c57deed843d8d37f7569fe9df3caf29b18a807bde2ce70873b8d7618d652d429

Analysis

max time kernel
3015444s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
25-12-2023 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccplaymerket.apk
Size

4.8MB
MD5

1d2487af13b4d2c58f87e7314f3a8aa2
SHA1

352a218b5bc509ed74f870619eb339a161903bc2
SHA256

c88e2191ecd0a77de6e825705f0c2616ea7d83bd6a6e2f0092b72162c5c96f16
SHA512

e2ba2038af8113e00102f79b96d4ee25492099fa5c313e1ea8e6ad741aff933c00051349e0632c630452bb2d9afc01752987652939cd98dd90fc7058cb7c1073
SSDEEP

98304:EKP8mhsrLMBfU0IhqXYaY+y6VyKQK286r+6vDat0Kcn5wr5+ZQNshMg8bn4ag2jW:3khqogJVmKx6r+67at7c5wtgXhh9/

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.lion.market

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lion.market

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.lion.market

com.lion.market
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lion.market/databases/com.lion.market.db

Filesize
44KB

MD5
02327657a730a78c4faa124c6d717fdd

SHA1
c5bf4d6f4b741aba085fdab0bf9f9f092456fe19

SHA256
1a25e6116b84f6b3a55df0e0104dbb697094d0e195cb8fd37f6141b3ed485953

SHA512
6b63ab8d4cb5438f4f88846e059b043082004a860abcb729f98fccc88b969272ab1b44b2da93b37c5b454b1c5471e78cf3f8faf987d23c79bc1ff39fe59fc975

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
512B

MD5
b7ea674e4cf4939cc24f0cc03df2afe7

SHA1
01758846c77d415daa4af8e2639a696386b5e55c

SHA256
bff5f610d64b62483de8204809eeff205626a6ced0628f4c9839da90b36e54cb

SHA512
f25e06cddf743fde66904e585aa0e50a62c671b3c40e02ac8634d2c2a38593587818a2dbcda7f77b84c25c1706273f3a47dc826f1cf8505a4fbd962df09cb53c

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
8KB

MD5
69f030c37636d31408679b43d4f838c4

SHA1
210cd1629c115d5e34fb972fdb4b96e8727cd607

SHA256
a5e48d2b0f624233798fd2e6846a4046e918e87c2bbb822c26887e0a51a5a4ab

SHA512
60c375ef428a2e2ab8c0418fd32084fc371dc3aed41094f839757f6d772e8274a64dbd215e87eda5885dff45fa9019b2fa570cff2391c2e680e2c5991490a5e6

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
8KB

MD5
3c35e35b1c9f31e496dbd2f30959467a

SHA1
6a4e5cb12325c65f039b658150a23927cc2c958b

SHA256
54f06b6ee999ea4a018232e074936d75d3b3f3d5d4f8af7ebcdda45de05f87b1

SHA512
30fb0c829d42375e76b3c2ad30576c8fa0dd4115b374c4ff26953bb7a111df2ecc87c50e3b5f92866d522351fca87a74d98304314beabffe8e812b8aeb81bde0

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
24KB

MD5
1e351c7a157e95cc8685da78dd224856

SHA1
a999793c1d89b2f3e7bc3cf91fb4f190b0720342

SHA256
363744ee0459502d5aaf40fd0b3721874710c4e3de0edcd0fef43f72b0631bb0

SHA512
1947fbcab82d7d8965ffa474600fe842c6cd48832863e6b071ac6b8e0aacb36c60a0ae3616e0bfb1cc3db5bc89fe8f448ed9965e584814cd79024dcee2868fb1

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
24KB

MD5
82339c9011047c713f9b423e13204eba

SHA1
77ee8499b7e05fe8354786b882dc215518aeeea3

SHA256
deb368a5a4c1e3641b78ff2b85e5a57a71a8a8fbaaf09982c78c53a2f81d80a8

SHA512
442b3ed71f68d0bcb3d35957004793ba0d80271380892f7ded491f58a3eedf0d1ec21141634b53b905c01c880756d5fe0fa8c2043ff5ff4caa960a0d849b420a

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
28KB

MD5
12694f9a81036a40bd77fd71768e0c00

SHA1
7705fc0fc135e5be336cd4cc3df603c9b7fd0e14

SHA256
df54b462eaaca3f7cd6d3139c2f9583210418b79e7887fe95dd2a7a5e0ec67e9

SHA512
665c9282512f69e73eef0999de0db30e4cd3ddf456c12d27f2794fa040783e7c7d8e16e19c43c861b9cd87d95e939574168d09c179525a89298e93784ab75174

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
24KB

MD5
96f9eab6cd5389dd4b4c6568c4d6a351

SHA1
dff3038b79a2d243054061a511041528471a49b6

SHA256
c883dfcc8fa26e20ae3a6e2f47eff3dd66579eb8b1b17b9a3ef0f5c84a969d40

SHA512
1a33cf043e4342b5aacf24caa5a649bbf0dc0f7d9be6bf2d4cd259e25662c0b61b017fd5ca3daf1ba6dfc4a5a40a37ddb7661fa8cd9f0ab8d7311c204fe33ea1

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
512B

MD5
46594c925cbb59f1d0c86e16193e8c28

SHA1
a8e462291681f452ea618107bb5ff156bcacc84f

SHA256
77873e4aacbd82b8a7b43939f80910c496085a7756f9b4336715062140e178f4

SHA512
f31a63d79eea108a40fb3a55db3e6637610123c4b46e3df6950f44d497726e42bbe1b5efb2d077eed7989a2e3020d3a186bbaf3238ac3081dda73dbe52ee103d

Download Submit
/data/user/0/com.lion.market/files/jpush_stat_cache.json

Filesize
132B

MD5
922e5ced8f16b74866888d16d34e3312

SHA1
3e4d89289f83a67322421cb162123ca40b1cafaf

SHA256
068fee8a87dca6eb291297fb5796503988718748cf4b48c02129c72e77bc7532

SHA512
79549baec9926aaac91dcd224129deb86acf2f722e0f748e8d482e82dcec7d54dc47081ab6fccf7ab0c44858ddbc78fc0d139fa30d71e696ec1ce312893e2f24

Download Submit