e195ae2b20b8cbd836d59f8fc907e138f5101b3a4fb5cd92dac1fd609f8d6322

Analysis

max time kernel
2781675s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/12/2023, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e195ae2b20b8cbd836d59f8fc907e138f5101b3a4fb5cd92dac1fd609f8d6322.apk
Size

6.6MB
MD5

49510d75d69a0262bc98d72df8275d7e
SHA1

a7cb0c919a2947c5c5ff6a5f92fa3fe458e87a93
SHA256

e195ae2b20b8cbd836d59f8fc907e138f5101b3a4fb5cd92dac1fd609f8d6322
SHA512

a0120cf3f206aef9df7f3f4eeca76b6586f936f04bf0d58fb4e13f8e617984634de660a74fc5329fe135eeb3b1b07af0c315d3a785b060200cd924d6522653f4
SSDEEP

196608:T1fhJfbb7QB/8e5Uz20R8rmhD0GCFcWJ2TVMa:xZN/7QB8ejZahUOWJ2xMa

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.jufan.cyss.wo.ui

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jufan.cyss.wo.ui

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jufan.cyss.wo.ui

com.jufan.cyss.wo.ui
1⤵
- Requests cell location
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4603

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jufan.cyss.wo.ui/cache/CommandCache/05bcf2ba694186d5c73c08e0918aff41

Filesize
1002B

MD5
f587635616652b40d3bc7d33eee85d21

SHA1
84856ef9fddcba0ad77b82795bb9e3f606524cf1

SHA256
03f5ecc5ff2a351f64324fd5ee37d5272ed3b946f85a306afc16e4d97290b916

SHA512
43e331bebba6db374347dc86298bcc26c916cfa8a866ca330aac7d347efeb000c576a734a927bdf234794ea3b57d2ff1305da1d3332c4260d7f20368b4bafbbb

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/cache/CommandCache/46c7b3b50679021850cc2212615e8a71

Filesize
1KB

MD5
aee397ad6873e51d40e4dba5c237135e

SHA1
787e84d70716cb7354f839827a4ee1c091f3dfb7

SHA256
b274055d635a7b698539f8cb458669e73aed48894540acc15badccf68fbab8ef

SHA512
95c036d723f243b53e84ca2f2a2f082f0ec58b78079bcc23986e72a7bee6b4ff184ffd623dd9e568f6636b50e1059e044691c6b3b24e774c2b5fd7225fd912da

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/databases/Woklk.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/databases/Woklk.db-journal

Filesize
16KB

MD5
4b74632e167811a9a0074e6a6a9bca06

SHA1
023edc85a75ebde35de2ea2245a6986e557c7f73

SHA256
42f0cd13dea923c4bcea9c2ae76ef5c40b839c7b761dd44379e360c16632b94f

SHA512
6052a08df6e5250c2bdbb4f96744282d1df68e184a35b2978fc0e84d003ecdf0fbaa7a13a86e47af9c37bc8211bdeeb788e0b98c1fc4b58683012fbd4c203608

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/databases/Woklk.db-journal

Filesize
512B

MD5
64b27f46265514adc4971a2b54d417f3

SHA1
74ccfa471cc2713671eb80f1837b86c510f0b2ca

SHA256
f4e1788ed3b09d2b5ad5dcafb7687199b4d263ce9a4a95fdadc7d7570d275bba

SHA512
1ffa905fc4141b649bb85f34f0fc08673442afbc3c847f0bed01520ce276da752bb9984dd477ec19bee57e333f7cc7add829273e0922719eb5298b3fea16eb75

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/databases/Woklk.db-journal

Filesize
8KB

MD5
bbf54edab491de43325edb8aabdc5e5a

SHA1
dc35759f79973778f67e7470dbb04867d475f23e

SHA256
ddbe259c62e528010cfb4609fcdf53c2e3ff36c835c5977c293a6ce8855051fb

SHA512
b00505f22e0f4d620832ed62ffb3d22febcd0f9f3925acb20603e6cf2ae6b7f713999cf7ac5457320537a5c562536ef517c19e932a443843c4c7293667468569

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/databases/Woklk.db-journal

Filesize
8KB

MD5
0193c9b26931d2fec7b0110152cf32e0

SHA1
feffb15b4e17f291d1611b3ead6d0c1ec4d5f04c

SHA256
ad9d6f49901169734ce3e162fc9a4ed73b886b7c85795cc3ec75c14ee26af005

SHA512
a9fe0c00f8379cc3bddf0c2afda5739c52b7a127fded759976394bebe377ac9d4cda94a1507b60530ad9b8b31087c66c1ab86805ad1e6b436394ac37ac2bb581

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/.imprint

Filesize
931B

MD5
38589c9e41d2fea8700aa063c00d2560

SHA1
d121087b76139193c8074c62d6ff94679d52fa4c

SHA256
ec88718c9e8ec4bfde4ae99e38612d02b3baae57e4652bea100bf7d0c95ad47c

SHA512
9983f1cee9afb3f2030b48a6d9731e41cc9c6c3add036436dfdf5b41bd6bf16d7fe5789441b7ef4007fe8fe738bc50e1146d04550ef79110f1f5273ecd761fe4

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/installation

Filesize
1KB

MD5
309877c731eae6ae1e2618a500f86fbe

SHA1
ddf03fe65882044d1d024e7309c8ba6d9356869b

SHA256
cdf64ba4d007385daa6e53b826efb3f28d27d7b3389c36a8300536a76d5e7d9b

SHA512
219290a3de664dbc446b8709b5b123c3fc519aa1e863245ec2f30721043023dca37e6157b30e9df9f6ab791c5a674b06cc7aa0850705c39c17ea03441bf2f767

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/installation

Filesize
1KB

MD5
c3a5b63d2934e9d473254cd163521de9

SHA1
59b9e53b15166128efbd398bf0edba9e8bd24156

SHA256
ea09c592262afb0a96bdc14e6b56f29adeefe61654f843259019861a48aaa9b3

SHA512
c28c52f4bc1f5ba0e876cf8127c3ff9604a972649c62afab815583907a01aac0fe38320e12b70896548d3476b6c82941df9f728ac73d60e77ce090fdef7b42c3

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/installation

Filesize
1KB

MD5
d8dbd4bf1f4bf52200bdc9c5d7b35dc4

SHA1
29495f511831b6fe703248733e5bd9030ff606f8

SHA256
9870f4f47e4ef24123452324d9450a26972ab6e2cb84c3dddcd89763bb717990

SHA512
ec5039c4b0f5f0fc855e69de8cb0063d9b84b4bf562f307608aa6b4dae91a4e31a722e383780dbb61f510c06a39b715c800ded871f64a26898ea0e321709fa14

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/installation

Filesize
1KB

MD5
e5db91680f4336e8ccbb0eab169bcda6

SHA1
8ff31c27e4575d7011311b0d35495f32935790cc

SHA256
8bef7eec2a3a8227db403b176ca31359d758e7acdfc4abe9346d7cfbe49d7e7f

SHA512
10b43878015f1a35b8601977ed280f29a45cce89a2241bc18219ffbf61af4136f0064473c070073d8a312b9edc563298ece8dd2c6b205b883a06c8650887c72e

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/umeng_it.cache

Filesize
328B

MD5
d7495704a1371cbb1eb7076cda15fa0f

SHA1
bbbbb2b6552ac41c67a249169c5dab05fd0125fd

SHA256
0f38e595dc44386eed4e5ad706e8bb29a974e60fc69d47ec24d5cd707053f704

SHA512
b7cab3efac416bba36c9f277c50723986e188f4fbeb279799931665336cac11812e001d9d13e8074588fe444fffb3da7963ed1d815cf9a1b774400e2aa698f8a

Download Submit
/data/user/0/com.jufan.cyss.wo.ui/files/umeng_it.cache

Filesize
167B

MD5
3249786fda8040b8f10e9541653b44bc

SHA1
83e20a4069687eba6d7257aa58aecf271c466eb9

SHA256
600f4c4938347f87e4f2795906fd7124f280a2f858fce1e5e01ae24474f37e78

SHA512
4810d72992d1f7bfa512c6a27fc0a366e99c8510dcbb8b64e73ef659b9989e48213b8ceb2273d9011aa2c8e5b587b11e122d0a3e2a39a5ae54c1a93f377344c7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
d265a2d71be550ecf2c703ce4313e742

SHA1
b0354687f477dc866b84f97471758323cc3e9091

SHA256
bac5e8a9aac1f50b650673608749bc421656d96819bc6702a8847fbd4bcedcba

SHA512
7da05d51170faa6868fe1d9c7280526e9d6a4648c4edaf2414fd82d44dda2ea9403ea4395200e5c90db124867d83892a7cd68ad5699325addfee5b851109a638

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a5c5d9a9d514a3a3d5e26e6425f7032a

SHA1
2171a5fb0c6b7ff4c0a2ecc7f4200870184d9a7c

SHA256
b37ff91d9600a095c7b471b4d1ad9056201bf81765439ca253e3c34c47086ed5

SHA512
48f3ae4ac059b07a050bf4abc1ec2ee48131d01ebd832997f4a27c09f1b4b1452c6c031af8e44512afe37d8b1148d9e4daecc297f716e367502f9928ce41154c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
408B

MD5
d4e5a3cc4c1f1bd0c448d8ee81209a42

SHA1
a053ae5f5589697106533300db2568a565d20f37

SHA256
ca25be0ba8e09fdb8b54b919849fb179277b9324ecba3b2fa1d5394fd42d41ee

SHA512
6515bdcb3b856b11f0e39aa0710f6ff796e9fc1d3408702c5775577b3f991d8b932dfdc1587abd5b528bb436ed356cd1c323db5b6c104852748b006829a6b5ad

Download Submit
/storage/emulated/0/Android/data/com.jufan.cyss.wo.ui/files/carrierdata/1703588675

Filesize
382B

MD5
e04aaaeca88dad5aa56b2489577e3b07

SHA1
dc6e4d6e863f64567786e0fcc57182a891ff5c61

SHA256
36947aeb237b04a334c8885e4701c7c008cc9400f1f8ad775d81dd20f421f03b

SHA512
a152707f427eeab00e52f9da789d5c5fc0cd978053d95be662e87a15caa873b6e653cf7f103b37d76dc554dd0fda8d261d504a521070eda403aa941ffaa7f871

Download Submit
/storage/emulated/0/amap/mini_mapv3/vmap/model/models.ind

Filesize
1KB

MD5
cd345fd9f7e95bd609198b1907c366ba

SHA1
929d20deb4b43191519a3475933c0c7f3177b677

SHA256
001d87574f1700060e5950e2b315c9d59591fe70584a605395331853745c0177

SHA512
9fb6c891a13477b408efa73af6d2e363aaab52e67b2874e16890958d6f1c3a4b8ce748cbf3250f7c1881a83d99e7b2c4e619e53ff0f24c08ede859e3b1636bb0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads