fec228365c53807a53f8f869c7564aa011ad37293631e3bf372000d48eb98a06

Analysis

max time kernel
3030452s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 08:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fec228365c53807a53f8f869c7564aa011ad37293631e3bf372000d48eb98a06.apk
Size

15.2MB
MD5

62f09be8ac762c5dffb71b6839d67256
SHA1

97bdaebe430219c3face65a53e525337b49b5b38
SHA256

fec228365c53807a53f8f869c7564aa011ad37293631e3bf372000d48eb98a06
SHA512

f62ac25ce08c9b01a5b9a7f58b85db8552c5a89d727ed80524959c7a12f9700a3763ffc4f927950c250b4ae80ae06cc9f32f06b92f7a06293323a5a845ae3254
SSDEEP

393216:DeUV1w05+OIglF6rjsfoT9aWluU/1BaIuZ:DeYfkOIglWjs4a2u77

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yiwyxb.qp626713

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yiwyxb.qp626713

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yiwyxb.qp626713:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.yiwyxb.qp626713

com.yiwyxb.qp626713
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4508
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4745
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4768

com.yiwyxb.qp626713:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yiwyxb.qp626713/databases/RKStorage

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yiwyxb.qp626713/databases/RKStorage-journal

Filesize
512B

MD5
ead9986f65548839a78469d5e5ff58cb

SHA1
2d7110453f97e8098f0133daadea0e96ffad992d

SHA256
f13ec4d529b125c1dce4dccd09ee4b48f414a5b7238235d0f989c6649075534c

SHA512
ec3e40fb337a7155d69804b2a2a4b0f4a5d48fdfa87ba84b83516f522bb7869657bc9c91d8d1896080da76b9d845f8d9e0edb6e95473fdd4f4ebadcfff58d8e0

Download Submit
/data/data/com.yiwyxb.qp626713/databases/RKStorage-wal

Filesize
40KB

MD5
6314b5722983bf35ce35b0f2144e3e7d

SHA1
14d2a62d2f7d6c47745ef6f986cc12f5716322c0

SHA256
2dd456e469342e415ca55999a46aed0f2ea666655d9443e84e850aadb3fed1c4

SHA512
2c69674f57e4b30040e043838aa7998ebb630ef1cd76b0fb1d279f48e5747fa1e8a53742c23af94693364a0016233f325888b042aec21aba9e6ab55596553b95

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db

Filesize
24KB

MD5
493a93751ddc5d2c278e750018ac2ff3

SHA1
3c0e555afdf70a97a31d8f7d008185066e8c3ae8

SHA256
e1f720fa4c6eea85d9876d35082d95dbc7d6b43e5d4660730df257715e740ae2

SHA512
5ba5ecd9d4c368c83eac8411e91fe9bee70c79624a24a11dcf54771ef7e89da9d2e3db06ecbab27e30618d8f7e78a20567a65c6d7e7a44bd2854b82ed8947e67

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db-journal

Filesize
512B

MD5
aea72dd03628f030a6f837d10f80d04a

SHA1
8b037f12b5e46d30f656343215e9dcd64545d253

SHA256
65c15a258126fa2179b8ce22600a60cf888f8798ba125058cb5fd942192417f0

SHA512
420d5e74d09673f1538e7006c8e991b7b8048af618bb0422324cad1cee2400f7ec28b5839bbde3343b474423550ace5beb6fb9ae9bd0cfe1b10eed05991814aa

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db-wal

Filesize
48KB

MD5
1b32198f7d0293a5855d59760804d360

SHA1
e54b3bbd5d1dcb472acd28ba14f280866d1c599e

SHA256
f574abbb6ccd9783bb20622469693c2570833a049d8c9431b6f09ac7990edc83

SHA512
26e12d7d08b72b7c7260d6a5519515b1d39075cfaf175a5c43780587bd32cc343944ef942f8becd67dd8df955ac1360c11be533009b99978a0f7594d22c4eecb

Download Submit
/data/data/com.yiwyxb.qp626713/databases/ua.db-wal

Filesize
12KB

MD5
6880311698b4d6d7af2430ba22484d2e

SHA1
1ea3a4f93abb6691fd79eff680d88349af77c5fe

SHA256
f1bcd0020ae8b50fa218683cc832743f88304cad077ce58f3272612651c66a67

SHA512
206c9aa1c8b0ee4f1fc81c2e7dd45a82fb3c6c36e25a6f71ded8ec24dc28a55d05a91633aff6bbc3892a2020cf9920fb7669fa9855eb36cee50ecff3da8c2356

Download Submit
/data/data/com.yiwyxb.qp626713/files/.envelope/a==7.5.3&&1.0.1_1703837363590_envelope.log

Filesize
1KB

MD5
3da5d239f001bddd97140b1ec8e9029b

SHA1
c54111917ad162f07694888cae61631d2acbcf09

SHA256
9ae6b99e11b84f4dbd85cb22fc320adf8a40bce9361263ae3ab4870af6247a67

SHA512
484ead7b87eb14e5ad00427566b86b039767c86557ebffd1b6f60024fb2d8485866577a626c9adfea21f35f77963641904b459ab1171b0ae77646be72babd5b9

Download Submit
/data/data/com.yiwyxb.qp626713/files/.envelope/i==1.2.0&&1.0.1_1703837364858_envelope.log

Filesize
2KB

MD5
a8d0b7cd077a7ec2599c8f20f9645dc9

SHA1
39176b071000a75a79a48ec16a1ba66de2da27ce

SHA256
329e7b8e4bd76b05ebe246843e8607f49441f703dca1f6edd04edd0fd89c6245

SHA512
7b52fe3fe62c14d4cbf95d50f9284985c1d49bf2abb052daba949203ad6e6c2109319d808257f67efced0251cc1c56aa085859a42cb6b55deaf7223844953593

Download Submit
/data/data/com.yiwyxb.qp626713/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3a9d62647f9ae1cfa7d658ad1e59dbf6

SHA1
2bd926d9c5681b3315ff6151b220323d37bd7e3c

SHA256
ae6f929360a4f0bb520d6cd9340de8e25bc2b0071dcced124fccc95952129c3e

SHA512
0695217314083c46edcd2375f8f0c6b9e57d37507c82cbf1bd11d201420aa238f5608bb33790df3492b2119e628a70eb13865ce0a24bcc4103a50928c6464928

Download Submit
/data/data/com.yiwyxb.qp626713/files/exid.dat

Filesize
67B

MD5
cf9a1ab7c3d2a5901be3b2efa2086731

SHA1
05ac17218d63c9fab76cbd6aa78e4ba5666416fb

SHA256
d3a719596a861a3e82a9459fe9b37daf8e1c06a1c64528c90904604b133d7913

SHA512
b390fcd989f45963682120f38a6e2a846b53f941e95f69e67cf6796e9fd61a6675f91c80d7f6b7053e90feaec09ad7e0e9e64d5cbb7278762e6b8c857e29240b

Download Submit
/data/data/com.yiwyxb.qp626713/files/jpush_stat_history/active_user/nowrap/b62a3844-8f48-4dfa-9301-02fccd2d5a52

Filesize
159B

MD5
60a05f8279bee4e21e0f7800ffa26286

SHA1
025006520b0a72d0ebc4412ee7a5e4fb91c2f3fb

SHA256
ccfc29e880a9aac2471307a723fb1559dddd140aa9abe885beeb71216ca78782

SHA512
329d7db9b193cbd9b95d6a3eb8cf828a171e41d53938b90bff88269794731a7efafea6b018c4ff96c47e45ba3947c571c7d809e54297f4ff112938d29086a9d8

Download Submit
/data/data/com.yiwyxb.qp626713/files/jpush_stat_history_pushcore/normal/nowrap/eceed5c6-b1ad-4665-8c06-f518b0a631d5

Filesize
202B

MD5
5e8c6af323040c46ab29b3a7b3b1c5f5

SHA1
79eae5b6d4deb71427d23fe93d1b18532cae0fff

SHA256
32eb4bce79d182472057178aedc78a5ece164a99c5ec61987a194b84d2038e47

SHA512
63a3df1b848715673ff1312b90984ea5419dde6db7a0e29d96253796a0404c9608826bd75c962fcc4429df49feb5574e587e22811a3d3abadc1fbc572b3796ac

Download Submit
/data/data/com.yiwyxb.qp626713/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzODM3MzYxMTU1

Filesize
1KB

MD5
79fa037c43c1eaf00e4d0c284dc53f23

SHA1
74691075c66a14cfaee6c88897b0e7f792c0498f

SHA256
c592a5d8d64d00773c80930ea1f6dcb2c5189eaa6eaf281f1b75ed20510bf801

SHA512
42fe12379d3a91f105c2a05450a24d71fdb08cb317fab0f69857269dc60148bf69c818c772db1c8f65757e1dd10badccf3d482d2f996569470ec04393d9c1f28

Download Submit
/data/data/com.yiwyxb.qp626713/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzODM3MzkxNDEx

Filesize
1KB

MD5
9e083ee6fdb6d4e588b3470255bb2805

SHA1
338928def6610aa93752af04886988a919d33b69

SHA256
835921322016bd3c9cb7a881492ed4b431d64b39835b1cf19964708e17f2d271

SHA512
93520ea907425c8a9ab52d81d71c58e185df36f14a545f08e3237fa38d450ddb89b315a113111cff397c32d72c3955129af1550032b2d0b9f6fa67beda729ef3

Download Submit
/data/data/com.yiwyxb.qp626713/files/umeng_it.cache

Filesize
415B

MD5
e836d0c25be9479a6a91f4e24872dd9b

SHA1
ffc89cf36056ed94d4a297a6b4d6d841491dedb7

SHA256
2814331320d70b2e29c137804bccfdb49ef93988ee4e9a5afa2b16492383b680

SHA512
5f5435cac629142b1acf18c3fc9d6fcad183fedad2e682ff9ff3a7597e89bfa1107aa76da90caab58aa9258290152ccf14e10e0cf2ce778239e62612a8ece488

Download Submit
/data/data/com.yiwyxb.qp626713/lib-main/dso_deps

Filesize
144B

MD5
21e8dc2295dbc97d20c84eb6ae49e189

SHA1
3b55aa2d6f924cd2a37389538635243b3f6c9711

SHA256
355d45f90965d2a56ca5ee4c1b61cfac5d0dce0107d6249ceabf90e86368ed41

SHA512
9a0e07bf9b4098fd20a779f4a6a652f1d2176be9f81cd04db91a5327678d2f8ddf8b2f9b21f4d5dd8f401a1b8d87645b1b86f689d01991deb45f8606875b86e9

Download Submit
/data/data/com.yiwyxb.qp626713/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.yiwyxb.qp626713/lib-main/dso_state

Filesize
9B

MD5
13e44e779bec0ade702f745449809110

SHA1
a24475fbc709320636ea7e376df3bb6500d5ef1b

SHA256
c2affcc8a96077fbbbf2768dcd237ae011c4375e56b39dc5f7ca6204d134ff75

SHA512
e652dce0637c7a8e0db90ee1a6887f275aef1ff05f6edd9516caa25ab8869e62f53ae751cf6ac45d73b9c9363753c7e56df19cd3047c515081b5c4b4c41564e2

Download Submit
/data/data/com.yiwyxb.qp626713/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit