569a1a092991f064c3b43329d707c9e6809a8fff4baa38ccb194a7932d453d23

Analysis

max time kernel
12s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
19-01-2024 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6665e7b95a849be8ebdcb04e431c2ca4.apk
Size

18.1MB
MD5

6665e7b95a849be8ebdcb04e431c2ca4
SHA1

7c07891b67078eebd198034b62a55127bd42d563
SHA256

569a1a092991f064c3b43329d707c9e6809a8fff4baa38ccb194a7932d453d23
SHA512

05432a944c29ceab841a30b5147c3129906650f2254a837adf14e8c0d09798c80119f4eedb8c767d67a11bb51a82b2d073cb1315f2a16961207f173f3133b47a
SSDEEP

393216:IWrshhjoLSzPraH+fL8CfExaFpT6PSNrIXOYvgQJfBRE:R4jp448CfExazMXl4MfTE

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.profusionstudios.powerlineio.fhp/[email protected]	4482	com.profusionstudios.powerlineio.fhp
/data/user/0/com.profusionstudios.powerlineio.fhp/[email protected]!classes2.dex	4482	com.profusionstudios.powerlineio.fhp
/data/user/0/com.profusionstudios.powerlineio.fhp/app_mimo/mimo_asset.apk	4482	com.profusionstudios.powerlineio.fhp
/data/user/0/com.profusionstudios.powerlineio.fhp/app_analytics/analytics.apk	4482	com.profusionstudios.powerlineio.fhp

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
27	ip-api.com

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.profusionstudios.powerlineio.fhp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.profusionstudios.powerlineio.fhp

com.profusionstudios.powerlineio.fhp
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4482

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db

Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db-journal

Filesize
512B

MD5
0ea68f2316fd2e7167189daf48282dc1

SHA1
760ccbf69ae77c3a5889dc93f71a60d0116c4807

SHA256
6ceadb2c6a707f64d34ce71987d6f5a32ef2ec2961f7f7b831b953a44b62e50e

SHA512
9c92c5ff924ad6c14b90ac306028f7e2c28ba8a0aedb3367625c5f1dccf573a9ee5286ac93b87c23afd2f1a93098d7d6241218bc132d14c8595a706484f63dcf

Download Submit
/data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db-journal

Filesize
8KB

MD5
977fa819274cc67ba428d94e1b02c78b

SHA1
094384544f8cc94608bd970384cfaeea40f173cd

SHA256
99587cc669ffab08a8fb24aedc1d206826885aac4d689b814c67651e0069e3d3

SHA512
fd5620a618201d418cea9ab9b08a6409b160af5a06fa19d74728ea383d028d42c69101529ba9dd1766838b390f248f5447aa82c883b7007cb7ac3de71e9f8744

Download Submit
/data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db-journal

Filesize
8KB

MD5
7fec2d0868aedaf5eb41b83115d2486b

SHA1
5c3a52ba88b58890ee4ff957f2b65b2e776cd08b

SHA256
647c56a6acdf77cd3b44a01fbdd39830b1c1f2156455e7091f6a3c20101285e5

SHA512
4b58667858fd388f99d417458a134f3641952afdc7586b854e67af6a50e51378b61eec722369e42e5a2721195b9dddca7dfaaa1fb30dee98d4836348dbbb02da

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/.jiagu/libjiagu.so

Filesize
496KB

MD5
f07656a2f51ecb23edc102003c32b764

SHA1
3ef18f74b609313887b9e825c56a54b5a9eef20e

SHA256
f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

SHA512
34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/[email protected]

Filesize
6.2MB

MD5
35fa4580417d6e3e8b59d2cd4d8d451f

SHA1
7ff30f53f72a7796a2e78c99cae21803e4b90cd7

SHA256
d40ebf14092668d72cfa9c309245d8eb62da7edaf8cdee1c73a750817bf30b48

SHA512
0df1a140e85830c22b305e12c4ca19eda074e9c8e875defd7486e9810ba510be8071d1ffc3f4ed7f79e9a382d57b5adfa5ade29afcec9cc727a87bd0e6de287e

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/[email protected]!classes2.dex

Filesize
454KB

MD5
da1401a586791fd04c181804a5051de5

SHA1
ead88b6c3dcf39f01b00970358e40b2182285b90

SHA256
26e4004375b8e8e0fdf7d1fce91c091879f042e2331d980560009d44de156025

SHA512
6c8471e557a2fe399921ed25efb757ca36428c5e1eabe92e71b522e69d26bea983fb0c513e1d29e8baffc3da71678b55315fdd6aecf94e8331cf61bbf45b4bf8

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/app_analytics/analytics.apk

Filesize
756KB

MD5
28e256fef0da12d810df08f5379a640d

SHA1
a3a9631a794835c0efe6b3c908e38f643b37f1f4

SHA256
4099dce40d646f9e919daf80c3da81a24df6b2cd36692993a4691e7816185951

SHA512
9cef729667d321dff65ab5a84984b457a0c222a229ede1f5dd129f757ea6c9b8e34296d4963c5efa3f145113890fbf48a5fa7bdfa715ef2f6400c6b89123b0c5

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/app_analytics/analytics.apk.tmp

Filesize
328KB

MD5
96cd1d0d3869ba9c0268093f42a43f2a

SHA1
3ba56396229842edea57e2505ceb13f69a17a659

SHA256
eaa7c018cfc3eab41e841f1b8442e55b9a658cc77ce7d56df1b7f0cc29f66c4a

SHA512
6e60aa3601d7021d195c1c6d37b0872823e3f1adfd44fe38acc1f69ac95b0bd5a675c2d33bad2055c1dfb037e233bc60d2b801aea7bc245654284ae29a30eb30

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/app_mimo/mimo_asset.apk

Filesize
390KB

MD5
39692de7ff0848e54bf6ea1ce9ece672

SHA1
bf6299d772f195bac724f738c49cdac0c538abe4

SHA256
011c400d36773b3b475290c2d1af5a829c0597c24dfbb10e12222611a4e1300e

SHA512
3ea7d8e4a85e1b8b7759984f817df7c65656d057e31b11ec1a970e79a99b775fca5e5f8ef942f99869a14b58a91c1a5838b5711ac33f915cf8f7f77280bcadc6

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/app_mimo/mimo_asset.apk

Filesize
664KB

MD5
b29e22fce48fb0eabe12763e8441354a

SHA1
484b1154fa16a63c980631d74dd240376677f50d

SHA256
15fd755bd4c20c78a13e38bd3337bc5a80686b43365a346706858b9b817795ff

SHA512
2d0ec43846f67918fcffb5fac4ebdbd6f4e52592c5e36133e6e97ca26db1985fca04608d0fe8555b3e44c6dfe1db46b85b4192866f21e476188b03569307c53a

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.ac

Filesize
32B

MD5
9efd06f30287cb4e8d58e151b3b299d8

SHA1
3b8aa83f9491f9d9c4d84c4a476e0dea895639ef

SHA256
0325779b5698c0b82a3fb51b65ab58444b2280d566c5cb9334501d4eabef3ad8

SHA512
6620919f71043ac7726c21668e5a357c48cf18972b3965b1c40a605c59f5d9bd50516a385d4d256a72cde6ba201b43afdcc55f7a53e3c5123785c96bcbdc5e22

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.di

Filesize
340B

MD5
296f684cc64cbdbcf091b1951bd58cb4

SHA1
cbf0299ad970cd0abb3a97a7ac0a2d78640b40e9

SHA256
128a29b126d14bed29d6bc0f52faa389e62e0b98b256ae19b5f2112dfd397101

SHA512
8626747393b1662cacbe11a69f901c26ebde745707b10a9d260b27f18f9a7662913ae06134dda4f0c0341398052cca943ce3b77ec7bf97fbd3716fabfb7623b9

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.ic

Filesize
32B

MD5
bf3bd93f5cee8eb8b1ccffbf474aabbc

SHA1
574d2eb7bd65c3ba47fef3a48820315e5b8a7d9e

SHA256
8413bcd1380381dc75ecd1217c5ba0b0fd3b4f748f566b7fcd8b034308df2ec2

SHA512
56a00d3919c0e11330fa550dea02ae362d71d8ba74bfd98549795956d72f28f998667002b910b9819add941d0c9793fdb51e1206a900412948f0b00d4a4dbc2c

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.rd

Filesize
32B

MD5
610a31e6265a25e7ea5ef7708062a112

SHA1
940e55cc77a1ca6e6dc27429cd1efe948165d29b

SHA256
ba86d79acef15247b0f9b19e3ec5422f08c96d4b4642194c9b9808a730116381

SHA512
c78aeb1856213ba5e5a9f79935b27c490d4e3328c9655b1ddabb9eb1d98f34871c498930ed611f5ec88abf556ec7e349225e924be8d00faf3e49833e410fc0cd

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.ri

Filesize
314B

MD5
f6facaf58f5ec5c213dbc9b3ccb5bf70

SHA1
e2f1002cb3721bc933d85b7192c257f607cb0ca5

SHA256
0675847158d129a893c1491d1f916079797f63bfa578ac6dba737c44784725ec

SHA512
74ca736f5d68cb6dac5e0d74396c75e59c39d0848099f425773d66068e0d011001dfc18325bba964581ee12bcf77c09a64a28488903b8ead0c1c9452bf08d308

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/.jiagu.lock

Filesize
27B

MD5
60b210053b25781c886c3f3b1609891a

SHA1
973eef845effd815e9db11cfdae5753a3ebe46bf

SHA256
8ad1a1ecd3afa04d5a5e4cb0a848fdaa5aebf5c03e6222213ff0be887f6baa69

SHA512
68359c770dd9e07d34ab7825bb9db2af8f556fce2f7ed957151657297c33c407fbbe440f5b04b938b48594e9cbcdac2b141d4aacc7025e46ddfed86d984c7b97

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzA1NjI5OTE1OTAx

Filesize
1KB

MD5
ea66d6cf7bd016087526f25e57b45165

SHA1
315b3b808c3bce348358c88158594a6b8f0a62c7

SHA256
585c0b2487cf79129e670e4a2826c25acdad19679c8f8eb33b12529cde73989f

SHA512
de3d160aa9864cb24d8608172fee6d681c4e27524503321948d0a85431c1e703c23cc9122e8f5ccbba0a82323611806d1e543d53f0555e61a52b118b6100d9c7

Download Submit
/data/user/0/com.profusionstudios.powerlineio.fhp/files/umeng_it.cache

Filesize
350B

MD5
d34df251b9635b1b2ef2a8d590d72d76

SHA1
25ed4e78b53bf7dadce14f7ed9c24a6b2781867d

SHA256
2d80f4500c3be7731fb466387d4d6f550e19da52285e4c3732dbd620529ba32d

SHA512
69c8ec0bc0c9ea3662892bd2165cc4acc39ce5268bdcf63bd260e08923a8ba5c9d2d7b646626272a31ad142262f34f8e43586873a333dae4ba89047e8a866ac9

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
b4159310dc830f5e8aaf3fe33e544b37

SHA1
9062a73368ea7fffcfda55e16ad4f147e8fad062

SHA256
f9c2dc4e6cdf908940aaea8ae646119f8cdfda2ee39eae0a3035308e264fed63

SHA512
743f8961b02199833489d8152513c2de504070c503c053d79053f03970b6b122b7ed80e99372eeee723abb27ced0093cc985c79238b7bbf074e2afa4ae4bdb46

Download Submit
/storage/emulated/0/save_data/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.di

Filesize
340B

MD5
a04669e708f77582fc95854c30d6e2b8

SHA1
20ceefbec310c453326a77550ce20a2d241aee0c

SHA256
eee7ef8c3cc6525676039b5e059e78c706599706fa12ab2b1916024eb9f90ec6

SHA512
4aa1885d20ad5b1e5c3ab3879d91d8aad1608da1844cfd9d8c9fdd4647f4c733873a5d467d97be69bcd6a09f420563ae94aa0b7effe1ada23fc9082accf7e9d3

Download Submit
/storage/emulated/0/save_data/com.profusionstudios.powerlineio.fhp/files/.jglogs/.jg.ri

Filesize
314B

MD5
8ffe23e5017194c750908a017586c62c

SHA1
f615754d5cc55fdeb7c88b1e000517ad545dbf29

SHA256
4cb5228d1a7be646bf403d13ddade5570bc49cc5ff1438fc8d80028f2b804eed

SHA512
0b8f19fb80efe9f40a7a62d19c0875dcf7a39d40c85c90e3f52468628e0be55d8a382e4665a8f183b9613867466dcb4cd60abccfd5a0d452dbb11dc2e26e6567

Download Submit