e23dcba0917bfcf05869fc7ae571f803cc9ad954b49e2ba56fa68807ec5092fa

Analysis

max time kernel
2782066s
max time network
161s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24-12-2023 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e23dcba0917bfcf05869fc7ae571f803cc9ad954b49e2ba56fa68807ec5092fa.apk
Size

18.0MB
MD5

1cebf3f101c23528f09de6699b0017ff
SHA1

5909cfc306ef474388c7b2d98b84ee7c6eb82b5d
SHA256

e23dcba0917bfcf05869fc7ae571f803cc9ad954b49e2ba56fa68807ec5092fa
SHA512

5fb699672745ba5e3058e479a9a1c4ff6954b68aad2ccfff93437f68cfc4e332ddd145a6cdccdf3efb4ae33b4ea38299f36953546bf15accf910dc85c1c71eaf
SSDEEP

393216:Vrasio58Qwelz1apcTJlZFhXO4EUU5a/UEkRvUlVfF3ctTr:Vrx8QwQ1apcTJr+4ET5a/ULRYfZer

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.yiwang

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yiwang

Reads device software version 1 IoCs

Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot	com.yiwang

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yiwang

com.yiwang
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Reads device software version
- Uses Crypto APIs (Might try to encrypt user data)
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yiwang/databases/yi_address.sqlite

Filesize
386KB

MD5
62f6b2a98e8c5eb80994f1fd31bb01d9

SHA1
a1e0911821dc52e990284787d19655874d63ef2b

SHA256
c56a23ea0eea2f2bf3fe8c17553c512e7b994c45c8d76369dff01b94473f8358

SHA512
1e4efc6a5aacbb87f8b4b7c6e6d7348aafd7fb3c9d715505062011cd72189a817f7eb53145d844c4071cae848be80c1bb2feb4feb760662e9564c3a442aebea5

Download Submit
/data/data/com.yiwang/databases/yiwang_normal.sqlite

Filesize
386KB

MD5
6e1ebb5cfb9d02a1a48181ded18b1c53

SHA1
ce14e946e459ecccaf37d6fc7c0605c6e59dd9f1

SHA256
6f19faf398b77de7519253f0fedd0e97ecd151278dd092136489bec160da8505

SHA512
ef9cebf4d15daa594aaa24a4b11582736f5aec90d9454476e75b00f96e072b80db80bb02e4cb96ff8fc4372fa7116f5bb2fc7b5b75947151265491eb0744682c

Download Submit
/data/user/0/com.yiwang/databases/XN

Filesize
28KB

MD5
fcbe81fb1caa1326ce4d0a2da16bdff9

SHA1
3ebcfa8e3a98602e392c9d9f0fe187c73c7e225e

SHA256
4ab8b5a555ac236921e3e2ff99a1b99dd471f948e9c6783f4d2b0b4e3967df8b

SHA512
85772f64e91b0293c09a63d9cdb14977683ac3ad786440c9a98ba98d2abae0dee8f0d31ec6712e0ea2330858e3cfc43b90a797812fc1bdd42ff22cac75277db4

Download Submit
/data/user/0/com.yiwang/databases/XN-journal

Filesize
512B

MD5
8c240fec6dca6ba14eb3379d88017012

SHA1
238e2fa6e85a2e5fe3622d13c437809363ac90b4

SHA256
7d22fa8ca08d36668eb4d7dda2c2fc5c9416972b4bd6534b333e30c2fb2b4f26

SHA512
e8b02db387b5dcf3b811ceddf7cacc1df920c52247609ad4e3d6605fb0283f956cd3eafd65d12d742af65b10663b024f88545d6ee5406263a86de8933dda3136

Download Submit
/data/user/0/com.yiwang/databases/XN-journal

Filesize
8KB

MD5
d519d44108bd01b86477ea54e3f9dbd0

SHA1
158ea4a9abbbac3f55003b794eebee180c2dedd5

SHA256
465fbd3bf9469fa6b50dddc1b50f39357cebbda1f1d22566ea3122bf614c51d2

SHA512
a9d4621f991777bc6a40063daf4494030dbb63ae0d31ff4b2a6c531354b02eea1f7de3a598239c1dcee25d5234ecf335ea6babcaa156a43bf970043dd9477a34

Download Submit
/data/user/0/com.yiwang/databases/XN-journal

Filesize
8KB

MD5
6fbe32b3093bfc95543cdfd8b7427841

SHA1
60b702efed1f7a72ce2928a0e55097e88c78ed5f

SHA256
e0852ed52e55abbf4155128b7a3a3552dac8e907ecabd38684ebe5a80f4e322c

SHA512
323bf4955847659bf124d6655dffe85cb2772bb02b8d5382ba7258ec6cb3154242531ef6a0c76fda4ea8b46aa9c073b87bd5de46c46330f5caf2741c2ac423a4

Download Submit
/data/user/0/com.yiwang/databases/xUtils.db

Filesize
12KB

MD5
2e8d2b7e3b1a8758ee427d301314b7ef

SHA1
32bcf7c03fd4934e1224feaf2114df2ae56d0551

SHA256
67b1e827a498e60301f0b57d15e0e342027c49266e8be14c7441dc7f774c299d

SHA512
2a7acd5dff858b159ad5ddd05f8392dda9a0d2185dd5b2b4b20ab660d8946bd3686cdaaaeff7317d717a23a2da1d86e5e42e0221e20e55cc020a2d9a16b0869f

Download Submit
/data/user/0/com.yiwang/databases/xUtils.db-journal

Filesize
512B

MD5
a0064729dbb240ef272a8c909e0fc638

SHA1
7d4ef2204fb5039b846e971eac7d449e44ed2502

SHA256
491b7be01695de16cfadf077d69aa4cab37904a45405d861907d08d8ebcea3b1

SHA512
cec539ecc204477915a5c85b2e98a9fac270a7281b7087bcf14e8b811de8ddcff86dc0c6d939a0976a698ade512727b5810ad48941b7f21056b633196e85a0da

Download Submit
/data/user/0/com.yiwang/databases/xUtils.db-journal

Filesize
8KB

MD5
abcf8e96dcea71007abbd03b8cc428d5

SHA1
a6f0bd8a28caf3c4e6f756ebb4ed2a81e61c1bc0

SHA256
5c093097fccee00baf0edf227de52c2d8da6407ee13cf790b2981a47dc41a32f

SHA512
8affbba6fa3f3eb7d5b948212f01a45b0dbaf8e31a42c1f1c9d75dc06e19866346f7c33b22834f03657fead5a098f04aa180446dcfc4c598f3dad405819797de

Download Submit
/data/user/0/com.yiwang/databases/xUtils.db-journal

Filesize
4KB

MD5
26a722a236dd7e1159251a711071927b

SHA1
bf4f603e4bdecfd191df7cbb7b811ecc55cff26e

SHA256
04e8308e3cbf4b0f0d1523d46a72728b02950b70c1c12d71b8d0c2a3a1efc1c7

SHA512
9f350b4ee8493a9008d3f8b5dc520e5bd6c8d6e28207c45457df151cfcbfb23799aae4ffc2dd2ad4c46581a747c06af061f80bb22e8f6bebc5b251b7c3abb381

Download Submit
/data/user/0/com.yiwang/files/.imprint

Filesize
928B

MD5
a514ee97be9b0cafbcdfcbd3b1d2a109

SHA1
9e21753f76641a3fb0a4e7e994e9b60d1bfb7856

SHA256
5fe88d17f3650c30f7dcc463a06c3d9f11befdddfa829abeda9494f5b4dc2f2b

SHA512
2f3f501ae5325daa425acad507b7116f872a99b430d153986c3a358204a15f85221829356b2ba62064ff2ddde597b354d81eb8154c9c197d2cf62a8bedfb6e19

Download Submit
/data/user/0/com.yiwang/files/UUID.out

Filesize
80B

MD5
2c7147dc9540cd857bc558f8b46d3f6b

SHA1
a38badaafba891a104a48a444f356950a0c7b382

SHA256
d9eb1f354e68c24e236a1a5ea6cfc25b563508a4ed8fb24670a31e6e4c1265b1

SHA512
5b52bbdd441b05f70390710115d8537dfa62cb64b8940fb1d96f02a0ee4b71afcd4057117ba92e5ab2421708c6af5ef29f204cfebe3d5e5478eb45c9aba65940

Download Submit
/data/user/0/com.yiwang/files/bfd_cached_com.yiwang

Filesize
343B

MD5
ef80df2730f1666287f1d0df48ab7643

SHA1
7742f69161dd4f97fba1deb1a4aebacd79afdf78

SHA256
4e03cbaefb164da0d00cffee418097f693fdbb2900844f8cf278852b23aa0b00

SHA512
d7495e57fae36db100598e4049ffc3a89751ae4ded1ad617c5dbb0f61a57904612d373ec280191a4aca340cdb95b3ab07615d3c3fb492093046195aebe40e544

Download Submit
/data/user/0/com.yiwang/files/bfd_device_info

Filesize
124B

MD5
928b4ba395b6957dc1a44530cf571287

SHA1
615f9825df0dcf2cdc8b7f8c51ceb0382a2d915f

SHA256
705544324a2af4957898742a601f9d71f0f28cc9a8bfb86c700fbe1034362e86

SHA512
9d184d7091aca845643aeb39d1622817b92f56ab976a894d7e4bb6cd8d721025fd6e139c2a990a473ef7d694d513205259507379474d6f14bcda7c7621814283

Download Submit
/data/user/0/com.yiwang/files/cfg/a/ResPack.rs

Filesize
525KB

MD5
0357e8edde36315c0e0a4f5385de625f

SHA1
2e6c6f15010e88dac5078f34e31a8ddf5e032f2f

SHA256
44764ad74b21113fb17b21899bd0d4c81740544e868eaad680553b3bd0cb016d

SHA512
497385b4e3b512f6a4365486d40bf1ed298422087f23a352ed2cec96331b9b012814ffba9c3ba83af5f777df16b53bbe1bf3ab8313902db49011f01a3024cf93

Download Submit
/data/user/0/com.yiwang/files/cfg/a/mapstyle.sty

Filesize
248KB

MD5
46a9f9a5221dbe4ff71bfcd2ee045c5c

SHA1
915cb3bc2f0096dede38afc1cd7f09c8782360a9

SHA256
ad3067eb308a9420b727b4f24dc5134bc75b36bdda7a7a7c5651090698dd10a9

SHA512
185530752b639d743f99e28369f75626900420dccf598a639065ecb08c562ff98c4a1f6abbec9724d1684ed053774d60402cd2f20e3586a534c8715e7cec2ac2

Download Submit
/data/user/0/com.yiwang/files/cfg/a/satellitestyle.sty

Filesize
166KB

MD5
3f1348cd6165c9a66a9892565c917ca1

SHA1
96f0c939438c494cf3fd89246d458e92c0c7203b

SHA256
5fbe3817e4047e14c40b567be4955d7579c8bf7b7824bf8370f5e194ebf9767a

SHA512
405c3d1d5f4899cf723509f8e293f2ca1d95a79f7892e93401309372335a6a286f2eae9ee9312f69af10c5bcabd091cd90608898a129542b0abe0617c500d023

Download Submit
/data/user/0/com.yiwang/files/cfg/a/trafficstyle.sty

Filesize
4KB

MD5
6a86f30539dfc9332cd235fc48fcb62c

SHA1
5c202003f6346edb85175b8df7c460793f5512c6

SHA256
34bfd1e28c3625f50a23240c4b08ac50a90fd35c5e5f88aed1cf36fa8fe5e18f

SHA512
f63edb8270e6cd35e5c6896e2b9153144af0d29303e367a4fa81941b1b2bb0de57fa484badb7ec7f05ebdfa67d77b00c3651572c5f05e9314389887f5546d235

Download Submit
/data/user/0/com.yiwang/files/cfg/h/DVDirectory.cfg

Filesize
69KB

MD5
4e9eab735928758b860e48b2f9befd7b

SHA1
7223dfdd00f8059d3b83c28c6f7d78d2dcaa0569

SHA256
1a5650bc57e525ff23c7f0cd058d4574142e772c51a89867a13f89e13b93d6b4

SHA512
c7465fab9518be687ee63cbe044f28a4d5c60f1c043fab0ec66a856b2b542c9d99d9ef5812c7eb2033f797805ba37b821572b83eeeebdaac4854a4bf53977599

Download Submit
/data/user/0/com.yiwang/files/cfg/h/DVHotMap.cfg

Filesize
10KB

MD5
c16f5ca1517683c46e02a6b71aab3c00

SHA1
2d09a048d1b8d556d89d4d723947e9e234b5e59b

SHA256
13d4fbc0d1cb7c2761641a3632c440f6f1d919dce731b8c32cb35e652b0b39f9

SHA512
a692b79382747548fd8be8ed94c06198b143c167be1e96f60d8ea7ee9432a0eb1a0cd73d0704523e487d59443bf7ad13eb36e47b67864e227917d33225e3e62b

Download Submit
/data/user/0/com.yiwang/files/cfg/h/DVHotcity.cfg

Filesize
1KB

MD5
883c30365d5d377966125dd0c079debd

SHA1
d296ec1e3f4badb6e3e6166c1473fb55d4265761

SHA256
50112e7ed210b33224fbe1cce568c8e95a14fb47f7d39ec905369e2feb9668aa

SHA512
00b1604e206a5d929071aa1cac99d83320eacdbb064d517973a5a36757a8a9eb8a103452c98f24e7c8d29adb4b2843e804bfdcb32902da7e364a0c30f8609b7f

Download Submit
/data/user/0/com.yiwang/files/cfg/h/DVVersion.cfg

Filesize
86B

MD5
298924848d2517a508f43ff0cc51bd3b

SHA1
b9fcde7b86653ead6deb57280a6049cf87745710

SHA256
0b6eb1f518059d8c472bab90091bb26d9ab877f6c70fac375412ff1582b8ca3b

SHA512
63b88c5b9b971ec52a5f724485d9998bfedb073e84ed63bcf0337e726923510d97a8ddf87371b5620f89ba788af01db58300638fff5031856c77dec8e18b4342

Download Submit
/data/user/0/com.yiwang/files/cfg/l/DVDirectory.cfg

Filesize
69KB

MD5
65685a117c72fe8fbf5a92b07073c99e

SHA1
b115b527f74e4c291edcaab19b316a446aca8f5b

SHA256
19bcea79613a5c3bb71dfe6b311241fcbf3534b538f0b147c7e849b58b24b2b8

SHA512
e5821a5212f0790db33ec7274f018b08f499557ff7f2f118021a7905573e8dd66e716fb02144919d96eeec7da9db921c756a88cf0a050f65a9f8de3894dcc253

Download Submit
/data/user/0/com.yiwang/files/cfg/l/DVHotMap.cfg

Filesize
10KB

MD5
cc3fad9057e0940ad4d4c7ad27922023

SHA1
403cbbcd7b819733b5caf49ed2a58d654441e99d

SHA256
f6d90bd8621889ab994374b4f51a1c3f9b028aab1a2129b8b3b0e1d7c5c37864

SHA512
ebaf2b8c56bc15826ef38b36e72ae41765fc723470c6dcc40bf9f31118f252777072ad39a535a79f53b6aa29811b4b21cebbc9810c47e34ef9400246d789ab21

Download Submit
/data/user/0/com.yiwang/files/cfg/l/DVHotcity.cfg

Filesize
1KB

MD5
1c6abcbbd253448057930ad1cc59ac75

SHA1
a5845d1c4bc87b8b4785b456d76edcb8309eda4e

SHA256
a46b498ba6586aaa2f246bb34e47f4290ac60273cb86ff662475b0def7172136

SHA512
71aba5b2a1020d1925b3844c861cbe595de3b21d665eedb13f1ef0d80477fc091663e0625b09c5f49d4f9d0770970dd0d188b84635e9c75c1bdba9f2a7171631

Download Submit
/data/user/0/com.yiwang/files/cfg/l/DVVersion.cfg

Filesize
127B

MD5
d54b7b380a5ff46c78283013a07d8e0f

SHA1
f697c5f7028ba2679a96d6bc5291c38ff96d7982

SHA256
c7ad837b097687d92e0d944815fc70adcb0e1cdc82db28f728d13e8a48d7532c

SHA512
ade792589c33179c51305f201bfb6db28c05b2ea098d12bfefc1a5cf9bd3014d53830ce2e71f027719ee1b83b2394c7654b5ddf4fdc7f678840869d2a2787ef4

Download Submit
/data/user/0/com.yiwang/files/umeng_it.cache

Filesize
328B

MD5
cf058d41db3da672dd5012b6606bc483

SHA1
b7b374088cbc73074357b82d84a736efbf2061a6

SHA256
01e5741e86abdac936b0604fe2cf409e263ec86b5b745fa73106eeb015f203c0

SHA512
bcc78abddc07860375d4769ab1e301ed7b0d9839131f8b4d162c46d12d1f7d375b669956d36478aab22f7d02a2894c7894580ed43314ff3eca0f1f5996955872

Download Submit
/data/user/0/com.yiwang/files/umeng_it.cache

Filesize
167B

MD5
9d844e196b68fbf0d584ba7bb831d987

SHA1
08bc7bc959734bb91b3cfa454215654307fcd279

SHA256
0bc6a54cb2322d6822e2f211b7f9f8e84f806b73478b61d519782ef4e65a24ed

SHA512
ce5c64b62d32fe5b146feb773e6268b9fcb7bf660f1b48fb477dff1b84bc86e206bc32bcdfcd49b437bce2e0354d41367d77b9730834dc1c27858eb0007a00cb

Download Submit
/data/user/0/com.yiwang/files/ver.dat

Filesize
6B

MD5
8e31aa8d6b61e8b044ac3346e87098d6

SHA1
70e4050667039f00eb5231bd731b9f3cb5daf00b

SHA256
d2a616114953901b1bbbb79a9be694acc0aafdabc1df94f46002bcd6b75b3a4b

SHA512
2935b5e37639b7c631aac8d5073a200d56471b1a06858c0e3dac03e03a89758743b023cedd1ad703e8f775114b39ee0ca808165188c74359d6b1e47fa7e171d6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c54308af347832d46b54964fe820d8ef

SHA1
0382f38d707b9956d966b7a4fd2ec4923b5ceae2

SHA256
2cf772fb750f65fc707dd5941aa006580cae494de0da296741de22095c8f6df3

SHA512
e506bb6d40c07591913db14ba6c65e5aeaf02803925b82622da277fb62be34327a847ddbe0715e80df486773befac2a04ff58a5afe31e53bfeaf6004e759ccf5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f9c64f28c58d9225f0dca799118fafcc

SHA1
59aca088a3adff5dbdc74f18cbd05ba6c1284e29

SHA256
b6fa917619f301c185316c022eba797ad8a6e7561f94d2e0bbc23446ec1315b6

SHA512
434c35d82849c12910cc6b189b265da38283e7178e8f1a8a73b95527d04e7cba0d3db808a2c6c4f82e39969011d63a75b9a36a02ebdee187cbfeb00af2822165

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
407B

MD5
707991ff442e87a7ab9b32d0236d5b66

SHA1
6c17b3888027f77bf868988c9a3dcb8afb7b4a97

SHA256
752f5c1360fb4b8a58672e31cb2071dc0703ff9fc79ff51e8313b7358fb317b3

SHA512
b9634b6b98ba092ea0497c76a8df3cdaf2798945afb538afc63597dd6c8698a04fa88f0c517a7dffd4b00ae43dc45093aad679f7540d377727634549c6e1b385

Download Submit