f27d84201abd752ddb4532bd901c5cfa0b5ca5e9c698c4a7c91373c5dc199065

Analysis

max time kernel
2803893s
max time network
170s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/12/2023, 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f27d84201abd752ddb4532bd901c5cfa0b5ca5e9c698c4a7c91373c5dc199065.apk
Size

16.0MB
MD5

c088ca801cf91e678b8d5f6eee26ab36
SHA1

4959bd44fe9ad2c5933538c9f3c5cbe09383d929
SHA256

f27d84201abd752ddb4532bd901c5cfa0b5ca5e9c698c4a7c91373c5dc199065
SHA512

cd989f8d239743deafee227c1c93d3296c66341402f8b71c86be30e77911b84d504df2363910e12bc399db8b7cb34fafcd826e245adbdffa96d13cc0123f6a92
SSDEEP

393216:/+84G56McFldVGX3fX6W1oQRddrI9nbEI8WQzhRcem:/55rcF90fX6WCMKiNRE

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zhz019.d202

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.zhz019.d202
/system/lib/libc_malloc_debug_qemu.so	com.zhz019.d202
/sys/qemu_trace	com.zhz019.d202

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.zhz019.d202
/dev/qemu_pipe	com.zhz019.d202

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zhz019.d202

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhz019.d202
Framework API call	javax.crypto.Cipher.doFinal	com.zhz019.d202:pushcore

com.zhz019.d202
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4618

com.zhz019.d202:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4653

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhz019.d202/databases/ua.db

Filesize
24KB

MD5
98ce2e6fc6b8c79b02a5c537fedd1c15

SHA1
b6a447695dccc59e1f56cd998c5af179f22120f8

SHA256
ab483d2ebf6ffb47a0b89bc981a9bed392f347ca965f22288fd1f7d5734acc12

SHA512
4b68e4fad8ca384ea54fa44454ce0afe0121b68ab86ea2b6d57d47753bfffe8f6ccabe195f8bfde45ec59ac10db5c8a4360e73a70f3e3a532b98cd4d3ea33149

Download Submit
/data/data/com.zhz019.d202/databases/ua.db-journal

Filesize
512B

MD5
427c7451af634a6ffba84b0e8c50b57d

SHA1
144d5d45320a00ac5bc3509ed97b9444f4e857dc

SHA256
e7a81daf87e7ae2d47e7645791d4f0548e5c04f52bfa887e7ffb057121ff3171

SHA512
5b11183463e7cde6290013b1ac270500d1eeedce04143b0f5680030b3bd80ba538e7503c5799d32d7f3fdf856563cb21d792837f09fe3e338be4dca49f25605e

Download Submit
/data/data/com.zhz019.d202/databases/ua.db-journal

Filesize
8KB

MD5
7cfda3fa2c73696e8f13437039966d62

SHA1
d389899b87ca296619655b88f6b65122749cdab1

SHA256
a932e306c096a5f5d4a515fafb3c3312b98632a204e5a1ec07440ee3ccf3799b

SHA512
8b480a2afd7f13bb96402aa07acb44a889a31733b5e617419f734a812ffd3e6f37f9aa29f5bc7a05d07ea661e511af6b4673876e9dca1af1ed32b9cdea382604

Download Submit
/data/data/com.zhz019.d202/databases/ua.db-journal

Filesize
8KB

MD5
32424e3f36cf1cbc1e3837339dc591cf

SHA1
a3b06b6b256d1205ccff3a8ddfaa820f3dae6129

SHA256
a531138ee5e9d8ce331d1747a0e75951342340e6bae72d56df2a661b8bedf47c

SHA512
ebe7988a6484337c164942ebb9ef9e6a60d954d40d0b6f4d797aa33b82dd40e3e1c5cca675b4a03cfcb21eb533a1075ee5e681dd4474a49aa3e6746318bbd864

Download Submit
/data/data/com.zhz019.d202/databases/ua.db-journal

Filesize
16KB

MD5
98a963f691703d180ee72a9f4e4b2839

SHA1
f51c9b76703cad2c9684a8b802c905eae0a97f21

SHA256
7e8ce561ca83c87bcd0961d1f1cb10d13070568ecb7f90735a132ed330e583b6

SHA512
93a3e8ae2aa941a9b7be2eb9c23523c537ca9c3e9d5e9bd1aa4ddd736a080c6b4afacbb9d5675e944471bcbbc4a5fd0d2e522ffb478d9446c4d6d2b424335636

Download Submit
/data/user/0/com.zhz019.d202/app_crashrecord/1004

Filesize
222B

MD5
297a7de7af340d3e9f32075091665295

SHA1
f3c83381bb261abd81e9707666d8301943e8aa0b

SHA256
688c69acd76797ea953bd3e8482b59a872c546ed816a11c582181853f3ed5b1d

SHA512
83954423b619f12d9c69de6e3f1e0361abe150cac94834f1d26d73bb293a10e1eb66ea6127c8c878b46114aa585c74a136169802197feddc0d20482c75cecb38

Download Submit
/data/user/0/com.zhz019.d202/app_crashrecord/1004

Filesize
297B

MD5
1bbeb89ebf85c8d76dae5335e26b6f8a

SHA1
6a6c5fdb87028a181a2ac80fdc73d5dd7ebbf403

SHA256
25801006bb629cb729a88dc7b65534c2545303394d348b5974f09f5d1eb2de91

SHA512
8f9b70650483f6aad340e2bd8e93d28379f929e62ebac1d19f0aaebe48c590a44c51898f828a74f004435056a51e350771277e45adcf9da4741d4bd3cc6ecbdc

Download Submit
/data/user/0/com.zhz019.d202/app_crashrecord/1004

Filesize
222B

MD5
2d899122ba1269aa37f4643e1e59e4a9

SHA1
f632460a773149d3b8287eadfaddbcbdb113b1c9

SHA256
fd0fd88dee4f068ef1ae16c88d21d6263e979c552ebee799bf23fdf184eafefc

SHA512
801ba16ce40824855260618c843606122b818823c80400eab375c25510ab3ec137b80e9b3b7a7e25226da429748ed6060de082fcd46eabc72887825f30744ec4

Download Submit
/data/user/0/com.zhz019.d202/app_crashrecord/1004

Filesize
231B

MD5
b645acf12fd6c4c2c1dabdf3c6f810dd

SHA1
4be5c7f4a146d075f9d896b867c73dc13520f8e1

SHA256
18b175a33b85da2eb5413ba2588a3a68b625676922707d2ffed7607530ffa91b

SHA512
99ed46a8934ce9c6d68d60ec7bf16cca724492e808ce2090a049d1dd27417c4343aeaf97435a9df286b3a354573b087ca224621981049c45005aa83dcd6b416a

Download Submit
/data/user/0/com.zhz019.d202/databases/RKStorage-journal

Filesize
512B

MD5
68719d3cd1d11c11bb7610e34634ef9c

SHA1
840ae1be058fc70fa872a501e86c1aadbdb401ef

SHA256
54fc6c851debc57d6d5ccea2e14cd0598794b4536adca9569337bdb04f8b1b3a

SHA512
d3f13e944a7ee6f3fe365a8b03289546bb7053b6acebd9ab27f0a0db636b637fe9a30141ed6610eeecd4dc4646bc32df242f8cd6fa136879cf4db8d341971960

Download Submit
/data/user/0/com.zhz019.d202/databases/RKStorage-journal

Filesize
8KB

MD5
468643dc74960a6a379e7d9c9fd5b99c

SHA1
e7c575a4b24bf90df22ede52ef1e73d9abfa0fa2

SHA256
47a66c4f6b2d8e16ae7b953fd0cb5d02650b175b6224edd63d3955806ccd5dc0

SHA512
3d9c80086cd49f1201097dcb327391e486b3693a81a4e1d83072c3cc1d2b5a3848e70c20c2a69aa3478e8e1faa000d97b8505323edd7422fdce0a800b693f025

Download Submit
/data/user/0/com.zhz019.d202/databases/RKStorage-journal

Filesize
8KB

MD5
a55e882bc0dcd91604f6d47460ac3907

SHA1
ef165b969b6c7cf97947a602a22c8b4c64ba1ec4

SHA256
5cdd5dabca9879babc4fbd175fb8672addcf61ed3649edc48d655abbe9da5f45

SHA512
5aef0a482c378a38bd617855d3946783b5fba5c0a30f2127f84e520603e9d7c6801182ba35bffa78c2ba8a8fb39ac98eb64b1c19c8b0f15c200a49b8e46553a9

Download Submit
/data/user/0/com.zhz019.d202/databases/RKStorage-journal

Filesize
12KB

MD5
a2eac8f57531648edd35d6aeb0a1e683

SHA1
f0b28455f09053bc45df0f16a17984594778e762

SHA256
b33a63c54fe9f0598535521cb2965a6ab15dde13bb60b753428ffc50d8a95a6b

SHA512
ce0de3977087314d3db3743fe0ea4ab8ae0ca9a064396caf53490b9ccfc537919e594a1d7a66990da8348033951de3dea223080fcf4961468539a8f0778cc98c

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_-journal

Filesize
512B

MD5
5320f34c5058e87a214e7a753442d9eb

SHA1
996760d93792a4ad15d5874012ca6546a4e09b54

SHA256
e275589d3f6821107ddbd9bf9176531c642fa952089867b19e0a069d92662ca4

SHA512
474b81b1708424c022d08da39ad1d811fedb5f33ca8c2bc39c7e9d18d4c2d2af996d6abaeedf39a3c374b5de1b125664238f0d5235117e651711d761fb81016f

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
e5d46f3554c91c4775db1e43112635f0

SHA1
035336313e856f0aafde54f961c836bdf9d840eb

SHA256
c38774b2f828fa75c18d545eb394880161e71374f69ebf0e411459c54619da5e

SHA512
e185b480035c95da8cfbdc275b6168deeeab23e2ac54d34bc713ceb76712e89e3ae91649bef377b3462cda0801fa188ccbe9f9ea805741ebed758a30d60ab9aa

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
681952511cd9d149781538c014112a3b

SHA1
0a15a54eed4d4d77c07a1fd35a240935f2e4284c

SHA256
0b5a176d2c02f5f952680cf5f8d472c8e004d120feb63d77a2eb9ac4684d84b8

SHA512
f371d08207f0775a189922dac50d862c440ee950acc633946f4bd1601bde2ceb4baa3fc717e12b7288c6d2b7dde76d4cb2c49f8040be35740a80bd24550229ce

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
fa6678cdc3c2087729ffe80d25e70202

SHA1
17504b039bd805cb18f7b13e4056a0d2ff5705a8

SHA256
6db34d07bbcaad40473a3cf92d8ca9226c2b0be6f9aff7648b92af0b3d28abff

SHA512
18e25fed57eb167239c8e715f06bf5eaa7908740036d3c7fca7c7a77622a1d7955fc4548085b79e9486c42523fd7b32d3984d53a7cc97a28c12f204309295e40

Download Submit
/data/user/0/com.zhz019.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
cd66fc5d83d182f4c70e1948e7f5db8b

SHA1
33822508bfe222ef28ee0070eebe4c9d4b43dbcf

SHA256
14025ddb9a370160e10793ea33f6962a08779953cff909c3bad424861e757d16

SHA512
18857df735892572f6fd97937add4660b8282639374068aa5c8029f34f3229cfc2fbdbf408e85a0553345ca63a4593c95bf5ca8e7a795fb59a7cf96a1bd17ec7

Download Submit
/data/user/0/com.zhz019.d202/files/.envelope/i==1.2.0&&2.0.0_1703610795608_envelope.log

Filesize
2KB

MD5
17b3c2b83f1e4240672d9163720849fc

SHA1
af03ef1676b7879a7cbba35d9347899526a2e9be

SHA256
4eb67d18da470b8e672760e988f2957bba030cd12a68534a75a212ae60e4d7a0

SHA512
87e9943c95df0e8db7307425206125777a92c58bf2820a7386371e08601cf373c50580395fea14780e8911019148ed78cb723737b81d85a504c5bd75fe8e633f

Download Submit
/data/user/0/com.zhz019.d202/files/.imprint

Filesize
944B

MD5
3c648df971fe38ac2818896080fe9fa3

SHA1
68e246b3dc4c6bcfba6b3755b0663fa58bc3383b

SHA256
6a6c22c646adafd46cc78dce25085b576990d3359e8248cc330792c1de7cd2f3

SHA512
5ae45fd1990162f1cff9b84902080c6552f947dd67c825056cd6d9bbce33c525f62145e3ad3d0428ff2c3ff624e2643c6d3fea9c6092e2c95ee0b69bd76ac5ca

Download Submit
/data/user/0/com.zhz019.d202/files/.imprint

Filesize
944B

MD5
f295ad680d3082450f1f8244978ae18e

SHA1
b6c83efc10a7a3484197b87f0733de3142149c33

SHA256
012827a9702a1fdfc44fa02efd862aca8ba55940df6954770293f24d49614ea6

SHA512
3646b0ba1a65b38c390474d6d85a7f6b7635811adb10e3c092091a3d02cac02f2c9a4fe46919bae35db6259e163b08e0c02ead1a7816e8a23c710b0cd4ff1f2d

Download Submit
/data/user/0/com.zhz019.d202/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
7c0906553b344628f398f96d663ba494

SHA1
ca88bf925232ac1bbd34af26e4b18ce349d8a265

SHA256
ade9a7d997a480c20e529ad8b14d865c8f77ed84d97d3359f302677498f0fdbe

SHA512
8942c261dee1027e15dbd6732d66acae1bd586081aeecafea7d276e92c57b5dd9e5d19f8916377df08f302bf49e3896a2c5dda9b72148c6b0eaa7b2c94e78ab5

Download Submit
/data/user/0/com.zhz019.d202/files/exid.dat

Filesize
64B

MD5
1a31a82c50259d2b133af06654da8bfb

SHA1
4842a2c8b0b5cd1d94b480474ac587116a21a917

SHA256
60c3297675b23a9c00e508dc7e10d4d44ac74301ba9bc0e8aeb030d02dfefe4c

SHA512
a00fd7b9a52f4ed4cea71662088d1cc762023abba5d91ed34961d5b8ab6fdd5a99c9ecc2fc5108482a7c020b5c1bdeae01f1d3986c2883797763dd23f598bd36

Download Submit
/data/user/0/com.zhz019.d202/files/jpush_stat_history/active_user/nowrap/8a6e2902-b2cc-4962-8a2c-086c59eae5cb

Filesize
159B

MD5
56f433e4ddd6171feb6360034af0faba

SHA1
34b696c855b25dbce4b940f65e69cc866724d7a2

SHA256
f53c6f46b09e0a6c08a3674413eb9e71420c4d79730080946cb84bc3d7043f83

SHA512
fcaea40b1655ee0862c286145d3be0013a758d95c57667812f0bdc94cfbf39156de4de28a6c93207cc57ae43bbd99c692046c1d8d3c806f71aa0ff76bdf61fc3

Download Submit
/data/user/0/com.zhz019.d202/files/jpush_stat_history_pushcore/normal/nowrap/e8077e49-ac6d-491d-98c7-e97acc8d631c

Filesize
512B

MD5
f936fd4d1932bfaa09fc587a49902feb

SHA1
aa60fa796dd13855e99aff4ec864c48ffb845a73

SHA256
b922ce7eacd3a70840eb17f3e885dd4bf0e1e1cd430e4f28a10eaa6071788ae9

SHA512
47944d8ff80cf1f7e6918015a53006d5741163ae6dd61591099a0c52d7c29578d52825c7becf09ac62d55e4bd403446794ce66534b4d4ad94a8fbe2653202252

Download Submit
/data/user/0/com.zhz019.d202/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzNjEwODI0NjMz

Filesize
1KB

MD5
10e86104e66f1b60ec5856db3c3b0291

SHA1
61090ea205ed4f30b642fcde6837109cdccc13f6

SHA256
05d0a1785fe2b4a512a55aae58fa095a3ad17106bd2cb1cf6d0bd65f87ef2e12

SHA512
5d42996bf29d0840e6fbb745fca65bdc445aff34e947a800e2034b9541672c24c7cad7be6d3c844c48e63318900f365d5f080f2ab39d3ca8fb3d47cf60bf3abe

Download Submit
/data/user/0/com.zhz019.d202/files/umeng_it.cache

Filesize
178B

MD5
f80a57504f65ef4ba5ad2f6e2c00ea83

SHA1
99a45c00cc532a725c0efa59498d6ad96ddca26e

SHA256
b97ddb2a119e25a5c867db28a9ddbd5be7166bf6c8830f166706cf7edc30d4a8

SHA512
3c3eb72b4855fa0115a9178da5a5037d896ec3b2478068497a9addd049bbfcb5fc50a72ebec3428f221519e5fa8b9f73c0e83c234f128dfb81d74335ccd5a9f1

Download Submit
/data/user/0/com.zhz019.d202/lib-main/dso_deps

Filesize
192B

MD5
15e37fd2f0854dbfb758cc85f14b1613

SHA1
b985fbdcda4c367e8ae65de7baeeb324f76ca547

SHA256
775db108db10245e808d28469f3ee4b6c463b1327dffe6573831db45b3a957f3

SHA512
c629417d62ebcd868594143c7ca34600a97bc1aacf677393c6af6f609da4a8c39f72560383d2763764b97cc2b88c1098d5799bf8cfa8c65b5e94fffe549a3eac

Download Submit
/data/user/0/com.zhz019.d202/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.zhz019.d202/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.zhz019.d202/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/JXCP/aff/com.zhz019.d202

Filesize
6B

MD5
152d3d2587cb7ec76100c70603cac198

SHA1
867a488cb4765dd210285586ceeae981f2ed35d3

SHA256
59a4e39ce13c76ac0677296fddb92a303a955e1dc4066a955b0348e4c77c63a2

SHA512
4afad1a4e9a7cc9e2a5c5c4724edeb8ec500f8a7af7968dfc06d9ba9e9c697d1afed59285e5603c6a66bc47edd21bb2738430d42d7d4facdbf315535e6f81e55

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
351999df325b59c8fe5812437e6e54f6

SHA1
e86a34b17a565e8ce38d0d8e07f90d730fe51325

SHA256
74d052833a10e91f21d7c093c56b2cd7c5bdce4eafbf99d4998a839cd4e8083f

SHA512
cbd7a418a8a196bda143eb7bc975acc3c7512a06805398b911cef958a259c2346bf44f9ec42cb937ab214a8b42df02b6852c3e6048ac2d2b8e5a243f6f111676

Download Submit