Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    3114960s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    29/12/2023, 23:31 UTC

General

  • Target

    06fe61b001b6eb74e32f04dd5917cff9.apk

  • Size

    5.9MB

  • MD5

    06fe61b001b6eb74e32f04dd5917cff9

  • SHA1

    30e404147d2953951ab2afb49e3c58926bb206d1

  • SHA256

    85c39b93b9cf4466bc4527b700c8ddb2606028a68e38f99027123b3546df3856

  • SHA512

    9fd668659a6a922cb1a294ec7019eb0df7c1981fc0a900440fb03e7f74c25f1ef1c287338785c12e9e5873179fb265e8eee91e70a1a7492fc34d0bdca768f544

  • SSDEEP

    98304:noAadUrQGWtjH9te4ZE5180xZ2fTCV1axBbq/K5EEq/5o6pM+f5oKODdSX3SLTql:ozSrQ7D9OPTWTCXobqdnp1f5o1DduCTw

Score
6/10

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.yxxinglin.xzid53282
    1⤵
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4194
    • /system/bin/sh -c type su
      2⤵
        PID:4294

    Network

    • flag-us
      DNS
      android.bugly.qq.com
      Remote address:
      1.1.1.1:53
      Request
      android.bugly.qq.com
      IN A
      Response
      android.bugly.qq.com
      IN CNAME
      ins-9fciednc.ias.tencent-cloud.net
      ins-9fciednc.ias.tencent-cloud.net
      IN A
      129.226.103.12
      ins-9fciednc.ias.tencent-cloud.net
      IN A
      129.226.103.217
    • flag-hk
      POST
      http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987
      Remote address:
      129.226.103.12:80
      Request
      POST /rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987 HTTP/1.1
      wup_version: 3.0
      raKey: vm8rWPgvh6z03oYz35pUWrWLmL2KoksAAiQ8q%2Bt7D5mUUQdszroH4FPSSxgUNWdvht80L2MR%2Fzx1%0A%2F6cb7xF2d2eIH825p7ecRlHcx4LVA%2BJUjG5iDpSBN%2F0la3fyrKevK9O5jRnvqO2qiQUYvtDFw72R%0A17BP877uAzziBdF0fjU%3D%0A
      strategylastUpdateTime: 0
      appVer: 2.3.2
      bundleId: com.yxxinglin.xzid53282
      sdkVer: 2.6.5
      prodId: 6c298be15b
      cmd: 840
      platformId: 1
      A37: LTE
      A38: LTE
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
      Host: android.bugly.qq.com
      Connection: Keep-Alive
      Accept-Encoding: gzip
      Content-Length: 922
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Dec 2023 07:38:44 GMT
      Content-Length: 334
      Connection: keep-alive
      Server: Resin/4.0.27
      Bugly-Version: bugly/1.0
      status: 0
      nstat: 0
    • flag-us
      DNS
      log.tbs.qq.com
      Remote address:
      1.1.1.1:53
      Request
      log.tbs.qq.com
      IN A
      Response
      log.tbs.qq.com
      IN CNAME
      ins-d94v3bvj.ias.tencent-cloud.net
      ins-d94v3bvj.ias.tencent-cloud.net
      IN A
      129.226.106.211
      ins-d94v3bvj.ias.tencent-cloud.net
      IN A
      129.226.107.80
    • flag-hk
      POST
      http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a
      Remote address:
      129.226.106.211:80
      Request
      POST /ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a HTTP/1.1
      Connection: close
      Content-Length: 432
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
      Host: log.tbs.qq.com
      Accept-Encoding: gzip
      Response
      HTTP/1.1 200 OK
      Date: Sat, 30 Dec 2023 07:38:48 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 7
      Connection: close
      Set-Cookie: tgw_l7_route=f8daa8a174ca3c40ba2dc16121f3d221; Expires=Sat, 30-Dec-2023 08:08:48 GMT; Path=/
    • flag-us
      DNS
      api.fusion.49app.com
      Remote address:
      1.1.1.1:53
      Request
      api.fusion.49app.com
      IN A
      Response
      api.fusion.49app.com
      IN A
      101.37.182.27
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
    • flag-us
      DNS
      api.fusion.49app.com
      Remote address:
      1.1.1.1:53
      Request
      api.fusion.49app.com
      IN A
      Response
      api.fusion.49app.com
      IN A
      101.37.182.27
    • flag-us
      DNS
      android.apis.google.com
      Remote address:
      1.1.1.1:53
      Request
      android.apis.google.com
      IN A
      Response
      android.apis.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      142.250.179.238
    • 129.226.103.12:80
      http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987
      http
      1.9kB
      1.3kB
      7
      7

      HTTP Request

      POST http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987

      HTTP Response

      200
    • 129.226.106.211:80
      http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a
      http
      3.3kB
      471 B
      10
      5

      HTTP Request

      POST http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a

      HTTP Response

      200
    • 101.37.182.27:80
      api.fusion.49app.com
      240 B
      4
    • 216.58.201.110:443
      tls, https
      858 B
      40 B
      1
      1
    • 216.58.201.110:443
      tls, https
      858 B
      40 B
      1
      1
    • 101.37.182.27:80
      api.fusion.49app.com
      240 B
      4
    • 142.250.179.238:443
      android.apis.google.com
      tls
      5.0kB
      8.8kB
      21
      22
    • 224.0.0.251:5353
      3.8kB
      12
    • 1.1.1.1:53
      android.bugly.qq.com
      dns
      66 B
      146 B
      1
      1

      DNS Request

      android.bugly.qq.com

      DNS Response

      129.226.103.12
      129.226.103.217

    • 1.1.1.1:53
      log.tbs.qq.com
      dns
      60 B
      140 B
      1
      1

      DNS Request

      log.tbs.qq.com

      DNS Response

      129.226.106.211
      129.226.107.80

    • 1.1.1.1:53
      api.fusion.49app.com
      dns
      66 B
      82 B
      1
      1

      DNS Request

      api.fusion.49app.com

      DNS Response

      101.37.182.27

    • 1.1.1.1:53
      android.apis.google.com
      dns
      138 B
      2

      DNS Request

      android.apis.google.com

      DNS Request

      android.apis.google.com

    • 1.1.1.1:53
      api.fusion.49app.com
      dns
      66 B
      82 B
      1
      1

      DNS Request

      api.fusion.49app.com

      DNS Response

      101.37.182.27

    • 1.1.1.1:53
      android.apis.google.com
      dns
      69 B
      109 B
      1
      1

      DNS Request

      android.apis.google.com

      DNS Response

      142.250.179.238

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.yxxinglin.xzid53282/app_crashrecord/1004

      Filesize

      232B

      MD5

      8ac8d302a8a84eda0a81e0e26a6028df

      SHA1

      f4c0eba229d98f0ccdb3626224ac858e9c79ca41

      SHA256

      24586aa4ae92e7988391730e5a60b435a8983e83992585082c55f3ab0caadd3b

      SHA512

      7ae687af20391ab7ea5c3ba9b1e93ba117cd7bef73e297da049a1903659f47b83f97227a5c5918c266ac4cdd21b6baa7c4be87f9bfce15958e76ebfe9996a185

    • /data/data/com.yxxinglin.xzid53282/app_crashrecord/1004

      Filesize

      58B

      MD5

      0d210bfb2a0e1f1b4c082a6a0f79de07

      SHA1

      bb8ed9e364db79d1d9f2fcde3f15091893222faa

      SHA256

      988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

      SHA512

      536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    • /data/data/com.yxxinglin.xzid53282/databases/bugly_db_

      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.yxxinglin.xzid53282/databases/bugly_db_-journal

      Filesize

      512B

      MD5

      c3749c02359b6c496fd42aa60fe2fe78

      SHA1

      883c579bfc374ad44b032e14d6b777a44bcd4a60

      SHA256

      9809babd561a928dca479b0b9d37f12d03586e436407f4aaba6b12242aa71717

      SHA512

      1bd442a03ca39148f83c603158ab59c7ae2ffba73a32a0c515622c12cf5b8e90bdb8802d827662ea723f247933bdabab7da5f4582e286ea142ae131b1f166691

    • /data/data/com.yxxinglin.xzid53282/databases/bugly_db_-shm

      Filesize

      28KB

      MD5

      cf845a781c107ec1346e849c9dd1b7e8

      SHA1

      b44ccc7f7d519352422e59ee8b0bdbac881768a7

      SHA256

      18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

      SHA512

      4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    • /data/data/com.yxxinglin.xzid53282/databases/bugly_db_-wal

      Filesize

      72KB

      MD5

      4c9f5bd2de8fc2857eac76a585bfb7d4

      SHA1

      0b5eeb8e8c7c4f4c80099adab0abb503f160e8d2

      SHA256

      3c8639c8052eae7fe8e44561f7aa5b03895b63f8d8912cc971702d8e7de679f3

      SHA512

      91f7ada51b6b56b7d280c8d2e54f5c14c459edd1eeadc6ebd54fb911ce7998c44f9ad269c9ff3ca6d5ca21f8a4eef2546e2dfb46424582a7cc72cc8dfe1a6541

    • /storage/emulated/0/Android/data/com.yxxinglin.xzid53282/files/tbslog/tbslog.txt

      Filesize

      2KB

      MD5

      5af86f15d8b86ec27eeb8bfb0f30370d

      SHA1

      5c7c46f319c142f9616a7e6ff9f78303eb7b943e

      SHA256

      d3800d7007a88c326a03925620d0f783de947916b1d6bc715f3d49acb631644d

      SHA512

      889f98664d91f75d00e581d150ee6f7c124a5592ebf9fc4fcf1946870f3bada8ede52a7bd48877ef1c4cf8da4f93e6065fdcb61200090fa7039a4f857a577396

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.