0d8ce1e860c6515fa8be2101520c84548833c7a73f2eda007437d50fbbf71477

Analysis

max time kernel
21s
max time network
142s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
19/01/2024, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6775469d7558c8c121d62a7bcc46e314.apk
Size

7.6MB
MD5

6775469d7558c8c121d62a7bcc46e314
SHA1

25cf4a9040cc08a76c251d31ce01319c32588015
SHA256

0d8ce1e860c6515fa8be2101520c84548833c7a73f2eda007437d50fbbf71477
SHA512

98b39fce13074decc7fc161e2163922e38fab1c98ebcc216189d1eaca04bd1354f50321173a63ada9544a40bfa912aa547a0572e00a7dcd9c816775c74681346
SSDEEP

196608:BkcBOJ7wESGqKSc5HNMetfnnvaZa4+od1jnsU5QJw6QMAxW0wQ53:BXBUcxWXPnvl4fDnsU5QJJQbAtQ53

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.zzjdev.didi

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.zzjdev.didi
/sys/qemu_trace	com.zzjdev.didi
/system/bin/qemu-props	com.zzjdev.didi

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.zzjdev.didi
/dev/socket/qemud	com.zzjdev.didi

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zzjdev.didi

com.zzjdev.didi
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zzjdev.didi/app_crashrecord/1004

Filesize
222B

MD5
3ed4d8372ada81ee6ab552c24ee46657

SHA1
6003620cc3bff2f8120373282c00371c09853602

SHA256
7683376d2cce8e40384fde55320db8b738897efeb087b854f38625032ca27f24

SHA512
e847afd339542cb4990801cbf5452b1871f2482ea48a660e110b62a52e94273c01712f2c6e72bd39ba18b98167ad036bfe790cc5e60e127c4e6aadb1bc36b8b9

Download Submit
/data/user/0/com.zzjdev.didi/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_

Filesize
52KB

MD5
4ffc92b87d219534f3e02ca46aaaa716

SHA1
c22e076c4319a7d1b3388c0131ece5dc9faba5a3

SHA256
a74f1102e31db574ce44150bd8aa5c5538ab36ea979ddd82631926e4a97effd9

SHA512
e7045786afb2bdc723b22ddc483cb8d8e584c1c70ce8be516f43c50e5bacc10c69b2ce635d2d2551cf843ce98642f3762a3aba0e0ac8fd7d90de9af41330cf1e

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
512B

MD5
cf376acbd41524711c075eeb433f74ea

SHA1
b3d8fba333c245fc102e0aaf4cad54206aa7b87d

SHA256
670e9547e7c4b53a6e831d2cee211f2db1c93a15db0cf6a3ceea05bc1bf03af7

SHA512
edb226370435dc9918b71a18369bf0439cc518d0d66eae862f8fb8785c236b2e60f26630a84f3703a88f279b17ba602863c9c6f6e46aa2437d2962b09b0b6dbc

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
8KB

MD5
cd7a8d9899aad91a9e91e0844c4c8f6b

SHA1
de4798fd5d20c67749e195d216b79299c6150fc7

SHA256
5873767e5951296052800ddc6df49edbc53475d5e936ff5ac9b491a9d054ec33

SHA512
beddcf85f5eb9b6e513ef3a8a370c3a3bab4179ed1d2e4a24a8a602bd24ec61bf974af4d5a197e004e88e9b0cfa45fbf1b321521b314e2748fe6c70cf9674a88

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
8KB

MD5
3be3bc0a4459dc54c1397dde26ea2f8a

SHA1
e7b9920790b0689a9c088202a1ab19c73aad4991

SHA256
510f636fe65e982f562273f9a230ba238a274fac1e1d03a37b80674f809c7c72

SHA512
675394decfba424db7e871b8e56426525dce11fff1f846196d09803e865369c2b0bf3401d1c3dee8212e5935593b4b67f4861d3086cb7f2884038ec6e85e671c

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
8KB

MD5
1dfdbd06bd3555cb98af0f8bf48fcc86

SHA1
b922cba0ea4220add879e9eedd989a108cdece00

SHA256
9b0eecde8ad90afc2b99271e6c2bea5eb555ad96f8a968ebb9660dc763106f23

SHA512
55295dcd7ef73f5955ec25a56cc59f083fa5a7ed69a97e626d61545e6977f45f06d4b366d157cc400b1f2b69ddde7a1a85da51c4ff97a189a2ec68061742eaf1

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
8KB

MD5
d21eafc7865a965b7bc63bfd659c2017

SHA1
d1bba78b42754a841ae686061ac319ca5a54d5aa

SHA256
c30842f121428c54476f0f53f6209ab87bfd22478549742604a1b00dd79df4ef

SHA512
198af570c9535790aae3acf65d895e92499dbbc63da6d431a3a5d3ff2156b7c181e4758aaa741177cca455e9ec8a2395e33f3429b44e96ebcc0ac3a0ec2bc5db

Download Submit
/data/user/0/com.zzjdev.didi/databases/bugly_db_-journal

Filesize
8KB

MD5
e95edd841b89790553988261278adcbb

SHA1
03eebd3a0d8add8e6693795e26e5a9896875eafe

SHA256
b7a9ad8390ddbede00a86363ca7eee2bd2d26af5d05c60c34082593a47940df1

SHA512
038c9dcdbefb80f2a71fe32765bd82350f299e41d6e42b6e281f6d69f507fdbe8f4ea8d9bfdcb3cd3a3a34eaee953e60f99fcc2bbdff1e423083b5ebdb284660

Download Submit
/data/user/0/com.zzjdev.didi/databases/didi.db

Filesize
28KB

MD5
12aaed45434552949c7155cc9c285f34

SHA1
9c2e8769399304760c65aadbf29c1f151ec21ecd

SHA256
8759bb28c6bebbfcb38a6b247afdb825c424e9667e87da9de04c309cdf16c3d1

SHA512
337125e076238ad53874e61218e40528000af70c721231e6e8e5f17c11f5d12a715435fa6f1aa36b22d0fd4c0ebf27215cd8b9fbe5ecdb2c9019f953f74ac662

Download Submit
/data/user/0/com.zzjdev.didi/databases/didi.db-journal

Filesize
8KB

MD5
5fe05d6428a38f52019ab97fc0c7ef1b

SHA1
60e3f9066fc60dc872cfdee6d7beef524a262e4b

SHA256
817b037ea012801212c1c37aed442631f932539eab8642d59210f8f7f06069c9

SHA512
ece4836fb9faf3d3925e0957801c52495c9e2708b94c1bf1c530331887a7e4a034e95e468584f21153082db1b364ef43fae478a9a71a6e35a754a3b188c6489e

Download Submit
/data/user/0/com.zzjdev.didi/databases/didi.db-journal

Filesize
8KB

MD5
c6f71fe6fb0cb510391f84aacd4617d9

SHA1
eaee3f493637b7425ba6df36ccd3d5e66c340537

SHA256
237e322f4f27791427986518ca73ce0133bc2efa14a85492c07072565f8711f4

SHA512
5a9ff7045aeeb6fadeefd7ec77170635e72ed6f62f127411124258eef2b50ad52826383cadf3e453459e33b7e60f94b9258fcf7f6b54edd9a66f2fc2068af047

Download Submit
/data/user/0/com.zzjdev.didi/databases/didi.db-journal

Filesize
512B

MD5
b2b6a87a88b0b320d83a32bfe3980038

SHA1
0b27809d88b35a4c89530f6c7b592cd751b98411

SHA256
367af3c77a8164c1cc3a3b0359bfdd2015b10f132fe1659b3edec84e46cf8524

SHA512
1d3a328b71eb2fefa0a6668b2b7e35038d488b08d2e7feb31f6ab9d75ceb69ec4415b46f33f17f759089b9a5feae34e23349742dd6a0e745bf68fb2010877afc

Download Submit