Overview

overview

8

Static

static

6

6775469d75...14.apk

android-9-x86

8

6775469d75...14.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

Analysis

  • max time kernel
    47s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    19-01-2024 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6775469d7558c8c121d62a7bcc46e314.apk

  • Size

    7.6MB

  • MD5

    6775469d7558c8c121d62a7bcc46e314

  • SHA1

    25cf4a9040cc08a76c251d31ce01319c32588015

  • SHA256

    0d8ce1e860c6515fa8be2101520c84548833c7a73f2eda007437d50fbbf71477

  • SHA512

    98b39fce13074decc7fc161e2163922e38fab1c98ebcc216189d1eaca04bd1354f50321173a63ada9544a40bfa912aa547a0572e00a7dcd9c816775c74681346

  • SSDEEP

    196608:BkcBOJ7wESGqKSc5HNMetfnnvaZa4+od1jnsU5QJw6QMAxW0wQ53:BXBUcxWXPnvl4fDnsU5QJJQbAtQ53

Score
8/10
banker

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Checks known Qemu files. 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

  • Checks known Qemu pipes. 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.zzjdev.didi
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4262
    • /system/bin/sh -c getprop
      2⤵
        PID:4299
      • getprop
        2⤵
          PID:4299

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.zzjdev.didi/app_crashrecord/1004
        Filesize

        222B

        MD5

        773ffefc512a9fccce2dcf1be3c35553

        SHA1

        29d3de5ef53a2267bb16b5b487b7d2c6d12e0ace

        SHA256

        c71dfe24cde6786f45f8fb5de2abdb383228aad3cc2ce2b98abfddc44c222b1c

        SHA512

        87c15635569865d9a074620e38c4a7929bb2a359199f58859ecd921f31fc88fc7d5cb11a75096a221bb5c89c9a1e604f472bcaf5944eae67480fc01f23abddc0

        Download Submit

      • /data/data/com.zzjdev.didi/app_crashrecord/1004
        Filesize

        58B

        MD5

        0d210bfb2a0e1f1b4c082a6a0f79de07

        SHA1

        bb8ed9e364db79d1d9f2fcde3f15091893222faa

        SHA256

        988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

        SHA512

        536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        Download Submit

      • /data/data/com.zzjdev.didi/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        b398c67031da93ead65ecda5af162a0a

        SHA1

        e2ac0447ab621efc2c529eec7961fbd2dde0ada3

        SHA256

        79036a60871ff9499760947b1b50c25fb395cb7c3698a95847635f961b022624

        SHA512

        ed79ca659576dba72e7b07255425a53d8fff93d8490bbcb79bee72bf2649cc66ca00cef2dce0d2c814d878b64c8eeb256f719f4d585aeaf41d3fa86d22187f38

        Download Submit

      • /data/data/com.zzjdev.didi/databases/bugly_db_-wal
        Filesize

        68KB

        MD5

        b1694a0a2c29ff59e00dda805c442150

        SHA1

        3c939feecc4d48e6a1f1f19df8e4fb0d0d7860e4

        SHA256

        8ef623da61b504a8d5cd97f68642ab4d18108fdd01608616966967b08b2e76fa

        SHA512

        2b415852411a13540fd3c4a30f2c40334515545fde58f07730a7a98be881777383868dacc0280c2cb0a2d130a5ac788aa217c48a7a931ec2f117e597d21d1cf9

        Download Submit

      • /data/data/com.zzjdev.didi/databases/didi.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.zzjdev.didi/databases/didi.db-journal
        Filesize

        512B

        MD5

        00066966bb1ec7391904a5cb2e9b5d7e

        SHA1

        4bdca8a33b192e81ce70b711c86d6c2c61f4514e

        SHA256

        59cfa0618953dc5957fb600de72576fca95919b639f8b22cf81e79bfbfe77df0

        SHA512

        ce6b2d3c6eb0f8bd23c059d8e8633d29a8689130e1880a26482330f7ef3bcd95e01f59ab05126220ba904894c394ce53e47080a4b7b5968f2111798f85bc2d87

        Download Submit

      • /data/data/com.zzjdev.didi/databases/didi.db-shm
        Filesize

        28KB

        MD5

        cf845a781c107ec1346e849c9dd1b7e8

        SHA1

        b44ccc7f7d519352422e59ee8b0bdbac881768a7

        SHA256

        18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

        SHA512

        4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        Download Submit

      • /data/data/com.zzjdev.didi/databases/didi.db-wal
        Filesize

        40KB

        MD5

        39087e8d50960570aecdbe6aa7eecc4c

        SHA1

        e718e2d3e686553edeb2155111bc54d335aae21e

        SHA256

        67a25b09487af4347b3c9db5e964302a29d32cbd7adf20f91c322e1fa86d70bb

        SHA512

        d6aeb2f2962cbe57b21792a992cca05ad2f5879715d0de87bca0427f9f2b73d91584f3913553aa09d37977e950ea55abc9a8f860c0d8d9dab377610e821e56ca

        Download Submit

      • /storage/emulated/0/Android/data/com.zzjdev.didi/cache/Glide/7df7730b6de34d68dc3faddc86cef9a1a6c795f3d47cf978e0d4101d1bb46085.0.tmp
        Filesize

        2KB

        MD5

        a6a742eadf1fe13104c77d1c875436c9

        SHA1

        c3ad91599867fc2a5437e830fa05176308aa79b1

        SHA256

        6e516557bf3420578ffd8332dd0d6cbdfa37fd4730ec55b37b506e55ac3761c6

        SHA512

        a28172f6d039a0dd801196243c9bf649966fa80f35cb185070deb4404f5af2f9c818338a7aab9dcfa1848a02ecdd38fdfdfa96e36f589c6f5bd5daa605bdc30d

        Download Submit

      • /storage/emulated/0/Android/data/com.zzjdev.didi/cache/Glide/a5f8c8bd57680167600e9dfc03fcae89e2fff92f38de1d67d14cd87cb32743a5.0.tmp
        Filesize

        10KB

        MD5

        a42919646eeb1fe3fa4cdf7612fe3b82

        SHA1

        c61ee57ea03856f09687c611a7c979ed2ae62194

        SHA256

        eafe49ff48462cd93038cf3c8748f7682f34284a4e94b9871633f3526166e6a3

        SHA512

        516422f22e7c3d3caea16c02b897d220eeb76521f0e71c577ace4efebb4e195c78ab478521045b855d8373705ca68174c1d95673e79046b597bc6b67448375a3

        Download Submit

      • /storage/emulated/0/Android/data/com.zzjdev.didi/cache/Glide/journal
        Filesize

        71B

        MD5

        1b4723475e894603ec9547cbf30fe7af

        SHA1

        2c9acf544ae2f472b273b1291d5246f05f6f7692

        SHA256

        1611315e7ded72c5354a2d6beff14cf212c8aecdcc01a4cba6cdd8963d79145d

        SHA512

        211d53a04a558772adb80b8c16718f30fc8825536acf4e134c1fd405fcb731fd5c8a42802d7b9390037cc655506cfd1579fe717997379eb0dbfc8be5234ecd70

        Download Submit

      • /storage/emulated/0/Android/data/com.zzjdev.didi/cache/Glide/journal.tmp
        Filesize

        31B

        MD5

        8c92de9ce46d41a22f3b20f77404cc1d

        SHA1

        8671a6dca00edb72be47363a7071be65cf270373

        SHA256

        68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

        SHA512

        30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        Download Submit