f8e7b6b7685255b51389e49eed3d698250a42c495aef17990dbfc14ad7bf5398

Analysis

max time kernel
49s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
24/02/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a298c8f208624d7a32ce6f14bb2b8769.apk
Size

6.0MB
MD5

a298c8f208624d7a32ce6f14bb2b8769
SHA1

e663d722c924d54d0e9d4a576aede076d3391dc2
SHA256

f8e7b6b7685255b51389e49eed3d698250a42c495aef17990dbfc14ad7bf5398
SHA512

83c3aafc9b2c2f88d89cbcd176d7703776284d18e9481961d399566660142aa2a80f7593f469bf165548f016f8a7352e68681125c2940659e6f103b9058b17c9
SSDEEP

196608:AWKdd0vaHYIY6sAKAY09a8WwMeq1n3P5/u:AWKdd+V8sgY09a8WwMf3P5m

Score

7^/10

collection

Malware Config

Signatures

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://media/external/images/media	com.thundersoft.uhome

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.thundersoft.uhome

com.thundersoft.uhome
1⤵
- Reads the content of photos stored on the user's device.
- Reads the content of the call log.
PID:4205
- /system/bin/bcc -unroll-runtime -scalarize-load-store -rs-global-info -rs-global-info-skip-constant -o vertical_blur -output_path /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache -bclib /system/lib/libclcore_x86.bc -mtriple i686-unknown-linux -O 3 -fPIC -embedRSInfo /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/vertical_blur.bc -build-checksum b800b192
  2⤵
  PID:4250
- /system/bin/ld.mc -shared -nostdlib /system/lib/libcompiler_rt.so -mtriple=i686-unknown-linux --library-path=/system/vendor/lib
  2⤵
  PID:4271
- /system/bin/bcc -unroll-runtime -scalarize-load-store -rs-global-info -rs-global-info-skip-constant -o horizontal_blur -output_path /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache -bclib /system/lib/libclcore_x86.bc -mtriple i686-unknown-linux -O 3 -fPIC -embedRSInfo /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/horizontal_blur.bc -build-checksum 5bd7c7de
  2⤵
  PID:4291
- /system/bin/ld.mc -shared -nostdlib /system/lib/libcompiler_rt.so -mtriple=i686-unknown-linux --library-path=/system/vendor/lib
  2⤵
  PID:4309
- /system/bin/bcc -unroll-runtime -scalarize-load-store -rs-global-info -rs-global-info-skip-constant -o threshold -output_path /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache -bclib /system/lib/libclcore_x86.bc -mtriple i686-unknown-linux -O 3 -fPIC -embedRSInfo /data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/threshold.bc -build-checksum 2fa69acd
  2⤵
  PID:4328
- /system/bin/ld.mc -shared -nostdlib /system/lib/libcompiler_rt.so -mtriple=i686-unknown-linux --library-path=/system/vendor/lib
  2⤵
  PID:4350

com.thundersoft.uhome:remote
1⤵
PID:4497

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.thundersoft.uhome/databases/bar.db-journal

Filesize
512B

MD5
699162a1060fd5e03125d1fb5fa1614c

SHA1
f8c63771cce34599b4fb99423a2e903bd8e8bc93

SHA256
ea95ae48856c8e73f203f05a9a2cafd3573c37a05de30dedf2b343a6467357ba

SHA512
84b215eee4648b8c86a5e37c622184464a7a2b133dacb652e00f87e03561872caa3af2f29e7c481b5481b2a77156b77bf573565748aa3ec4b5f959d8435f5079

Download Submit
/data/data/com.thundersoft.uhome/databases/bar.db-wal

Filesize
28KB

MD5
9afd2b93bed9925ad13de427bfc98efd

SHA1
0ab88059a5e446315b15b9e7b88f66046ab128c4

SHA256
bbcf687eadba748453e286ca4d91d3da4820913f8b932883728773bf602e54c5

SHA512
14f0ed0fc2b527852a731df445f05be6d623be12836d2b24cf2c58a67a8ae3c6d6cdcd9624d19d7d4d4c9aff465ab1a8f78efb9a5d6a5e3310467b0b544ca894

Download Submit
/data/data/com.thundersoft.uhome/databases/launcher.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.thundersoft.uhome/databases/launcher.db-journal

Filesize
512B

MD5
bae9032d89ee980e381a503ba3db4647

SHA1
a83778d54001eb07b8009f3e595e2c11c0d21ef2

SHA256
434df85c98e7426b68d9a7996be6731efbdce95809310d8efeae9a15a9f085f4

SHA512
8f635e2a8d48f2e20f2c4638cb21bc6d4d9463cae8b6d7af3e978feedc20c06434e911523fb2dc0080e847b3522f44a3005233066cb03384c6a4b907225175a9

Download Submit
/data/data/com.thundersoft.uhome/databases/launcher.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.thundersoft.uhome/databases/launcher.db-wal

Filesize
28KB

MD5
9e615939e281d6518576572bda463723

SHA1
2fb56d9a2fc600bde1cc1d9a6a288a67aad7e562

SHA256
192d92cc669c5212299dd2fc8eea4b56a6649ff8b0f938ca637563c12dd0893f

SHA512
a9514ff092f575167173826136f3457a0e5056c8fbaed0e8ab3171f837adb87735148c82700fbf25a4a08ed2cb524cc12089ff82f93c2fce007383cf3880e164

Download Submit
/data/data/com.thundersoft.uhome/databases/notes.db-journal

Filesize
512B

MD5
5bfe367e83601da5e6a9a5ff53217705

SHA1
7b5c507100aae7a954f5864deba98fb582c53d25

SHA256
965f26f414a1a184ddd78ec941660f70c152ce4a3333c08cebad707e5780f729

SHA512
318faee0d52e905e8bdf580ab41fd0191d735f1b7ebfe8f5bfd072cd3072f8961861b56190204b9f5461706a60985ab059b2fa2cd0edc65af726ba3463d4ec76

Download Submit
/data/data/com.thundersoft.uhome/databases/notes.db-wal

Filesize
24KB

MD5
51ef40c333c9f42fc49f3d12dbb53819

SHA1
3825051e99e9fcf43df5657baeb4347feeb8ae19

SHA256
1aa1cad7e11fcda0b57cc9d3835a301e9f0b8562935f36a53a7167db7acf00db

SHA512
ddcc78e545ab076da817033b69ca3bcc3a4f95930842f66723cfecd62ec7a3c1b62ed5e859111aa8db64d9317a9c5c457b4748f703d8325b6ac7bb1b7d021f86

Download Submit
/data/data/com.thundersoft.uhome/databases/smartapp.db

Filesize
20KB

MD5
52b643f1da556dba564f9b5c63bd8163

SHA1
6a47a83019e72a54c586f423424a987a9b8b12b7

SHA256
b2c304a0094a25d12abf33bd879e0ff3feea7cf485d40e03a2146f7bca563098

SHA512
89729cb0233cecbde7a2be63a295017d964800fba135ebe25080faaacbcd138f0986440f6c0f53e14e469ca411d0c80c061e44d426acf4a50dca8929270963fb

Download Submit
/data/data/com.thundersoft.uhome/databases/smartapp.db-journal

Filesize
512B

MD5
ec80be1e5dd961453bc6122bb4cba168

SHA1
5d1adfd5e4a83c8c63c87ae2ec2e26ca8c462aaf

SHA256
a49e939bf8bfc00419e9f4553f1175ec1731827f179ad0ac99522ab96ef399e3

SHA512
5f39beea0f0b2ae869299845b6f6fd4aefd79d9802273b7da9f611adbd0e15804523f9be24e2a47c7e4a92855bd3092eed72740e72f8150a859c878d6dadcd01

Download Submit
/data/data/com.thundersoft.uhome/databases/smartapp.db-wal

Filesize
32KB

MD5
d230c01fc597f7e2b624b608f1b5b6bc

SHA1
abc6d37cea82cdf2d62d5e3d7c3549964a9c390e

SHA256
1110f472f678070ef5192aee1eb106c1d1cf4f6317bdf9f6f5f7aa455b071f0b

SHA512
3f827e417a49cdeec6348adc5b08fb7d09e23f782af0ac8de38d7545e05b06d6f236e63be9bcc155539c377f8dd3f57de2be010816c9b113f5332e9edf2a3353

Download Submit
/data/data/com.thundersoft.uhome/files/launcher.preferences

Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/data/com.thundersoft.uhome/files/mobclick_agent_cached_com.thundersoft.uhome

Filesize
939B

MD5
3bd0719f11529e9a982b0230c8074f38

SHA1
95df0c610f97c287f4ed718c5f02607a967075a9

SHA256
80c9196e96d87dca7cc5ccf8153b5e2a4733343c296a1052197dae6abbaa7622

SHA512
24eca3101d9b204f16c39ef410f230381b71fca50767114fd50b5e4619f869dedf934c6a002a392f84c203cbbb755941771e76f559ff70c297ec51eea7964860

Download Submit
/data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/horizontal_blur.bc

Filesize
1KB

MD5
9db479be847524b956ff270eb77f9f2f

SHA1
61021bd513a07d51fa7ffadbb1d3763acf590484

SHA256
87a05842e9d1db21dccce7a186c903872b1eb9648604f1e473acaf9985bea159

SHA512
fa43eeea297f98660d693099887324569f9f3080f7f9d7a61026a42dbd021bbd8904691590450ee43b82de8b079fa3e6649b47b6c24a802ad3b6315107c17110

Download Submit
/data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/threshold.bc

Filesize
3KB

MD5
030b5ed9ffb779e6e95fa1b45f7a6d15

SHA1
7b29f22e6f4dda109e5a7bcce4e69e5fc9607525

SHA256
9c31a8a0349318e53c8b9efc293b427e0dd6746b210b75fdc043d5913dc2e5a3

SHA512
128229ef31c6d85fc4533523bea69a019744d1547414f702962ef57115c05ec97711111caee1c9edc043b478852644f366fa83abadc7b872647cd2dcdd02ab31

Download Submit
/data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/vertical_blur.bc

Filesize
3KB

MD5
42be64fc1159ea752a68ee0299c8f24c

SHA1
907db0c44f6c7af340997e02f483f39063918dd3

SHA256
657c2130b5527be62484caf7ceb64bd55698ac1d5d1917af4320c68d414c1d45

SHA512
bafc8e7636a0b16ca0dad2a022fd942a3ed5e14080c875bcbab4cc7b4a3666d5ce7806e261b597743601e368d3dc956887430b270211b98db2d305e804ea0c8b

Download Submit
/data/user_de/0/com.thundersoft.uhome/code_cache/com.android.renderscript.cache/vertical_blur.o

Filesize
5KB

MD5
dd37be82e7fdf75cf0bdd81587480ecd

SHA1
d626c25df7b5f5e93da88b6453aba476b2afe996

SHA256
042f04591f8b52fd0338c205c91ced5dd8f5c6b9084df3c9f9693bc95b4f269a

SHA512
0aa1b92e6adf22601f544c17376ef680f42462a2e251d8079c773c41881821974989f4fa7f442b7acebed2017c39069e36c5a06da05e82d596087da1d3fffe6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads