Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

d89a26d73c...80.apk

android-9-x86

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    3010762s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24/12/2023, 05:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d89a26d73c4adb3377409b7a79ba8fe29d49ee8acf195a47743991a591086380.apk

  • Size

    12.5MB

  • MD5

    fb56e5ebf398afae480ff9798e1c584b

  • SHA1

    f5dc38a8f0c899c2b41280c6bca55058e6708431

  • SHA256

    d89a26d73c4adb3377409b7a79ba8fe29d49ee8acf195a47743991a591086380

  • SHA512

    bdd99254ebc67d4a3b5febf8f61078c8bc0f185e8b2356e84d391d04692ae7ee9e8abe8ed9cdce1e1af6c3fe3fec4447d1b7cc56dfd8c903fe86000b6d94e5f8

  • SSDEEP

    196608:9IfTMur+TGI2AS/9rdNNlPrI9/yVYHolLviE46wdAqWDEdk8xqaHdmsogXByhvN:9uTMuiCIkJ3+y94Nd1dkMldz0

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • net.yunyuzhuanjia
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4255

Network

  • flag-us
    DNS
    hxqd.openspeech.cn
    Remote address:
    1.1.1.1:53
    Request
    hxqd.openspeech.cn
    IN A
    Response
    hxqd.openspeech.cn
    IN A
    114.118.64.119
  • flag-us
    DNS
    hxqd.openspeech.cn
    Remote address:
    1.1.1.1:53
    Request
    hxqd.openspeech.cn
    IN A
  • flag-us
    DNS
    www.easemob.com
    Remote address:
    1.1.1.1:53
    Request
    www.easemob.com
    IN A
    Response
    www.easemob.com
    IN CNAME
    www.easemob.com.w.alikunlun.com
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.226
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.227
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.230
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.229
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.228
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.224
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.231
    www.easemob.com.w.alikunlun.com
    IN A
    79.133.176.225
  • flag-gb
    GET
    http://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=
    Remote address:
    79.133.176.226:80
    Request
    GET /easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version= HTTP/1.1
    Host: www.easemob.com
    Connection: Keep-Alive
    User-Agent: Easemob-SDK(Android) 2.1.7
    Response
    HTTP/1.1 301 Moved Permanently
    Server: Tengine
    Date: Fri, 29 Dec 2023 02:42:32 GMT
    Content-Type: text/html
    Content-Length: 262
    Connection: keep-alive
    Location: https://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=
    Via: cache8.gb1[,0]
    Timing-Allow-Origin: *
    EagleId: 4f85b09c17038177528822398e
  • flag-gb
    GET
    https://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=
    Remote address:
    79.133.176.226:443
    Request
    GET /easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version= HTTP/1.1
    Host: www.easemob.com
    Connection: Keep-Alive
    User-Agent: Easemob-SDK(Android) 2.1.7
    Response
    HTTP/1.1 200 OK
    Server: Tengine
    Content-Type: text/xml; charset=UTF-8
    Content-Length: 8074
    Connection: keep-alive
    Vary: Accept-Encoding
    Date: Fri, 29 Dec 2023 02:42:33 GMT
    Last-Modified: Mon, 03 Aug 2020 03:40:42 GMT
    ETag: "5f27873a-1f8a"
    Expires: Fri, 29 Dec 2023 02:52:33 GMT
    Cache-Control: max-age=600
    Accept-Ranges: bytes
    Ali-Swift-Global-Savetime: 1703817753
    Via: cache16.l2fr1[596,596,200-0,M], cache5.l2fr1[597,0], cache7.gb1[719,719,200-0,M], cache8.gb1[721,0]
    X-Cache: MISS TCP_MISS dirn:-2:-2
    X-Swift-SaveTime: Fri, 29 Dec 2023 02:42:33 GMT
    X-Swift-CacheTime: 10
    Timing-Allow-Origin: *
    EagleId: 4f85b09c17038177531132921e
  • flag-us
    DNS
    alog.umeng.com
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.com
    IN A
    Response
    alog.umeng.com
    IN CNAME
    alog.umeng.com.gds.alibabadns.com
    alog.umeng.com.gds.alibabadns.com
    IN CNAME
    alog-default.umeng.com
    alog-default.umeng.com
    IN A
    223.109.148.177
    alog-default.umeng.com
    IN A
    223.109.148.176
    alog-default.umeng.com
    IN A
    223.109.148.178
    alog-default.umeng.com
    IN A
    223.109.148.179
    alog-default.umeng.com
    IN A
    223.109.148.141
    alog-default.umeng.com
    IN A
    223.109.148.130
  • flag-us
    DNS
    a1.easemob.com
    Remote address:
    1.1.1.1:53
    Request
    a1.easemob.com
    IN A
    Response
    a1.easemob.com
    IN CNAME
    a1-v2.easemob.com.x.easeslb.com
    a1-v2.easemob.com.x.easeslb.com
    IN A
    101.201.233.110
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.46
  • flag-us
    DNS
    alog.umeng.co
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.co
    IN A
    Response
  • 79.133.176.226:80
    http://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=
    http
    444 B
     789 B
     6
    4

    HTTP Request

    GET http://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=

    HTTP Response

    301
  • 79.133.176.226:443
    https://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=
    tls, http
    1.3kB
     13.0kB
     15
    17

    HTTP Request

    GET https://www.easemob.com/easemob/server.xml?sdk_version=2.1.7&app_key=daxiangxinxi%23mmzzb&file_version=

    HTTP Response

    200
  • 223.109.148.177:80
    alog.umeng.com
    240 B
     4
  • 101.201.233.110:80
    a1.easemob.com
    300 B
     5
  • 124.128.23.78:80
    300 B
     5
  • 114.118.64.119:80
    hxqd.openspeech.cn
    420 B
     7
  • 223.109.148.176:80
    alog.umeng.com
    240 B
     4
  • 172.217.16.238:443
    tls, https
    858 B
     40 B
     1
    1
  • 172.217.169.46:443
    android.apis.google.com
    tls
    4.6kB
     8.0kB
     14
    19
  • 223.109.148.178:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.179:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.141:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.130:80
    alog.umeng.com
    240 B
     4
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    hxqd.openspeech.cn
    dns
    128 B
     80 B
     2
    1

    DNS Request

    hxqd.openspeech.cn

    DNS Request

    hxqd.openspeech.cn

    DNS Response

    114.118.64.119

  • 1.1.1.1:53
    www.easemob.com
    dns
    61 B
     231 B
     1
    1

    DNS Request

    www.easemob.com

    DNS Response

    79.133.176.226
    79.133.176.227
    79.133.176.230
    79.133.176.229
    79.133.176.228
    79.133.176.224
    79.133.176.231
    79.133.176.225

  • 1.1.1.1:53
    alog.umeng.com
    dns
    60 B
     227 B
     1
    1

    DNS Request

    alog.umeng.com

    DNS Response

    223.109.148.177
    223.109.148.176
    223.109.148.178
    223.109.148.179
    223.109.148.141
    223.109.148.130

  • 1.1.1.1:53
    a1.easemob.com
    dns
    60 B
     118 B
     1
    1

    DNS Request

    a1.easemob.com

    DNS Response

    101.201.233.110

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.46

  • 1.1.1.1:53
    alog.umeng.co
    dns
    59 B
     132 B
     1
    1

    DNS Request

    alog.umeng.co

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/net.yunyuzhuanjia/app_push_lib/plugin-deploy.jar
    Filesize

    202KB

    MD5

    610ae20fa40cb991ef4670582bc3996a

    SHA1

    bad8dbc9b7226fbd4f1b97dabe777c36605ccc9b

    SHA256

    010690c6a9fe3d6e21c33940453cb2a5c41e26ac24ea42e3732111613701eede

    SHA512

    8584fa3850e97276d6afef61dff9401531cd7830a3a7660fcc3b75c21c55196a59efad46ad763f1695f59c99874e29aa285ba9d9f43a5989d004a0e115d76b1b

    Download Submit

  • /data/data/net.yunyuzhuanjia/app_push_lib/plugin-deploy.key
    Filesize

    174B

    MD5

    86896cfc29159ebebbdc72a7fea66d3c

    SHA1

    76f71e17f279e9010cd1f16d9c979f75bb9cbdb6

    SHA256

    4040246e2cd23768965dd2720eed8ab30b0891eb7324201ac1592e8e39eb7697

    SHA512

    89d4d3e88c41bf4c9cd527ed6c7af45e14545019b1d86414fd7965fb6dac79a6a8f1e8c4b4de4503e6bef2b98ad32f37d319c7e29e807b2b83d56cd867ab9ca6

    Download Submit

  • /data/data/net.yunyuzhuanjia/files/mobclick_agent_cached_net.yunyuzhuanjia
    Filesize

