70a59b1b9cdadca68c63d4fbf667a7186a009a458bf99f070afa9f4dee334694

Analysis

max time kernel
3254834s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
30/12/2023, 12:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

194647b5e8a70f5a13afb62df279db61.apk
Size

4.7MB
MD5

194647b5e8a70f5a13afb62df279db61
SHA1

f0e29d2c660a659f39a6c2d1da334b4318dd5e11
SHA256

70a59b1b9cdadca68c63d4fbf667a7186a009a458bf99f070afa9f4dee334694
SHA512

3544bd87acf6563b1357d6ed5c9e8d260046db1e8e94891afaf278e64bea0903453812d40a02876684ee1417d8d75eead351557149bfbaeb297718a1fb317f25
SSDEEP

98304:5hcNuOPN6hTIk9yzWMDGAtFFy97LEcp75lCyuPGVaF:G0hTSpf+7LKfF

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.kk.formula

Checks known Qemu files. 4 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.kk.formula
/sys/qemu_trace	com.kk.formula
/system/lib/libc_malloc_debug_qemu.so	com.kk.formula:pushservice
/sys/qemu_trace	com.kk.formula:pushservice

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.kk.formula
/dev/qemu_pipe	com.kk.formula
/dev/socket/qemud	com.kk.formula:pushservice
/dev/qemu_pipe	com.kk.formula:pushservice

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar	4282	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.kk.formula/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar	4247	com.kk.formula

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kk.formula
Framework API call	javax.crypto.Cipher.doFinal	com.kk.formula:pushservice

com.kk.formula
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.kk.formula/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4282

com.kk.formula:pushservice
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4345

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
88KB

MD5
36bb0819084fb7cdfdf825af50d6eacc

SHA1
f2bd540d0f882b56c682115a9d86f66df0a76c24

SHA256
f56d1c3e7d476b2ae05bff33e59e833b3b3cc79e5ac5475c9b1376afacd30871

SHA512
4362c3ee2c4768d6bb2902581ed97bc11648f3829ce9703ec503eb417ac49199f81240c1f60a027f907298304ee6aad4760264af587fe2cbc35175d4c1be4141

Download Submit
/data/data/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
c07a9cd78cba123ebfad22ac2604cd0b

SHA1
f5d856fb737790611033701d08476ed609b408c8

SHA256
28ea32389db7edbb147928d27b2994a042fb09173ea126abd6f407a0a895c872

SHA512
05da6bf460920e5d51339919a8866e9cc454929e98e8523c224148b219b49e3d6b9e590b912989b0787c5616da05c2390ce05abd60a6e8afd75f5f07477ad121

Download Submit
/data/data/com.kk.formula/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.kk.formula/databases/Formula.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kk.formula/databases/Formula.db-journal

Filesize
512B

MD5
52172197f8ffe0dd893babd57332ab11

SHA1
84038b5b84ab07210cf0d9dd45f4301d67fb8795

SHA256
265744ee65b8d1294ba860335fc2f0b32fa5b1588e9dec42ff4aa196a2692698

SHA512
00d69372ff39761597a03a92c2cb7373de7c9a38a3b098740afd1730dab37dfbc29cc7253e21558ba72c880facb1e3e06346c58aeedd03677f522913f477a07f

Download Submit
/data/data/com.kk.formula/databases/Formula.db-wal

Filesize
32KB

MD5
d48f766e633498ce25001338a63151be

SHA1
0f9ee02e183cc9e3c5b0e89c9a810b8de165b0cc

SHA256
1fc34db9b92ab5f6689a817a81c0950877ff9ac6e9436bb6958ccfba90c92f64

SHA512
591556f49acc2a26e4ceb81e9ebd334aa034aa4bff0a0f2f33ffdb62f9fac001d4e88cc2c3d8cd0f9d49072a027fd839bcfc0f522d7d38217dbddce88fc7f82e

Download Submit
/data/data/com.kk.formula/databases/GDTSDK.db

Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/com.kk.formula/databases/GDTSDK.db-journal

Filesize
512B

MD5
2708891a7edf4541f98c09e3f0e2e565

SHA1
6128db776b239f18608d38bcec1e756f9d90fea8

SHA256
93da807376cd975205d23db796e36870767455b8ef914b27b898a1ae565c5681

SHA512
1afbe4750c29230532b21b3c85de97f8717f0e6c3622f4b02032d767f59af12df6a661b67ad5e2ed7ccb21fe70b934a323a0a3eb5f56b6acc336dd5cb99db691

Download Submit
/data/data/com.kk.formula/databases/GDTSDK.db-wal

Filesize
36KB

MD5
56997b28eb4390efa368b56f5358d28e

SHA1
5aa726eb81b35c5b21d919276953133eddeb5e56

SHA256
86ae617b52af7091acce9a44b2915f560d70d7e13dacee7f24ee0e698816dc35

SHA512
2946dca253b907a50536e53fc06a30e7c7f4d3f90296c30ea8d6fd6239d75be36814a8c5e81067d8d1d99f59d9983b4c7c47173b2e93426da63a5b374b049641

Download Submit
/data/data/com.kk.formula/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.kk.formula/databases/cc/cc.db-journal

Filesize
512B

MD5
95bf4e0ef239b310edb63c58f6a0fc92

SHA1
62415cdb96818e97ce6d89777d5cd038cd565225

SHA256
bcd9c7e2947d6d6cbefd62cfcf66b72a4e5b9a9715edfafb6bd2a821fc0f7a6a

SHA512
ad8a155be9528830f887f94e5bff91334d0e706563212bf58a3abcf45d1aea1e2bfba93be184eacd22ad28c06f19b305720a7e9c1d8d92c650cfd251575114c2

Download Submit
/data/data/com.kk.formula/databases/cc/cc.db-wal

Filesize
48KB

MD5
94188818a227308011ee89ed203b5c9c

SHA1
828be3eeaccf19c73c5195788ec53eabfd94fb79

SHA256
5257fae7b01818872914fd068031d6f677da5e3f8c74e2b56cc6359d53ac7391

SHA512
a6c7db664100f60c182d869de342189345ed5dc77fac62ed9e582ff6afa3472446c993cbd19477ca1e45a675218ab43160361db1deacae398cb284acd128db17

Download Submit
/data/data/com.kk.formula/databases/pushsdk.db-journal

Filesize
32KB

MD5
7b75bcdb4e118571327d512cda7bccd6

SHA1
37abcd01126ec54b11dd6f66f85fbe06d1567a68

SHA256
e3e52f9462784c7a3e145d23c9e2a95bb4f6cac305b7d82d4bfda937cab94ec6

SHA512
6b90de83e209ff895c044134c428f7a41e118eb4a43efb79f54cd19ab2212e0acd72af4bc9c893d3c1595b51dbb79eec0136f60dceaca8aa10a3247c562b6e08

Download Submit
/data/data/com.kk.formula/databases/pushsdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.kk.formula/databases/pushsdk.db-wal

Filesize
76KB

MD5
9d6d3f2a11e7080ecc3bb996ddb589a8

SHA1
59a61d6e331f6a988c47f733aebc067631a58b66

SHA256
5287ef411127a81a568cad6562182e20e6b9e33b168bf255262639fb429158f0

SHA512
ef0c71095303dc8278cb957f285ce7bdf37101372cdc5aa030d41f95b737a43452c5fd7554740d12556d7fbeb3669e360dd442e3dd70f78fbe022aed66a879ed

Download Submit
/data/data/com.kk.formula/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f7622e664f707f9aa9c7f53cf8e3a6a3

SHA1
5ac2033563f8988eb0dd92462dfe626050fee544

SHA256
60b179e7cd8df36bbb50e6e643532baf65fab89f7c047cc29b5ff576d0c5e043

SHA512
80f8cd57992aee43ed34cdf30fa14f318851adb8ff9c313a8bced55ba035ed896e98f37ff60f12cef713b0c7d3fed09db864f547397c8950106f2fc8de29a50a

Download Submit
/data/data/com.kk.formula/files/hdid.bck

Filesize
140B

MD5
1d8f95af2b22279c0bce2735cd34e0ba

SHA1
5d32a6471f2252bdf0855437af9e9476d59bb4ea

SHA256
f7e677cea5d646dce9b54eb0f3108904f90f7139217fe7245e6e585cde606686

SHA512
6874fd25d97873e89c1bb6ea56e33f454d764ef9eac16f51fea23a950c40ecb8b8beeb4b1b66a46d9f22aa989f9000b7ccaa54aadff4273bea8d2d9a77ded700

Download Submit
/data/data/com.kk.formula/files/hdid_v2

Filesize
268B

MD5
e1c011ec7903d16709e735f458ebcaa0

SHA1
5161f0151101260ea54d8d1ba75d87e680370a05

SHA256
e6b6188bdee11cec2c02fc8d7255aeed2e35bb9e7bc4367209ff053b9abaa4db

SHA512
fa9fdeb175c5968afed5536fb69ec2835e5c748905023848ddcb32cd87bdac32929093d9324673fbb42f02607dfbe0243491cd8507f47768b37e0f45399b2bd4

Download Submit
/data/data/com.kk.formula/files/hdstatis_cache_28bf1442

Filesize
3KB

MD5
2b504edfd4c91f146067c8840c982cf6

SHA1
7334819af0dd21e975bc3895ac56d4b60dd8cdbc

SHA256
68a59d6b11e0a086aeeccf831032e0e8d196c25fec30aee26ef85ddb54b42795

SHA512
0d96ea5a97ec99f8b7fbea2a867e0e428c5cc11c0980cf7b4ad1458657b9621676d8e2fbd887c238721b4102e1c4547aec707b01415314d252baaadf0369ffde

Download Submit
/data/data/com.kk.formula/files/mobclick_agent_cached_com.kk.formula44

Filesize
3KB

MD5
0fb12fb7fd2dfa083142ba326a286b61

SHA1
9b922db90e5afdd93f9ba0e34c0cf18e5ca880fa

SHA256
a54940062c1cbdc27e37bbeb2af9e3154d256f82807490f0eb56c8a19cc49828

SHA512
1d95b1b7669cad4a4369d1fb63ea2221333d532fae85eed9a207bf0190345bd0b2b82c2e1733d40bd0f77f8eefe67e780310a3b81b39be6613d6277f5f66db38

Download Submit
/data/data/com.kk.formula/files/mobclick_agent_cached_com.kk.formula44

Filesize
3KB

MD5
642ef97cd9069119fca29405c2c4bbec

SHA1
383bb153967a65de25eeff482676b45d54603838

SHA256
e00c45c123b4e81cb60e59a64cc290b21299c9cae2b5f56eeb049dc6deb31e49

SHA512
3c13f21e6658257562d68e2a33422b9c1125f27aaabb0cd7467b90c4e027a45ff56d94afc185f48cd227dfb9b77f5ef30063c1c6419058211bac97a500f5d540

Download Submit
/data/data/com.kk.formula/files/mobclick_agent_cached_com.kk.formula44

Filesize
3KB

MD5
435f04dbccae80879b82ff3b093bad0a

SHA1
413c9573d9de94a2969e017744cf7d71c23d0034

SHA256
f38ff461e6701372c4cede12d1df9837d6bb86972ac08ce2919f192a73c8a5f3

SHA512
4e5500c7fd8199a535da283c1b4103c84a93f01a91b117b22b4e7c6fbc01814a69d293121ed58ab739820fe69c14989ef1220be5f04100d08015df82e3395416

Download Submit
/data/data/com.kk.formula/files/umeng_it.cache

Filesize
415B

MD5
6656ba75db2e901f96e985412e76ed54

SHA1
6ff2cf438fb1668220a966db745c7f2ddff7fc4e

SHA256
c1054d2bc3a280a0a7763f1140c17dcfed617d08efeec5acda7d59a34ff9a8f9

SHA512
e4b92f743fbcb0d38480d0d44be9cfed17e648b8e1ba675c830d2d0d9eba8b99584edad14651df45d1d75a19770248959897c839f5a543c86dd3244ead0d1933

Download Submit
/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
333KB

MD5
be0867e923abb109e9d77ab2469cfc72

SHA1
1741c2672714f4f258ff03930a951fb741c372f4

SHA256
d4ef58dbcb87b7998b0fdd112a2cf7108857434d24be079265662cf93dbfaa51

SHA512
19589af875576d615d51980132ac60839cfb32187121335777aefe30aa42547434dce5d6ac473e611c69279c2c210acf159cb67a9aa168ef050773935f1a08f2

Download Submit
/data/user/0/com.kk.formula/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
333KB

MD5
b97d8ce8d7ede2c41383c7937c8b8bb0

SHA1
c6cfbfb43619a1da7bdfce7c673dfff580921675

SHA256
7a731d4f3f167aecc6413b9821e4997331d4ed010152248d7b2dc5fec5e4c14a

SHA512
7eab78aa6b6addd650939cf79ec8af1756ab7c9a9f1e4936551637037344dec480185161b82812440bc99c3efa32be21975a5f8ca9256838edbd82bcab496330

Download Submit
/storage/emulated/0/.android/Global

Filesize
140B

MD5
a279d231c6a2b96867986da7b12d0f24

SHA1
e2a5ee352c448bc66cacc86222edfe0da15b3b74

SHA256
75bb8a95195aa96619b82162033975a03feb40314209f271359ba25cd97f512a

SHA512
6fb70e20e9f0bd289fe1e75b3b4886a7267cb7c3ff9a621cbdb50e4eb48d20ea7e191cc33cddcb3ce95c1cedb8f81e0af10bc6bcbbcebd09cc6880f72d0999d1

