a94b68714c4a14de238224c3bd942f5d25a70858e7b5bb3ef4c5fcfc0c065008

Analysis

max time kernel
4s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18/03/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4a7c26615886de839a437cc9e7b50bd.apk
Size

9.6MB
MD5

d4a7c26615886de839a437cc9e7b50bd
SHA1

d4b36aece666c242c17120202a57e2d343a3b596
SHA256

a94b68714c4a14de238224c3bd942f5d25a70858e7b5bb3ef4c5fcfc0c065008
SHA512

b2e4a1638e7badecb01dbd102554ef64712934885a60d4041c301408360cdb4482117af37621d2017b8a02aff4bd07c9875e17b879dd2aed4b5bbcb6025a1945
SSDEEP

196608:Y8JEzrIO/I3oSPjzw9c5UJINc2coiFC7EhdNPJep3r2FD:1urh/grzw9yaINc2ji+Eh1e0FD

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 5 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.name	com.coohua.xinwenzhuan
Accessed system property	key: ro.serialno	com.coohua.xinwenzhuan
Accessed system property	key: ro.product.device	com.coohua.xinwenzhuan
Accessed system property	key: ro.hardware	com.coohua.xinwenzhuan
Accessed system property	key: ro.product.model	com.coohua.xinwenzhuan

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.coohua.xinwenzhuan/cache/td_fm.jar	4266	com.coohua.xinwenzhuan

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.coohua.xinwenzhuan

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.coohua.xinwenzhuan

com.coohua.xinwenzhuan
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.coohua.xinwenzhuan/cache/td_fm.jar

Filesize
39KB

MD5
e10a1e9b299fd7b253bda9d60ee6c56c

SHA1
a6f0a6f555ff5c3dc38cccd4918a3af7b02d93ab

SHA256
0b62576fd7eab62a3d4303820114dce0e99e66a32a235638728824dcf4c74da7

SHA512
822ca0087c62e242ff751dbbe13bc64aa31ba213af8a23d820c536409367d84341f59d1d113b0d7067316a024f93985d7ce0fe7f09efc87747530d9b707f05e8

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan

Filesize
24KB

MD5
ba461feba545eb47ed569e896da43ac3

SHA1
cb467cd2b8c5bf2e52eabb827d83cbeef11720ff

SHA256
bce4fe227227b1a1c9320948221ea95467f82706fe1d959760032d8397a5cbd7

SHA512
6c5fb4f61d6fb15d4619e54d318c79adc141e719eb3cd3144052b54b40f47d3684c63bf783a949d9eee0df83e2766a1630324ced7f6960d0aff061b86b4b1d45

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan-journal

Filesize
512B

MD5
a67956c6936b8c71175a2aef486b1399

SHA1
0287ad8ba2b94bf0568482c24c0a3c3f5b66a6c7

SHA256
714f5dd3ce93782644b543be9a286cd71d2e91adcdbd38c98bcd617e460715ea

SHA512
4aac8e08f1b8e61ef33c6ff44c2538e04d64d6790e36c92b695836c324ab7554abf2c46439a4a404b37932815fd77f533eb3027a6ea5f2bf34bddd7a75acd53a

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan-wal

Filesize
48KB

MD5
6a307ca462d2ebddb4360fbcdd40832b

SHA1
5f4293184018a11ed89daeccdb75eafcae5b36a6

SHA256
3c45e06811a554363684b027b97a7d252aeecdc9f57b601ae32f401c94a9fd7b

SHA512
c311c010560190bb162e5bcf686b751fb01ead934c18c575193ac25470984bb8d60e371ad0f07cfd7c9d03b93d737458fdc307757ec5fe4c6600687a1bbacf70

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan_PushEvents.db

Filesize
16KB

MD5
3df1f73c1f257a4597640ea580a9498d

SHA1
ae61b6592520c03ace3ea6ee2fc97f4270b325fc

SHA256
292b796652cc1810e817e1239b53a91fd007da958fedad68348c5fe715443c71

SHA512
37af03242425f0afb3a98690ff068cd5784665e1e9989b0de94734aae61af05ddc78b374d52f26438b937e8eece0bb47eb91aecb636f4c7e11863300ffceaf4b

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan_PushEvents.db-journal

Filesize
512B

MD5
ede518df56409c79bcb14a361b1a059d

SHA1
393e4fc1b342ec09313e9d119a476096c5ecb04e

SHA256
faf16f67b42c6590a798bdef8fa4e93d1555cffc55d69826778c01b4e52620a6

SHA512
9e76da6b418c526f459ef56e2677d829b0b44458078af58b3fa7112482d4f4cc962f3235384e7a1accd635f234e7f24ee12948e1610b896097b5ec4c9ecde561

Download Submit
/data/data/com.coohua.xinwenzhuan/databases/com.coohua.xinwenzhuan_PushEvents.db-wal

