b43fee5d2da27d8c2adc00d5298871c022fc205e29c295674507b432f443e33b

Analysis

max time kernel
3262791s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
30-12-2023 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a76d8515a8c2dfa223c84beb8ffef1d.apk
Size

14.3MB
MD5

1a76d8515a8c2dfa223c84beb8ffef1d
SHA1

10245f6de9326139addfe549256b82fde33c0b37
SHA256

b43fee5d2da27d8c2adc00d5298871c022fc205e29c295674507b432f443e33b
SHA512

4f4cbe80da7fcff09808239ea208a82136bde11a397f6b814ed6fa222f8898e457b5b65c0561d310a0301fbffd6416bb80c4049f01d2b2e68191c0a352076e23
SSDEEP

393216:ZMQ0xCOp726ZSJ2RueeaokmQ4PDyApnFBqyaHiP:ZMXxHZMER3xVmQ4LyInF19P

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ninexiu.sixninexiu
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ninexiu.sixninexiu:remote

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ninexiu.sixninexiu:pushservice

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ninexiu.sixninexiu:remote

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ninexiu.sixninexiu
Framework API call	javax.crypto.Cipher.doFinal	com.ninexiu.sixninexiu:remote

com.ninexiu.sixninexiu
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4257
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4301
- getprop ro.board.platform
  2⤵
  PID:4301
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4452
- getprop ro.miui.ui.version.name
  2⤵
  PID:4452

com.ninexiu.sixninexiu:pushservice
1⤵
- Acquires the wake lock
PID:4323

com.ninexiu.sixninexiu:remote
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4378

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ninexiu.sixninexiu/app_crashrecord/1004

Filesize
231B

MD5
13a3d91cbb29820fe8d1ba820fd77e2f

SHA1
8e7e75984cb5f15da205a0b4d7583847069dc343

SHA256
5d7d24566cf828d4113bdc4c0874dd2199e5b88d18dbe8f1f294de9a8b51f5b2

SHA512
d60d3aebcf4d024ea9500ce0c036b6d12ccacdb24dee115960a06494fedb9db136e03a8d4695e98c6a2a7c2a3ef1ab70f2c18d76c00199789d3e02019cea7869

Download Submit
/data/data/com.ninexiu.sixninexiu/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/bugly_db_-journal

Filesize
512B

MD5
f7f25af82532f84bd15daccceb9a832b

SHA1
16199239ea1eed176bf1f39e4563b7e8c9d445ef

SHA256
5b2d8f69c5fe8f460efa1149239ea2ba8611b4d38c448cfdc6574fbd2a5d52ea

SHA512
b2b560c67e91e595692310f44d391375d381c752aea62f1c395a90aa42a8ea5beaf7674911283872583c952cfbf9a9c1bb2679b296c690dd6859aff93aea5303

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/bugly_db_-wal

Filesize
80KB

MD5
4be0de2522f08472d1aaba22d111a0a5

SHA1
c39dbb5da60d0b6290537a42d589ba831ea64f09

SHA256
5349022b68f1f3b53900500be9570ea40a81b33009aa89bdb3264b2187ddb3cd

SHA512
9283d4c9e8e83e6e90f3af5654ac59b0089f3c4897ec81c95d8bbbb623641db5af69f8e5a6df82f9aef3c3a3e391d5aecb2f34e05e14e8978dee11166afbe109

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/cc/cc.db-journal

Filesize
512B

MD5
786ce56162209696d66f71c9a29dfdcd

SHA1
7bf02c609e6d303cbf42a45dcea2e6a725b4cb74

SHA256
2a9760a7ae2e43ef4f04010204b5b10617bb6744f3fd09cbaec52dc46e045d09

SHA512
c3297df7f9c0c4aa4d7178bd6ae2921cb8a34494eaf3ae09834795d6c4bb6082f15f24c4e3c20957ef66bff18d20348aa60be94469d032f76d3e0902c5838dba

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/cc/cc.db-wal

Filesize
8KB

MD5
e17982d56b87ccba4f40063381bf46cd

SHA1
89c3524def2a203ba48d318c089511da53d2f6b5

SHA256
cb9db70896cc83dfefc25cae3c1fe3165141e5d033939baa1c72133ae2813975

SHA512
8fda223a67c8d1d3e8bd9f77b78b6bd090a67cff7f05961a22d08db974f2c9ab57f5ad05fa0b835bd713f07aeb0c4873f732a5d79a55cf05b92485361ed41fa2

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/cc/cc.db-wal

Filesize
16KB

MD5
274c3e281df42b723b4197e2ba4d8bd8

SHA1
5f96592d9d1ab046186b05e3ce4678454ed7bd76

SHA256
fffb103959c5a33fe6eb0a2a31c787770e0566995c30c389aedadd1a8ba2922e

SHA512
c406f7c058cee23a2242cfb7c9a50539ea70da14bda4cb23383844c3c76d83cf6d7f198bacecb30e9fd99d9cd8385f6925e5a462b7944a44456ccb9f247fbf15

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/nineshow.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/nineshow.db-journal

Filesize
512B

MD5
e620dd5c0b8de0d361b60444ee6eb0f9

SHA1
5ef7e1ed5c313257c3316d658748ba7952f5cf2a

SHA256
24c3e6b5f8a682fbd4966de3b3fd015814cefc7034eb2cd3597886ac0f9493d9

SHA512
8528bc1c67e96e8f3250c2e76df69d72a23592168fb040c07375f8963d923e9fca97b57fa81eb7145f46f4d249b8853db9092f69ed154fe346ae1cbcfeff0c89

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/nineshow.db-wal

Filesize
16KB

MD5
367673af2ec75ba9fa7147031cef8041

SHA1
17407b347b681161527fbd9936ee6f3472eb9fd6

SHA256
f07be8173be73833ea31f1b1439936223d37365eebec134b6b222c0124c7cdb1

SHA512
8c8a906441cb1724d904a5b052e4a181505f649e24b0be1d69960f22b646437eaf2457383e2102d87442298256e8e67b9c0a02f9dadfdd3d9136f616d25a7e26

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/pushsdk.db-journal

Filesize
40KB

MD5
97ef4d5ec6ab66caaf9896d90efbb56e

SHA1
17c6c22f7d7693de4dc56f8a2927ce980a8a3df6

SHA256
c080ca67c7e1144a158e7c8f8261b994862e98539038353d1753b820c0e01f32

SHA512
fd66cea8cdfe8ce5ded2d0c0df0dbf35faf95c6a8e30c74b08fb9390f855a7f38f7c8a5c2f651ac2f09afcc2ddf95c20dd291b93aeef1adabb8b6ef14f946846

Download Submit
/data/data/com.ninexiu.sixninexiu/databases/pushsdk.db-wal

Filesize
28KB

MD5
8980f364553147b1f53a288cb17df04d

SHA1
6c9bd745ccdfe82e780d1f9ea84552324dc9fc95

SHA256
9d608e70a3962f64c4218fff4958e77501fb32a8c86c603905ef048b6ae225f9

SHA512
798a4e2c6d7385366efc532cb38de2ab94257f711b1e298017fd71b4c282ad2589c41a1f88b77e00f1194d9b97682bdcdae26bff1da92203c343b91a891b8f6a

Download Submit
/data/data/com.ninexiu.sixninexiu/files/.um/um_cache_1704069766655.env

Filesize
1KB

MD5
2273c39bb0ce856dae0cc26043c6f950

SHA1
de1a732e501cf139b14996b8b37ed3d99835f6b2

SHA256
c81d143179a4c796fddd0dbcdc6cb9c9125b35ccf106fc6891f3a9c76f9f2c5b

SHA512
cab414cf93c2f4baa8615d6876c6ad694773b1ece5679347f78d58202fcf3857202fdd50a37644efe3f6acf458b11292355cf09f3434d78efad32a632f238d79

Download Submit
/data/data/com.ninexiu.sixninexiu/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3198443b76981cedfb00f91fd6031654

SHA1
9d59e3d9511af9d7560dd19504264dd641056dd2

SHA256
697014dd0bbe47862654f12db6972721a274ed556a80e90a2989ca5a705ea4d5

SHA512
8eda4341bea80b90d23704125c4313bb88170fa2236b40af328250741eab7b9b46499c2b5431eb3f422db0a01584967a76ce5ed29ca3d51d7715e9ad44709c08

Download Submit
/data/data/com.ninexiu.sixninexiu/files/init_c.pid

Filesize
4KB

MD5
61feace58ddd133fcb080010701d91fa

SHA1
d4564d525223b222d928ca0f2d2da7c73965abfa

SHA256
03de9bdfcb6eddeb7e9e8341993bec38a09a4a8e01cd6d0c7e40c5728b0e4011

SHA512
b814ad45e29b6fa4ad82ddcbd12728bcdb23a09a32975ea4c8c4c7da21ac26777d7fb34ff74e4660583b935bdb89c68e4e5b03fd06b1a8c1a76b8666995e2c24

Download Submit
/data/data/com.ninexiu.sixninexiu/files/libcuid.so

Filesize
129B

MD5
365bfb5a218a3acb2210403862c2a125

SHA1
1fda45df83d91ab2c538d732f457efe06badca38

SHA256
8e2e68cde885c00c481673c1c86b0958196440adf6360b9b3d8f54dc9fdcc45b

SHA512
5f46e5274e1b26c8618c56d0442bfdd36328e1cff59fc027b8b88cef5d9b3aa829fa79fda455074b7920e589cecd5f5c1b7bc27152a9b307bea48a439402f806

Download Submit
/data/data/com.ninexiu.sixninexiu/files/mobclick_agent_cached_com.ninexiu.sixninexiu107

Filesize
2KB

MD5
03d14eda5243e22a4fb997a9103c2fd6

SHA1
86efcb4dc85d44ec4f51b36e5d5b531c0ba1aa74

SHA256
238ba6618b961e56c8741d2b22e93c51b62ea9e5153ee21b5c3ab9d673b2e4fc

SHA512
2ced6b91809d6768188bbf68b7f3ec7a9673b6a4301706a925a977a2c72e6f32aa897a91b220a33d61dd3cdab2bae47ebdca136ba59a8e8e929ba90d19c33195

Download Submit
/data/data/com.ninexiu.sixninexiu/files/umeng_it.cache

Filesize
415B

MD5
c7ed7d317f67866d364c91d67e7ed79a

SHA1
840c9003e28d39d32908ae373b99455a2de1fa0d

SHA256
3aa244e45151952cd49220112fb7cf94e48cd1d02b5b7dae19bca82a0de821c6

SHA512
09f42d53edbf9c5eeab6c0477ae2348cbfb62b46a760c64027daf9955039d34d453e7c8859f23fb636f767969e8c0c3e55ab63fa70662d35ee48ff95354459a1

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yoh.dat

Filesize
512B

MD5
dbbe3032b5321f0ddf6a4d0e03a7b0c0

SHA1
1e5d02f4c6ab00bd167cff85b152801b1a1db9fe

SHA256
d9fb7c30168eccddbc606e1d977e89e17a02bffc8e8db3edea067b807f34cba0

SHA512
6d81b0372564682b6918f0068a37b09cf96660f7f32628f9afcee5066e4217052fce7839aebb05f665d26c2cb5447dbf3ee6a8f82d0ace455978b998d587f2c8

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yoh.dat

Filesize
80KB

MD5
3a5b2670c4e3002f2f72389ce6d55e73

SHA1
514075dfd2b17dd2c948fe777be455c4ef70fd91

SHA256
2da11b9b618923415bc8f36087757a182e4f5c1d178db2d62ba06e8953104a05

SHA512
6b3bab0470965b97a71f25817959a13351d68013c85213093634ad4f37496615e5d60b1e720910f61b4fe1fbec36bb7c787de83c6ecb0ee3e92aa0e7e3885c8b

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yol.dat

Filesize
58B

MD5
a383a6e5bd96c4499ec3ecdba40a0245

SHA1
a36105c52119159a62345fdc31b93365f90c3388

SHA256
0ece373a4ca16ee1a82e9cee9a0804b964d65230f5b7b8801486ea5b17bca104

SHA512
1c78b0cffe4d3e1b3cc04b6374aaf129032a7bb6172e17da4ab80cd5ae2ccbf07a7a067ff00eb52c0b39efbeec929cbb7635437119fbefb080ba251d4856fb0b

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yol.dat

Filesize
36KB

MD5
c9d7bed35ace84417c52ae294d3db45d

SHA1
42b48bf136e26efdb8dca8103b8df989bed1b650

SHA256
32c02438e00455f536e7e5a56f1e2791d7f442ea9be3e40469c7016ced62f2f4

SHA512
d8395f38da71a11c9672fd990b759b2a0e5fd731dbb7d4fca92e7aecf0e4494873f676400deb728b323cc43aec1b95dbe97aa070698042b864736edb9a49ae01

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yom.dat

Filesize
231B

MD5
b5a21bfe8e9f14ccda860cc3c4982c03

SHA1
6016034ebbe7c50c40409ddfdefff1e8fb5173f4

SHA256
57f7df8e7074e92da0c31d6cf48d655cd809542711987bc5a0b915d5c3645b69

SHA512
6c6404d823923c3e71eacec87c1f9ee6b6d2a5ab40cd8b26c6f4318ff01561cbc1444ffece6d6456415773035030efc4eaa9d38172afb086e577c2b3a6b1b4dd

Download Submit
/storage/emulated/0/Android/data/com.ninexiu.sixninexiu/files/baidu/tempdata/yom.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
89B

MD5
f194d2956738fc7b1dba7b514995b501

SHA1
4d3c9a679d90d863a96a8049b7e59292cb91de87

SHA256
4a9f791daa2fd256b2ae9b27440d733061736e715b7fa9fd90ff01dfcc8e0d15

SHA512
0edd819f976bfbff4d6a1ae7c8e4a5c4ce52c7573fa78bd0a3ffbc012ae38f90855b29fd1bbb255cfeb1ed4059e42d57bb82bd917872a322046c03b2794708f9

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
4KB

MD5
bf7cb83d90308faefa372521e41b760b

SHA1
b34677a1fed45703344bc7696f150f2d190c991a

SHA256
dfaf91f8d4023f2367667fdfeb02aeb006a6229ea910acd64fbba309a0d16b69

SHA512
1e3f5b2bea924523a43217a63e285b2f6a6351b8e6f1fbc0fa9f6104223d82ac70009bb5b5b4bca249ce7ca183fc3f797f7a2f518bae8c5c10a6b3399448f6c0

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
72KB

MD5
67f974a71424f51f14d9d73e6c03a163

SHA1
ac0a9c851e747e229b30e355a6aface0cad4826c

SHA256
b84b5527ea576eebd40b7f6cd7f4176ce38167167007de7d2d116e76e4b39b32

SHA512
4ed202a6096ceebc69dd6f6e476c94f1e2b8163f615943e5039e13d0a4c1d087ed0423764b16b6e4d0fb9e00c5b3aec1c2d2fcf17f4afe34fd90f6406601a871

Download Submit
/storage/emulated/0/nineShow/info.xml

Filesize
180B

MD5
5c81f015b8b087fc6121534d317ef02d

SHA1
a23bba418138589266523e70495af156ef5b6427

SHA256
7f81d669e95d87143adb9cf2220d9ac7708dd9cdbbc87fcfde9b3742d0f7fea7

SHA512
a45d02e58bcc9218f1f849d74e527fcee3ee9b53139ca0269031f655b3eb86acdda124487ba4e69687cfad04670c80af91b15855b8eaf11bc10b4c259dd9ce69

Download Submit
/storage/emulated/0/nineShow/luckdraw/egg5-0

Filesize
7KB

MD5
aa7735375a94bac15004759a75a78361

SHA1
f317276da4a2dc13a4d214a75f25f24a765775b0

SHA256
5f8697ca8d3614077a4a50b2c149ef36f31e5ec754f75a9d3e46c611dcb03e9b

SHA512
1f6e88d08fa0b8f40de8a9c40f2ee375fe5f82385c8268ecd445688dbc7528d79a2a6d1b50d5e1d835df5ef1398684679611e6a62706ecf7ebf3cc9badfe1c0c

Download Submit