ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277

Analysis

max time kernel
2808741s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/12/2023, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277.apk
Size

11.0MB
MD5

165de2f399dda5aec6bf331e357a4cfd
SHA1

8ad856896e0a2c22601e58c29eeeab011d81b933
SHA256

ff0d0f7a3005d6b4000d7d5f25c6aebce093aeee9669e3673e772fde69e27277
SHA512

f65e507e6890024539af95a4f91f9902f72f2799b10d3a0ec2f20334c4bb793515a24115bf97499cd1667b9cdfcb588657cd715e0c71b68422a0e51e4f98cb6d
SSDEEP

196608:i6TnRzThjsSVN5TMGrXYxHjfiItlbC9l2pZEEZf4O41PufnrP9g7dtUZsGo3Zl9N:iafhjbIxziSlbCvgtZI0nrlg7UaGoJl3

Score

7^/10

Malware Config

Signatures

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.cn21.ecloud
/dev/qemu_pipe	com.cn21.ecloud

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Requests cell location 1 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.cn21.ecloud

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.cn21.ecloud

com.cn21.ecloud
1⤵
- Checks known Qemu pipes.
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4636

com.cn21.ecloud:process1
1⤵
PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cn21.ecloud/app_bin/daemon

Filesize
9KB

MD5
f8176d0f7fe2b3287e24c074595dd2cc

SHA1
16d33f393994aec7a4fe2bdfef748c43952c055f

SHA256
96719b7c53b77ba5c563fc61e9402b046fe75682e12659c3569bbe6a0c706e9c

SHA512
03ee069f3336c11398eace7f85fcc5a1f24f4dcb6ce40f0df254ed6c037000942d147b004b39044c157710555f8b1fda7313b96b471a78c2d1cb4be285c35ea0

Download Submit
/data/user/0/com.cn21.ecloud/databases/_corp_user_report.db

Filesize
24KB

MD5
427a00ea143b66c5b73da4cd68215997

SHA1
70c1c7b66764373981d9e0b338a0f6e18edfc957

SHA256
1c205710653715da18059bccf6ad492b6997f236b4c44afb321693d8acb8c17d

SHA512
b4178b01849dbcb329a8643368f0d9a501b1739e5899c48419fd8841e85a7a502f85cba7ce3fba9614a26416738b9a9d7bbc8086e67cbcfc2cb3e13f2c6c47c7

Download Submit
/data/user/0/com.cn21.ecloud/databases/_corp_user_report.db-journal

Filesize
8KB

MD5
b074ffe3abae5ba621acec921b515b8b

SHA1
7e94a33dab9ea1f790a9e403c938ead29c5e0880

SHA256
a5b4c37138b0a967d059cf09fbccfc678fd43cc96fc1dad1f54d89f890c4f970

SHA512
fc2ed1412e120fef0ebfb3756970a1a5ab3742e069219afcacfcd5b84f3458b286d8127725cead26ad2d824f76c6f225324d2df4c2e249d798c87555142ab57b

Download Submit
/data/user/0/com.cn21.ecloud/databases/_corp_user_report.db-journal

Filesize
512B

MD5
2e37b14f037399f669096ea89778d735

SHA1
6adf162eea52d502417c13e1344dbe7c01f44671

SHA256
acd3b11dac4a8671cc0cc09e0577b03c4ad00ea11da4d1513b25b9719896822d

SHA512
5cfed1b68905985c57f87890d9a260b0b8bc8e617245943ac9fa2e5901844224a2daf4fdca6057abf4f8bc9f0a2e5fe431cdd0fdd78afc34699cdd075b304f29

Download Submit
/data/user/0/com.cn21.ecloud/databases/_corp_user_report.db-journal

Filesize
8KB

MD5
998a4119131e9805d9a40c4d53037c35

SHA1
beae4b204f65bfe85d33191abc68c276a8b35c6a

SHA256
c32208444c326090ef5855ef73c8eb801d5cf9117b7fb223ffd76a97e2729286

SHA512
7795283de350511806d6c5a1661e72083d53cf96756625b3eb933f97429d6d230a61b7a572e07ca747c22b6e1d404dafaf6e04b190d8f0c3e48f838b9516f963

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db

Filesize
1KB

MD5
5a9e5efa0729cd9e9825e23bf330b123

SHA1
6f54aa16776439b5d7573c6c13eda6d3878b27e6

SHA256
9b4bfaec3a613abd85947f30be78b948ad787265971d97e2d7acf87d90ccafa2

SHA512
096876f5472967bee3bfe7f5a441a83b43f4778ac6cbf209b5f3f237f4c31cb78bf381b051e21b5216e8a06ba60e59c92890a609aea461e9906486cb103a7abf

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db

Filesize
24KB

MD5
855bd061f0b86b06f580ff2d45d041f6

SHA1
f73ca5ffff605b5496ee27b0fe246c69d0f5c7ad

SHA256
a6e23cde4539a5e80abe9a303ea3699dbfde0ed63584af29ab43f2cdabe1a0fb

SHA512
2b496f574c447d2d0138dcf974e0be059ebf3ac97a006d6839933bdab897e35ed228a4c6daabcc65253c18cc852370dc498fb3926731ba98a2186620af1265d0

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db-journal

Filesize
8KB

MD5
da97a152dd55090cfd205634fedc4c9d

SHA1
787df545b0d5478939eece0f1b8f898eb0e9ff8a

SHA256
97ea2d0f87d70cf061dcc81903285310a7bbd07139251bc2c610c0aa4d18542a

SHA512
9282e811fcbc6665a87375475d571de2506d8504263e35a0e980f06ce4dc50ce889272d7132103e9839a75d2faf64694eb930d7d7d57771bbfb8f7c9557ff6c4

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db-journal

Filesize
8KB

MD5
b945b2731f50114e92a3ca41033e7b25

SHA1
f8ceac2530385869c6b5a3086f947b69e4cb742a

SHA256
3b751a3cf631be91cbf0d6119231c9148694bf18fef66ea95a9477d51ea149d8

SHA512
947d8f1e2aa1825c2ad6e6ae691051319e3c73d9d8d4c2f88a65f1aaaf54d80f7108aae42bc7d537c44a7cbbeaaca07c26af4f38257c241a99f2e166b4cd4255

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db-journal

Filesize
12KB

MD5
f039763cb9f88773bec12480be74c210

SHA1
1f4f6a539312c1d401206b74ca4688de56e1965a

SHA256
e198608f8d8e6cd9f2e18a646f64cdb99dee9cff0affe4712eacb2f4d2b7b292

SHA512
07b5fa952d628e4808fb44b9a91674632d84ebf85df2dbf66b95904d2a076fec2f3880aea35858667c49503b3685667add44fe2bfb2cf59ed86f0090c8703419

Download Submit
/data/user/0/com.cn21.ecloud/databases/_user_report.db-journal

Filesize
512B

MD5
2613d1e8004ac4ff4f1c782455b6eec9

SHA1
bd1c17b5e0a8bb461c3d3fb09aa790f999c33275

SHA256
06965de292426f8e85f8317680f95af38ebd3bff062f6869244b2b290b83e9eb

SHA512
fab41dc9fe61af02d42446be4d55648fb20fad34abd30ca91d425165a708d6e340c67b6a58abb3150973e894fb3b1acceeb3bc0e0cfe3e28c26fa9f8f4eb5c5e

Download Submit
/data/user/0/com.cn21.ecloud/databases/ecloud_splash.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/com.cn21.ecloud/databases/ecloud_splash.db-journal

Filesize
512B

MD5
73a6f636087fe6e4b7e20fc47ce298b8

SHA1
379745bc162827e46edddd301c94103cdff58c18

SHA256
96693d7ec434c52ca45a45561a13637f3c93541d6007d196dbf54760a0f5f340

SHA512
288fbae84a172a6fbfea05e2ea8e37eccabc32536afd243287853d52f4d98bbc8efec852476c9982c4370e46bce1954089f73303402a80047e364fbd5a623638

Download Submit
/data/user/0/com.cn21.ecloud/databases/uedapm.db-journal

Filesize
8KB

MD5
de32290b53dc4ab23d2013d0279f2b8a

SHA1
699a80314d9d2a462469f1767377bba9de2065f6

SHA256
111a30b9fe99c3d0a581f0a4d71ebd0ee4e6ed90f1ec8baa5927bb318f01bcc5

SHA512
248f04d93fae6e86f40e5a9e67aaed9063dd0b7ea2e0ffeeead8f6ae83821ea09528f2d7f32f8700249a4bbcc66f17c5819eec5e34df5ee6ae346cc3782a2e1e

Download Submit
/data/user/0/com.cn21.ecloud/databases/uedapm.db-journal

Filesize
8KB

MD5
0f1f0efa221664dce8319f2b69003d89

SHA1
2c64ccfff7f2897d04e030ed12a4c9bfd2f10d86

SHA256
6dc3e9633e3463e4dca8ca78770ad3892a35bd534b98c97a2c07b7d38128e26d

SHA512
84192952012f647d263aa45a20358d53b806553f055da6a551a61c33ebc5d0bc7532f4612ccf9b27d2a3a8f4a2a3dabc98f47e313491c49db716d851fa3110dc

Download Submit
/data/user/0/com.cn21.ecloud/databases/uedapm.db-journal

Filesize
8KB

MD5
ad5332be4f91c760abbd931263cc9e83

SHA1
28fbcc076b289e7ca9d07b23a4171a3eb9c3a3b9

SHA256
22fe0495d8f008aeaf95fb77091be90e9c7f864370e99c96e5486ba92c3e24b7

SHA512
6c462da9718fcbc5584011b29249e6fd4465d24a95c0d70ff8b33633210636ef65700c812f2fbf3d8fb59fd127250455d5a5067564c03d14b28864a480f2f563

Download Submit
/data/user/0/com.cn21.ecloud/files/cloud_secret.obj

Filesize
250B

MD5
ef94698dff61e43d97155cf42d16d389

SHA1
0609d6476f94f486b63736b33bc339a7cabf5c86

SHA256
7e128c39d402f8e0242d17747877920958cba4e89ebb6334302681b43d1f7d1a

SHA512
cd4c75c9980fa3d159961af81c82c92cd8558bcbcffb2023e64959c8fc3dc638f4949d6add7f698c95b69a8e99abd13b5480676f240c606f4d124ed8c265d52e

Download Submit
/data/user/0/com.cn21.ecloud/files/cloud_sesson.obj

Filesize
160B

MD5
73778967270b29c2036794d8a2e54908

SHA1
9df27105edfc4d7f4e66c19dfa368de097d6dcac

SHA256
9e55239c396f1c525ab0397354aa4bbc80dfaa821ff247a3f606386b785b761a

SHA512
bb943d482027a3aec15458404f5b3bd75658dbe12f4f607c56655577ed2d18f2936f82153b6ff6793aea4f4bdd19846370f710949f3af72301046d296891cc80

Download Submit
/data/user/0/com.cn21.ecloud/files/contact_sesson.obj

Filesize
5B

MD5
9dcf2a6f12095ecff342e9fa0c5ca72f

SHA1
c815f34691be353caa9de93bbdb00a31f62a9ed3

SHA256
4e68143408826326220a32d6bff59e1cca3dd85f74b018aebd6723c5686c54e5

SHA512
7ba3449f5ec3363bbee33d47abe471286cf78034dd70379fa4d0de5fd59215e8c58287eddffed1b9c3c74e157f6a9ad69b0c551001a62d04790bba49df48231c

Download Submit