25b69499915063d7f6026508106a83e8f8a6ade2c53f01d5b8ae850f9ee94813

Analysis

max time kernel
3962953s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
09/01/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d2f3bf8d722c4e537b8962378faa0d1.apk
Size

14.3MB
MD5

4d2f3bf8d722c4e537b8962378faa0d1
SHA1

77bf2182d85b81a80fd5175c85b37e1b345f797a
SHA256

25b69499915063d7f6026508106a83e8f8a6ade2c53f01d5b8ae850f9ee94813
SHA512

28a79a1d9f6ae5a4848198bada8ae79dbab6f0c2801f9076d39ab67e6f043f9f91769657591671cfe5ca4d44b308e0e9ec8199465d1a89cb70dffd0fbd51374c
SSDEEP

393216:P3LME2KREhGIQWmFNZX0cMYE2HilR/MCYOsUCJUZR3Q:PQXKRVZWmJ0cMpqilR/r/YJUZR3Q

Score

8^/10

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus:pushservice
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nfdaily.nfplus:pushservice

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nfdaily.nfplus:pushservice
Framework service call	android.os.IPowerManager.acquireWakeLock	com.nfdaily.nfplus:pushservice

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nfdaily.nfplus
Framework API call	javax.crypto.Cipher.doFinal	com.nfdaily.nfplus:pushservice

com.nfdaily.nfplus
1⤵
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252

com.nfdaily.nfplus:pushservice
1⤵
- Requests cell location
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4311
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4387
- getprop ro.board.platform
  2⤵
  PID:4387
- /system/bin/sh -c type su
  2⤵
  PID:4424

com.nfdaily.nfplus:pushservice
1⤵
- Requests cell location
- Acquires the wake lock
PID:4462

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nfdaily.nfplus/databases/TestinAgent.db

Filesize
24KB

MD5
5e84f8a019ddbf1a7ba093d23d1ee244

SHA1
1f490db39bb6f70ad0d8c87ac69a210f8fcaf0ba

SHA256
67e8d2875c8c6b15359074a1b92a4db6aed8e0cacd807681ff024d45c39fcbb5

SHA512
3a93c49354c9e223a727a5b03c5a837939530278e52ca10c122be43b302457a647225daddf30b5c09ea487da94d7293f4d63458130c34404ab45638cd66cb804

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-journal

Filesize
512B

MD5
1947aa2afb1ae8dae33ce2191fa97a20

SHA1
446d4e95b3e4780894d85ecb6397141e2209e681

SHA256
ac473258327f48e6be9835daf65dea79923a8da79a0347b1ed5aabe7c3ab1c55

SHA512
559ebbaf062d565ff031a93dccb004c32f34801e492ea3087aadb0df9f0dcca0f8a5eaeb3e728657dda41c27a8e54e41c1400e13604484bb0504ce27b7b2cd6c

Download Submit
/data/data/com.nfdaily.nfplus/databases/TestinAgent.db-wal

Filesize
44KB

MD5
1159a6eecb23403d2f711566de22a36b

SHA1
fe51522b655c69b54b29e188b254cdf4970398dd

SHA256
9e8662b26657161719904ef4eebb0c47bbd18eb2cef17f80ff7b47bc7c93caf5

SHA512
72e4dd54c2c372d82de78f83a47db65d7f869657bd1399ec47b2e7d778243692a7dc6970054843ab70f45f4b95afb9be7162fcfece11d2a12795d89882592de6

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-journal

Filesize
512B

MD5
a6bca6b2975fa3b7381ec09471a6c3a5

SHA1
1fcaf71a241dc940b51636436c3e1a1b965fb701

SHA256
e30f4b3c613708298d642105ae4e8056ddeafe307fef7312462f3e98f89b5ec9

SHA512
618508418dce52f715d44c82e6df48a17aeebe0c3d296d5a9aab9a186c187a61d93ae6959f53d41534de991841f6f4ed6ae4fd1ada6d98030c63db7dafb06015

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-wal

Filesize
52KB

MD5
a5528dfe722e48611659afd22e521b27

SHA1
bcc9fc244c84ac7854fe0af2386799939177d5bc

SHA256
cca6adcbd01d3f4e4c3ae0aeefae41a0df84f7cd5ba83d086274474533b89b98

SHA512
8af2982e06905f7ca39d41693058026835fa76afb8e75098e33a8206e7430c18572bc963b2e4a2c57b8b7a73180c48963b0fc0187dd92bee08656140bc2b2c47

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-wal

Filesize
68KB

MD5
6f4abe51080c60d7a5380637c41fea1f

SHA1
59edb09e3d35ac4a37ec95cf4b2ce54a5f6ea362

SHA256
d71be45b6ab2b767c415dbf07d5f97227bd19b04a05ffa2b114e0f1ec4e2da8b

SHA512
f0e550d633255fee452f84f3201cb16ca3a5aad1fdff63be34eab72f8176ffddefcbe649b0939592b4c0097982d8456df03d9d88e5a166409e1e452bade8c0e2

Download Submit
/data/data/com.nfdaily.nfplus/databases/bugly_db_-wal

Filesize
104KB

MD5
3db2aa1893e039a535be154145dccfba

SHA1
23122f7d07c5d14a6333ab34c9281197ab2f78df

SHA256
9584b26500aa6a9163fdd3ca5d6d7b9edd3ab9954e04427adcc03f31aad4c1e2

SHA512
18e1fb27e30c1e789069022050ad622147102caed026114ce15a9b2a0964816af6e519ea59c85b73207dbee5170099cf65aa552eedf98ddabb6c6f18c8ddab81

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-journal

Filesize
512B

MD5
7ccbfe03b6c82310a86e397717d6eb63

SHA1
139d20d07e61fd1d76dce578d8c4b6880936a9fb

SHA256
7f30aee1f32e0ac819b3190b17b1b562bc90485bacd5d282b6871ffe65510a3b

SHA512
42ac976032a4ac005716cdfc80906248e6bbf5115e571fb963ebbb834fafb14283e504a6e9e3fc29d955a3d816acf69d3dbb8001edea16579d13eda2a9e1d476

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-shm

Filesize
80KB

MD5
4b2514f8373fbc1d546032699f313f9f

SHA1
3a3527d697787e5a39d1aa9eaaea88853d6c4be6

SHA256
861d67ee0cc7ffc3cc51574054b75777a8f805c7033c8dfed211a8dc1dc74971

SHA512
4a07005f8f6bb4587958b3b20f5199de934d6c551858383d1eea474d3164183be13fa151d527e2d83d935e30fa17a5417fd9363174136387273f785e484a56e7

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-shm

Filesize
28KB

MD5
670d8bc46551c40a1fb9ff8ec4b72092

SHA1
82253b089122b4d8c7ae61dbbeabd9d037ddd49c

SHA256
ca2684e4da544d08c906c70f147d8dbc91da3a7972d255e6a00e1c99419f78e2

SHA512
4977d35230c533e26162cb0e4da38345a23a87ff41510685e755a52152fc78d0b027e8e8942fe10ae28fe332b16bb9a7ba0c0644ec0efd635d579515c3d5df67

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-wal

Filesize
84KB

MD5
6f6eb98bb4e23242e2618beffdfedc22

SHA1
730aa87060696c3a57578f7f4768bedf20106eda

SHA256
9b1fe0b4e050d9c296a293dd706bfa244415736f193b421526c164802a5b2b15

SHA512
fc9c51887b5d216fb95ca3e3851a4a577389fe2dfbf400ac1a1d93e3400601d2dd9e1b13516f848095383263137d3f330a0f3c34c66460ae4434bf5062f7b2b2

Download Submit
/data/data/com.nfdaily.nfplus/databases/pushsdk.db-wal

Filesize
80KB

MD5
cba0a6f72fc8e854f20da2cb0a502542

SHA1
ce804cf2bdb942693baccd14c32733c61b136a94

SHA256
9b92bc8be465e380dce6bc53e00507266dcb38cd263cafe4dbaa14493db0b0ea

SHA512
e146f2b05e36224034ef33bd6db63d772f7a377a809ce329b46a4b161465b8b690aedd48c0f082ff4a07714d7381b849054102f5ce8fb0f6448f5e5b168d9682

Download Submit
/data/data/com.nfdaily.nfplus/databases/reader.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.nfdaily.nfplus/databases/reader.db-journal

Filesize
512B

MD5
295389c0841a67a473822d949188d277

SHA1
6a25e0036bc0aa4c656f8a2b0ca464890237a7ff

SHA256
87a23123cfcf94384bf6687a6a96382be433a5a9dfeb3bdfa5ec3c3e7e601593

SHA512
534da4c39e61b913cf649c1f28816242d851db3fbdc31d22a977ed2f8f968f2ecd772a9ae6ddb00f3bf02c856f2c38dbf2b2550ef20b2ccadc31763ed9d9d4c8

Download Submit
/data/data/com.nfdaily.nfplus/databases/reader.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.nfdaily.nfplus/databases/reader.db-wal

Filesize
68KB

MD5
09c4cb9b637d9accf20116c65dd6c00f

SHA1
c1944c4c81ba55925438bec295f95035878da236

SHA256
bf78f22086756defd4578b583dc00b7c8286d8385601e8f4a1ef0fa42ce5d996

SHA512
63f21e6a5afdad40bf2e0c087047d81ac756aa449e5a83a379304694e4d44c8cd22f9479b02bae44bb47e0b4a969e12c9e2895161fc7aba9747551fef4faf762

Download Submit
/data/data/com.nfdaily.nfplus/files/FounderReader/localWeatherTemplate/localWeatherTemplate.zip

Filesize
29KB

MD5
79ae75011f6b6c78f80dbaf486595287

SHA1
4617fddcf7dbb234ddb4d371f2895af7f2f792df

SHA256
706036a4b40dc4333890775aa908831177c310168d6167949bc997a511ad3e77

SHA512
7ad63f9dafa2d002bdad3a92bc4618bde47dab30f7534fb217a2aeb92d6d95b482201c0c15b5766ea93ddff6a09d4e3ea97ff3130cb51220116955b3693a92be

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
dec428b6b0016a2d251f502d7efd4f5b

SHA1
3671a1f937ff27a2149a88ad0ab9a62894b9a576

SHA256
185e7c13de75400f86445412bdd00080eec7fa69213de71590376052a7e59ac5

SHA512
de91630c1f7d88c641305dc2504eebef5b589f316403d1290088f364a8e3141f5f4dfa03db1d210bc556260132ebf35703d405804988d36c042483ac8551e0db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads