85c39b93b9cf4466bc4527b700c8ddb2606028a68e38f99027123b3546df3856

Analysis

max time kernel
3114960s
max time network
141s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
29/12/2023, 23:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06fe61b001b6eb74e32f04dd5917cff9.apk
Size

5.9MB
MD5

06fe61b001b6eb74e32f04dd5917cff9
SHA1

30e404147d2953951ab2afb49e3c58926bb206d1
SHA256

85c39b93b9cf4466bc4527b700c8ddb2606028a68e38f99027123b3546df3856
SHA512

9fd668659a6a922cb1a294ec7019eb0df7c1981fc0a900440fb03e7f74c25f1ef1c287338785c12e9e5873179fb265e8eee91e70a1a7492fc34d0bdca768f544
SSDEEP

98304:noAadUrQGWtjH9te4ZE5180xZ2fTCV1axBbq/K5EEq/5o6pM+f5oKODdSX3SLTql:ozSrQ7D9OPTWTCXobqdnp1f5o1DduCTw

Score

6^/10

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yxxinglin.xzid53282

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid53282

com.yxxinglin.xzid53282
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4194
- /system/bin/sh -c type su
  2⤵
  PID:4294

Network

DNS

android.bugly.qq.com

Remote address:

1.1.1.1:53

Request

android.bugly.qq.com

IN A

Response

android.bugly.qq.com

IN CNAME

ins-9fciednc.ias.tencent-cloud.net

ins-9fciednc.ias.tencent-cloud.net

IN A

129.226.103.12

ins-9fciednc.ias.tencent-cloud.net

IN A

129.226.103.217
POST

http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987

Remote address:

129.226.103.12:80

Request

POST /rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987 HTTP/1.1
wup_version: 3.0
raKey: vm8rWPgvh6z03oYz35pUWrWLmL2KoksAAiQ8q%2Bt7D5mUUQdszroH4FPSSxgUNWdvht80L2MR%2Fzx1%0A%2F6cb7xF2d2eIH825p7ecRlHcx4LVA%2BJUjG5iDpSBN%2F0la3fyrKevK9O5jRnvqO2qiQUYvtDFw72R%0A17BP877uAzziBdF0fjU%3D%0A
strategylastUpdateTime: 0
appVer: 2.3.2
bundleId: com.yxxinglin.xzid53282
sdkVer: 2.6.5
prodId: 6c298be15b
cmd: 840
platformId: 1
A37: LTE
A38: LTE
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: android.bugly.qq.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 922

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 07:38:44 GMT
Content-Length: 334
Connection: keep-alive
Server: Resin/4.0.27
Bugly-Version: bugly/1.0
status: 0
nstat: 0
DNS

log.tbs.qq.com

Remote address:

1.1.1.1:53

Request

log.tbs.qq.com

IN A

Response

log.tbs.qq.com

IN CNAME

ins-d94v3bvj.ias.tencent-cloud.net

ins-d94v3bvj.ias.tencent-cloud.net

IN A

129.226.106.211

ins-d94v3bvj.ias.tencent-cloud.net

IN A

129.226.107.80
POST

http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a

Remote address:

129.226.106.211:80

Request

POST /ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a HTTP/1.1
Connection: close
Content-Length: 432
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: log.tbs.qq.com
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Date: Sat, 30 Dec 2023 07:38:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7
Connection: close
Set-Cookie: tgw_l7_route=f8daa8a174ca3c40ba2dc16121f3d221; Expires=Sat, 30-Dec-2023 08:08:48 GMT; Path=/
DNS

api.fusion.49app.com

Remote address:

1.1.1.1:53

Request

api.fusion.49app.com

IN A

Response

api.fusion.49app.com

IN A

101.37.182.27
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A
DNS

api.fusion.49app.com

Remote address:

1.1.1.1:53

Request

api.fusion.49app.com

IN A

Response

api.fusion.49app.com

IN A

101.37.182.27
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.238

129.226.103.12:80

http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987

http

1.9kB
1.3kB
7
7

HTTP Request

POST http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987

HTTP Response

200
129.226.106.211:80

http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a

http

3.3kB
471 B
10
5

HTTP Request

POST http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a

HTTP Response

200
101.37.182.27:80

api.fusion.49app.com

240 B
4
216.58.201.110:443

tls, https

858 B
40 B
1
1
216.58.201.110:443

tls, https

858 B
40 B
1
1
101.37.182.27:80

api.fusion.49app.com

240 B
4
142.250.179.238:443

android.apis.google.com

tls

5.0kB
8.8kB
21
22

224.0.0.251:5353

3.8kB
12
1.1.1.1:53

android.bugly.qq.com

dns

66 B
146 B
1
1

DNS Request

android.bugly.qq.com

DNS Response

129.226.103.12

129.226.103.217
1.1.1.1:53

log.tbs.qq.com

dns

60 B
140 B
1
1

DNS Request

log.tbs.qq.com

DNS Response

129.226.106.211

129.226.107.80
1.1.1.1:53

api.fusion.49app.com

dns

66 B
82 B
1
1

DNS Request

api.fusion.49app.com

DNS Response

101.37.182.27
1.1.1.1:53

android.apis.google.com

dns

138 B
2

DNS Request

android.apis.google.com

DNS Request

android.apis.google.com
1.1.1.1:53

api.fusion.49app.com

dns

66 B
82 B
1
1

DNS Request

api.fusion.49app.com

DNS Response

101.37.182.27
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.238

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid53282/app_crashrecord/1004

Filesize
232B

MD5
8ac8d302a8a84eda0a81e0e26a6028df

SHA1
f4c0eba229d98f0ccdb3626224ac858e9c79ca41

SHA256
24586aa4ae92e7988391730e5a60b435a8983e83992585082c55f3ab0caadd3b

SHA512
7ae687af20391ab7ea5c3ba9b1e93ba117cd7bef73e297da049a1903659f47b83f97227a5c5918c266ac4cdd21b6baa7c4be87f9bfce15958e76ebfe9996a185

Download Submit
/data/data/com.yxxinglin.xzid53282/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid53282/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid53282/databases/bugly_db_-journal

Filesize
512B

MD5
c3749c02359b6c496fd42aa60fe2fe78

SHA1
883c579bfc374ad44b032e14d6b777a44bcd4a60

SHA256
9809babd561a928dca479b0b9d37f12d03586e436407f4aaba6b12242aa71717

SHA512
1bd442a03ca39148f83c603158ab59c7ae2ffba73a32a0c515622c12cf5b8e90bdb8802d827662ea723f247933bdabab7da5f4582e286ea142ae131b1f166691

Download Submit
/data/data/com.yxxinglin.xzid53282/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yxxinglin.xzid53282/databases/bugly_db_-wal

Filesize
72KB

MD5
4c9f5bd2de8fc2857eac76a585bfb7d4

SHA1
0b5eeb8e8c7c4f4c80099adab0abb503f160e8d2

SHA256
3c8639c8052eae7fe8e44561f7aa5b03895b63f8d8912cc971702d8e7de679f3

SHA512
91f7ada51b6b56b7d280c8d2e54f5c14c459edd1eeadc6ebd54fb911ce7998c44f9ad269c9ff3ca6d5ca21f8a4eef2546e2dfb46424582a7cc72cc8dfe1a6541

Download Submit
/storage/emulated/0/Android/data/com.yxxinglin.xzid53282/files/tbslog/tbslog.txt

Filesize
2KB

MD5
5af86f15d8b86ec27eeb8bfb0f30370d

SHA1
5c7c46f319c142f9616a7e6ff9f78303eb7b943e

SHA256
d3800d7007a88c326a03925620d0f783de947916b1d6bc715f3d49acb631644d

SHA512
889f98664d91f75d00e581d150ee6f7c124a5592ebf9fc4fcf1946870f3bada8ede52a7bd48877ef1c4cf8da4f93e6065fdcb61200090fa7039a4f857a577396

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.