e98fce7cd2dc59fdca260d6b8bdfbf314079262ae634301c0d372c7a7a2f6f0d

Analysis

max time kernel
148s
max time network
159s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
15/03/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbb813ece729c2248f0e961c2db01593.apk
Size

14.2MB
MD5

cbb813ece729c2248f0e961c2db01593
SHA1

76a4357ff490cebf1210a4341b83ab33da66c953
SHA256

e98fce7cd2dc59fdca260d6b8bdfbf314079262ae634301c0d372c7a7a2f6f0d
SHA512

35c6f31123a4af3fe4abdfe9d42e7fd5f3037820f57afd9eb378f6b7961ae83afc827f3a7521361aaf26a62e51fe203b62e835bf59c829dc9876433e57c0d7c6
SSDEEP

393216:qDCVuQFMM/w6jlB1jWmCw0YI4QeULmhdTH:X0elB1jnGY6eL

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.gootile.tongbuquan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gootile.tongbuquan

com.gootile.tongbuquan
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5036

com.gootile.tongbuquan:core
1⤵
PID:5170

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gootile.tongbuquan/databases/RKStorage

Filesize
20KB

MD5
f4652fdafe0c0060f572bfa675e8c054

SHA1
d0e520b53184fadf371229c52ee66b60f3925839

SHA256
75561af4813b5b1cb417aa5d9ecdd41243246e7649f161d4782fbc676ee5e946

SHA512
2ca5e31c8ec2e0df99f58d552812491e78d88d3b8a828ae21015320d1db2a6fc6cd90e43e1a44478d41fe527f90f6c03bf5bf36afdc9e0ab54c99c06c3b099c6

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-journal

Filesize
512B

MD5
ca165a8224de7f24e63fa473ed1bf5da

SHA1
0f23cd014d598cfd03022f87cafbfe352fc885c5

SHA256
1cbdc4484ee0115e915982d31dbbda5e619ec4ec1280d716668feb56d99c3e48

SHA512
5e40a66d90626268a1d17f83248e5f931680f23805e0f5625cc6ca89da8d8a6afb870acb40d04d0898e65901388ecfcaeb0a3006824741c2b6939f2b4258d2f8

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-journal

Filesize
8KB

MD5
7265ec199dfe997cb0238142a533e683

SHA1
510193b9afe046e3bca47ec7c3210dcc6eab9df3

SHA256
a6c0b12911df0025fa22c3fe954c79e6d86d3fcbc72a80aa2e12170901239d70

SHA512
345d6ee1cf982fe92edb642ce6fb358e0ba11a89dfeec611ec740f1c939b13840500d60f399d9d330a6d5c3b9d7fe2e20414a0854b1d3e68adfad8c4e3246a29

Download Submit
/data/data/com.gootile.tongbuquan/databases/RKStorage-journal

Filesize
8KB

MD5
7f66d4ecb94f985db2ef655d83516e7d

SHA1
1bdb45eee4aeffa2371851faff067d849b49ac75

SHA256
c157e447b7db24e8169d9036a32e136bc1029c4630f759aea3aa3f7a82033aa7

SHA512
0fa21bb580069461fd185cf9d8c6a1a5d9c4a2dec11fe93a31d8acd580e0ab9451a952acbb7993bd52258c60d16a19208e52bf0b41bdfaced1e32758593381d2

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_deps

Filesize
152B

MD5
488cdc50c68a7aa143a03f11af7e114d

SHA1
f21a62fbc8c26830089c87889c32b56558d2ff22

SHA256
2c274c358d00a26cfd9c452df4cc0f188549f6a2246e9bc0df112d2e7adadb88

SHA512
45f9e9245c0d484d76cdde9985da51ed71ff54bc307ebd36afcc4e44504eaf7139cf56445efdfecc20e0e04513aaaa521a62cb865e4f2bcf69183d084f93362b

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.gootile.tongbuquan/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.gootile.tongbuquan/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
f7573599bf2083faba5f13cd4ac29301

SHA1
19defd928a865878b9426dc61b8d4cb144a7ea0b

SHA256
9528537e5b470bd0c4341a4f2a0924336177ec36c1ff5d3a7868148311406a59

SHA512
ef03fc86f8311f32bd7cfd2c9c8b77130b0fb1161e620d3c468cc8cd0dc19f50d966fc04ac7b102ab1a285c31edaaed84a13589984f85775ae595228dbd6cdfb

Download Submit
/data/data/com.gootile.tongbuquan/unicorn#cheese#

Filesize
746B

MD5
c0d849403c00fdc1030957f36a982874

SHA1
300409b871214b413939ab430c808a0b051822ab

SHA256
880c245cb1373787ec7c7b0630890510f9e729afa0baafe678026357b7041186

SHA512
943454e844c86400edbdb40074ef0fac37b31c2dce24b8dfe8e9b74893c766b9fb3f4d3c9ff6452e55b090b7f38ed20dc5e7cf816dacb5796252690f72974b92

Download Submit
/storage/emulated/0/Android/data/com.gootile.tongbuquan/files/com.qiyukf.unicorn/log/tmp_u_20240315

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
ec815665e497edf445c3bcc6e3891583

SHA1
0d97ce2d4ee73a384326662ae349be394d4180db

SHA256
cc50bf358ba801456b8c49bb4bd4877c8a04f94c459c64cdcf93ce4ca768004e

SHA512
5de5fdbbdd64105ec88eb8bfa4ba94bf55ec7577efafc943b65b8ff21b47492c2d1d6a51332903ac7d4e276b2dc798a1ef5125703cbf543400261708c60d2165

Download Submit