d2f5d85a2093c8f7c6bb9f0eae076678cfa8e45730ee3fd0119b34365a0aed42

Resubmissions

28-01-2024 20:03

240128-ysxqashcc7 7

28-01-2024 19:50

240128-ykejraaeck 6

Analysis

max time kernel
66s
max time network
94s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
28-01-2024 20:03

Sharing

Copy URL

Twitter E-mail

Reason

exit status 1: "{\"level\":\"fatal\",\"error\":\"emulator exited with error: signal: segmentation fault\\nWARNING | userdata partition is resized from 6 M to 16384 M\\nERROR | resizing partition e2fsck failed with exit code 8\\nWARNING | cannot add library /opt/android-sdk-linux/emulator/qemu/linux-x86_64/lib64/vulkan/libvulkan.so: failed\\nWARNING | Requested adb port (28005) is outside the recommended range [5555,5586]. ADB may not function properly for the emulator. See -help-port for details.\",\"time\":\"2024-01-28T20:09:57Z\",\"message\":\"Execution error\"}"

Report Analysis Logs

General

Target

CapCut v10.7.0 (Pro) (Mod2).apk
Size

246.5MB
MD5

5bd5b2fe3fc278f2b823d0391ce7773a
SHA1

75a5e3e08801859dc3808eec11c89da3e3cfbd90
SHA256

d2f5d85a2093c8f7c6bb9f0eae076678cfa8e45730ee3fd0119b34365a0aed42
SHA512

0e361a660385bdcbe25c5dfdf3c0ceb9aa7f02c2a5eaa119ed0497cd59987840a28e74c840e525ad32b9e9b19b0bf55eb6a0f773c9c35fa76033c8d7c09a4938
SSDEEP

6291456:Ad6nA+kAGtKRVnTtcjlNrgk6Sk8ZucEfhq61HGGer4egMx5:vAnAGcUjlNf7TEfBeJL

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.lemon.lvoverseas/[email protected]	4362	com.lemon.lvoverseas

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
20	pastebin.com
21	pastebin.com
22	pastebin.com
52	pastebin.com
53	pastebin.com
54	pastebin.com
19	pastebin.com

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lemon.lvoverseas

com.lemon.lvoverseas
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4362

com.lemon.lvoverseas:push
1⤵
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lemon.lvoverseas/databases/com.google.android.datatransport.events

Filesize
12KB

MD5
edb655088d1ed9f33f9d0d499b7a3ef5

SHA1
565c4f4e43179dbfc285cd6331dc8ac75a901af8

SHA256
bb9e45aad35b43e895393e7a66e4ead6a5f728f90b7627e3c741d391bf65d4f9

SHA512
98cbf923880de82921c38973fbc6d711dc39884428d1eb4ead33658a5a7f163734e5121823d5b043ca44554d19c5b6f966674ac7291513944a94cec97d5be599

Download Submit
/data/data/com.lemon.lvoverseas/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
cf51064f2ea79a662805abdc970878f2

SHA1
3ad24a6dd9a3072ea1b20c46aa9eb113ce410a4a

SHA256
bdd0d4b9569cf35f9a10625dd23d27a9f8472d0e376f65ecced54b3ecf7b83e9

SHA512
d12c8ae026bc819d292a4fa1429314ffc70e0aca391dd1c0d22dea8870d1d50113b11519dd313964dfc80d4caca6965ad07037cdbba79c8537f3d151d90ea11f

Download Submit
/data/data/com.lemon.lvoverseas/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
64f571b241c06cf75a6d6a5715bacc72

SHA1
e346c76868ad6149d6778b3854f5cb78913ae17e

SHA256
7fadd762efca939cacab073a1ae0c0ccc4e86cc2a496c6678a1fed62bd699d56

SHA512
0733561400ed88b0f4393cf323e75487918b8031e4e878c92101d27e73ac678c63bd82e6f03109019287dbd6d32bba93e38a067a503b285f64a9b65b16b05588

Download Submit
/data/data/com.lemon.lvoverseas/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
11a83489a0806b0a33ee4fd4e017a8ec

SHA1
4fe66a34d45b831917b5975ccac407ed29420154

SHA256
010e922388598ba309ca7b10d39df14621937fedfd7ed8e023f36d36bd56888b

SHA512
df84fd2f609abad08eafd0321769c64107e860f861f2dd1b7cb4cbf56f7b8a14138dbe5935edfee1a9a988c0c0e7955b5fb6217b5319e14fe3b111736d683cee

Download Submit
/data/data/com.lemon.lvoverseas/databases/push_cross_process_event.db

Filesize
20KB

MD5
e023e3411ce39af5b29bee297167ba2c

SHA1
521bf8e2ad42c801f57dfb2aaa4356af42a0c590

SHA256
89c46d8914e2ad5cdddc63309d68100879f6d57fd081f2033fa6962a307e61f8

SHA512
2b08791c1aad57c900fca6329f611a9b714ccf045661f9dae699c05db2b7b2bd5cc26f28204832e6914b88ace46e5c8182978e8d3a709381cf616a5fb7962e9f

Download Submit
/data/data/com.lemon.lvoverseas/databases/push_cross_process_event.db-journal

Filesize
8KB

MD5
c4f12c65cd9c5e016afebc3458b73d4e

SHA1
6b7b4e45b2be56115cf6bdda9cc0d12693e70de2

SHA256
cafbae0abd8da5721f75055b588708e578236ccd19ac5010b4daf23d56aa2244

SHA512
7c17bde7ececa9305b7672b214432abf9d98cc8a17fd06b93593526a3bed9103c915e9addf010c5f330616547c97848cc7bacea7e22ebad9e357707ca0a14fad

Download Submit
/data/data/com.lemon.lvoverseas/databases/push_cross_process_event.db-journal

Filesize
8KB

MD5
92665e82d32b06c9e4b7b79f73d423fe

SHA1
f8293742facb7b354c0aacb8ed42e753e9b50541

SHA256
8ec5b4c70e6975e0698bce9d9bf8556bfed6a278a8c017bec34bbefe47ee0e0c

SHA512
7df5d25b211bc4d6f00f0a6b07fddee0afa08dc7af81a72ee93b23ec29f34ba029657fce7648c43bfaad458c12f710c5b96250de2b89af55a3c43554e00e676e

Download Submit
/data/data/com.lemon.lvoverseas/databases/push_cross_process_event.db-journal

Filesize
56KB

MD5
f85d63a08cb1f35bdea4b83339621f6b

SHA1
0eefd7ba13656ad2755390a60fdc863aef3c9147

SHA256
4dbf7229090c8c156dc6e67520eac8f6937bcd6ce9cf90ce83317a9d953b7d23

SHA512
5eb8c0825a114a4ce53cce9461370bfe38bc2b83b631d4de3304700aeb29ec5288fc5146093b212f7d3771d26cbba92db26159762dd9a6268037408bfaebbc31

Download Submit
/data/data/com.lemon.lvoverseas/databases/verifystorage.db

Filesize
20KB

MD5
835ce09f75e4f4db073b67995e9d875f

SHA1
26bfba80a596afabdf85b685740e525d69d268a2

SHA256
8c63990c5b3d832431950bb87aa4920d03592e36c4b53d5953e49691c661ff4b

SHA512
168383fd9db917207362dd0701302ec050f717de143cd3891662466fd08eba3f2c1701d8b9828de0c377c145773010db74e33e64398bd6d96eba3acb429cb33b

Download Submit
/data/data/com.lemon.lvoverseas/databases/verifystorage.db-journal

Filesize
512B

MD5
f96ba32b4721d017aee7d1ff4c3007e6

SHA1
70808df85a27b78a144bc712f741932db42db829

SHA256
badc479c61d388888acc9a326c714cbaa9011ff6845dbbe2c44c44e06f5a4af5

SHA512
910ed328430357436ed8fdf471f184cb506a2ef77dbc96da17d921a92ddecf2b449c364b5d53934690b397021403587b00128abb38006a9fdc791f64e51cce8a

Download Submit
/data/data/com.lemon.lvoverseas/databases/verifystorage.db-journal

Filesize
8KB

MD5
130baa40218070db72c5bfb5836ec1ca

SHA1
3c718a4a1a047991615e7af567397f7706f185ad

SHA256
8fe41c2a4826d8801cbafc7232a02735c3fa34c4543fd55e76fb6e8db83a2cea

SHA512
5a3d48480c974f394e89b1c3ea489dad616cb8ba69f85abcea04f3fcd57d6083163c97e4215fb1344da266f6021f2553ab9b12918745f90fb1de7538c06b41fc

Download Submit
/data/data/com.lemon.lvoverseas/databases/verifystorage.db-journal

Filesize
8KB

MD5
77c9c2a0a474b28283570df9387d2d17

SHA1
fb0452ac26f77d8f40bd1210a4e3fdcdb25ce04e

SHA256
b1a292cb0e67125ef3344931f53df57316e3cd35879f92ed75849c4ca031a50f

SHA512
9ee10d59f5a445325d14660a4ead9aff36833a2c49ee5b757b52fd6ae30c7b82b1c5554c0791e7a8733f1e52d8c9e2683c3f9e1c7d126e499285a3867669518f

Download Submit
/data/data/com.lemon.lvoverseas/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.lemon.lvoverseas/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8a53aec9e9280063391eb38c873cf813

SHA1
c461f7775ce73177abe5419346fed784f11048ba

SHA256
dede074ea8c933a8a729bf244d1789391be67cb3d8b91d1ab787615a44b6211e

SHA512
0ea95c4e12a0aaef2e46b9e9a88e7940404d4d40db97089748ffb45a7e81d5fb119d4b7a1a4ca6d7aa542d3981697f3bb4793909bd2d5efc8231adf60777c52a

Download Submit
/data/data/com.lemon.lvoverseas/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
65e2eb248bd630db49db27ed55c95a2b

SHA1
3b968d72bace1ab24f1de13b5a54e519a3e62a4e

SHA256
fbd0975b4e015681119badc8a78674d473367be46a42442976f241002c5a2b61

SHA512
e63283d4f9cc7fd185512b97e58cf2b5c76b866e701f1aed98f1cf440b58821113f24e101449b45ba4007b4dbf162cc96509951ea699ad90bf172d49812ff5e7

Download Submit
/data/data/com.lemon.lvoverseas/oat/x86_64/[email protected]

Filesize
57KB

MD5
14bee42655ab5a763963b94a23b69a7c

SHA1
8922b4c6072b82bbe2286d56f8d76e086d07daa8

SHA256
42a5bd61f28fcdaf625c69a1b72418e3850c02d05583e0687db0987999ebd374

SHA512
3eba10a837416f811164c44d97437afcd27b0c895eec0e356347aee4de8d5d8237f26c5756160dd8f414e4999c47cd74ac16c20d4e1dfc79375b25fe7eaf3a43

Download Submit
/data/user/0/com.lemon.lvoverseas/[email protected]

Filesize
2.9MB

MD5
520a71d314ca50619eac765afd2909b4

SHA1
7ed7c3e07dc44497b5be3c0634eab52a153d9f67

SHA256
38823558b60ff7c993a41c74cc2e47c48932d773d0cf3ac9f608d2a89040b7bb

SHA512
409c471a5856616e4401fed4a2a581f1a5779d79fccb4abee5259a347317bcca4f3404808504ae08c9ab515173b08c8e960cf3af833c9a4e80f3e53a2096adc6

Download Submit
/dev/goldfish_pipe

Filesize
14B

MD5
c1d5eb1cebc7972ab0adbb7ae37ab7fc

SHA1
54477c10adb8bf3686f478efac6bcd4bcac9d85c

SHA256
94e78f03c437c9251e49ad23bbf23bc0e81b88224b418f7e45224d3d15dd68d8

SHA512
4ed1b38aa3a1548f210d6e3b767d2cfe941233055b2d8692c246baaf2a797aa23cf6a36574d5b3cdeec3ba4e2c401667db60cf27d260ec417f02befaa2b5c19e

Download Submit
/dev/goldfish_pipe

Filesize
116B

MD5
343fa655b3c92a096a3359cd86de518f

SHA1
365c17b0f318ae60deeaeb8a97b98140b28fdbfa

SHA256
4159d44682e7d0f62941e171604840e759c8d5b16d6a105cc85bbef713038fcd

SHA512
c9f85181dd17623d2626e83fb5a7fa383768452542dd2555f40cfd61aa9750f178f6a370c15b1b1a22ee21f4bfb63c33a039d2730338068e8bdd3983c4db991a

Download Submit