Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

5ad1a621f9...19.apk

android-9-x86

8

5ad1a621f9...19.apk

android-13-x64

8

bdxadsdk.apk

android-9-x86

bdxadsdk.apk

android-10-x64

bdxadsdk.apk

android-11-x64

dynamic.apk

android-9-x86

dynamic.apk

android-10-x64

dynamic.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    120468s
  • max time network
    147s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    14/01/2024, 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ad1a621f98cf027490d939e6348f219.apk

  • Size

    20.0MB

  • MD5

    5ad1a621f98cf027490d939e6348f219

  • SHA1

    3b7bd6ed30db70a2d62ac946db4b3f88854dfe57

  • SHA256

    cd02331e5d879af2a8b7f8fa751e60c607f15d9d061da08e24f091b6f3d870ad

  • SHA512

    3b872a2b6190a60b857a4f7ea47a12753f996d48499d66241b5adb14917bc24b090115f0144f4c19aa27739cc5210cc24dc699aa506b1cd396a554fbd415e294

  • SSDEEP

    393216:Ortoqwl+PJyNKZoO3nYp+GID0LE+HYbO86gMUgXwOVNXGIHfQVP2kfH6LfG7/d+F:Ortb++D/A+G80FVlYgAWoEVLfG7/d+bh

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes

  • com.expflow.reading
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4271
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.expflow.reading/files/sllak/opt/4271/finalcore.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.expflow.reading/files/sllak/opt/4271/oat/x86/finalcore.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4300
  • com.expflow.reading:magic_v1
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4476
    • getprop ro.build.version.emui
      2⤵
        PID:4853
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
        2⤵
          PID:4989

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.expflow.reading/app_crashrecord/1004
        Filesize

        228B

        MD5

        3ad4130c2e25db81b18f73f08203be4a

        SHA1

        2a79c4760b56339f1c18dd3e5534905eaac90f23

        SHA256

        0af0e5da94c1607fbe664b4a1e7d05d2ba10905f5671c8d3605a75ec3e2a7cd2

        SHA512

        4548fd29fc80689ccd84b41c710efd22746a2becd273c0aa064a6ce4ce105448809cff0cbabb4022ab6c619a671334a58b153048356716a339e3522c4d7167a4

        Download Submit

      • /data/data/com.expflow.reading/app_crashrecord/1004
        Filesize

        228B

        MD5

        d60c6d86d762843fc24925e121798e18

        SHA1

        22078525cc1127bef34205c24efe81b1c1dc34e7

        SHA256

        43dfc2edc89d790137cfa2908eea9c22c8ae9c81d623c717da72c0add8d410d2

        SHA512

        59131f1485e7a19367e1168dc098a3de976d82211664ea7eb3b302f48f6fe71289fa3ddf32caa508147adf4b83c1e97f419a2834c3290d762b3f6a3a52a679f2

        Download Submit

      • /data/data/com.expflow.reading/app_crashrecord/1004
        Filesize

        77KB

        MD5

        e330dcaf7fd1913f2abb32c1e208d111

        SHA1

        e0f15c4cd2f7ccbc02459d51cb888f3b9c3136b7

        SHA256

        1663290013d45c2d2d229aab93305acaf111e34e32e0d1f22f0d16d628f59e62

        SHA512

        040ed276f5fe29fe53cd490a23d8e959ca65ab0024250ebbbd6dcceac21fbec4972def25770cd6b932d9bc0c848860f6142ca41a54204a1e335def8e8a5cb784

        Download Submit

      • /data/data/com.expflow.reading/app_crashrecord/1004
        Filesize

        58B

        MD5

        0d210bfb2a0e1f1b4c082a6a0f79de07

        SHA1

        bb8ed9e364db79d1d9f2fcde3f15091893222faa

        SHA256

        988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

        SHA512

        536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        Download Submit

      • /data/data/com.expflow.reading/app_crashrecord/1004
        Filesize

        237B

        MD5

        79c20433c41409767cfe4dd72e263c02

        SHA1

        c5efbca02035697a84b9b763fe339d3a4cb550e9

        SHA256

        f8b82c10633a7238f348b900ee428dec99eacb014f1612f3054f47d1e0bc2f2c

        SHA512

        01e95831e95997b1b78502632d07661b650f7d5a7db37e5205efabdf56125183ede61dc824912e911836123b8af6bf23779cd68beb9ef46a00d686fea78e47e5

        Download Submit

      • /data/data/com.expflow.reading/databases/bugly_db_
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.expflow.reading/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        7a29ea337452ab7b47686061d3284c1d

        SHA1

        7b010ec54809ab0a5dec7719648fc95bfa0aac21

        SHA256

        021b4fe13c8ba8e812aa442b49b69332be8ee36b0c79af1636443d8a78bd08a4

        SHA512

        19c1833cbc3609dc1e4c32a8ba7183812e46befdb9b2e01288faa2b2ccb405fd01e69bdfee863b4da25027b6f27a103b3567d32c17ae21c590955dccc3ad36d9

        Download Submit

      • /data/data/com.expflow.reading/databases/bugly_db_-shm
        Filesize

        28KB

        MD5

        cf845a781c107ec1346e849c9dd1b7e8

        SHA1

        b44ccc7f7d519352422e59ee8b0bdbac881768a7

        SHA256

        18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

        SHA512

        4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        Download Submit

      • /data/data/com.expflow.reading/databases/bugly_db_-wal
        Filesize

        68KB

        MD5

        c82c44fd08919a1120de3777c38d1eac

        SHA1

        ef77a7fa756d4d0c6657f9a65e00ddad12a2b257

        SHA256

        4fb007de6ceb061b9e2b623cb51fa1ae2a7eecec69159660e126d89af5e42900

        SHA512

        aee479bc239ac359b7a8264958cec3a11c70cad384b68f48f7d9879243e2b76228ebb80829d34d10e2e6e7df123cab35235ac6cdfd7a31eb877463b4a356e1ac

        Download Submit

      • /data/data/com.expflow.reading/databases/bugly_db_-wal
        Filesize

        124KB

        MD5

        f47c1a8fd430246d74254082fb66761f

        SHA1

        962739da144bcb641c2b05031eb046eb950ef21a

        SHA256

        27cbc1785f850fe0a8a2ee330e592de1bb1ee782f829434c99f1b988f30f4ec3

        SHA512

        2602e6bea0cfd3a87c5bbf43d41072a85f77f4824c76773185e214e76bc71f1c55b79c9d611993e98b09670d2563293538f567367589ea3fc88b55e9f63f1678

        Download Submit

      • /data/data/com.expflow.reading/databases/pri_tencent_analysis.db_com.expflow.reading:magic_v1-journal
        Filesize

        68KB

        MD5

        5a8d83a15b4a7dbee96fa2ec359efca8

        SHA1

        e5a219a3d4868b7f70fe99981f87c819dc70f5f7

        SHA256

        4b76cbe0cfe33cd717a1652881658ddcd0cfa02b5ae560a17e09f4b8e730a8d0

        SHA512

        5be97ec61ec72588210c085de8660aee848ef7cef2f9f0ee3e4dcadf3a9099bec97698cac287f8053183c96212ffba653f550c0717898bdfbfea3781e960ca66

        Download Submit

      • /data/data/com.expflow.reading/databases/pri_tencent_analysis.db_com.expflow.reading:magic_v1-wal
        Filesize

        64KB

        MD5

        27abeabdd61548fe8a3a1c5aa1eecf2c

        SHA1

        92e19c12e7e91d3ff9ee7c5b899329f07947c209

        SHA256

        42b47e5b8dff30c88fce96aa53828f38d1577080113e9b3d69191352e965e32b

        SHA512

        2b7af5eeaeea9ad57e16971a11d7de9094c821d37f622ded79c6d551b344817c4af5f8c86b9338a35fae79c4a99630272130463919e828ab46768c50b79a92e8

        Download Submit

      • /data/data/com.expflow.reading/databases/tencent_analysis.db_com.expflow.reading:magic_v1-journal
        Filesize

        512B

        MD5

        e83289a01820cb1e6de99fb27500c51f

        SHA1

        8e8d0f2938e11df3e16a3c3712b57e70be8f734f

        SHA256

        d008b9ec8c1129f2d32ac91ece350393913b0e4be9e95c2e308f43634cc3e8dd

        SHA512

        eec8b45eeb5ecd73e40b698a24487d111b3a2282466e0738eb1b5a26d058ff7635481b2064e988093140171664206d1c77ba3304027c919ba77971ff796b38ad

        Download Submit

      • /data/data/com.expflow.reading/databases/tencent_analysis.db_com.expflow.reading:magic_v1-wal
        Filesize

        72KB

        MD5

        386ff8794d471f7016aaa2bf86e543e3

        SHA1

        e665cf4e94b5572746119f15b6a7ef4814286e96

        SHA256

        67d7656930128f226eb2dfb58d1a32c4bf959ee734b1d87ccc55139fb959782d

        SHA512

        7df8b201c7311eda2b41dfebfe05d4ce1e5f9e46db48c95706f3ea021818ae334969af630f4bae285af39c72fbbdfdb3c3e1919a2fa5f0a737119da9e7fd5127

        Download Submit

      • /data/data/com.expflow.reading/files/umSocialStateLog/1705222368111.log
        Filesize

        537B

        MD5

        dd35e2ce4f1fbdb333f03c21eae42b55

        SHA1

        f8817d46465dd73a061edcec0ca7825ca9513a75

        SHA256

        56df8fb8414cfbd2e72db236843254c7be2b112ac7994c82354cf57e738b9cfe

        SHA512

        693558dc72cf2634861158a5d5cad59ff8ba229a6afabdf014c2983842d81ff10d434db404a7073c7507f9c3d62bf3d0f96c9dc319d14b29bec4c7d9ec5c4151

        Download Submit

      • /data/data/com.expflow.reading/files/umSocialStateLog/1705222368111.log
        Filesize

        537B

        MD5

        d184d42e09712ee8b062126be4c57745

        SHA1

        907f9a1cd2abfefe209f25c31e33549643c8de4d

        SHA256

        d715687e2264a98b2a23dee20dbe695e61bdd771aa67b739692a6620344e549e

        SHA512

        ae6bcd5d1d63450688debf34bbdda08aafee01a8018ca2800b9351c7f23667f72561405559643a4ec1b57d9ed10e94197f9065c1ffe7b0c1ef42f93a900e24bb

        Download Submit

      • /data/user/0/com.expflow.reading/files/sllak/opt/4271/finalcore.jar
        Filesize

        176KB

        MD5

        29363f4603b193b500478ddded3e0633

        SHA1

        74ae6e20470720407d30ea14e07caa48f83799de

        SHA256

        620d0c1318843c093709bf7db48c0025bde654ab2dafe802342da71fc5b37a40

        SHA512

        fd6645c687e2cbf7ec29d0a05aa00823be639e337e845f138fef5921f7140060ca8fe6238f19c61e8a80b6f27bb23e4e0c44b0a58dd059cf1143ea795f30ceb1

        Download Submit

      • /data/user/0/com.expflow.reading/files/sllak/opt/4271/finalcore.jar
        Filesize

        176KB

        MD5

        463ab8838d7f01ad91629012c5610ffc

        SHA1

        448ac94c3b01409e09d649ecd5a4fe7c6609bf3e

        SHA256

        f3fa80382f572ecceef772f4a4b2318814dd99b2f298c789ba42e377af6aa355

        SHA512

        65dbf706d5ad0e344f88a059946c4d852810d0668b78bc9d1455597c13b3eafaa4622e9cf8abd21aa04ed99f3ac8ca6b64db8a87a0271daa14a9ece89b9fc1e3

        Download Submit

      • /storage/emulated/0/.sfp/.sfp
        Filesize

        83B

        MD5

        26238c9f8098316157d06e8dc77d410e

        SHA1

        df98aae1c640527ac8c3c7e69050ffc4a24d1fe8

        SHA256

        6eb5ea5eb569da29700035b9ada6d46a65981a07a451c6434b1936c6430257c7

        SHA512

        6b453ca77e380a26a8c7dcf32fe69ad1c25df896dd83c8a1b6aba74130b0d37e656e99f0327dd04529c136293d90d0504cf718b574b6d4ca76803ff17cce77a8

        Download Submit