696be4bca911b4e779fe2a0e1c4742fbd1e33afc4e79824e41850cefdbdf58c1

Analysis

max time kernel
3384049s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
31-12-2023 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b832725a72f62a3778a4da5785d1451.apk
Size

17.4MB
MD5

2b832725a72f62a3778a4da5785d1451
SHA1

6024582599b35e933181b778618b0c47688d7a4f
SHA256

696be4bca911b4e779fe2a0e1c4742fbd1e33afc4e79824e41850cefdbdf58c1
SHA512

05fd024409147d64467dac0427715a4f20e225a13a58201943c1d71ee90fef5d822cd49e3ccc17fb9173e8d58eb6e76013d354513a88bf6820b11a3f4ce935d8
SSDEEP

393216:U43wIrngF3Uo3L57VTJuo1EX8KC6KnRgzF93gxyVv5/oKyv6azw5:VFnCdrL1khzF9QU5AKyNzw5

Score

8^/10

banker evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.hnthj.phz

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.hnthj.phz

com.hnthj.phz
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hnthj.phz/databases/mpush_game.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hnthj.phz/databases/mpush_game.db-journal

Filesize
512B

MD5
670c6dd5955b83614bba21c465f4819c

SHA1
a506f6bb365df544509e16463b7e02227c9fd49f

SHA256
db761ee7288c6717956dd27cc31898f4095a0698d5b91d7a1e6d6e06412d12c2

SHA512
7e58ea126a307956ae3a772338297718a060e6370c7764e35604cbf144b0acde5058a62828a2843304f0940fd25c797394c20a96a5c410eb133ef12ee1fa4f4e

Download Submit
/data/data/com.hnthj.phz/databases/mpush_game.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.hnthj.phz/databases/mpush_game.db-wal

Filesize
48KB

MD5
7b3f838540fb90adbc6a34ad5ea1976a

SHA1
8c81ece3347384f49099ff38c79f2994a13dd9c9

SHA256
c566f064f655c4d370fb986754d8fea86872ad33aeb61ad0bd2e0188c4b5bbf9

SHA512
f2544f9d6e76273cf92b2f22dcba416717665479b9ca939d1520ed4976bafb010ef9c5b92394de419a55c5d7ff5fe86cc3219f4688af5a61d82f0b62c793c713

Download Submit
/data/data/com.hnthj.phz/files/mpush_gateway_preferences_file

Filesize
18B

MD5
5b783a723321f384ea8a021d20ba4280

SHA1
8a53b72a13e69184d8d0ae99568e7d3b95fed07c

SHA256
f79b6c0ba6379e405153ae0536b49ce9ab8a64e8585cbcc4b7ee10a357b723a9

SHA512
bbce3c6ae766581622fcf53a41cfc47aedaa2050caa3fcefad2e5238470067d5e3b1a7f586d57318d74e0c3725bf0970fa9a1c02a3d0139e1f8444f2310c56a1

Download Submit
/data/data/com.hnthj.phz/files/mpush_version_preferences_file

Filesize
2B

MD5
37693cfc748049e45d87b8c7d8b9aacd

SHA1
d435a6cdd786300dff204ee7c2ef942d3e9034e2

SHA256
535fa30d7e25dd8a49f1536779734ec8286108d115da5045d77f3b4185d8f790

SHA512
6ff334e1051a09e90127ba4e309e026bb830163a2ce3a355af2ce2310ff6e7e9830d20196a3472bfc8632fd3b60cb56102a84fae70ab1a32942055eb40022225

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
3566f7f4fb03ef8b1c090b3b680512cc

SHA1
ac239e2f1313252d6471d1c013488b6b858de8ac

SHA256
4c325ebf8356a11704ead53d1c40dbd08a9d2187286719514e5b10f1de63aea5

SHA512
2a502293afd229e8134a9440026093c6ec453ee06dc470be4589ad0b5335aabea91b6dd2ee4a00f6d1b67112665a204957353fd964ba542b65958ac7a16530f5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
936a64b79ebba3a1cab221b723b82609

SHA1
2e04417524a80e83d125d365d690b1a95c76d71f

SHA256
cfc37b45dc3479cc6899fac2c1b81b6e657a168570524edf8b242920efef8772

SHA512
0749cf02f87d85584f07f4dfc6d290295446975f0c77d9bdd7968604d0ed71f1332ab56a31f61e2322b24e0f70226d73021aaed61f24bf57faf090a707f25391

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
02862c1415de1dabbe86aef0b872c024

SHA1
a007e0188f8fd447e5ab0ff6023bd9cc94a51d9d

SHA256
f38aca94290a5354d449bb36c41fac872cec17b4c545b74a70dfebda64fa78af

SHA512
7f0fa410bf30c027bf4d90d8076ddea5004d71e98cfd189c3c54b17dd7a52b5a905b977be03e519828509c01bd555f1d99fa90d4aad89bd0d85728c152c6bf68

Download Submit