Download Submit
/storage/emulated/0/.android/hdcltid.ini

Filesize
34B

MD5
ef8c1468ca781d49e9d7d35bdc0dbfc9

SHA1
9ba8acc077c8c029d796d609b9719fd518b4dfa5

SHA256
fc8ce91c58b18930c49772a961efe76b39b913c6be2af0dd63c5ccaa7e860caa

SHA512
0033b473042d6f4d1d1731086c31813b9bfd28ee8ec2c74641bf3ea40ee601404a71ef6aecdd8b757b66586f53ed9f5c10b0452da40c00289d364165f5a5c7e4

Download Submit
/storage/emulated/0/hiidosdk/hdstatis/com.kk.formula/hdstatis_20231231.log

Filesize
68B

MD5
a0b48f2678f5e04e6985009500a2b221

SHA1
be1519577016e2220e472fbb211678c356a1305c

SHA256
2f7cd4c87379300d060c1644428da69392d42dd9550bc779e212a688b5c2b7a8

SHA512
bc7e725d20bf0aedb0041c75515d011aa1bd39882bb7767322cf70a16804d349861c59426305ceb504027157de1b725274716d1edfa444e58ab16897d2258128

Download Submit
/storage/emulated/0/hiidosdk/hdstatis/com.kk.formula/hdstatis_20231231.log

Filesize
63B

MD5
cfda2bb20a94a27ac13e626f7686d169

SHA1
8b2590bc5084cdbc2e4a7c759465168cc8336f9e

SHA256
257a5736d2179ce96e85c5f154424e54b4be3af58456d610ede32975f3c668e5

SHA512
bb599faf3e74d34be011c19715f2f3a8c1ae91fbafcd253f1f8f8e43d82106870ce302e36ef56ccb247d8388a4ec0256aff65f5cb44a03231fac226c278b7fae

Download Submit
/storage/emulated/0/hiidosdk/hdstatis/com.kk.formula/hdstatis_20231231.log

Filesize
64B

MD5
3d5e5cda0f970dbfd7093a48890102d6

SHA1
3b5544a4ed78a0b9f609126c169dd8096880a9ee

SHA256
bff8159a4a85b2f3e329a2e2df526f161394e9225646421d2aed84278a0efaa8

SHA512
713a7f9784f040ea2a9ef4a4b9d4bfe00e1a71119237a9aeccb0d38f603c25473e31bda24087359414e3b53fb3366c25a6db0f77af95e7d337d0b60153679721

Download Submit
/storage/emulated/0/hiidosdk/hdstatis/com.kk.formula/hdstatis_20231231.log

Filesize
66B

MD5
960b0add5f4b9cd594a8ced6956a0b5c

SHA1
0f955686cdeaf19955e71256b1d665d3be4f6760

SHA256
6a3aad3d7e56aff964d09f080f951fd03617dd8a9e0aeb79914d8ce8d3e97246

SHA512
129c45aef907c981565395bf04c88a30c3dae13271edc53bcc4d8a916a759009bb1592faf346b5ab72ecc2662e8c52307e0282e0ac5484698ce7699787df8ee3

Download Submit
/storage/emulated/0/kkformula/dict/formula.db

Filesize
3.4MB

MD5
bcbeedc77d66ac329db5644b4076d6e0

SHA1
6d818355de0e9c8ca003560127c52502c2a43c5a

SHA256
96d7cb0c6b0052bcb676d7bd71a292f68ec8bf4946fac852091559235240dad3

SHA512
81d91dfb3357d4eb3ef5febeb6fa8901e50091005c3799ea387c152b8d540b04f8d8cceaa8e27eeaea028a4c808784ae754f92b7eb4a707b6d7b724734e1b27f

Download Submit
/storage/emulated/0/libs/com.kk.formula.bin

Filesize
141KB

MD5
ead7844f73ce2a8acaf2af81e0b3e797

SHA1
7e1e035491aeae0eb566b217b33143d119bce756

SHA256
cff4f33449e2fb1937adee9080f59ffd0bfd2eef9fc01c1fbba5d3adbf02fea5

SHA512
60ceadc619cf5ba4e4bc5d260d218ca29efc7c0e4ded635a6353548ab14143a7653af396181ce287015009f0af73848d5b041c91904f43ef2bd5a07e2a57f5d3

Download Submit