4572eef03ec7fecdcfbfd6cabb56798301d3b088df2ad473934d6eebb3ac55dd

Analysis

max time kernel
67s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/01/2024, 20:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

708ab1d0449ca93d6939b48a0f772024.apk
Size

31.9MB
MD5

708ab1d0449ca93d6939b48a0f772024
SHA1

a1f279167486b1b1e147d45ac0c5984cfe073368
SHA256

4572eef03ec7fecdcfbfd6cabb56798301d3b088df2ad473934d6eebb3ac55dd
SHA512

18bd1a3de195f1e46416864eea8f0bb86bad1b77de5a3390a177fef8d06bf4f88204dcdfde5210248eeb24d6be6e177780ae468f0e6bb0e5992c710e7e39d6b8
SSDEEP

786432:1GUoXl743p+4U3oUzwC/gMrY1ajd9RV+wVsk+nDgpP:EBV745VC7gMrY1ajRVPs3Dgt

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.yxxinglin.xzid76515

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid76515:pushservice

com.yxxinglin.xzid76515
1⤵
- Checks known Qemu files.
PID:4255
- chmod 755 /data/user/0/com.yxxinglin.xzid76515/files/mycpuinfo
  2⤵
  PID:4298
- /data/user/0/com.yxxinglin.xzid76515/files/mycpuinfo
  2⤵
  PID:4317
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4349

com.yxxinglin.xzid76515:pushservice
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid76515/databases/pushsdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid76515/databases/pushsdk.db-journal

Filesize
512B

MD5
d7aff98182b0efc42166678d195b6de6

SHA1
68699b2dd3d05de527c296494b7bb565d173f312

SHA256
834d2da56261d774d90d9db0e64f2565ea37128a27467e2d57158049c9ce1735

SHA512
e999017ee5d090659d2fc19ac689a1be2ff5bd6645da9a9ebb1cd98233fe1ee18eb76f1200419a27802bd98f3d3903c7451e17ce681d7bf66a6fc697c3587cd3

Download Submit
/data/data/com.yxxinglin.xzid76515/databases/pushsdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yxxinglin.xzid76515/databases/pushsdk.db-wal

Filesize
76KB

MD5
98f9a0cddf0c6c214d8ac942511e3a73

SHA1
0505e2cf9009514a9d6767f813dc2c433c484e3f

SHA256
a77aaa5ec5ea0e26a31043a4b31250bbe37fd50bfb96e467916fc90d9fa310b2

SHA512
3adbbfd0165dea1ba20c198f5ad85b8a36d18b937918b125b5de5bb3842c22f38924e18c66c1a2b3fbb026226e7bac8eff5c81b72d47576c087b071c66e3e95f

Download Submit
/data/data/com.yxxinglin.xzid76515/files/GameProtector3

Filesize
17KB

MD5
735a2d9feec4e1ed7c68f7723170cab9

SHA1
2a7240d1546305a93672b05bfc69249fbf337ec3

SHA256
eee622dbe2ffd4a1f874b27fbebd614811646c683166ba29d7ebc34017ae4f61

SHA512
57a01cf367cc6dbf55073d19f30b3efa9e16ba5714b782a15287fbf8c764c025e1a8c9f6f42e14174adfc6e369fa9faf3349b29e7c72a93370bbf93536dd6adc

Download Submit
/data/data/com.yxxinglin.xzid76515/files/init_c1.pid

Filesize
5KB

MD5
6f5448d5d552c8f9fd16e7538a6e262a

SHA1
6e658b3f6e81ac8cc619bc7682cd8ccbca1da564

SHA256
3a85583f5cd0e1a2e4679ff63f581293ad24bb48d48c169b3b71277ae6c88a0b

SHA512
d7c2706965599038ca48012eb3ad433a585f98404f4f7777505bba8b27cb48cdf984eda22d609952ea8061d06fd9249a2cd4d937364a6a3bf694bf6291133907

Download Submit
/data/data/com.yxxinglin.xzid76515/files/mycpuinfo

Filesize
5KB

MD5
32927557b7d48c43986914db615ec92b

SHA1
4d1e2f98031e661a7f61b2542154e4cad2b0c4d2

SHA256
5e37754c6f0277e2ddae35cf06daa7c4949bab1552e6f37969c2d876ab4bc16a

SHA512
734bfc6d8d7373be026257539ec8c98da1c1c82edc5706bfe0ab52870a4b008275668df60361b1b0f0eb0f0f29fd9b751fd879ac7398a8a10667014ccdfadeb0

Download Submit
/data/data/com.yxxinglin.xzid76515/files/tss_tmp/tss_emu_c2.dat.tmp

Filesize
12B

MD5
35557705615beb996a275e0bde2f80a0

SHA1
8cd395a96a0ee80c596c452a030d83efdd6966e8

SHA256
8533e00a500903b3848fde9e4144bc515bfd65e0190e37d9c4803db02ba0b7e0

SHA512
b26af108069d214ef098b7a88eed1b2b0441aae081b88aaf316953b45cae6001f16ef1fd16858c6cf32f5880088f83e1805b025d36f0a33c52eaf4daa3fef034

Download Submit
/data/data/com.yxxinglin.xzid76515/files/tss_tmp/tss_lcp.dat.tmp

Filesize
43B

MD5
7969662cbeba79dce2031a64edcb2b30

SHA1
dade6f14b6b1890835eaf67779acbfb35668b3c1

SHA256
7d919d13562d5d283449887ebbd77c2fe80955c3dcec5d897b379fb30ee344a2

SHA512
c084759b3bdc0b170a4f7086862190e538db80a2c1f3db127292259dea0ce08b791059ffc5f1680211064e49cbc725ef76d36c6d63b8d1f9365c5905caf317fa

Download Submit
/storage/emulated/0/libs/com.yxxinglin.xzid76515.bin

Filesize
73B

MD5
87bd017e704f974c43d6689c9a7bd114

SHA1
13969b6678a2b2cb321250b1748746499ada12ec

SHA256
079692c2034ac41ae18bd79f3f32f61102954b988855393f34d95722428e1083

SHA512
f6636359f449cb25b6c4b403e10004518c33815759d22606b00bcf79ffad6d545caef44029d0976fababddd15789396c976e9b2786a28e83aa76060e9670113b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads