f778977ce3402e4e2d51c3f4e27c72fb26f2dc5a2c92a94cc8dad86d53df8a84

Analysis

max time kernel
4109611s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
31/12/2023, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38ebba9d43ee8c4167e4388cc8a2d9b9.apk
Size

12.2MB
MD5

38ebba9d43ee8c4167e4388cc8a2d9b9
SHA1

e682c9dce7095feb6176bc5a8a0ed4158050edc0
SHA256

f778977ce3402e4e2d51c3f4e27c72fb26f2dc5a2c92a94cc8dad86d53df8a84
SHA512

fe251ab49445ff26735f315ecd0063e6b78931f70da7c120cbd9aa275c20a3a3ad28906ae7250ba7fbb0a360764cd0d5ae39b9fd1076175d3ef30d0bc9a38880
SSDEEP

196608:KJNcmmayMPFA5H9dIanjB3sBx9izzknbJJzINWBM2tXjcVBmycuwC+tNyF69EEiV:KqayMPFALOaN8BbbJpbdcONDtot

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xhl.nanan

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xhl.nanan

com.xhl.nanan
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272
- getprop ro.product.cpu.abi
  2⤵
  PID:4306
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4372
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xhl.nanan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.xhl.nanan/databases/cc/cc.db-wal

Filesize
16KB

MD5
19a1dd88dec4c6304e909389c093710f

SHA1
90af43282c03c46af1f0e3008ec1841d35772062

SHA256
6a5f2027525404d072e8d0bf3a3dca3f6a39769061ca7f9ad3a06f3a11d1fd56

SHA512
398999df456a131bf9c6d1ee77630fd52a3d5b0c01aee6cf3704a60517293824808df58caf247a608bf06e8d26ffbd6b13a765b98880193d782cdbda1d2a51e0

Download Submit
/data/data/com.xhl.nanan/databases/cqliving.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xhl.nanan/databases/cqliving.db-journal

Filesize
512B

MD5
306beeb19106a057a0cf99ac63aab796

SHA1
5b51f6cae9378f74737a3e002c0c9eee0779bfff

SHA256
09afbdd3a0a0db0858d01bc567e2793eeec440df6adfd996f9a72d36c336ecb7

SHA512
bed6f0fb5a4b42139ac897e59b1883ab8c3cc9feeda1c2bbf1b8725701907dbd81f6a754e7c7b171631882cb7b43c8ea3db50fabf4366ea25b7849988b858acf

Download Submit
/data/data/com.xhl.nanan/databases/cqliving.db-wal

Filesize
16KB

MD5
4b00482f3d1dab8d22950c2afc4fe7c1

SHA1
57b26acdf9e039df15d241bc3a81f60e96ed576b

SHA256
5c075faad6d76dd72fc28d5a9894802f30ec2c751b7e6c77ebd057098f3f3ce1

SHA512
7edd3661ce80b0207e60c38420d438db1032698e82be161241327a3bf2956435e1c6988991b4d0fe5605f10adde9a707b2d9f2b631ee8ba74fe2b94fdab847b1

Download Submit
/data/data/com.xhl.nanan/databases/jpush_local_notification.db-journal

Filesize
512B

MD5
b116e848c0e5e55e186c1186e8ba1bef

SHA1
0b43ededacd47accb6f5896806efe017984a910c

SHA256
b84d96ee01e28ac8318919b09eec01d3b276340d7f3bd8b7f0b325e06aa819cb

SHA512
5bb0fb626d09d75f376ed862b7a7edcb8f26b09d9601dd9f26eab1540380095ca10af705561f8ecae14de155a55eb675cc6d3144bc57ca5f44d18819ea1fa138

Download Submit
/data/data/com.xhl.nanan/databases/jpush_local_notification.db-wal

Filesize
32KB

MD5
129dd322cbc5de19af059af4261ad8cd

SHA1
9d397a02607cc2dd0b14c77444770acb18f1444a

SHA256
f494d4e5aff6c237b74cb6ca6f7cd4f5e1d644129461a704adbd4d058ff80bc7

SHA512
b1e04fabcc399f314d7615f404fd802fd0a06227b4382038316498eb7741b8b2007107fa7964ee4f65264f0137cffbe26d6a01b6a3aed7969887df2496acf0a8

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db

Filesize
20KB

MD5
c36070c9488e8b8d84f7300884741af2

SHA1
a5c72fd485706ca248c8f3eb92cf0dff5c25a9e8

SHA256
91cb4b686df36dcf8c09a549c7c6bba8bbd7e0681457c3ab1d7961cc75cd4878

SHA512
0a6468e9c65b535abd39b262b63d072462f11c733a892333bea263887c5df7384af3833ba15d1a86dea8daa01d58e2a5d4e738272a0f86ba2dac720130fdc0c5

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db

Filesize
16KB

MD5
829d6cc8f10eb02b626f2b5990ade69c

SHA1
156c79b33f494e7cf8e4a1c61fee7c751918a15c

SHA256
8ba154719fc85de040fb293c26adddc2fdfbc898a96908736dadd43165bc2cba

SHA512
9f1ac611d13fa02df1bd6d41b3a8d67e443436060720274373525d7d54ee35458bcf51d289f69218a985b9d4b0c85acf72200719c7cd3d808be87bc704c2a13e

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db-journal

Filesize
512B

MD5
b07a340675dd491bc38aa74f35973ebd

SHA1
8654e3f00d24eaf78376f8ba6561655a89d8e820

SHA256
e68c1ae51567d8bf946b1d4fab472e38dd1d8236c2d5571974feb91832932683

SHA512
ec75e177625616d283215d2f024767852784e4c526c730da8e3711157860c4f0c3e2ab043acc2f6548fe9af44fbe8fdc9390cf80fc68ff3a97562f3f2136dd76

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db-wal

Filesize
40KB

MD5
00a5a26d25fd29b6bf7881287d05b05f

SHA1
964b878c2f90b9322a2ecf6ef5ee541ddd198321

SHA256
00b0dcc5ab9bc85dd4eb68112163f84a39bcd5743e5953afb4094a210a2958d0

SHA512
71d0d25d64b156d36ad9ab82e3092c4a5dbc676fc14df9d2e87453b520d79633865640f6170efaeeb39739e188dc680910e98039b9dc4cc72fda017c7ed7a249

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db-wal

Filesize
8KB

MD5
36aeb5316205271659e14e5303d6a9c7

SHA1
4dd31c8de8886429a76eb218fda976c42f2efdc0

SHA256
86dc38cf58ecc17b12ff06f0a0df11f4a70d023a4c44b266f9a7187a40470a76

SHA512
b9edafe7ae60380acfa486afc1b8827553b18c3a581e49116c69addd849be8a5872f943588aad2d6b97f6dae3546eb1b7ff6044f8552e37f68648ef76c05414e

Download Submit
/data/data/com.xhl.nanan/databases/jpush_statistics.db-wal

Filesize
4KB

MD5
27978ffe11ebcd52b07455df55d4753f

SHA1
b95289d89d38b5b4463f797fa0d1f4f23fe1e621

SHA256
82e8a53e78fe693f607e0d2527d38edbf46b48a497f218d9578c40be7394347f

SHA512
a576975d14fe1a3be7296d303a15bb44a4dde9d6f5bb85221dea1b6b2a809d343cd4f567bf1df9d092d5e347bda714bdb34e8e4cf217fe49a14fbbcf24c07a52

Download Submit
/data/data/com.xhl.nanan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3256ccf2aa25797b0193df642825db8d

SHA1
52bcafa3a9cd4cf26d9038957af7e54206a6e575

SHA256
8ad9555612c9411b082a2d7fa39cdb1efd4efd36213e7af370fbeb094d8630e9

SHA512
e12ee6bbb059bf2f9a77197781e360df6ba01ab5b7d1ba054604d18adcf8b7d774bc4c70d5b45d9e27cf2ff261fcdf22e2b14bab3295b0502f900c492994a816

Download Submit
/data/data/com.xhl.nanan/files/appPackageNames

Filesize
3KB

MD5
62af9308601b0145b4b6527f3ac659cf

SHA1
82f768e221f6ecab719af9172ea973610cebd9c9

SHA256
2907dd2e927dacf6d78027cc8020c9b325fe5d0586a176fe775e34532395210f

SHA512
3dbc3b16378efa892d11b4547e03d8e013538e9d1a779043d5721cdf846577b3937a8caf44f61882f2037ebec70cf79358eb82583bb0f7b9946a5a47b7a29e93

Download Submit
/data/data/com.xhl.nanan/files/umeng_it.cache

Filesize
498B

MD5
2b59438cbd780403c254ac7efd97e195

SHA1
0bd060bdc1d655f0c529a9497737233232cdd012

SHA256
0a38e2c7801e56b8adc66fb33021cd881da6ba5d6923a412eba2064854b7288d

SHA512
ec9533976d6f95ac2ac7e9a4472e68fb8e166778460ddaa730f7748471472226a5a6184ce5dc3d4de5017420f6b06df884091063f88883a65d4c79b4f618ef6e

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
a0c854b742a89f6b59201c15ce317ae0

SHA1
f294c467c00cca8d558e0738093a5aca3f9a5a08

SHA256
e028e1230162a4053994cf62eda4b4e184dc34755c7736155d5d8f0e61c47fdd

SHA512
239f42de27224f1ce3b0fca43bdd2976e3aa09f4308ebd23cb1b8120a25e17e1d11964e566a32f1ad80e2f76350d4cb8b0eff1f4eee89c8dca67144f0d092af4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
b1784cf2ada3f2f22f9b1e017f47b167

SHA1
222e1d7fa940c15098f17de26d4dd1040c7f7712

SHA256
dda962327d32d19fa5f0d75c954f915544af5bda60453db17fbb3a4a3f6cd094

SHA512
e6f2937c8662a7bf8b5f46211a8d3c80761847aa37add46590165533f8742c7b11d878f69608b284d1ca6b112eaba74af8c037396694bc5bfcb48d94f3a5ea9b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
d7d9f9d3c096349dcd8f53d173c5783e

SHA1
0a639854b86501d063e82873d10df690530a9b7e

SHA256
82ac22c8152f40febe0c17acacbf292759bfc3d7b8f04eebd971a7e6ecfd39ac

SHA512
46131c0115f4c2cc455b5afbd3b90a9a71d6768b04012d29db47b2e32051c4af0eef579d00277d43aef5212a822c26f8b74fea79ae32226010e68be119b26a59

Download Submit
/storage/emulated/0/Android/data/com.xhl.nanan/files/tbslog/tbslog.txt

Filesize
1KB

MD5
a6c863fe774206c7a6292c84d47c6c65

SHA1
b8f00ed4f80d958d9a9046b5da585f3fa74415d1

SHA256
d960a8e24a6c037dfb6f28cafb5089a7d01c2656103c3937adb1247e3866ab9f

SHA512
6bb83da32adb4f7054ff6a5d1c24532f3c9e05e2941cf5a849d1def7db9934d8da111dbc3835f2ce01099c348217884dbca16ac89068678e3ab3b6a9724e4d1d

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
b51772e70d312e6243060f40296861e2

SHA1
5740cd686acedd5bd90ad42177529a25ebed3268

SHA256
2974b8ec0e41f817420e80f1e19b81ec938287b51bbebafa74a1f12a85a6f223

SHA512
6e17c48319c0694bedaf25ddba4ba675547d8636dd7c7a3209316128907106dbb6bdaa68e043506b8584b94ca95b3ddc8fa836052003aa1eba8e03f01df8df3d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads