79ea974a904145045e10270169d88ab70259bde8e6554fc45b3817e220b05929

Analysis

max time kernel
3381745s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
31-12-2023 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b137e5dea87d521b2a2e60e0db01c80.apk
Size

5.3MB
MD5

2b137e5dea87d521b2a2e60e0db01c80
SHA1

cb36bfd1d30dc68a1a2e279bed5e6b7da69c00ef
SHA256

79ea974a904145045e10270169d88ab70259bde8e6554fc45b3817e220b05929
SHA512

3651bb4915cb880be552a2c4e380d870837df9bd7de0259186e98bf68447371ed8221179c629e62e105dbcbf293a6632602e682c5803daca0eccc43e326db4ea
SSDEEP

98304:i0bN6NK92jkKP72Q6M3gHeVyWzjRl+xoobX4YqzyjmYIQ:vBeNjkK/6M3gHmTRAbXhjFr

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.icloud.duzkqrdzjk:pushcore
/system/lib/libc_malloc_debug_qemu.so	com.icloud.duzkqrdzjk
/sys/qemu_trace	com.icloud.duzkqrdzjk
/system/bin/qemu-props	com.icloud.duzkqrdzjk
/system/lib/libc_malloc_debug_qemu.so	com.icloud.duzkqrdzjk:pushcore
/sys/qemu_trace	com.icloud.duzkqrdzjk:pushcore

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.icloud.duzkqrdzjk
/dev/socket/qemud	com.icloud.duzkqrdzjk:pushcore
/dev/qemu_pipe	com.icloud.duzkqrdzjk:pushcore
/dev/socket/qemud	com.icloud.duzkqrdzjk

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.icloud.duzkqrdzjk
Framework API call	javax.crypto.Cipher.doFinal	com.icloud.duzkqrdzjk:pushcore

com.icloud.duzkqrdzjk
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4274
- getprop ro.product.cpu.abi
  2⤵
  PID:4399

com.icloud.duzkqrdzjk:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4460

com.icloud.duzkqrdzjk:multiprocess
1⤵
PID:4523

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
230B

MD5
e7e5ec8efa11c54aa76b06eeace81cc9

SHA1
9d6bf8af724371fde94cdddc7656d138a0fae5ba

SHA256
9ddd57b708fcf8bfde677f72384bb0b8e4496b129b0274edd068047b6171aaa9

SHA512
40a038b8dc41c89165f8f8e80276a6ae44fd98aae6bc5ce71a51ca423d11f5770da14ddb88f5a80b6cd1bb10ba742d04f323778b0810b1d568c5a4b20428d77e

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
76KB

MD5
220278262f96b5226765147777ca14a2

SHA1
9d9e03dd2d3c16af1a6e8f3d8e2e6354c4e5129e

SHA256
85728bff8b66b62e9cf227ca0e96b0dc440675f6bda7f9bb8b483e3795278a03

SHA512
c9bf92a41f8e05be50bcafe8690a9d619b45eb53bd4a507303664b287b662cb3a922bc3fa4a8dd0e24bc6149e02bc897d89cb2e8f85faf00cdf48fb505b7b9c1

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
239B

MD5
7fe2418b7baa5f4878f22420968afe63

SHA1
b90285a65b615fd44b3505460f5ff3b6bdb024e1

SHA256
9690ead5404c6388335f94bd9793ddab033844574a9183dd2c83c7624fe7e0df

SHA512
d7f8e1e0008648eb89d24c96c5476e34ebaf74235d6fe1a7f029e1c6c874cc0cfab69db9877ae6eee796d029a29c1ba4447b144698ac4cce7cfc71de39685c53

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
72KB

MD5
248fa5cf0485b3ae32281160b02204f9

SHA1
27fa2cff2a792f8820bd4537076d2188b7e4484d

SHA256
2b7d4857728bc9159fccca9cd862516b2b0839cfd9acaa3a9b4be65d79056732

SHA512
6f5358c86a5fa7881b8b8629c35201017ec6b29634c1b4f6ca1c2ffde7ecb26e7e838c812f808be83bafbe970bd254472b97df6a35864125e024a1ea168ea447

