7879506b52103c40124a5bb569bd9b0ea7a0a19756db3646ff90a5d12b07537b

Analysis

max time kernel
127s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19/01/2024, 09:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

675233213350f9c17595bfaab927ade5.apk
Size

11.9MB
MD5

675233213350f9c17595bfaab927ade5
SHA1

79e5e11ffe8443f85095d6996be67b1845663f46
SHA256

7879506b52103c40124a5bb569bd9b0ea7a0a19756db3646ff90a5d12b07537b
SHA512

1d8a23d4c09be7c1994cae970868e24dab0383ae5ea7f4b8ddbf1a3e22fcd6f22113cb21bf2d43c405930c5c11c46c727afacb62bbc6f0f93541e9fed1f90c81
SSDEEP

196608:AGOADqx5kbvRlKPU1JiqGzzGh4vu6fxsEoydyUExtbuGnrIU3+PZh8XSqUib0xNr:AGOeqx5kj/D1JiqGzzGhsfxe81EjIUOz

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.uzero.baimiao/mix.dex	4261	com.uzero.baimiao
/data/data/com.uzero.baimiao/mix.dex	4360	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.uzero.baimiao/mix.dex --output-vdex-fd=49 --oat-fd=52 --oat-location=/data/data/com.uzero.baimiao/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.uzero.baimiao/mix.dex	4261	com.uzero.baimiao
/data/data/com.uzero.baimiao/mix.dex	4433	com.uzero.baimiao:monitor
/data/data/com.uzero.baimiao/mix.dex	4433	com.uzero.baimiao:monitor

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.uzero.baimiao
Framework API call	javax.crypto.Cipher.doFinal	com.uzero.baimiao:monitor

com.uzero.baimiao
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4288
- sh -c getprop ro.yunos.version
  2⤵
  PID:4308
- getprop ro.board.platform
  2⤵
  PID:4288
- getprop ro.yunos.version
  2⤵
  PID:4308
- /system/bin/sh -c type su
  2⤵
  PID:4341
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.uzero.baimiao/mix.dex --output-vdex-fd=49 --oat-fd=52 --oat-location=/data/data/com.uzero.baimiao/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4360

com.uzero.baimiao:monitor
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4433
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4474
- sh -c getprop ro.yunos.version
  2⤵
  PID:4494
- logcat -d -v threadtime
  2⤵
  PID:4513
- getprop ro.board.platform
  2⤵
  PID:4474
- getprop ro.yunos.version
  2⤵
  PID:4494
- /system/bin/sh -c type su
  2⤵
  PID:4546
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4586
- getprop ro.build.version.emui
  2⤵
  PID:4586
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4617
- getprop ro.lenovo.series
  2⤵
  PID:4617
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4642
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4642
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4666
- getprop ro.meizu.product.model
  2⤵
  PID:4666
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4696
- getprop ro.build.version.opporom
  2⤵
  PID:4696
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:4721
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:4721
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:4746
- getprop ro.aa.romver
  2⤵
  PID:4746
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:4771
- getprop ro.lewa.version
  2⤵
  PID:4771
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:4796
- getprop ro.gn.gnromvernumber
  2⤵
  PID:4796
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4821
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4821
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:4845
- getprop ro.build.fingerprint
  2⤵
  PID:4845
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:4869
- getprop ro.build.rom.id
  2⤵
  PID:4869

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.uzero.baimiao/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-journal

Filesize
512B

MD5
73d3d41d9d8c7d4b95475b02fb932381

SHA1
d8acc14b70613555c29639ece5290c0f0444256b

SHA256
1d68aee6ef49b9b7db699c60e6f32bf1d82f43ea8952d99f50b93316a47dc0dc

SHA512
85d4b11e5d2f89d7802803ccf0ba3be4c5482b16647222790a7e13c40340d22f467e13d941e859004b5aa903941637b0b8a7c0aa7fb18bb86d3b462a2d64beaa

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-wal

Filesize
148KB

MD5
3fb71e5eb806de4b1fecff4ec41ee01a

SHA1
fd3e8f027752391f2258b0a2433e5d6e1921541b

SHA256
504d2f068f1a4d4fd2c286ea2bb7e9b5d82ce1a47073f1ad60f7459142106dcc

SHA512
ce19358d5d2fdfb2716221d399ee166e2eecf038920b2f086b3281487b281fa0501582c71c3cc0530b8b85084c0c62aed3d6bd5ca2ba65ffbed0895433b660c9

Download Submit
/data/data/com.uzero.baimiao/databases/bugly_db_legu-wal

Filesize
76KB

MD5
5a68ba84adc2cce3bdb8a1a45a36260e

SHA1
47a75c26487f0edbc21c6b06bd58b8725b32b7fe

SHA256
06c3fa4ecdb35a06a4777625f2f1764a85131f3858a1e80b79fed534df68a5b8

SHA512
fcead6c3fc1e46107589d2ab8ef9a6b29ea3163e952b22efb274f33a43f7eb496238a7189d4ed0fca39b81e7beccfd82915ea420e92d865c5346cf9db916c835

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-journal

Filesize
512B

MD5
ceec94fda25df0b6ebba092f409cf8ed

SHA1
0fe726022ab29528e1cdda5567fbae444e3b204c

SHA256
6a1911d9137ed11367f06207dbbcb238c22268a1fbbf3731359479aa31bb3bce

SHA512
b7f080ebe022bb40581fa72c07db1409bb0d235b43af34295950c55643da5da4df4e71b10f662cfe20e4636fb1efed1dca6029a85b6a61740a69b007ea649b01

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-wal

Filesize
48KB

MD5
0d105aa0cb49308cf7c2fd2f52917e87

SHA1
3e60ee0ca40eacef8242dedc2557223483c1b951

SHA256
84b0be91feafc126cd088e48216db330832b22393919bcfcb8b87cbac3e6b37b

SHA512
0197fbb32295ec1cf79b2810c773fb8155cadd8173be40b160a7baf49547a22bab99f549d48ea54c1822bcd93e14359e82506f57935e752882192634a471a762

Download Submit
/data/data/com.uzero.baimiao/databases/cc/cc.db-wal

Filesize
16KB

MD5
530791cd1839fc1b1e91d1cdb000d6d9

SHA1
c5fc2b7cc41cb14526de8e8e160e4118f1f7d71f

SHA256
e77548d75e77c4d376e6361e9aca06ab1447dd55ad8e2da677dbeb1997c26152

SHA512
50472b79cd7c3430ec48fc1b9fc4c4a1237f661adfef7297b8d8b3893e4a73616b5b6e9e9e9dc5a1640beddbfcfae72c28bda18679e3cbe9175e8d6ec826c92a

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db

Filesize
16KB

MD5
ea64121c7728b74686ee395c5c25658f

SHA1
335748fca7b7b8d11d38499d4ca0148b8846713c

SHA256
a99fb455fd34f42c076f2608f5899a304e44fc6ea03b8828ec2bc26234b8afaa

SHA512
8be7bfd208c0cc384342f7865061a2be81580371ac4398eb19f479f467d2b472514089c8473dbf05b50d8e40470af15945ed82f4527a7512dd14c1cced3d7f7e

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-wal

Filesize
56KB

MD5
9b5abfc32a36aaa82abc98f4232b2227

SHA1
cb72038664fe05ab96583537a75e8bd168ba1825

SHA256
ab2b9595766714d9a89d71c6c20105f31d640d09e491fe1c8274a3c6fa6777bf

SHA512
895a402406451594d03bccb0f9219510d75a7f810e4600f244aeac86e6d55e03de7bcc42a4aecb61198e118f1c3c5d0e71b30d3125c97d75a1926ed484f08790

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-wal

Filesize
8KB

MD5
2a1c9a65f6c43b993430e776f5780946

SHA1
c216e6ed2ceeafd107e6f3415950e93cc78b5adb

SHA256
b3aa97d7bf592622cd871a3da9b78996262da0d4574f88c541406832e9143e2e

SHA512
17c87791a255777fc14ce6cbeb4e305ffc1bd45c67bc763df68701825294029d2dbef06b3e54c0461fff5bace391f49fc88ff4f3d95013292dfd952be6132413

Download Submit
/data/data/com.uzero.baimiao/databases/ua.db-wal

Filesize
4KB

MD5
79a5e1b39c28f504fa043586c1ee008a

SHA1
84a435abf2b948131ad019c3491ae1847d04d007

SHA256
a9fa0d6f6adc8db041baf911fee600193e1303603ea2df2b2610b098fb399e18

SHA512
04f8d80bd6dd82ac7ea0a7e071d1bdeece4155d41ce1a2904ed48cf428a7a69ffb5e4239acd18c03654f9cfee28eee7b93ec3731065103264459a80dadb99052

Download Submit
/data/data/com.uzero.baimiao/files/.um/um_cache_1705658208756.env

Filesize
1KB

MD5
a3fe8f9414135f4280af14c3fcf18df4

SHA1
378bd129419dbbb61fc5584ebb3982466c39a108

SHA256
3f9fb17c20afa214580cfad5d7137505c07c9fa9cd20caa3887823e02208909d

SHA512
bcb4d121c36dfdbf842e240952213b24c8194c2694f1ac3f835f0c81808dc05b1401fb4370d74855087999978e102b1dd4aba95e546fa4822e104a125a6f2c85

Download Submit
/data/data/com.uzero.baimiao/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
bd4f61740988ae9ba5ec16e106835e9b

SHA1
59f40c2831013c789c2b9fcc20cf3a6950cd832e

SHA256
d5899fdb46af26e11cb49c717e51e2046a27a073ff9302e1007a7b51574c819d

SHA512
ec4feb8252fe3f565981a36d0ffd81a562c91426752c3f725dd656a3ab372044e1cf94d71d1de53f9715bdd2e196c04b5693819931a5f50f52e01ec10ca62385

Download Submit
/data/data/com.uzero.baimiao/files/exid.dat

Filesize
55B

MD5
2b51bc48e596108536518efb8663e19d

SHA1
5619fb7b9e0f267a159ccf0e38dc5ea41a9e968f

SHA256
ba522b9a0a8727b51a47b4e040a8e9a2ab2336a9709a8761ad0f33b5d2bad8db

SHA512
d2b33ad2a3ac6beb0f803aa784be5053d2a14da74c3154122f61fb55b287759cc17b1cc20af5b8a2622f46c03f9d2a82e3e292a82c3566304c59aed397a1ffdf

Download Submit
/data/data/com.uzero.baimiao/files/umeng_it.cache

Filesize
413B

MD5
38cefc5364780b7f6814b01c5cb3a990

SHA1
31d426444227bdc5a06f2620214b844260c3b77e

SHA256
12b122c4fcd9ac8479949864baf1805b9850febf609fc9c8b9fe2fa9c4da94e0

SHA512
b42d9308a9fa4bb7a6b7bb86a49a99eaa71bc7e92d9e0c7366fbeea8420f44a0cc894bead1c2a6517152b8014cf9209e918ed8fafc9c1205c8deeada81de6c98

Download Submit
/data/data/com.uzero.baimiao/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads