6d31fce2e8794f4051fd3b43951512e320e3b6fd00a03905487a44194fd2052d

Analysis

max time kernel
144s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
29-01-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f362b434095804125900224a4c50587.apk
Size

3.9MB
MD5

7f362b434095804125900224a4c50587
SHA1

2260792a66cdd3754e0fadc090cbd23b846eea5c
SHA256

6d31fce2e8794f4051fd3b43951512e320e3b6fd00a03905487a44194fd2052d
SHA512

669c5e89941b0392feeb9ea99bd986c5b5e42a80ec27d44416f7db27d7a607499e541add3627cc639f689ece4c861b9916cfc2519bf5cecfe1e96018ea3b7a07
SSDEEP

98304:hb02gEsjCQBgi3EDNh6v+d2LOlHPiY+xCz7ALCU4kX:hqHj7EOv+d2YHPiY+x1RRX

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.snowfish.a.a.bg

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.dsg.yjwl

Checks known Qemu files. 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.dsg.yjwl
/sys/qemu_trace	com.snowfish.a.a.bg

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.dsg.yjwl
/dev/socket/qemud	com.snowfish.a.a.bg

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar	4310	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar --output-vdex-fd=72 --oat-fd=73 --oat-location=/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/oat/x86/core.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar	4226	com.dsg.yjwl
/storage/emulated/0/Sonnenblume/res.apk	4349	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=69 --oat-fd=76 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Sonnenblume/res.apk	4226	com.dsg.yjwl
/storage/emulated/0/Sonnenblume/res.apk	4375	com.snowfish.a.a.bg

Reads information about phone network operator.

com.dsg.yjwl
1⤵
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4226
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar --output-vdex-fd=72 --oat-fd=73 --oat-location=/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/oat/x86/core.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4310
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=69 --oat-fd=76 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4349
- cat /sys/block/mmcblk0/device/cid
  2⤵
  PID:4481
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4501
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4557

com.snowfish.a.a.bg
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
PID:4375
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4518
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4589
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4661
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4698
- /system/bin/cat /proc/cpuinfo
  2⤵
  PID:4730

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dsg.yjwl/files/duration

Filesize
12B

MD5
a7efa47c915f87fd24db0d40d20585f0

SHA1
e62a0ebc88c077f8005593fbcf894951c11e9caf

SHA256
70b94998b532f2db4ea08c5aebdbda539bcec51749e9ea04d412b13c46369a17

SHA512
8498345f0b804ea72d40a32e9f61fea445eb44bef541b3d5fd0d10d92605d3d744065221174dfa4c42d3d07cbdb5a93f87507f93a1a0b706662f78aa0bdfc87f

Download Submit
/data/data/com.dsg.yjwl/files/duration

Filesize
12B

MD5
b5856abc9fd58675503f5a07c8cc4082

SHA1
d538de91afa80be5a89cd5570164f2761a06cebb

SHA256
289ecbcf347f56daa9be87d300b47c0e4c8f56934794dc1d8064347b47047b27

SHA512
db6790aa5ccf2b8537c458736613cc319911c2bf591377793c9bc94b65909a5676668d7f40e86489949a4ec2d4f6c986325bda475baefe07b130cbd434f58025

Download Submit
/data/data/com.dsg.yjwl/files/duration

Filesize
12B

MD5
9b737f649e322386b5394b9612235db9

SHA1
9e0c1ca9b67d3d6541cd1ec4f8405541e0cb2919

SHA256
0a27bfa5dacae26bea7a192e6c7d46e89e1c3f939ac74048485080f9c0f56415

SHA512
f00f8526c732803bffc60e2723a459a19230275f56fcf392dd98bd08d2df15fa6fb76e4ab685e9da741d5a93d20243406c638f84ce18457869ad3a20d5fcb596

Download Submit
/data/data/com.dsg.yjwl/files/duration

Filesize
12B

MD5
55ab6c2c7bf2618813b4a2b777fdcb30

SHA1
aff965af0b5c03537a54827e3d803262ee0a9380

SHA256
32b3a2b79fea428fed397b2834ce61fe607fc99ff2910b2c1e220ddeb4e3b383

SHA512
58e7c0dbfd4aca07bbcc583b1a8ee3be1c211bfd62796908b788002064422ef5b691fe34791c0d57ca1768c8872d9afa9820f4501cb9c0da82dad2cb7216cfd3

Download Submit
/data/data/com.dsg.yjwl/files/duration

Filesize
12B

MD5
44808913c659226b087370d0f0018b95

SHA1
15505348f8530f1c188b259dfb25bc5619fd10b6

SHA256
d654a587e7ac9473b7754f7a5e0f2f0c7564abc55f8b6382a59d947f27d82165

SHA512
f20fd09ab18e7945ff1c4f979450b07538da42d68377dd7251239b830c3a258c5319f5c925bbb9f5898ae6d15a441cb3222f9bfefd34b924ba3d2106ee6dd855

Download Submit
/data/data/com.dsg.yjwl/files/st_database.db

Filesize
28KB

MD5
15eef2fc4d09d20911207c3ad7b838a6

SHA1
8bc66f343ac2938d56af68bf84a1cba83a146d08

SHA256
581b6fbb532688e819aeff87917aea413116813b99187fa9ab97d443f51ea808

SHA512
ee1301d81549746e81325d3275f5022605779e804a19af5476d0967e63a81390fbd37861ec358e0bd20a0a67c7b2debf8631ab1b9afbc694c9e6ba0f58e34948

Download Submit
/data/data/com.dsg.yjwl/files/st_database.db-journal

Filesize
512B

MD5
fc377e89d55a113a99a82ed21b0e5370

SHA1
a8bd6c0721b0623e2ba15b22189b66d7b6b8b66e

SHA256
658ad703dded2a917835b2d638a01346df16bd85f69efc3483ea57c01ba1a6e4

SHA512
e61c118112b2416a456c420caf008bc85536a3603b473c47332bcfc52afd9d5cea874f91c99285d01c74b6aa5a04f44c71f9a5f03f7786e05a639d1441ebb0ed

Download Submit
/data/data/com.dsg.yjwl/files/st_database.db-wal

Filesize
48KB

MD5
0dae8fcf7600d8faf7a805297e667d78

SHA1
f70a3595d5f2416f138d07da8ecfd6e095aa2b36

SHA256
0cdde6d2c170180e95642efbfda4f3dd39ee1026b5a23a889582e988e03f6b07

SHA512
943bd2969692b1d7fda1ffbd1cfa98678642f7a76cda198679fc0acfe39240ac73f496ea7b073e0c9218841a978a6a7f6a47172b2dffc2bbcaa8d6b49e4f7b19

Download Submit
/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar

Filesize
192KB

MD5
807bc4499c656a55ea3a40805825b166

SHA1
033a2a83a11e4ccc0fa362e83da9a716a2551997

SHA256
472581d2b4a6c5e361d9968d8804062f229fde8d6a4bf434d71183132fa2cebd

SHA512
5d05c1de8ac4f4f218ff0cd68a0d22bcb0f4a80a38d6abb215b6f106acefe79e31035cb9bd0689dee61f04fe88e030251033bd6bad2d7a613e0cfe8d8fe1ff1f

Download Submit
/storage/emulated/0/Android/data/com.dsg.yjwl/files/aiwanzhu/core.jar

Filesize
250KB

MD5
11cc1ab496bfa01a3ee7f421391b3879

SHA1
33f7f9a6af365ab134b48ebeb15273e09d931719

SHA256
2c6f8de19c398c8edeb5796e735ea06f6a20ecf22960465ada0319592bfd1555

SHA512
6df2da209f407674368f4b2f0d2efc9db0f0edf386ac84a45e1fa3c6c97839b12a3431b36797df681431768297940227fa5829aaedf2c9346f7d75a0ffa3142b

Download Submit
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44

Filesize
124B

MD5
0ab1ab794f40eabc2435a81d885f1192

SHA1
95fb0577099356d21cb69f6376004f425f76dd26

SHA256
e908e95472b2d13800c2383f56c8a3ae17aeda67731400ab878f237024c5795a

SHA512
4fddb69dd3760887fe2987065936c9d66214ce0ef2fbf088a51a7dc7f9899e35fee756c822c3187894f1c069462ac0ff6dd78e01976e6de17342daca6ce281b9

Download Submit
/storage/emulated/0/Sonnenblume/C545C57380E94F57133C605FF10B5E66

Filesize
92B

MD5
870c1374f80fb73d71d0ab9cd01251bf

SHA1
f62dddfff1a8541c67fab71fc587c646483cb91a

SHA256
2521e17dbda5e07ff2c5b6f964b4dc167f0ff81ea143a849a7feb739b66f2f01

SHA512
b9d7b66a78b5a2f9cd9e45ef88730975438cb0e491b208866092adc653143ce419e8df7f73eddb011f0747cc9f7790fd08dc8a8256f7d4499ddaaa526808e492

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
317B

MD5
2151428ef8b2994765e9b0c644beab60

SHA1
9bbcc97b943b4f3076a5d8eba236806399656999

SHA256
a8d1424f76aa7d3875d2505bcd50aedb68d8c9759ad88ca17dc5ae911534e379

SHA512
dfc889ffb6a90a9b36fdf0882708319a4769bc55691d4d9434c06552ccb9fdd43250acba972ace026229dd5aa91780e9d432e2f9fff1425e797bf0373229cf09

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
353B

MD5
5ab85b229d448af5a5945b87289eed51

SHA1
90164eedb7797687b7ae8baf55e8d68db1462cb7

SHA256
e64c14fa045ef07b7366113eea93eef4e21e8f131fb3086c7c55f4a26d25fa40

SHA512
2f49d7fe20dec2c703a6321acc00203ffa551b199ebce01b8e402a9ea8989d4c0b19308f5863b0bd41c74db904fe1ac3a8c9da562730ce722ea33eb19719789b

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
205KB

MD5
760456bceba9a9df3fc2b9a724feaaf1

SHA1
4d6418ecca0484b5c6c02a5758b5112ad1905268

SHA256
7f5fd59344dc487a071b64fc5bc2c49f358730e4c6a560a351af4973743ca0b4

SHA512
f001437126d753c5ebc68554e3b1336cb0233877360471af92fa9350de0d2b5e47f3ddd4641df960c7ace2058666d046816eeecdcbd3bea82adbb8e9e31a074b

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
319B

MD5
7192baceb33d5f154abe38f478693315

SHA1
7d947e4daa7a8e73e718cf8be3dc73788916b3e1

SHA256
0077079d74c0826ca82069166487f07b3eef68a32c0915937fc241ae89045518

SHA512
126253fc4b67a7613055a733093ec1aa4f55dd44e4dfdc46d9141ebbe0f5d42235d8cc07bd987832d92afa9d9df4ebd2221372e1915821e00756eaa7c8f031d3

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
353B

MD5
299e36d669fd7cf802c2d4f471950aa7

SHA1
4042205cb56a103ed375541c44c1d162ec091396

SHA256
a71c3e7ca8a0d1961ca5ec2d148178b45374d10b51190a0711fd9029444bcf0e

SHA512
048fc4eb67ebd93a7a77b7314c491e2043724d5d6344c090b32a81aec65c8037cee015bb170115b7cbedb8b310bebdc2b3a9ea37b6b9d3f9a3d0454fc56a7914

Download Submit
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2

Filesize
28KB

MD5
b8e56f4cc4c1b6e12c7090fb1128a86f

SHA1
6a174adaf7521d778d054a65f7411688ed823de4

SHA256
61649431a8f4e49becc801d4367c2447e95c67d2b9fbc3cb14ef78da640d6be4

SHA512
00761c00a8644b9cb8b8c65014d8cc3dbdab8ff1dcf9a88f9ffa3109b1f4e478a27d9ecd4c062c85f986f78427028d32e76906afd375c3f2ef65f23877f89a60

Download Submit
/storage/emulated/0/Sonnenblume/kb_sn.ini

Filesize
40B

MD5
e075f53c50bc8ba0cfd0e3ad455f8e71

SHA1
23216c92acd7cb2b3fa4b372e586c6bfcee2193a

SHA256
05e59e92ac62f5f1a34a2cd197f248d6f11b31227b6444757cf3c8d11ccd83c5

SHA512
e495d104ecf07e5dc53177887306a1be7a0b34b908f7073cbce2e711823f8156160e668182f2aeadc977c9c3cbb4b288453c0d072dfcc1e1deba1446a98f588c

Download Submit
/storage/emulated/0/Sonnenblume/res.apk

Filesize
433KB

MD5
2639a7fafd82266d6313f59ac1c927cd

SHA1
1a0d135ed060c236ec35aedf25ae2b481e0c226f

SHA256
e653eba8ee86ca07139b427c3366b10245abb9e694db6412a1811726381830f2

SHA512
e0578d5369a81710ee3ccb2b5dfe5633e830caba079f41761fff94480ff7b33fd965aaa75a17b839e377a640404a2aff2b4c503ebf06a8c78f428541ef60c00e

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u

Filesize
205KB

MD5
dafb7d4b90ea8d376128c625183dd9ad

SHA1
883c9b0586e740e9fb976d27a437e84fc26e92fd

SHA256
07be7e035e50b372d700b7cc148515a26b0775b2b485e50895988753fe24b12b

SHA512
56deefb30f358f2d404c93725f331374f0878b8121d95412ab1b1299364b2eea2b7fe179e21bbe96f4076300556a09f55825118ff67b401504c2f3b82af6b13b

Download Submit