a22d19f8f32e03da1446efdac67ccb6262821742d3a43bbee67c4bff92f93f91

Analysis

max time kernel
9s
max time network
138s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
18/01/2024, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

663990198b7a42c6580c698ce373fa73.apk
Size

16.4MB
MD5

663990198b7a42c6580c698ce373fa73
SHA1

cbc3c6f5cb1699471a4b164671af0a55c43925cb
SHA256

a22d19f8f32e03da1446efdac67ccb6262821742d3a43bbee67c4bff92f93f91
SHA512

6d245bdc2cb2ca7fb56b60259cb2c5a66af0b8ab4e7ddfdffd585c0184bf47586d87ff83728e930b283e449ed369ff9fb8790baba3fcf1ab3e40bf2f19b52692
SSDEEP

393216:AiCWly5kh5kVAa54RNhZ1/xSHzbHnWAY4GmPAc1EjVYLu5:3CWlyGhGVAa5eD1/AHXn9imYDYg

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.suofeiya.smart
/sys/qemu_trace	com.suofeiya.smart
/system/bin/qemu-props	com.suofeiya.smart

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.suofeiya.smart
/dev/qemu_pipe	com.suofeiya.smart

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.suofeiya.smart

com.suofeiya.smart
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4205
- /system/bin/sh -c getprop
  2⤵
  PID:4278
- getprop
  2⤵
  PID:4278

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.suofeiya.smart/app_crashrecord/1004

Filesize
234B

MD5
113639e1153dfe248ea4f46d0d915872

SHA1
d59f546b4d0e819ad6d8db5c8b875e767f83eb2b

SHA256
3184ba08628c4ab313a4bcb61f352daf2fb75b1c48617d94a542cbed789ccc5b

SHA512
5833924462c59a9cf5f9287908f80d28ae14b2dfeed68857236bba79de06a27d04878a8edd7ac407ed93926bba96d3c4e67aa5ce6116aa288332b159cbd1954e

Download Submit
/data/data/com.suofeiya.smart/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.suofeiya.smart/databases/bugly_db_yaq

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.suofeiya.smart/databases/bugly_db_yaq-journal

Filesize
512B

MD5
489dc18b7b36b7ac5201572c3385ecc3

SHA1
3beabfa7c85f2dbe9aff0fc0ad470abb1a89673b

SHA256
12aa574bf933c03ea08d002df82f1a4ecb9a4585224ce4e03c60e865e5856f94

SHA512
06e090bd45cf79233f080b52611d275906ceaf0cbf3316e95fcc48d656af8e505f3dc7509fa7d919faa4b97b317c062c027d3852a26f91af364f8c30d7adbaf0

Download Submit
/data/data/com.suofeiya.smart/databases/bugly_db_yaq-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.suofeiya.smart/databases/bugly_db_yaq-wal

Filesize
68KB

MD5
dd189078966570a82f2eeb2ae178f0eb

SHA1
9c0f528e826e5109ebb49eb5baa13a18995c6cc3

SHA256
1ac2ce8e1478a4693b4954db34cae8c41f28507b5d6a660f6db52774bd9b1043

SHA512
a989caea06d8a647d5a9973098e8888075e30c6c7c7df3e9e916a010c89c597c8bfb1288a1da5c1e3dcdaa00f8166f6f2d066c8989c77e95a7d229864a7000a1

Download Submit