8b18edb9544b2865ab649c3622c30275cd328265d120ccbb7226a7c6234e4a96

Analysis

max time kernel
3699565s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
01/01/2024, 02:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b9e64639ee948dfcc73bc88dddd5585.apk
Size

5.3MB
MD5

3b9e64639ee948dfcc73bc88dddd5585
SHA1

36761a4c0845f2a65d53aa7f2e8b89061167086b
SHA256

8b18edb9544b2865ab649c3622c30275cd328265d120ccbb7226a7c6234e4a96
SHA512

783e1c03f2c5471c2f8fce7c147a03a11e1cbb890883ee2db129f3cbb462fd19ca0aac86ec01c198c8c6f808c3670dbd4d6d351ff40e6a9b224984ef15594b88
SSDEEP

98304:dLv0jcB/u3eccmROZEoSeP4n3y02DFanKILgWGV5z5WymK24di68lwgZ1inuEwU:dmHjUVUgDc5g/R5WZK24drgZcnuEwU

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yl.signature

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yl.signature
Framework API call	javax.crypto.Cipher.doFinal	com.yl.signature:bdservice_v1

com.yl.signature
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252

com.yl.signature:bdservice_v1
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4289

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yl.signature/databases/teldata.db

Filesize
561KB

MD5
13318b2d5d983b5042545692efe5daae

SHA1
61b942184a775dfe514c24f48395570bcf3a4fc5

SHA256
13c9aad1a8c65142b18bb5830b74b943951e5f05dec66307515ad5e67f6cc9ba

SHA512
04c66873e82b3c524e376d7bad5c296e8a60228409f97f399ff82d7b8733c05c721a45ba216e7064e3c27a98f7e469d622ee89e56eda3c2250c47d0dc6b446e7

Download Submit
/data/data/com.yl.signature/databases/teldata.db-journal

Filesize
512B

MD5
5f3fca2a82a9e6473ee5de4fb90d41eb

SHA1
322944a1d40e55b9c99276f8711da1ef56c30541

SHA256
470a8c2f0ff48a63eddfb43350cc0d660b97f5be215994407611169aaa370cce

SHA512
d2acd25b656d5fe22e8cf27864978fc780358d2cb3fec6ea6d483c9593e25ebe2f0cf3e56c36e19b05e93c2f6562762c1c278766894ddd53156e90fa1b114e45

Download Submit
/data/data/com.yl.signature/databases/teldata.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yl.signature/databases/teldata.db-wal

Filesize
16KB

MD5
d5ecd86abaddc5d6228a16daf8e28a0d

SHA1
3c9627fee9155e996f7ad085e614fda70fb78d48

SHA256
43de2fd5d155e9aa6fb3872465dfeba24b568eb09e2e8832f5b1ddfab6ab4484

SHA512
2f7b7be2be6786df52e291deba771cc37ffaa346abb1f04b9bd47d55669f5ddd89b0fce6d7cb21eb08556335c09330b35096e67be2a2f7b999922c6567cb2407

Download Submit
/data/data/com.yl.signature/files/__local_last_session.json

Filesize
109B

MD5
2551866b3b384cf8df0861c3c86e338a

SHA1
a314d3dad8dbf6a9b803cf605239bbabe5b695db

SHA256
d6e34d06593c1b9f60fce4b0162b6bfd1a4e6d342587eef929ffebf0f813b0b9

SHA512
371bfad133125f1840e2b11472d93c4503b70dc2981adafe361dc364cd22eabd32037eb6db58a79a72191d36634c5411fee2fbaebbd01ec82403cf80dcad0764

Download Submit
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db-journal

Filesize
512B

MD5
31e72d5b07c58149fc098790100c983a

SHA1
708ddc786c8ada05964e88217633a6bc9c1d98e3

SHA256
0f5ada1fd97bdaa521589069bf2eead67ed545ad837aee47795568690da6338f

SHA512
fa02842558e77ed5a7fc020e6f4fa634b46be120cb2f44073d036a0c6ada13497dbd81b8d738776e8b1bbf59e3f7b336d6b5b5599a69c3464e433687422f0543

Download Submit
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db-wal

Filesize
8.3MB

MD5
a89e88e13e23f03809e8c9a63bdf334e

SHA1
870fd9ef3f2b25b8bdaa79f48c5c51d68bef93b0

SHA256
14fdb33673d38beab768154ee245e3d290a697acf89c1ac11c0b34fb61684b40

SHA512
c4dc63a864d49e1c6c54f0d646a5afb666505fb10e41f187fc823649cb49f407f7c0a3b04399259c8234d69b63ad303ff514e4ea7a429b4fbef3b7ed0864413f

Download Submit
/storage/emulated/0/newishow/logs/2024_01_06_logs.txt

Filesize
96B

MD5
b8f850d059ad71f913c3a97d75f41a0f

SHA1
b6d54dd92d5dbef624fa4c4cabfe4662ec7cbbb6

SHA256
9c84ef43f921f59e981374ac2d7104bc336abfac451b5eca7dc4de08e05bf1a8

SHA512
067b68bcad575456d9ab750d47e6b27c5822a378b8078fbd9098250bfe3cb1c56e74b024d61c462b07043f75a63f0a6445fa800b556e9791be50906317142279

Download Submit
/storage/emulated/0/newishow/logs/2024_01_06_logs.txt

Filesize
160B

MD5
b41f2067f60e49a9024bde8911955ea6

SHA1
57c87a1f8e32967918796915adf4d672fe17f73e

SHA256
b307ddd1e8a695a240b26237f0da2c5d5180b959aad1c34f696f44d567544713

SHA512
fa855db61136c07bf2d8d7d9418eaa89c57c54a5ee5ddc14370918421560658b8db368448360f0a313ea9913bd80d18954fd2d73af10b03509eb3866fca8aaa1

Download Submit
/storage/emulated/0/newishow/logs/2024_01_06_logs.txt

Filesize
64B

MD5
84adfc774faff1baa7116f8814fa1ae9

SHA1
da7ce9c4745368c73329ab88c0e14ffb0a5bfe08

SHA256
f0f0c7110b76ddc3be1bd7726c5ada6fb709cfa6641aba9720130ba25cb5a25e

SHA512
fc05bc5fe72197d105f2710ae280024596156ad3b1cff54f2d3d7c508b16ec8f95bfc866ed3b8dccccf0aeb2c9b74a8589c6a557e2e7b43ad2b69c533124a0de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads