43ab7f699e4d4e636d47633b7b887c3f9422a9f4d4fc71743b5ee5b7f354df67

Analysis

max time kernel
3101690s
max time network
129s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
29/12/2023, 22:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

055bf4f099c0f92b4b9126778ef7ee35.apk
Size

23.7MB
MD5

055bf4f099c0f92b4b9126778ef7ee35
SHA1

70ca17b80c2ace67f179ec5e44292abff8761f19
SHA256

43ab7f699e4d4e636d47633b7b887c3f9422a9f4d4fc71743b5ee5b7f354df67
SHA512

26565043bde0434e5847a84a5d8d179a2ca271ad9419b64fd0f72d96b0f0767011ea6014fb1c78aa85526ee14f9d84aa18042c7106f6ef5e7ec2f8437101bc7c
SSDEEP

393216:vQQcUwk3/eg3WW20KFDlamjk9phMs1+rO+T+Mn3CHdkLwTAkWlQTfvPKqb6um3Nf:vFcUw0+WYFDlah9N+rOC+Mn3udkLKzrs

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.blackbean.duimianduixiang

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.blackbean.duimianduixiang

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.blackbean.duimianduixiang
/dev/qemu_pipe	com.blackbean.duimianduixiang

Reads information about phone network operator.
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.blackbean.duimianduixiang

com.blackbean.duimianduixiang
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Requests cell location
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4384
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4405

com.blackbean.duimianduixiang:loovee_push_svr
1⤵
PID:4339

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cache_db.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cache_db.db-journal

Filesize
512B

MD5
d4a1139e21fd0f062e37fb828ce030ce

SHA1
fd64d373a1ecf779d3c41f776c9d38a80569f340

SHA256
cceb344fba80dc34ad1ee419954dbffeb1a2f363e2b8bc0b8deea1a50371bab8

SHA512
87d98f5cb41fcf0cc73aa912d804ad1886d731b75f49a8ab5500f6c461d0d5ed6aee8175c2e47d40fa8c3214fd2c184bb815fca1b57f41e4fd12e6d77131ddc0

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cache_db.db-wal

Filesize
36KB

MD5
09ac85dfaf0e282db66c161325708379

SHA1
8861c2282334152f20cfa93ea9f38fab5b4f05e9

SHA256
c7c2ea510bd8db7c05eaa8736c1de9b9cc7233f5267992c48bdef1ca1f11dd62

SHA512
6edbffe10a1082a660c99813d7620f2fbc1a885812a3f311b950f002ace29d7522bf9dcaeacfa7a328a7a4c057bea7ccaa974f5c07289a023d18cd5cebb4b3d0

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
648f55ad42849c9889634d697043328d

SHA1
051dda2009eec57c647aeac8a620d087a15ceb9f

SHA256
ef30816b261421dd5c94f2f68b8095a189a30fa621407617141ec13183ee05d3

SHA512
e343cf55b93ca3421798f7619161bc129abb6dd9c6be90c6563210436455ebdc1d79751bbab2257ad95bd19444fcc140eced25c36661f64b349c2b0acd4deaf1

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
dd582ede9224093403adecb823b53eab

SHA1
c136249024e51c03ec4636bd89f38685746e9625

SHA256
90740ca22662a5210eb4e2b4c4f89a5efa7324b9ac4b011b1baa79344fa9a0d9

SHA512
1d65a0c440910aedffcc48a4712953034d7d01cb3f31ad89f1dbae3da37424e35489c742701069b6864fd550963196628203e0811397e686e72fa73332af52cf

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/_nohttp_cookies_db.db-wal

Filesize
36KB

MD5
c98dbdf19f640bcf0feb5fef28bc533b

SHA1
2b5751ad52910cbb5c9d94833faae978be1ee600

SHA256
f81243271a5378323fa1f093a4a322c381c0981997595c4c89588251fae4d13d

SHA512
744cd052187ccc969877cd5f09cbd60a0d97e067a6286af312cb53abcf60ecac183d0402f43feba6e7a5abbfe3890842e30fa5c6e65ab8835d5f2ca892222530

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/molove.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/molove.db-wal

Filesize
16KB

MD5
be36e31b046f80e746d92595c20a2ee9

SHA1
eaa026836e6a65e755df395d4963a482cc557bd4

SHA256
ca359af799ef594b30dc400fba75762f15cd4836dd756b2bfa9bd3420be038cf

SHA512
867ab3319a4c3f914c4b183829dda57d252a88451d05616c5b26a87e76f03ad17b8264d72a513d35726e6d34bf4a1f6fbb6462965f44c0f499ec1ffdedff5e85

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/tencent_analysis.db-journal

Filesize
512B

MD5
26595de3f0b6187d779495cc33d19ec9

SHA1
5484b8e450f45c114571e0bd6a7957c5f79fe9da

SHA256
6bdf2cdd8dda603800f2773535c59ac1b737bfc65e11d9ffddc41710bb32489a

SHA512
745b71e83929159f480c2c75a766d77a3a61cebcdc07b0e15cec4d9b1377f93c2b1fa9550b5aeb739f899e3e424243e8843213f2ae074896c1bd8eb3e3d811c9

Download Submit
/data/data/com.blackbean.duimianduixiang/databases/tencent_analysis.db-wal

Filesize
60KB

MD5
39e0d29f10616bf456bc1778d3eebeba

SHA1
25deb9088d3ad04df479a157762850c7ba30f8d6

SHA256
aa4c2187e99d35aa4a1c4617163625f8699edc358ce01dd71bdad9e0d17bf685

SHA512
1bb852674362c999b7f82a7e8a88eb98ba032f68ee409942e38a726be89d237b62a270063851b4edfd8b7c256619563f26009c39a42dfd746c62fcc85677cf92

Download Submit
/data/data/com.blackbean.duimianduixiang/files/com.tencent.open.config.json.101303383

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.blackbean.duimianduixiang/files/weibo_sdk_aid1

Filesize
46B

MD5
4028c8b91f544d6bd51a266683ff791e

SHA1
d8bacd93b5724c8500f66cc46632704115635afd

SHA256
7cda4149bb95d3c082f01b19b365228fd339ce4fcfa02969294e13bdae41270b

SHA512
a8fdcbe785c7f9eabff76f227db4e8c1d099dc8adc81a41283f8fbf118fd0fbff93be1aaacd3c966888f30f247215125317efa56495f022486f5262cd2cc3831

Download Submit