    197B

    MD5

    b27b06969bc2c983d00ca86f3a13d65c

    SHA1

    804b5a06d1945d68dbe0f2ed627a79f7ffb844de

    SHA256

    067058ff12b58289b579264ea980916ed05b31c6d412ba176c9d8dc60418a428

    SHA512

    e1c6ea7bea22e070d40abb3a562efbdd2fe86245390ac271cbb557270aa1240bd0228046a324228db012a9c61d3e2539b0d083c208ce6a5ca7e714ed4367d119

    Download Submit

  • /data/user/0/net.yunyuzhuanjia/app_push_lib/plugin-deploy.jar
    Filesize

    507KB

    MD5

    058c9e49195a1ab48863deb84a028f63

    SHA1

    a35b0dc7822174cff3683e1aa2b5cf85833733df

    SHA256

    ce04c452c6c3dc56dee78205f036a779c7144eb607dede07aa054f93f77ad049

    SHA512

    081643598f3bbda4d2f560975f6e6fec8da94c8a578d80c05cf6f035ed3766db65de21cbe3ec92a16060e5ea1c1aebe37bd339de76365daf67648fd5967e5c47

    Download Submit

  • /storage/emulated/0/Android/data/net.yunyuzhuanjia/daxiangxinxi#mmzzb/log/20231229/000.html
    Filesize

    85B

    MD5

    40ea6f531e259aa0153f26c5efadf25b

    SHA1

    cf8c73822d762d3440af5cffc0b720882676a5a3

    SHA256

    2f4b2551efaf3ed7c5a291ecfa8417729b7423f99094782acbfbb52d63ecaa57

    SHA512

    053e948454029a7c88f01c03541571b34e61721cf56263775287d80ac3079fc07cdc4c184897d65f1966d3dd147d4a55198fb8305d215c2159ab65b663f721c7

    Download Submit

  • /storage/emulated/0/Android/data/net.yunyuzhuanjia/daxiangxinxi#mmzzb/log/20231229/000.html
    Filesize

    82B

    MD5

    2ac604a154dc18f0cc0c25c4fe353f15

    SHA1

    cd3a7517561f8575a799b1a6a30e8004271e1e06

    SHA256

    4c83ab2ba42717347a1f12f613e0b801d05b9093a1043aa0f268fe82d9d6460b

    SHA512

    fc6f5ea13d1d04ad229840306cf19087d4fa15e76d2cb25d52a1aa9dbd2df3e5b490135f18e87ad989e7c5154364a7e1ea3999ac309535698fdd6c85e39d6c4e

    Download Submit

  • /storage/emulated/0/Android/data/net.yunyuzhuanjia/daxiangxinxi#mmzzb/log/20231229/000.html
    Filesize

    113B

    MD5

    012450b41bfa0e078831794c05b3daa4

    SHA1

    e23b44cb093eb6df301afe937b5256dd3738896e

    SHA256

    4c3b58461a4ffe2d598691ff567891094a7864a7138c85ea00983015dcd32bb0

    SHA512

    852c752e915b049caa08214c9d6e0a216eacd598a725b4ca468ff7607c89aa1495b38455270854edccb7b2b921210d66833838f1df52dbeac39e7961b5c46958

    Download Submit

  • /storage/emulated/0/Android/data/net.yunyuzhuanjia/daxiangxinxi#mmzzb/log/20231229/000.html
    Filesize

    905B

    MD5

    db75868e44c9a4cc716f29b3b2dfea7f

    SHA1

    8f9fa27691e6e2298b1e5a8d721bd4cae8ea0cf0

    SHA256

    d6f03477eb6ac7baab8379d39137d81aff8c42d895c895d816f2328af8fcd4ce

    SHA512

    2181fdde2bbe4dabada43147fc3214d86854af73b26d2798d0375361ccd418d1413b0f098e361f81c7af15e4ef86e8943741cfa34470cff96d7792587e259433

    Download Submit

  • /storage/emulated/0/Android/data/net.yunyuzhuanjia/daxiangxinxi#mmzzb/log/20231229/000.html
    Filesize

    172B

    MD5

    aa0b0e9747dbee954e611502e0767d9e

    SHA1

    fafa7fb09f4201d97f2dd7655be916c4597f97c8

    SHA256

    c0799f34b85966a0c674799a36f3441d48b0d0073e832683e64ef307d763711a

    SHA512

    acdf098560d415bd0ac35668a2e723329ed1d1f08e614b95209719f35e766e303b01a3c9ccec395efbe83737ec42a6f849415fa6fa9f60487810dee3182dc581

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.