5013446afac0cfb5dd8210166d667e302c54eef3e7ee3220370725b90531534a

Analysis

max time kernel
4236339s
max time network
161s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
12/01/2024, 06:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

55b6273f910f9203c378e742a5dc039d.apk
Size

27.1MB
MD5

55b6273f910f9203c378e742a5dc039d
SHA1

75ccc5f6e78dada85694ff0ac3742c85ad6e6378
SHA256

5013446afac0cfb5dd8210166d667e302c54eef3e7ee3220370725b90531534a
SHA512

98f57996556d7653d481a18c61729a75392a7800064d4c8d444131c98f040fd47556ec20eb32cd82cc86dfe9da053267b477d24e7f4f2bf6908c1b323ef02654
SSDEEP

786432:4QVPevp4BpdfmxY2G9hlErubD2vxh6WWow:3P+CBpdfmyfWrcww

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk	4270	com.qingk.pooxprddrdvusqobatsexvauoooaoewr
/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk	4296	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/oat/x86/hack.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk	4334	com.qingk.pooxprddrdvusqobatsexvauoooaoewr:channel

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.qingk.pooxprddrdvusqobatsexvauoooaoewr

com.qingk.pooxprddrdvusqobatsexvauoooaoewr
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/oat/x86/hack.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4296
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4357
- getprop ro.board.platform
  2⤵
  PID:4357
- /system/bin/sh -c type su
  2⤵
  PID:4391
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4530
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4555
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4576
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4595

com.qingk.pooxprddrdvusqobatsexvauoooaoewr:channel
1⤵
- Loads dropped Dex/Jar
PID:4334
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4427
- getprop ro.board.platform
  2⤵
  PID:4427

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/MessageStore.db-journal

Filesize
512B

MD5
f2713ebbd8edfd63571969a5bddc64d2

SHA1
c55aea4a512793a4d40bc60c458cdfcfc702b1ee

SHA256
f9af61f57c7514796a602785de9643fd616772a4227dcc68a8c3ac5ddad7dfbf

SHA512
96c154f2a054896fdb0a556c248b224c122b01556db53bc948829de320dffe57b0c1a350e3bff49dc03d7c4007677afd82c36e6ee7406ad45b304768e68ca897

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/MessageStore.db-wal

Filesize
56KB

MD5
df8617aa5955d7d8a834f33310aa34f9

SHA1
b5c139155a754187b74d73500950c43206d6cbc5

SHA256
c60db167c148fb89c77ede15706c34305e6b14b1bb3acda9df318f5a5229ddfd

SHA512
c6a1143008818737c73f933eadcf0e0d517190f144c57b202fa3551c89531bfea0b0d0cfe5a3a7c2c3fa2f7d57e1395fc0411ee904e1643f4cd17ab5781cd6ac

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/accs.db-journal

Filesize
512B

MD5
bf847d3377da2e3e76b30ff7ec97eb9d

SHA1
1b9f404c6028f06d7744c1f682df4fa41b4ff624

SHA256
286ab20123f8aa1948763a022c776854d456d0b19c61044eff51a72bdff895ed

SHA512
2a7489e09b3a216b9b39ef2efd5c502d4a4a70331e3cda24312ca11952c79460c5e29371fda9e5182e5668889f395048d9c3f8f52f0d1fa3ff2a13504b4d6a24

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/accs.db-wal

Filesize
32KB

MD5
3610eb9914d227a1da4c858123e7d82a

SHA1
2345fdb1f040072cacb667e64fc774e0a58fcc42

SHA256
72c5080d494e7142b60d201c19da9732d2d5339daeb600874f5344611ba7fdf5

SHA512
4a30fc22176c36c258c88fbe144ebacf5901a1661a5a6fb41be50b30ffba907c446d355194f3c685aa628d6dbf96a98d197ff9efe70457a5781b95a375935ed3

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/bugly_db_-journal

Filesize
512B

MD5
b750efda4195978631657b20fd5e972b

SHA1
61412614ef4fc937beb73df1408a9c7010900b75

SHA256
af730091f59a7151dde99f6a5dbc0fba11b174592550b80ff9af9896d7910d00

SHA512
dc4089ce363bb5e5b6e24555b0fd60148e78c5ca7b5d911c9a7d4d21be358ffa0c18e16591771f4e2427f855f0303b05b2d898e66763d4fd64a4193b1f5b98b0

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/bugly_db_-wal

Filesize
80KB

MD5
287ea1d64babed73568546797f3e614b

SHA1
0e2d94285186d3526dc1887257793a53f2fe89a9

SHA256
79afd464f19ac4e6cd268eacf838c268e32c96a4502c5a7439351045763e9e91

SHA512
131b7d92002bec841999e52f6176a44018815e5cf46318ca44a8f042a24b3ea397035d6d18194c822b2b19fbdaeb57aa3db071407a30f624a7820fb4bff5e328

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/bugly_db_-wal

Filesize
16KB

MD5
010b386883ce82f60f4ddedff25fc13d

SHA1
8006141a92a4261ada17f596124c7d0bbe4dd93e

SHA256
6dea5e8bc710d64779d24f3bc7162ee4bd2a7abdd60738d6b207b625dd050471

SHA512
aa32544d787f61a2653f411d688216af38612e394d6ed2221398fb6b0faf5d5ded8bf1376045345a9466d9198a1793d9164132bab14ddd2c45b3729e845af29d

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/message_accs_db-journal

Filesize
512B

MD5
5c1fff26c8b839d89c5c3ffa4526160f

SHA1
8c9a8b3d4d665860671b2ecf0673b8d5adb3a3fc

SHA256
caff090bce4cb9019aad694363732abc4e29b4693e31419243bb99783e86a2ed

SHA512
3a7a6dbd43b3d70900b054fe0d3cc15c76fd0d44acae716ab9f92fe59805f1b3761f938eb6a4d69155f1089ad3218ec87a4ab74c7bb3447afd21875b0399933c

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/message_accs_db-wal

Filesize
48KB

MD5
4574b6070b0fe8b7caa6d30409767137

SHA1
f43ba32294b18b2fb8d898242291b2c2de40d195

SHA256
674e65b0a90bb027945f3abf670951eb8223f1bee9d77b13b859c83a2a6689f8

SHA512
0c290d9435c388216545b5bdfc4e255d6ef60873115b6b1e9216c0f920dfd781eb2ac518e8ebdca3b7215888003265b23b6d2d8692dcbadc411b211a7fb0fc73

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/qksx.db

Filesize
28KB

MD5
e7b87d04949d4abd529b12df957290c7

SHA1
585aef9b0a8a0c29270d3e013cc340bd02cd17cb

SHA256
2053a8588cca818c97d644a6e87b0954a02aafdfd85ec616172edc14cb448d00

SHA512
b7853fbd4459c77c6b7f260461983cbf4f3e1be308c58528ce217d44ff668cee11874fb64542590d3b2136caa784db3162ab38369900a91e348745432acd9f4d

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/qksx.db-journal

Filesize
512B

MD5
0087f9b7ab51d146a7c0c274a99c3692

SHA1
ceefb207726f37e8127998c0d57b69e59433a078

SHA256
abac9811944a8ef16d80fd0d5a57827ed42ba2b4da0d45d43e2cca12370e2cf8

SHA512
bcb7372be73798ee04c4c83f1e663753d557095f7d6f21518f22521e45b89d00c15cb7a2d5a70dbd6790034d8e472c425b2dbd2035fbb46611eff3c7d68e2ec6

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/databases/qksx.db-wal

Filesize
40KB

MD5
383f86cdf3177faf1d9e06510a3b8b3b

SHA1
8e5dff02a9bd5daf24b1dc2f51d9399ab2c09401

SHA256
ee8bc4f05eba01de518b9a66557fc681a29152ddf0710798be8d018a41605291

SHA512
fa530b142eae76229a692323416f3f8afa6cb07aaaf908f65df0464f9ade0699c9f89ab6ac5d980a1596e8643933ed872dd20217253c1694fabf317f4432eb65

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/agoo.pid

Filesize
111B

MD5
033363bc9d22462efc6a67a6c06bcc7d

SHA1
5d56e57a2182f0469df9822056fbea69560f08fe

SHA256
dcd2ac3cd57dc23a7fc6738fa30fa80fb7d08b5f39934aaec1c4da1ffbc6b0a5

SHA512
5c81a955d2532945512ae8136f709f6efd621bce6d5d9b88bc30e62e3db33394615dbd4df76b38c56e8912e1209325becb49d5c5476eca3ce188358d8ac407e7

Download Submit
/data/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk

Filesize
2KB

MD5
7ce04ca39923a472f57fb8c632ecedce

SHA1
c31070ba1e3bf8208658a954fe4c304ae7bee9d5

SHA256
0c9f14b2912c81e612fa17ce13f9d4ce2611ad5856e114bcfa63c0ff1ccb72bb

SHA512
aeedcca7f8790b28968843ee149d9a3b8d3f164a725d9be44c3d79838b70be636795b5414adc1432289acc82e89ff868c1c63e173cbd1d8f643145d140a6af41

Download Submit
/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk

Filesize
448B

MD5
a4465f31543075a7750bc077dab2503a

SHA1
640a9115ff88c067b1573d024c349d04ec45843c

SHA256
cbdacef3218bb2da9c47d69ff8edec736709c62db7f1b2a45d78738b7c81f8e8

SHA512
b1e9f3e02d46eedc29624f69e19410af94521b1ce5630d6152fc70be24ae1e9a2cda3fb2c756740508d1d65b72e110a7f5caad6448a50643a32f2bc892924de5

Download Submit
/data/user/0/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/files/nuwa/hack.apk

Filesize
448B

MD5
f60977557899de385b37a8367b48e177

SHA1
fc9a3f1da1dcff30016a478a175f889535de3ccb

SHA256
82048ef33043e25d2dc25d6eb4928da59ffbc406a68754d86859b81975fc0c0d

SHA512
5a112592f196eab0b3f69bbe0f4c17fbdbbf8e9281c1874c0213a5df8190440ae21a80e940eb424d2bff03ab5eed7b24baca12f5b86451272ff8e36ffc6581be

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
3536c86aa69f89e551083d0d6cb92a7e

SHA1
4f0fea1f9db15527aff8096bfa88dd63d7090ab2

SHA256
02266e82a4befabec1eec225cf5ab610228ea1b3810acc32f8112cf7caf55745

SHA512
cb46d93f534093e44225be0110379c9f959be42716011b2005c501400bcb3d3e25c18088c919d4064a0465e487b9940d64ffdca8dafd014eb413dc45cba13358

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
544B

MD5
8150b3ca859f380fe6c6fa8ff408e45a

SHA1
4c16f8d6e53819a1f444ad98ea3873507f8a2a73

SHA256
b07e2ebb5f52424113c217b51ec22e5d722d58904d66401aba8ebfb0b2f8d5ff

SHA512
59ddbbb74dcbbc1135c0ddf2d5bc1fa3a8cd54814bee816f6ee9fa54e88af9aa75ee37890044f8af51ab7033e5a14fd97696267aa112a470d87c538f0f009192

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
bf68679f7a8f0dc946e1231e791e59c5

SHA1
a3af470989f7e2c02193bbd41c8cbf6d6a082815

SHA256
2cb0f79f906f6f41c0b8b06a359851c48b99dabdf9c34155f362a41ec10bb450

SHA512
44093fc2936703d18d13a215debe5769fba877e82da99a91dda31fde6ba371f7030fd2f2a46f98b958eefc0bd01a02f7dfbd3ff4e73ae406e206626814936cb8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
8f9a0d06968231ed90fa269bbb68a852

SHA1
621f8d7dcc85947de2ecfa975801c6c114580874

SHA256
53a3bd305dbbbd7a84fa900fff56d001271cace867478c52ccbe118ae9cf3110

SHA512
c6e472d6a59fa55eaf71c4180122caa8e139b31c9d209ff4ed71873e5e3a220872fc7290d13ffc36747cf285a186a3c880c592794ae0a7981c2d76d65633853a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
4KB

MD5
beaf9ff22d89194e5911e899862c0cb0

SHA1
e86178c284dcbc09ddbc5bb351586d592874aac1

SHA256
875596e40e203b0bf766adf11941d827edd9fb3bf71a8dabc2d084f19cbe797d

SHA512
996f8eda9dae296d28be2d5b4b42ad36ea5b1d8b277d3ade1244257fda33cfa6a52641119b2907ec4d001c8d5d60e6cfabff4e1beba6329973807988cc217ba6

Download Submit
/storage/emulated/0/Android/data/com.qingk.pooxprddrdvusqobatsexvauoooaoewr/cache/e5f923905d6c48c19477836813fba343

Filesize
1KB

MD5
869e30ea13dc89b7b9875b2e72240981

SHA1
535059acfb73aca31cfc0308241ccd2b9b3d8500

SHA256
90f70cf06b13cce6fa424de1911e3eb7fa1b7ef51822c2a874a201e48575014f

SHA512
e40215cd1f571bc85a0c720804d2f5e92fb66508057417b186250284c76e9fc317591c631315f9bb018a8ba0e55e88d1d5803154505511c1e646f5385c2f0cb2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads