4571c6a005632a83e2e38de26612b79cdf46d4ebd9be2866ea072f5267f63b8a

Analysis

max time kernel
3307866s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
30/12/2023, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

137418fef61707130a7ad8fcbd2a04fa.apk
Size

24.8MB
MD5

137418fef61707130a7ad8fcbd2a04fa
SHA1

86ee2ec089d66c909c21be01bf7af8edc3854c3e
SHA256

4571c6a005632a83e2e38de26612b79cdf46d4ebd9be2866ea072f5267f63b8a
SHA512

990db59932762ece9c2450e97696cd4af7e035aa1374aba3072867503ad1e9edcecef36da2629b3d83ef6d52552109076e32c2878707a76ddf1ec5567f5ad139
SSDEEP

786432:jnHZ1g9XgVNTeMFkjtmN5TU60Js0XgM1YNcS3u3f0JCdJr:zZ6pgHHFkjtmrA6iDXhNZfimh

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/cn.wlantv.kznk/mix.dex	4242	cn.wlantv.kznk
/data/data/cn.wlantv.kznk/mix.dex	4344	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.wlantv.kznk/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/cn.wlantv.kznk/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/cn.wlantv.kznk/mix.dex	4242	cn.wlantv.kznk
/data/data/cn.wlantv.kznk/mix.dex	4242	cn.wlantv.kznk
/data/data/cn.wlantv.kznk/mix.dex	4242	cn.wlantv.kznk
/data/data/cn.wlantv.kznk/mix.dex	4374	cn.wlantv.kznk:core
/data/data/cn.wlantv.kznk/mix.dex	4374	cn.wlantv.kznk:core
/data/data/cn.wlantv.kznk/mix.dex	4374	cn.wlantv.kznk:core
/data/data/cn.wlantv.kznk/mix.dex	4374	cn.wlantv.kznk:core
/data/data/cn.wlantv.kznk/mix.dex	4968	cn.wlantv.kznk:channel
/data/data/cn.wlantv.kznk/mix.dex	4968	cn.wlantv.kznk:channel
/data/data/cn.wlantv.kznk/mix.dex	4968	cn.wlantv.kznk:channel
/data/data/cn.wlantv.kznk/mix.dex	4968	cn.wlantv.kznk:channel

Reads information about phone network operator.

Requests cell location 2 IoCs

Uses Android APIs to to get current cell information.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cn.wlantv.kznk:core
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	cn.wlantv.kznk:channel

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.wlantv.kznk:core
Framework API call	javax.crypto.Cipher.doFinal	cn.wlantv.kznk:channel

cn.wlantv.kznk
1⤵
- Loads dropped Dex/Jar
PID:4242
- sh -c getprop ro.yunos.version
  2⤵
  PID:4317
- getprop ro.yunos.version
  2⤵
  PID:4317
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.wlantv.kznk/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/cn.wlantv.kznk/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4344

cn.wlantv.kznk:core
1⤵
- Loads dropped Dex/Jar
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4374
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4437
- getprop ro.board.platform
  2⤵
  PID:4437
- sh -c getprop ro.yunos.version
  2⤵
  PID:4473
- getprop ro.yunos.version
  2⤵
  PID:4473

cn.wlantv.kznk:remote
1⤵
PID:4712

cn.wlantv.kznk:channel
1⤵
- Loads dropped Dex/Jar
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4968
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:5000
- getprop ro.board.platform
  2⤵
  PID:5000
- sh -c getprop ro.yunos.version
  2⤵
  PID:5035
- getprop ro.yunos.version
  2⤵
  PID:5035

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.wlantv.kznk/databases/MessageStore.db-journal

Filesize
512B

MD5
1a08b4e976f03ed1e167483d772f0cf8

SHA1
ba1eff3e6eb6337d4d2703649e596d122d5d0679

SHA256
92be37494affe1e94f401de8de5c9a98ec22a310da1cc9d9a7e812e910fd5547

SHA512
e0a54ba5492f0170846f0dd78f7fde77c0346bb774b56db34de6cbbe7fd32575da5167ba532a7f438888cacc146969d9f1fe22d4a68552ce06c638db385c40b4

Download Submit
/data/data/cn.wlantv.kznk/databases/MessageStore.db-wal

Filesize
48KB

MD5
89b4f95b7dc2683af5d68466cbffb32d

SHA1
5d4254e2dc1f1157a75fbe6d490d090ff3d71f47

SHA256
2b9b9edef2146c0fc5af90eebdfe04580bf6b52a9580c7ce77246c473ab69545

SHA512
942b5dfa7fb0b7b746bc69675f10d473eb2683f0f744a03969a3c636d6c6eee2a2154f16b44a2c680ab960e4c77a0836021797033c7db32052b7e79dd04e4773

Download Submit
/data/data/cn.wlantv.kznk/databases/MsgLogStore.db-journal

Filesize
512B

MD5
0c6e57d4393176c02ed1ff12a38d1073

SHA1
f3ebb78c3b0052f43f8885837180a1bbc50449ac

SHA256
7f3b8604c12901b08ce335e5bba20196372689f260edea4fde71652a71b570e4

SHA512
1a21f585abecdbd465b0d4e570b7db3340bccaa736e0a9fbd47ab0789195c3774a86c755ed43597957b11b7293a4ee90a096196b480065dd636ba09cb64c3fc9

Download Submit
/data/data/cn.wlantv.kznk/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
7f889c5920ffd40c055b4f10d1a15ca5

SHA1
0d5c8e049e1cbc545b8e622ab70c925883fd0f4e

SHA256
fefbe0702deb13260d509e831729d99faa1100a629bc5b0e16d8f38ca237ba06

SHA512
a3294d840a5f8761d61f452bf4585c995f06777a19515076220d021de60a798cecba247bd31e535a2ec46372de1de21e0881f3b394e7d18bd7a1248d7fa0e2c1

Download Submit
/data/data/cn.wlantv.kznk/databases/accs.db-shm

Filesize
48KB

MD5
2b96202a904eac25137a1b8747be0a92

SHA1
a89c434f000ab9f0675ec7a8d86b9af77cb9909f

SHA256
6d7e37c4d436b3eac7bf1edf13492890e85614384e4e8bf78471cfd92f611bea

SHA512
cb2ebc9d8cd0a41e5f0fe9688c8854f94542246d66cfbb5c1bf77f76ef19a15dc9e7312e994de3192be64ac0c50cbd9bcfd3d133bea9a84d88d836eefa378b79

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-journal

Filesize
512B

MD5
7e4bcff154c96d799e0f827392c19e5d

SHA1
465c81c15c059a6e61ec392bc28674be4ac2bb14

SHA256
191f62e8d63a01ccbd43a6706f5c27b4ec9e9146197dec5ddb5fb0391f7d3426

SHA512
cedfa94b66792d05f09550030e89e82be6fc4b326b71f82ed57db6a62455fedd29bcba0be4bfd3544a277d840ae6f3201c4a7c017adb056f8a1db68e994701e7

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-wal

Filesize
120KB

MD5
1d8eb3551ae1466295bf268bf8d87f99

SHA1
1da69be26703b61d9852ee318ff7472ef9247775

SHA256
d116c27601f83e0898322db5558dcffb51841680709dbbae65faa1b4fa7753df

SHA512
3804753a47ea975279339b7b23581278bb9a1f3e8fee95f3bab13b57c2516d325e69258387a75e24150ce346a324ea81e8eef76a182740d0a2149c3b4d094f65

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-wal

Filesize
277KB

MD5
910a0f04c3acb5be4a18948ad0e7209e

SHA1
13af6f9b9d9af338111a3e4d5f64c92066fe4f39

SHA256
9c93601a881049aeab6103f8ac5829389df23abc3e4040d1ceeb8ed546f15bc4

SHA512
2bfc7156512db54e6f1e743a64b66eaff333b24eb571ffedd529a0158cfb32322d6eae24d71fb04fb60c3cab138ae182ae20b1dc35754e83d406e6d4fd71978d

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-wal

Filesize
398KB

MD5
64974e8865a6f36b82a75e29284a3a85

SHA1
e1e73531ed6204e8768e4df3c2dfedfba663a39b

SHA256
c8c9756851c3f81d29f756dd03c9e7d307fb5cbdfa8c634b3406444400a3b98c

SHA512
ba1226d2ad1ad5044696fca2d8c743f897ec453736bc496ff59e9ad773824d3ebaa38b36b107ed9b67d6a6df5cf2b453c70efc7b75878345f5a281f5531b7fe2

Download Submit
/data/data/cn.wlantv.kznk/databases/bugly_db_legu-wal

Filesize
92KB

MD5
7ecc6bf600ef465f4145d67bb90cee99

SHA1
cf197924b678cdd9c166bbe536b3013e5eae3df8

SHA256
aeee1b6118d101850e69651ac95c026c3869566de166aab5e6b2a886b1936cec

SHA512
73c7fc8f4fde7135f2ee77008f2eae1a19a0bd13c39d53094bfc3a4b37ca9660665afade7154f18adaa2e4e4dbc01908e813961c7a7cafad1cb188a505b99f8f

Download Submit
/data/data/cn.wlantv.kznk/databases/message_accs_db

Filesize
36KB

MD5
c2b5e4b47d81f600d651889e77b2aeda

SHA1
2135a232f84a9294068d3d16705e63e16a587b41

SHA256
a2d9d7bc5fecc1f62dab002547026ddf61f3517bd93644dff26681996567653b

SHA512
c7c6c5eaffbd8ae710da483406263cb0d2bb96914f658ea5c93519871e70d975ca4e88a5a4c6dfa7cfdf695e5ea9ef1a38a3892a189a573a8e346fea7d181484

Download Submit
/data/data/cn.wlantv.kznk/databases/message_accs_db-journal

Filesize
68KB

MD5
66d79eb88a60a914f441b2a852e30677

SHA1
f214e1fd649f8fc1222a966e340f5a39f156aa74

SHA256
9b4bd3abe0422d7e1c6da2a8aa9483b72c7518b40021fcf36e4a0670566f7687

SHA512
d97d5c0d440a470b47d5a607e5420422a1bde0738bbe06ccce145aae3154c78dad36c2a1e038d80bf199c705a9ca44d11fa1046c7cbc05deeb9b43fe96bcdfeb

Download Submit
/data/data/cn.wlantv.kznk/databases/message_accs_db-wal

Filesize
48KB

MD5
963d65d8f70c150048501e3e976ca05c

SHA1
405e061345b4f2437a59d5b2c8c0eae0792c0de2

SHA256
f31ff1db09e6e4ad030bb2ff0f0b6696ee733257c7a84a6f1fe870da5cd6eb69

SHA512
8da61b5f30adaa9e06167a8aae631b3f9b3b45691f8a05482da345b0d5e8d33d278edae40f58134c5684333159b0862e72e7d3e6bffeff597ceaba172e07edbe

Download Submit
/data/data/cn.wlantv.kznk/files/agoo.pid

Filesize
4KB

MD5
9671cb455c185ded7171bfd9dcdcabd3

SHA1
73a70d84cce102f6b9d18ffa3b0fa3d209c3b008

SHA256
b98f059937553f6dc92055cd7b68beed0357fdfada11e884224264441a496ec8

SHA512
1838e29404cbe99ec3f220183154187adb6042733a87dfbb2c5ff265df76c4f248c490aca77d016e2a67884f78b9dd12d4188a584415babb88fbe2b1712467d8

Download Submit
/data/data/cn.wlantv.kznk/files/libcuid.so

Filesize
4KB

MD5
55defa0566e038db247ce3ae24e21019

SHA1
11b53c4dd2c4f190dd0df389f893854f073a9ab4

SHA256
d43b06307db6013fdacc816537de3f5f1bf17c5126d14a02e974e331d6f2a867

SHA512
5616210c0c52dbc7033928e1a732e49b582e757fb96b43473fa4cd0f145c61050f5bac9a7c7e5175c376008b9f6d300b0581274b5e541a63e52e875742e8cd64

Download Submit
/data/data/cn.wlantv.kznk/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/data/cn.wlantv.kznk/tinker_server/4ba8f6a25cec699e_version.info

Filesize
184B

MD5
59f070547a454a7a37f112846ad1aae3

SHA1
437d80e8e6b12ac23ddde49d18c872df1b8312f2

SHA256
4e74920fc7f07416b8db7c8775773a3bb17e4ef5d2443d4573b4e67ff7a10137

SHA512
b1012d2b32050c30af42f8bad77f0a00e983678d8313fdcebe8611100a87fc8e4bd54850ee1cc256807e47a6aacbee48342d6c956fd3cbdd0d11699d1afb4608

Download Submit
/data/data/cn.wlantv.kznk/unicorn#cheese#

Filesize
746B

MD5
27f33140855f9ac4740a73e1c42dea43

SHA1
358595ca103a2d51190d131029da50d0a4407dbf

SHA256
26efc7d1d743e07538f29dfb77c5e12e615b56532b7adfa4f656c5d342f7cc88

SHA512
aff8826aebb31424a60c37fa7994c08315837d7a288a6c5b075d6c10d291202be9ad7bf5c49117480b70e31f05c10cedcb72ae7d96c8e20c87bd88b0e65618e2

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
ed70ab5a024a1a9897235215b6c09a71

SHA1
8f155f2bd04b3d2387b60542c0298833446c6079

SHA256
3582b62efdaa83d3b5ca9cd5f6c0730beb610e1ae397cb0be1d768ab87bb2386

SHA512
e06d0b9cc96125acbf1d992a27afce7986affb868982c2b0a89f12ab2fafe9e9e60998306310f0296e54a26e93d1002539cb9e20931a4b3d845af220239ef71a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
0616744ae1c1f3674d850fda4641257c

SHA1
f7d7c8451851f03e463a3baab954017013d054c2

SHA256
67e3f6c8974912a1115f5f2049e93a18d5070d8ebd82754bae532f0bc9a6d456

SHA512
dc99c19a190c012f01e39efb76c734bef749abd265608ff1c168c13f71f3d92371a942b210f56bce9e49efa2aa8c45991448425e1fc49c1c5271e1b45859b756

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
64KB

MD5
9487a28ff2ce2e7531c4bbb32390dfb8

SHA1
d63249072c755734da864853464a460b211c18d1

SHA256
4d3870c8671e272536e6cfbd72b977e11c428ca0e2c107890d948fb069942cbc

SHA512
662410b535569c198ceed8d6d951e4db20813d8b3d64dcb933983ea78ae9a0dff5a87a421bd5ae557d501ba45a54f4ab7032ed30d2aca859b4c831681cabefd2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
328b7eaa05c8863f1b597e6aa11c3d78

SHA1
6db66155b688fd2d16af42b11ffdecd2db66c6b3

SHA256
dcb9f00d050e7d3224ed67563982697e8e6bb4daa45a11c80f3bd517f0b3dbe2

SHA512
57a80c306514a8428397add1d14591271785e1860286bd0ff23f8400a968301597cd96cd87035c4af02b6c8ae559d402474c389555af456a4fd4d910d075e802

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f04bb6cd2f1965293af2bb5a345ed425

SHA1
31db01bd6e69f6e2e3cdf8b16fe844fbc64e9b13

SHA256
7c6367470dfb4009d92e70a7a2b4cbbfc942486be5b50bd23b5b7d43d202018a

SHA512
43625959383a17b34c7e783765a790029d1d1c5ab70869efe20a33a23d8577c7d3d3cf6da4dcd3de38eb03e3a4f2ab265452dd8b7bc358f98cd903efd4feaea4

Download Submit
/storage/emulated/0/Android/data/cn.wlantv.kznk/files/com.qiyukf.unicorn/log/tmp_u_20240101

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
512B

MD5
7f8d641ed526e9d3ac3b54946a4fefbc

SHA1
d0dbaf3120ff505e9ada6b0edcc95dabc9042a8d

SHA256
71a08599ec658ce8d847f4975d674f22daa0673ac010518e8c917da2860b13bd

SHA512
8077bdf8d1012bb20468f8f5f3269a6d9a879a444d8cb554daec4c8be2de61b477c813a85005ce29b39c48aa6cafe0231415d676ba252cf279337baed4f23e44

Download Submit