e98fce7cd2dc59fdca260d6b8bdfbf314079262ae634301c0d372c7a7a2f6f0d

Analysis

max time kernel
148s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
15/03/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbb813ece729c2248f0e961c2db01593.apk
Size

14.2MB
MD5

cbb813ece729c2248f0e961c2db01593
SHA1

76a4357ff490cebf1210a4341b83ab33da66c953
SHA256

e98fce7cd2dc59fdca260d6b8bdfbf314079262ae634301c0d372c7a7a2f6f0d
SHA512

35c6f31123a4af3fe4abdfe9d42e7fd5f3037820f57afd9eb378f6b7961ae83afc827f3a7521361aaf26a62e51fe203b62e835bf59c829dc9876433e57c0d7c6
SSDEEP

393216:qDCVuQFMM/w6jlB1jWmCw0YI4QeULmhdTH:X0elB1jnGY6eL

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gootile.tongbuquan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gootile.tongbuquan

com.gootile.tongbuquan
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4231

com.gootile.tongbuquan:core
1⤵
PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gootile.tongbuquan/databases/RKStorage

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-journal

Filesize
512B

MD5
cacafdec18ceded9c3a70693ac89f841

SHA1
f9bcc8c91b71fdd801ffc2ec4d131aa5ef197a73

SHA256
0476515d27b7cd1e68b171dd61649405d6f0a814d88af51b335c8b746083a9df

SHA512
df1a459d9b72ca0652c3368fabc017e361a36b673c672c1989d2ecd6238e8ba5287b744780d95029be8198a96260c24a6b2b679e1990bfd2cdb604fd22b5a9a5

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-wal

Filesize
32KB

MD5
a549dbc750d7833e74a131d53abecc7a

SHA1
3c9e4d280bd14cf561819511197eed2f745153d8

SHA256
f0e111b14951f6193483a00126c42f9344c024a141e09b3eeb411a68367d88fd

SHA512
acfdf5f41b06491d54cb4001124fca7e2983949d49529796fd2fdbeec2b0abfeb25eea08baf817e7914cc24b783d8cc9fab8fe1d3fd57c56fc0f7c96af2f687e

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_deps

Filesize
152B

MD5
3f52821e98afa3f139b308c4ba33ad42

SHA1
939b52bde366b38ddf662f7db4e18d634c0ccfe3

SHA256
ed324c3c420eb5d63e8ec1d09d0d2edf4d551f3a8bed04089734bb80ca0d1ba4

SHA512
508c1e7ae9f9be5fe0c6786475da78d1748795a45b78833d0000430033d78ff48b5174a9f6d0c15e41ed5d39c7aacc36c89743d94d11e0c8f95502242adffdd0

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gootile.tongbuquan/unicorn#cheese#

Filesize
746B

MD5
c0d849403c00fdc1030957f36a982874

SHA1
300409b871214b413939ab430c808a0b051822ab

SHA256
880c245cb1373787ec7c7b0630890510f9e729afa0baafe678026357b7041186

SHA512
943454e844c86400edbdb40074ef0fac37b31c2dce24b8dfe8e9b74893c766b9fb3f4d3c9ff6452e55b090b7f38ed20dc5e7cf816dacb5796252690f72974b92

Download Submit
/storage/emulated/0/Android/data/com.gootile.tongbuquan/files/com.qiyukf.unicorn/log/tmp_u_20240315

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
a93a271e32f0f95db60366db796af17c

SHA1
b2c89cfc644e99ac40f548e8df55a1d3370e42ed

SHA256
086182324d826bd40b2c079cd3938b7b41c44ab0313322aa6ebe0648806d2fc1

SHA512
93f6004b3a02f908ce1162b2b8759b265d320520b19f7d4f21b88a64720b0b87ba6e0c92c89ed087cdf8c3d64065715d550acc67d1750747708207d05572315d

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
a159316a0e1a23a83e05dde6ea71353d

SHA1
2a812737599dad68169b29a83f578c0eb717e245

SHA256
b5af8edf292ac77bbb4e2d6685d17774b992c5972fe5d90154204e81a06323dd

SHA512
11b032c390c0da7868ff615f6cb6b919129c8e2fb6152b568417d3135115161ffa209eca7b2d007ee304621a50500a2950572299cde1d47c4b0aa350ba77c65a

Download Submit