Filesize
28KB

MD5
93f936357f2e55646516147cc5baa671

SHA1
cfa34c43dcda1c68a3cd4bb0803965e9d8ab55fe

SHA256
d3bd6ce05d17f00115f18cf9d156ed613830ac576819127b563411401c3727e8

SHA512
b3395d6ffbfbbd8f51a4e00c435cd8c53fa6f4833e542174e5cda97166111045cbae3a0029ff14842dadbb04def35da043bbb67f2b55fe114bd3b033b0ec09ac

Download Submit
/data/user/0/com.coohua.xinwenzhuan/cache/td_fm.jar

Filesize
90KB

MD5
d08b9363b0ab0742499b1e1d83b699a7

SHA1
101113cf0a1e2c3b29b692d872848d3725404ae7

SHA256
28bc93007fe6a59dd4fc3ca13e67cc81e898b6587f36dc3b42b2e5f74870d261

SHA512
0af3a8af71880942a4c9c3e0fb61d8ad2133ad267f95b25428849d7528929cb861737786cd87718e857fb39e39ab0e7c8864c31d0f01849532711b9ae8dc4756

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
4d5f894fc13bd9b75fccef64282fa470

SHA1
96ed377198755011188cd059068ff9b2a69fcbb4

SHA256
dcff4e1e82e80e5cdddd68a13bcadee79f470dee6acaf83143dbec80c6645896

SHA512
f69cda0d7211de9cfe12d20d0a9f501482a4c34a17875c5473fa2a0dda2bde22cf6fbfbbf23259472e43378ea8e4784ac6d35d04b6511c7bc8360aec41450dc3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
4bf29ccc6b438d7a1191c921a782322f

SHA1
0847ed7c031ea223c51679d2eed20ef991472443

SHA256
d5be4cb8a92a9da32abfbe18ddb0d6c4f49573a48b05b201ad2b74ea1a44d6d7

SHA512
c1912e89d48ffc1214525134e40bc43156f9108010537497f5a3c2aafd35a3f6d024ac03966075289c90c7e18e8c5ba0febe669030fa5adc62bb5bb7866e140a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
59c45f007e68ae99cf6d0126e315b486

SHA1
14e3a5517cba8136b581e7c3313fca23da5faba3

SHA256
73fa189c4eca0cd15f5e581e61440cdeddde42bc846d2be0eb65b7f32fc82802

SHA512
09a598b311af706cf3897236952c0947893755b663666a77c61c014563f8b328d828b6212d83d247e979e26377cfdafd3408cd03644f329341c19bdde1d15f24

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
9f55c38c70e46f2f517da0eef7eaf82e

SHA1
59577948092ce4d27c1906e16af42d332eb10795

SHA256
7e1c75e987aa71545d3656139a85b1343bf46281ff7a038c3cea1a7b5b970b8b

SHA512
f369f2c2e2e40642e93e8cb5bd21af4d7570741159087114b8a2e9547a74f74b79be7eaa08a4b9232ee7fad21eb65f34828f31ca0823f0c70e24ceb03733d6e8

Download Submit
/storage/emulated/0/Android/data/com.coohua.xinwenzhuan/files/tbslog/tbslog.txt

Filesize
1KB

MD5
50544e770083159049e3647e3db86035

SHA1
50b515919f7363f57396fc29d96e156eb16b5d43

SHA256
aa03334fc91349703264e65fa591655402daa6cb54cec6af87774b17198b54c6

SHA512
3d390d2ab1c665afaf1d950e54d882c5f9240446a60f73260ed93827325ea17734cc3687a3229c0c03e6fd9959ad3959360fd3e1ed7a308224d64c3488bbe750

Download Submit
/storage/emulated/0/Android/data/pushSdk/defaultLog/2024-03-18.log.txt

Filesize
1KB

MD5
5d223eddc404c85b52e9b29da829e712

SHA1
2b7b005caad7d30a8510b8955cc5784823f5300d

SHA256
52da7dade33ccada7b28005f7439a1e41419e99bf0aae568f4d433982b4ad114

SHA512
720f6ece05d76d302bd85b6774557b23234575702f3ecf67c918c0df249a63736a832a126ffaf5abf546045d652ff567ae1fd3ea3748c2b5cb2ec9020cd6f7bc

Download Submit
/storage/emulated/0/Android/data/pushSdk/defaultLog/2024-03-18.log.txt

Filesize
1KB

MD5
56e4c9f1a85ffd5e4260ad2f4eaded07

SHA1
8e25d1cd8acf7180314f2626215915a804c88815

SHA256
eddfa32389a9c5847c1dfd11c60d20b401e92232b77b0e03bd3863c67b99e989

SHA512
79c267eecb52ea78953643361b7b3476a813bf99fdf54b1eb683fe8f62ace67ef4c6c40723c2c15cd01d094221a88796313e19ea84178be0f7697a229c5e2692

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads