ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277

Analysis

max time kernel
3030666s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277.apk
Size

11.0MB
MD5

165de2f399dda5aec6bf331e357a4cfd
SHA1

8ad856896e0a2c22601e58c29eeeab011d81b933
SHA256

ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277
SHA512

f65e507e6890024539af95a4f91f9902f72f2799b10d3a0ec2f20334c4bb793515a24115bf97499cd1667b9cdfcb588657cd715e0c71b68422a0e51e4f98cb6d
SSDEEP

196608:i6TnRzThjsSVN5TMGrXYxHjfiItlbC9l2pZEEZf4O41PufnrP9g7dtUZsGo3Zl9N:iafhjbIxziSlbCvgtZI0nrlg7UaGoJl3

Score

7^/10

Malware Config

Signatures

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.cn21.ecloud
/dev/qemu_pipe	com.cn21.ecloud

Reads information about phone network operator.

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.cn21.ecloud

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.cn21.ecloud

com.cn21.ecloud
1⤵
- Checks known Qemu pipes.
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4225
- chmod 700 /data/user/0/com.cn21.ecloud/app_bin/daemon
  2⤵
  PID:4252

com.cn21.ecloud:process1
1⤵
PID:4406
- mars_d -p com.cn21.ecloud -s com.cn21.push.daemon.Service2 -p1r 40 -p1w 41 -p2r 42 -p2w 43
  2⤵
  PID:4433

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cn21.ecloud/app_bin/daemon

Filesize
9KB

MD5
f8176d0f7fe2b3287e24c074595dd2cc

SHA1
16d33f393994aec7a4fe2bdfef748c43952c055f

SHA256
96719b7c53b77ba5c563fc61e9402b046fe75682e12659c3569bbe6a0c706e9c

SHA512
03ee069f3336c11398eace7f85fcc5a1f24f4dcb6ce40f0df254ed6c037000942d147b004b39044c157710555f8b1fda7313b96b471a78c2d1cb4be285c35ea0

Download Submit
/data/data/com.cn21.ecloud/databases/_corp_user_report.db-journal

Filesize
512B

MD5
78449481848dcad4e5899d5968f05679

SHA1
f7045fb6408354b75156591fe3bc8dc291c843c3

SHA256
b2a8d98d870b859d499b824f86bf55743c634f743a884dbaa8161276cbb56d7f

SHA512
c7512cab5f42e6a58293d3d7731b9a95de5b528f3c27a4df5844a2ebdf57382970e9084f4015c8371bc940aa7ddc858c288eb620f9b328645144c8d7cb977348

Download Submit
/data/data/com.cn21.ecloud/databases/_corp_user_report.db-wal

Filesize
36KB

MD5
6eda1c8220e07a36e1041a438aff1477

SHA1
9971db007ad458439452ca3192ccd94521d30781

SHA256
0c0a75aa29df5d0ee1e33ccd448950a98789b995f38f5ff36c5bb8c35dac3d84

SHA512
97ec8a79330a6368374c3784459a99833294b68669f9da5afd68cd62aabee3398cc752ae3357ebdc20dee88ed89cb80f4923009c391e81721b5692423849f452

Download Submit
/data/data/com.cn21.ecloud/databases/_user_report.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cn21.ecloud/databases/_user_report.db-journal

Filesize
512B

MD5
06e344d6ace7bdd401b51067fedd6672

SHA1
4ba566d4bb3131ecff006fb713611b0c9904a771

SHA256
ee4a75b8754c19bc3c1ab8d38ebb1df590cdb6ef9a16c797815eb5eea54942c4

SHA512
eb4e52aa8277017093f5434b7a3982f58059ab3f22bc8de8362072c6b946b1dc122d5dded54807628d23c6c87333915ffcb6751b5f1e1f678ef78725f270f9ed

Download Submit
/data/data/com.cn21.ecloud/databases/_user_report.db-wal

Filesize
56B

MD5
3bf5216a289bd3c3230797c4981d9134

SHA1
906f53892e4d5b009a1c581dacad225b0d50ee97

SHA256
01b95066d4d65be73008b7f5d06844f586b5ab04a1f1c5767321737b29655d47

SHA512
ec7459de336722322445e830f9052b92bc8ad76e9c6423db36390b8e919321557754f3e1cc4c40f7dd834363eb586415b6edfcf2f2582d7a5caddebc9d6eb79e

Download Submit
/data/data/com.cn21.ecloud/databases/_user_report.db-wal

Filesize
36KB

MD5
3969cb6a48c29250183d76503c0b4d4c

SHA1
3c70a0fc176db081ee876bd99a6fa455d298222a

SHA256
ac6818b3d1bcbbad66f103c83b2f9584f805c9e97eea4e8562e41df1c46fed3a

SHA512
d8d58449bef79cda8bac3244a62d09584255ca15d637428f9bf70840287e6b9031d6f1363608b30409e17efadd72cb1d978e846e6c1591051fc4d055cb5d32e4

Download Submit
/data/data/com.cn21.ecloud/databases/ecloud_splash.db-journal

Filesize
512B

MD5
3e243badc0313af8ec7774dee7c1f58e

SHA1
129e213b66df1a49cfeb4d0946eac26598e4a6e2

SHA256
82ce32092089087286fcd4d4ba3df0a626beca39cd19447253f72d90b52cb1a1

SHA512
ce4801ed4e4225a3462b3d809c5ee8ec3ebbd25dadba204e1f41aecdf33c5b24def7fb292fc0fd81d458f128c2e9f962d48d0ef5fa780ea69cb21b675c1ce93f

Download Submit
/data/data/com.cn21.ecloud/databases/ecloud_splash.db-wal

Filesize
12KB

MD5
40821b331db89a741464e16fab06a8a0

SHA1
b441435c6f4fce2b3ff13eeccd4b0af4e5cfb6ea

SHA256
19fc7e5c4f9f912b18a42d47a14208038506e427d48263b0b7b56c897d9f37fe

SHA512
ce015bbff75cebc25b4e8adc9eee49dea8f3d9270c5b878b72215a3c10fc6a2e9687fddc3320bd97ef7e2eb5b2b524b1d91965a6c3d63380482c46f76f9e4d6b

Download Submit
/data/data/com.cn21.ecloud/databases/uedapm.db-journal

Filesize
512B

MD5
9846c9f6eb3051da9aa9f3abd6777fb3

SHA1
637cf7daed5ca00f6d473acf7f23ced135e12c9e

SHA256
6d9b6991774ea522f96830a5c2b84681d8c9f57d18993b9fa0db22cbbb1697f1

SHA512
dacc85d530f511e09e68952e9dafb30f4e197813e45cd083d3742d36f236eb1e5fc0174bcd653f7ed96c8de0c8b3fe7e4dc4d5a57d9acddb5b5ee18f00c346b0

Download Submit
/data/data/com.cn21.ecloud/databases/uedapm.db-wal

Filesize
16KB

MD5
54d9deb502443491b65e50ef69714b28

SHA1
af0ac72b91c3bf30443f01bb02c136dc5eccef4a

SHA256
4791e0a01a8ae19dfc6e05adb0199b236ec97003b64c7465c92e9ddf4902fe63

SHA512
b13001c18bc52450609a7096b170107c8c12a141dfcd7242635e20368f0daa8b951d15a8df9084ffecd7c6d188a266bf5c81837558371cfc21a3996ffc3d6ab4

Download Submit
/data/data/com.cn21.ecloud/files/INSTALLATION_NEW

Filesize
96B

MD5
cdce0b95f786749760119cbaa2c0e57a

SHA1
2741f72324655ec86decc82d1752a64f47f34123

SHA256
65bf712470661599c183db9550204241763c34ad3e0df5a621dd68f5cce7435f

SHA512
806e028e293c468b592499dfdabf5333604eef22b6824da784386d41e8141975ede59a922fc72104ddd08a81422464b591fc25b140f9b736ac9c38e1ef12197e

Download Submit
/data/data/com.cn21.ecloud/files/cloud_secret.obj

Filesize
250B

MD5
ef94698dff61e43d97155cf42d16d389

SHA1
0609d6476f94f486b63736b33bc339a7cabf5c86

SHA256
7e128c39d402f8e0242d17747877920958cba4e89ebb6334302681b43d1f7d1a

SHA512
cd4c75c9980fa3d159961af81c82c92cd8558bcbcffb2023e64959c8fc3dc638f4949d6add7f698c95b69a8e99abd13b5480676f240c606f4d124ed8c265d52e

Download Submit
/data/data/com.cn21.ecloud/files/cloud_sesson.obj

Filesize
160B

MD5
73778967270b29c2036794d8a2e54908

SHA1
9df27105edfc4d7f4e66c19dfa368de097d6dcac

SHA256
9e55239c396f1c525ab0397354aa4bbc80dfaa821ff247a3f606386b785b761a

SHA512
bb943d482027a3aec15458404f5b3bd75658dbe12f4f607c56655577ed2d18f2936f82153b6ff6793aea4f4bdd19846370f710949f3af72301046d296891cc80

Download Submit
/data/data/com.cn21.ecloud/files/contact_sesson.obj

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit