB
MD5

98218a556e2f63ca741f9a0ec9532a9b
SHA1

306fbf1276c923124bbb8092bd1e8f077f48e075
SHA256

d597c44a5935f4e3457188f036a90f9d2cef6a63ff518e5981736d91eabd0bae
SHA512

2226496bc89412a39c32328126c8d1cd1f0842e05fa4a3bc4917df50b86ec51cc2464a1e6313fa487435fac29449d23c3f840a2c5de432a1dfcf51f2ff119922
SSDEEP

196608:d99bQ/v/caCRGAzQScgJI65Jnr4YJecGGLxQRgKuulF0n6WXI8Pdeyq3jQoGdKH8:VbQ/v/AzTtJI65JrfQRduDn3I8WQPgfU

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yundu.YaLiMaino1691oApp
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yundu.YaLiMaino1691oApp:remote

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	4995	com.yundu.YaLiMaino1691oApp
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	5040	com.yundu.YaLiMaino1691oApp:bdservice_v1
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar	5083	com.yundu.YaLiMaino1691oApp:remote

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp:bdservice_v1
Framework API call	javax.crypto.Cipher.doFinal	com.yundu.YaLiMaino1691oApp:remote

com.yundu.YaLiMaino1691oApp
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4995

com.yundu.YaLiMaino1691oApp:bdservice_v1
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5040

com.yundu.YaLiMaino1691oApp:remote
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:5083

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yundu.YaLiMaino1691oApp/app_push_lib/oat/plugin-deploy.jar.cur.prof

Filesize
222B

MD5
0d52160ece98e5ea47af5ccb54e36c76

SHA1
c5b5f965dbe0dd56c4ab29022a58384a3458e75b

SHA256
9c9f90ef035d0806a6a7d5d4b33d2eaa15029aaf6a39197e7338f24d3bd9dbc8

SHA512
db0568a4fb09e105ff5cdf41d9d926850893a51db80738bac7f95ab768317cf6e025f86eab9ac48abd498c599cdf3dc36177064ce735248bb71ceb6ebcc25efd

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/lldt/firll.dat

Filesize
76B

MD5
09f3483248057ed3283d08ffbba2b4cd

SHA1
6cd66409352c2b6915c195ca1d4d6db1f29811ec

SHA256
87041863c8519cda1321e0b109112c2600b60b09683107ac1173b779f77389ce

SHA512
5be0e1f9ff28098219611f56e265a33be9964cd34bd28f05362379afdb18e14e776a6f107b5b94d28d2e96fdd7af1803c78f12553ba32b9b4ba3d8c4695a2366

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db

Filesize
28KB

MD5
49eefa442e55be8652c7c3c5f28d912e

SHA1
941ef7e65d47d38dd5f47084663f4fd7f57fbbc9

SHA256
63d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7

SHA512
b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
c928ade2650d23af3e9e10c0d8f36562

SHA1
c6ab20660df55f86ea69f431075cfcdee7fd6a1f

SHA256
53ba968c8af3d346494f13cc2db81d20a95394a8d22dd20df5b049146992da81

SHA512
dfb1320e4da3aad6c09ab531900dcbb4abecdc12eaf4ae891859b35246839f5e2aa14636ff88501e9a73ac0fa0c434d3c4a0be15628a1ea227f33f65d7ca34f1

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
bad1778ec9c05bebc12084f0300ab594

SHA1
35379f50d66fbd1b375c5255bbdeaacc4b7b9f75

SHA256
4e736704a45e7a6e0ccc06fd3023c43b96807f4a174c1131b8fd5efc8e7208cc

SHA512
576c2eb6d3ab24ba2ccda4d331f03c573ae87338fc1184fd67f6f031c9c2f424a2c46a17894a47afbd17f7edebc1f0027a7359b7f7c38ad2c1dd98d4619329b8

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
f2114beadf6a304aba6bad58b09bace6

SHA1
bd35c6bc9559c6981218f471d43d2a9922184018

SHA256
226f9e1fb9f269fe135616907f80798f8638cebe2db6b1a72d41113504670953

SHA512
0b4a04e4d5b14e2633747b715b85f0ddfeabed455fc2dabe457040f51a3423adf0827cdb8c5d9c03f26023b0fd1f71b138ef197954399714ee163e7fcb6ab47e

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_location.db-journal

Filesize
8KB

MD5
7e9ada1b195e6e07943a61c8f0b161c5

SHA1
cb64559c4e73de5f7681bfc60dbc3c58ec4c3984

SHA256
07c66b55928792a169e231c053a85b05fcdefd92e17f0fbbde4ebea9f314f9be

SHA512
fec1c9f0acd3791c5346d2399ee822c3667291d6246ccabb4450fe78cce8ced4a2ea55f4eafcd8ba3560dce13e49695cbc2556767bf72cdf0fc430354c50edc6

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db

Filesize
64KB

MD5
f63fa6bf249652927a6693581af7f1cc

SHA1
deb3f030068312b4327ca14ba7304f62e3c54198

SHA256
9794f5ac5d1cdeb9c2a89be420e977c7c860c8911dd119a3bd65c2ff2e16e97f

SHA512
84b8d04741377790e62ab3ef0555802250cc6c72553ba313a6991895095c88465d40dc9d9711a02ab682e94f98178f53055125e03f3ec68f7d8874fd5974e351

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
3315f25376eb0511a4eed33ee03cca2f

SHA1
b4149fc350d665419d7516bfd0b1cd1bfa5472a9

SHA256
16ce230f843ad5aa8886059ea466d2c362bf24639437a58d7794e669a69e62b8

SHA512
0ba78ab6005666041de642075fb202cdc3a8f5e69f64bf87a7929fae3729e44b3bfc751e32ecf821d9c8f139451f5810cbba917e8dc81d592abccd1c9e39e6a2

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
1ec3354fcaf3ac961cb65a15110e8799

SHA1
182f9007ea04e7093109951921b327ed68f8bf30

SHA256
1307f5a857834611d2a5f268cbf25e4a1dc86e6d08bd8ce024ed3cb290d6ad60

SHA512
393b7fe3a5e3ee03f60410990cb3e6d262daa65936679360d86be3a1820bfa15f0e58bac1df5c5ae634d597d79b396c817c8fdd917605dc0df2ae683998f8f5a

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
4305f9bdc35635403421095171a990ec

SHA1
8aab44aaa9bab96d3b58d5c0e9df4b1df068f0a0

SHA256
08b7a560cbf1e426827b54fd285fd45177b2e0bf0d07eb20baa368869cf6a600

SHA512
e56605102f23b783ee30b8a37aeb495ff6e2594e1038a4fa8ff5d1bd3125d438cd1b569af9ab4155e7e174f584dcf7ab3c9251df7c94062024a77a9207f85460

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
4ccb345c7e2e85a4df4f437ca62a9770

SHA1
e0d76f3604948b22e934957762ca645c89d16ae0

SHA256
aca2be89a7b335b975967a972ec5c5f760307aa49909b190b9f759cb53e65e0c

SHA512
d3f3644db8774ee3cb22df55f06541e496a51d46f967c4a9dbea41ff91dc3cb8959fd3bf97c6f602bae5f7c47c19cc872bdafc541959e2e9bf557aa9ac7e9397

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
b89e1209d26357cb0437af0ca46182f1

SHA1
4439551f344e887dca5276c7964649ce34acdf9b

SHA256
13e17cd4d58a3cdb05b6f47e904c04af4685553cc62d95b2f2c1b7b4f9f81d0e

SHA512
83557ca4669ecd30aece9dfa0ec4809ac4e9ee1d9ea28683a13dd92d00f9880fd95c2105aea29642951f870431f621e73408eebeb64428fdb654ee5b0363a634

Download Submit
/data/data/com.yundu.YaLiMaino1691oApp/files/ofld/ofl_statistics.db-journal

Filesize
8KB

MD5
7a8bbaaffba48d3dccc28b93e09eeb8d

SHA1
4b4416d51fa8b73c945456be151bb017debff6f2

SHA256
76b14179772e33b9c8ce0bbab91e40fd4a38ce789719aefb9ff269df746b9e17

SHA512
f3215c4d7311258bf35f2c4b7d0e38bea69df213fc40f5a5718dc758afb592d28a4e7f3f226db85c8ecad346a6ea7f29b18e29545ec1dd44ac98c75661f4be1d

Download Submit
/data/user/0/com.yundu.YaLiMaino1691oApp/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db

Filesize
20KB

MD5
7b70e5b38c90770ddff5d97be00f8f7e

SHA1
dd986be8e4aa37d047d7caad0cbd99d93ebf2a5a

SHA256
2d9b1477b057cedc7e98c86e7b0144a614ba4dfc7f02fdb2fec73ac64684e48a

SHA512
1a95f10d055f8dabcf0497a54b7bdc73a7082e3e017bac8df1be39526669db058139ddbfece24bc168f85d27a96a9aef8633e6984ac6b018a739c33f149364e4

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-journal

Filesize
512B

MD5
dde2af72bb521c6bd99936f6ae2c41d7

SHA1
76cf5e6e5fe6bfd2c9a19fe2929dfe3663ded164

SHA256
4f98c82c790a1b3a0e01defea57d49aeb623a4b3bfc1e9ea7d8c081c09cc3001

SHA512
764344b8bb4662b86a7492a9d908efaed69f2fe35c2990168bcc87bfc0555e4cc1b617feef4fae2b6cbf9e3a811d86615c5f974ead94ba09a86c02add1521b77

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-journal

Filesize
8KB

MD5
90a117464c3da19b1d854a4005aa8d76

SHA1
03abb200e84da33fd017f0a973fe7b228e2dd988

SHA256
9c9ffe1e1c29c42075303d0fa05ea1c6df2e589f738cc77caec820d1c2997a12

SHA512
07ba3ec31da178897a93902a8ea0cbf776fc9074075f26254a55216e5efc3f3420a16a62e7cb6ce8c492573665b6dd6e5ff54e802c2388e933ee6b78a88bb4e3

Download Submit
/storage/emulated/0/.YaLiMaino1691oApp/._cache/.dat/yalioaData.db-journal

Filesize
8KB

MD5
be5fea8a6f3818a35661dfdd3dff5cd5

SHA1
194e2474647d39a1183f73a47db05c97cd67eba9

SHA256
c7c83f11e9180a932eab95279dc7f8ce6afffe909dff7ca15974930872c362dc

SHA512
2cdae8cb69a09b049f22a3348585434dd756d824125391759771178548365296fe58ce7079dca7f23d0c8791021f03e9cb9b4a43ec19aca9096123602595b458

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/llg.dat

Filesize
137B

MD5
8199b75e895e303d5276523669a28612

SHA1
c81379b9b219b7f6b79e69dc034490257f64bad7

SHA256
e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

SHA512
abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/llg.dat

Filesize
1KB

MD5
34d7125107f092b2e561258daa857dec

SHA1
52961c3c1d812598850ae4639ed6a2669ac46c82

SHA256
54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1

SHA512
d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.yundu.YaLiMaino1691oApp/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
50725ec40df11f1a5bf18d996ed96bb2

SHA1
9fdad8c15ac604ee3c15a8cf3602827bf5cdef44

SHA256
51f2098bdeba12e2cb8b98aac37ec79f63699305cf56c19abcbe7e4bf5a6487c

SHA512
03c190ad87f6c85368d2811c2eae8e597d19cff3d906459771764a59b43d043f7a0bffd14cdb4bd780b8648fd0086e0855d32a40506e4e30ee7b613f52dad67c

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
5f14737b54052716c3b2268d355d3403

SHA1
114bd9936e4c4c7451f748eb2ee379f69402bf8e

SHA256
0bc2acfb2fe8a60b59d7ab613e75736d973a0fa83dd0b0b39970b3e20c195001

SHA512
5eaa31711303859762b771a0c98056bc4d51fa645846e9ea738b49c9ebef21dfa2272ec490a7bd0360ab038a8c0cb2916df62ccac60a78bffc327bfdad13954a

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
2cd47ada17ad7a4e3d5e2717cb2762c6

SHA1
7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5

SHA256
5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279

SHA512
c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
2592ef251d0e629f60f813ee87b689ec

SHA1
6a3cd5f3e599ec29fafcaadbdf490441780c53a5

SHA256
b4f19411893a191baa819c0d9933486627a5122e8ca49154030a15b1d04df92d

SHA512
c69e9f23d75516b03c1fc4b922fee0067e383fc3e69d8ae1db9c1590ed5fefa88418558975a8224e597f3249aa7faba45478d96a0bb42d3afe4416a86acc3e02

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
20KB

MD5
776c44f72646790033f2cd2a4e3dec10

SHA1
f61cb7de37e5a857d7ef3da573fc2ac1bd2e452c

SHA256
d3bf7030403dd2606611b727519c95f067d4517e084cc5b92eb9fe6941343207

SHA512
99642f38e784a01f90e471976736772d5b989f20d6207d82852a4b1e1f39f292dc3f0722abedd36fe655b7e87a32ee05217ac836919162f71d4cb2eb12a2aa1c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
3242786eb5623b26d330f98555b26bfe

SHA1
05c9a63eb50829119d2af41cd08fb50e56ab6b69

SHA256
282c02c73191c716e1f14f0063f7f978ed39be12d589918991f0045aa9b4445b

SHA512
24225b5c3760166ceb3a24ce320149b80ff34d00d1449eff566c39ad80c11df54924f953f3dd7012b21efcce9c6e3e998371f07be7f2701b284c961f550af56a

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
5896dd1ed63e34c2739c6be288e4eaf9

SHA1
b99f0f4fd595d6923b7615328d3108956e117111

SHA256
aac371770aa7c4d0e1b52c5276371ba843f7f79ca94a3c99f615d0913904f0f3

SHA512
1fa0f8b20d54dbb0b1a678396d9ddd08df91bd5e34e07aa5c7ccb1b323cf726bcb2cb2b5cc6eff0be3aa740cb9a61b4ccd05e252ea0b57ae6dc382503904f888

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
7079eae1872f51ab74afade36679d8df

SHA1
0b12796e15d25c28e50708fbe3be636ad6f5da43

SHA256
1d61131856d519739d160bbb0256930c437d7c0cf433ca91a39d4a05d385c22d

SHA512
1850d6cb85e7a88812d18d8806e4813d5f538b562eb8abde13282fc96a1de21f797cf95c506d79c72e547339030126fa459a3f10017d19fe8cf6e6e33871baf6

Download Submit