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_crashrecord/1004

Filesize
4KB

MD5
56b1de24f813632e74e7d261947a33ec

SHA1
e30a6f8f32dba78c42b11d7c0d776ca826c175ec

SHA256
ff614af118f8b89a2f45c64f428f30e6b64910588c87d8c115110609d78448d7

SHA512
74bb89f7f8815b810ba202c84e3ad3dad5bb30c1e4b2448fff4202622e5a69bc2fff552e1641bf9bc97e51ccfe5ef5ad68570534cffe0b7ea7d62912250b7f94

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
3a63c85abffdc8e25e2e9f3b32a12378

SHA1
29cb8629e978c61fae210518bb40cf82a7a00dbb

SHA256
6ae1a88a789e8347173a739e51e55e6fae1eb6f824ea7303754408c87adaca14

SHA512
741dc38500435f8f3e65950431ee6d99f571e2d81156efb0859137f19f2c2f745ed2222caac8844d753a60c5c76b21b5d85ec000eff49fb15a58a7719b12bd92

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
2c6026323bed097a4abd975c7376ff76

SHA1
bf017e40c20a6e441fdc1d6b5d04e0f095b5b4b2

SHA256
5ac3cbd5f25f390222b245924dc265630c8f8bdf442f3de93032a07ee9933be0

SHA512
33955b2114d0a669d3d78fbb28db74f6fe7331789a1e276d516d3955a118ef755f1ad102e24369e6b2e4eb74be9f765d5c754be5acea2160455ac22f3480e4a1

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
178f6cd3d0faf3b7d0d0fe466d175018

SHA1
45835d5a775c24d67c96d577bb2382dc1fc5af13

SHA256
ac8ccb04b24d987a63f2060375a10e65edd45f7266a9759e8657d02e792ff1c1

SHA512
16aa6046fe11ac9a339d01c0ab33ec3c89a0ff5af5df326d4225628730acd58486032b8e992333b5ee5266eb85dbfb7447b9135d4868c6556c1f2e8cf211829c

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
09d60144b7e616d056112573d5f6a668

SHA1
d990fb2540e14709a8c31b95c9d28d7f525b2789

SHA256
13e881b6a62877dc8c406f440663b954598043991bd3339562a215ea50193f38

SHA512
0047e8dcc08d9fd0a6ba18c8c0ba6420448472c18be95f69fef64818b12b3e235af33fbbaa9672e4ea505c9c95a5a744fc0bf08019ab1162a74bd935f7296257

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
a4c9635a3d3d1e7fca1e3a508d9937b2

SHA1
974a29a24e41da67357e1e4f71bc770c9542caa8

SHA256
01520c2dfa7db1b6b33361c927f998ab55a2ff4e9e65611f414dcbe6ffdd4b09

SHA512
936e517a856acf005a5ebcffe91b6cbaeadd845783f1d94c9db10eaebb0a4cc9a7600ba9b6be2f1637e1e500f614ae6f3585862dfc846e0ba47cdc1957b65622

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
56B

MD5
641eb466c24abb3184d6067d21d80c8e

SHA1
9fe18ac5cae65e293c74f2eed47ab1c62c00ee79

SHA256
b6eb280a4621511eddca575b6080df5fb04776d16064c0ba57b24172e2f9019e

SHA512
1aed1e408407b8540cd06e71a5df0014c11d504d473c8007043977ab9c4f193f5105240ba21b0cf61cb43945ccbe6713ee91e133416de0af51667fd6a6ca7793

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
12KB

MD5
40dad24bde0486b45c4571b61914b32d

SHA1
d8ba6d5c0127b1dde6db5bf1d617454edfedd10a

SHA256
d25e5b80bc42ca19e28f865cf5c927a7e5497473801d8b0491bea91ac1e5641e

SHA512
36394ad93821338c77a1ae24a1e6d9a251d88a2f77ad012afc32d477b612e1b48d7f619015f7e3e9b7af91c1ba333b27ec6e58bf157eb53d2cbc1d6fc98c4b6e

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
12KB

MD5
96bcaba40de94ce8372f3dfc270d4e7c

SHA1
a381ffd338227faac3f16bce58b3d59379141296

SHA256
3b2afbdb672231bdfd2d68a5799f1a3ea3900fffdb247153132b84218247fd82

SHA512
9309fd6d727db4e1d19485ac1111a9bf6e526ca92c44d44cc21e7061ba30371dfb357c7ac4a9bb7d73c5f0f22c198d23032b8aaf95cafc126a5d5dee3f3106a3

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
56B

MD5
6bbc2cdc74b1fc8ddc39c1ee56c14ab5

SHA1
9381e38b2cd5b4189b312a70fe67eeb187140e69

SHA256
a09c8eb56576dfbc52755b7d2cacdb44a59183d0527700afb617f291e295f76d

SHA512
b2442657a370e9149d6e232a838bf910baaca912408ca2207192571139244d7d898acf984fa094d65492305519de96be0c0eaf09f9794ebe4560ce454120821c

Download Submit
/data/data/com.icloud.duzkqrdzjk/app_tbs/core_private/download_upload

Filesize
84B

MD5
e71a5c85b5759500b92ecc4db792ce76

SHA1
8dbb091952aa271714d3d688035c3c9daaf1a6e3

SHA256
f18e66accbd96765804f8defdf6278414b5fc763f80ae8e474670afef2487b75

SHA512
2bb71ce77ebe2e8c0378ff7762efa4b4f16af5c9ab1f520b3d02a47ea3d836765bf84eb7b56a17db4cd45842ae6ae0ca30742ed251de7da98a3fd3c1677b6b73

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_-journal

Filesize
512B

MD5
188b61b42f235b3fd193ed9805d96b3a

SHA1
c7efafc5e0b3d7035b63b86935b2012e75890e51

SHA256
7d1edcc59553143e46faee7142b7933661b751e9cfc258c252c50162ceebe517

SHA512
d9c2d788a4ae48c69826a1877471b8c79740f095cb58baeb1b1693c9e96052b437eed48bebaac071726af14e702750cba6d59a559f33e67549a6fbadf6a35d7e

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_-wal

Filesize
68KB

MD5
80bcb3df97790cbaeea371ede9c67d1a

SHA1
8b115ad3b7523b0d6082f775b4a0be5e4ab8e632

SHA256
7b93f51983aee9c35d5f24862f0af3723e339a17958ce07b643b7cbf1e3bfd5e

SHA512
28252565e54bf6c7579da632647c957ad1a3436d73db442a1102550d1cfedea89848b73ac078cbd7446275bffffcf41a380ea8180004ad8b27db4174c103ad28

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_-wal

Filesize
80KB

MD5
63e5cad11d8be3369dfa3d48e32d3dcb

SHA1
25e7c559f6cdf0f7c7adcfef54e81293b53e6b4d

SHA256
fd1a58f7ccaf998862807887cb2c1acadc02e6df1d19ce570c8f609be13ceaf7

SHA512
78eea46c7af73f0157c27aec739123a9f9ea523be4e876f2e79e702e08a3882a6074024d87cb925f7a12533e17fd5222a8ea46f6b10bf8d8d2d667549535d2fd

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/bugly_db_-wal

Filesize
72KB

MD5
65c72c677dfd5742a88edf24917a8672

SHA1
0c8c863b990fee711ade748e7cd91cfe3b2a6bf3

SHA256
586c072c5f77fb7f105ccdee07d0f5efc88907cb86512443d0aca7af27397721

SHA512
74a3d135877119f324c8cc09eb20ddfb017d71b0ec96dc21a06f9ac0f929742c9eb4041ea8c5ade2d955a20d53b26f362c65ebdd3eea2043e79e96b3d92db6b2

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/ua.db-journal

Filesize
512B

MD5
d5cf721f5fada2f369fd222b99f1c763

SHA1
7bc10e73a027174f45720ec853a901f67c8dad31

SHA256
a8fc814f2ef86946736be4b0959e53d54d9a08df324733c2d424ccb5dc220b0f

SHA512
b29138e18e392cfef70e2ce3ea8ae71bbe50361b783d06eb09bdbffde258cc03e57f069cd40bfeb95e5ef827105881f9e78e12d79d5aeba57a0f8834c3435b06

Download Submit
/data/data/com.icloud.duzkqrdzjk/databases/ua.db-wal

Filesize
48KB

MD5
2d93b674be5fafa901ea995f3d214f8b

SHA1
9a817379beb728e64381399da44039fdcfc2ced3

SHA256
a984b98eefd098d151231474fa950f900a308698f01c3010cc393f842288b164

SHA512
78ee7996b8c49899db1988240ba495f23b291d22e0b72a51386b7a23f12143bbf8c5c03e2b49e46be8aa00625a43fae94dc29770e0f0223a76467038e7f6809f

Download Submit
/data/data/com.icloud.duzkqrdzjk/files/jpush_stat_history/active_user/nowrap/6615a4dd-c4dd-4ef4-a18d-c6e56bf76e28

Filesize
159B

MD5
41ddcb088a699c58b89e62853d10e38b

SHA1
bb9d1742f7ead1dcb9a9c876a9129e1a8a9fac7b

SHA256
2bc9bffa9fb86addfe6ad213632985791c51ad6cc68508798c8d2518ca01a18a

SHA512
667c03623212dfd8ce2a8a63314603d184ec995a5b9ecf8eeebf0d44e8b4d004df50efadb671dbc337684adc6363f9552303c46e2206053aff7a0f9c9834802e

Download Submit
/data/data/com.icloud.duzkqrdzjk/files/jykad.json

Filesize
53KB

MD5
a112185040afda1a1a1226effd1d0ab3

SHA1
5df46b4bad6e811460b67e51d3093bafe75da2e7

SHA256
93dc750c7bf52da7a2b3557cc404c6b350c2ffc2febdabe09c91dfca02da9195

SHA512
ca7acc9bb995b0f6c77a6c96765ba88ae11a33b64d9a58f6d96b4e2894aeda36b39f110bf209eec133e206b52acb6d75625859b0394621e29a339f5b93c46e96

Download Submit
/storage/emulated/0/Android/data/com.icloud.duzkqrdzjk/files/tbslog/tbslog.txt

Filesize
15KB

MD5
d60e7642619b3d106cee254e1892575d

SHA1
0a51cff668c66e7e084b3a1cb062b64aa86d40ae

SHA256
80392fae3e35494bcdc9523d445bdf71bafcf26373ef72287f5d856f6c983f0d

SHA512
9233f536ece83a33a84baa3ee321d9f25ba88d00c222053466d647d0ad0357e81ec990e97ff35f528a39b070768eab5102ee5e005442e686f73d7c79e87c2df7

Download Submit
/storage/emulated/0/Android/data/com.icloud.duzkqrdzjk/files/tbslog/tbslog.txt

Filesize
14KB

MD5
7167b167283f84e13109c2bdb991b370

SHA1
11642d1495a50e1950b79a69558fbab7f569cad4

SHA256
33db1e48697f25b1afdb3da21f226027772f5168a882c551e87a62b612b621d3

SHA512
3b667ee33cb5467a9ebcd3f6f477d92dabe2335ea2d98913c13e875b6e879c543253734fa1c8817127d88b0c1a79186a3bf48518e5f0b62f89eadc306c25a041

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
ac53e68163c087a6c046a3d08a2595a2

SHA1
46957626e45f57d6d93f7879a74644c787da3c6a

SHA256
d16cdef2dfdcf145017996e9bcdc146c6ab17b2f9ee243c71eb3e873e7161421

SHA512
8b101f5b6fe7d7ee19f205d517a7a9006070994b19309df7b8b7e1ff1370ab8fab73e44818a127a126b580a5dfab4922f89aa3c5c43b0532e3502973f8cdb125

Download Submit