82bfa39b90c2ce6bfac1921e5adc9da882b27047a689de21830ea5904243de15

Analysis

max time kernel
149s
max time network
154s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/01/2024, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7231f5e53d2c4c25e5d84132caa2f0a5.apk
Size

9.4MB
MD5

7231f5e53d2c4c25e5d84132caa2f0a5
SHA1

9f7eb1a775d36995ec443dc20f4e2fb31f511482
SHA256

82bfa39b90c2ce6bfac1921e5adc9da882b27047a689de21830ea5904243de15
SHA512

55153f380f0c087041f04a390f271343689885acda00133f569e8fa7d08be6db2c0e424854616d84a0f87f169135d6d47c68970c3c0d4156eb0c7f24752dc824
SSDEEP

196608:mdR8BgP5u8m53JEwamwGkz9tdVdIpaoyP57IiaikZBt4Wxi44o+wG+:8WgR6ammzLloyP583xBqWyX7+

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shanghaiyanshang.shanghaiyanshang

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex	4476	com.shanghaiyanshang.shanghaiyanshang
/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex	4476	com.shanghaiyanshang.shanghaiyanshang
/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex	4607	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.shanghaiyanshang.shanghaiyanshang/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shanghaiyanshang.shanghaiyanshang

com.shanghaiyanshang.shanghaiyanshang
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4476
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4534
- sh -c getprop ro.yunos.version
  2⤵
  PID:4557
- getprop ro.board.platform
  2⤵
  PID:4534
- getprop ro.yunos.version
  2⤵
  PID:4557
- /system/bin/sh -c type su
  2⤵
  PID:4588
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.shanghaiyanshang.shanghaiyanshang/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4607

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shanghaiyanshang.shanghaiyanshang/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shanghaiyanshang.shanghaiyanshang/databases/bugly_db_legu-journal

Filesize
512B

MD5
4525e0c2293a0c3918d0800a92723114

SHA1
b7c60eb12ab0d448ab25490b10281cbced331d14

SHA256
b5df275be0cc8cf3c53ba2380fda6773c0f9f94f20c3da0ed86af8adc96b0414

SHA512
788ff8bd1606aef633613bf1888703a6183448174ad5329ac070b902464d14cdfd8d84f2ce26a7a2d6968b62813adbded1c6c0a8d2d5e87326a190a8bb9e7031

Download Submit
/data/data/com.shanghaiyanshang.shanghaiyanshang/databases/bugly_db_legu-wal

Filesize
92KB

MD5
381fb3353f1e9946275aa2362a8b8b2a

SHA1
1153be54320a53c1070aba702d487629d06cb1e0

SHA256
9b02c00165b42cbd4622ebb30dbe1b66dc8b8471b1af2ed3ce081aca851a0420

SHA512
f7bd8016e406bee320a1af47b9a606fa7e4ad987bf742822e91715bf1e70ccaf9b4d36c196e1618ed6471aaeeebb238c2fc4c827f3ad4629a00faab9d8fb9091

Download Submit
/data/data/com.shanghaiyanshang.shanghaiyanshang/files/jpush_stat_cache.json

Filesize
153B

MD5
219847b5883837a607759840dc0bc4e4

SHA1
b97cc3d8265fe4bace1a3fa77c5c07f5fb86fc0a

SHA256
7a73de81b0e907854b653f287467e99abec0c67e6f937bbd65c1d27098bdbac4

SHA512
9a80df19360fedbc23df0287919bd044af50b1d873a823a768b46d055003fae479892b4fcbe94ea2f743f61fc52cc803530869efd2e45b008dd7fe88496a6c83

Download Submit
/data/data/com.shanghaiyanshang.shanghaiyanshang/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
3e39e18b2e8258e769d12549a3836dbb

SHA1
956ee7149cf370e3d82c33a7da409a8def99ac6f

SHA256
e222f081bb615edd9fab78998a0acf8ee58420653ad4acb0774bd423c6a30202

SHA512
5e329cafeb2d3fe5aa83da10985c95b26ab9091cb30b1e58839a42720f290afbe107be4d94c98aadf162df36569ee2472ce6c55daae7d33f4584c61cbe121b11

Download Submit