f95773e8a95f52babbf28ee44b17d12a5af6b2f1983b89a4b479675a1b177992

Analysis

max time kernel
3s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
16-04-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29e10e48615c69ef475ea6f203d30281869f5a1979e1e15b84bd74c0643f76ee.apk
Size

4.1MB
MD5

4f9b84a780b172905aa3bbb23797dc21
SHA1

791e0d2ef94162227d588df66918dd4fd5301c8e
SHA256

29e10e48615c69ef475ea6f203d30281869f5a1979e1e15b84bd74c0643f76ee
SHA512

f5b3ecfc1486ea1c37f09c6bf9ba0e6239885e4a92db589f19ecf31048b47ec8bf575cfb4ef6cc3e74b63bcdcd48e0b6d497a9bcac618bd690aeaba39fdbce91
SSDEEP

49152:xKjjqMqY4nCZcomDQyhFvLkuN8KYn+xETg0pJf2wc8ljXhe7sxkk+j7ZzwrUYisL:+qMqYS5oNyhFIz+MvvXFkk+JQUY0OtZ

Score

6^/10

discovery

Malware Config

Signatures

Acquires the wake lock 1 IoCs

Processes:

com.lyufo.play

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.lyufo.play

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.lyufo.play
1⤵
- Acquires the wake lock
PID:4698

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lyufo.play/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/data/com.lyufo.play/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
470f18ead9b4926e4726689c534ce503

SHA1
4128db75c2e0809641e00656808baafa96e7a5ef

SHA256
d3a7c46db815dcb7bf2100ed94e25dad9324998457aee35e5ed29e97fb4272f5

SHA512
293168033b4649afd07934ffd0de70884eb9afe6e71b30a9687791233ad4e87e92990b622af8d95cdf001e626fbdcfab3d3c541079f97dcac5440a2f874ff8ca

Download Submit
/data/data/com.lyufo.play/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
188828738274a1a7b50526e06a51852f

SHA1
afddc05418b254a0004ea13dac7eb65122c39212

SHA256
3f5789bc41424576fa92a876f9aa520c2eae7c40791c2f0315342b991a189819

SHA512
eb0619dfc9910f4ce569cb236f288e7073e8a4bba788bb754c472ab4592e39f5f2af0a0cbcfd653fc7852c8bdf4aa114ab67f97657d50ca029c060b73f38c0f0

Download Submit
/data/data/com.lyufo.play/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
474d48a0fb6fc2c7aea77ed38c3e0078

SHA1
89aa90b78c01844d56cf33a89fcd39a2472de637

SHA256
430411db67404d8ccea8e5b1617d4ae32ff5f67891967fb6eeeb04c2fb5083bb

SHA512
e43750f27493b223d2ab6fec95eecf650656cca0e3a22a59a858e96c13eeb8a06200443a9efcff238befeadb8bb6b4295547541d9d644149a7540564bc2a56e8

Download Submit
/data/data/com.lyufo.play/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
a78f79653ff92d9fa30ce0d086dae825

SHA1
42ca6b71754a7ee7f5dfaad1d471271156386ab5

SHA256
cc53aa9caa2ac27e7f2372fbb4b597e1f6b3b09b5b0c19c4cb2adb182048864e

SHA512
ab392cd6d2e5b0aed711f518cf27f9cf243d38c28381131199b9dd2b902575bac7813e418fbe5e7253c8436a6061f68149d26b5007fbdd63681f856bf844f577

Download Submit
/data/data/com.lyufo.play/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
689061dd8d6b29ecb49900d873cf5280

SHA1
66fb52665573fb3d9a45b8a0c8bc60eabbd5613e

SHA256
65928438998ee2fbb12caa580a5623c8cd9ae30099a901385b50f187ab129516

SHA512
7f2a9819b5dfd87af3ec272d71533778e7529cbdf94ea10fd59b17f0b58849720915c2738cb718fe0dbdadb12d4740c5d71ce33bc53464a812f04bbba5e3d3e4

Download Submit
/data/data/com.lyufo.play/files/PersistedInstallation5252176699116086768tmp

Filesize
90B

MD5
aad6ea410bb7585b7fe34845bf332fdf

SHA1
efd6a7cf72914d0e5aca06a34a9b842fe267c4c8

SHA256
07d8990bdafe85a67d94678d4515850fe8d2f53d141b378087451ea347d37c42

SHA512
b69164314c483c3558fcd38362b5ce7642181cbb613cccba2d6d099e3ba07d47973fa295b489833b44c0da94607aff8cae44bece446d156b5d5063e913d96354

Download Submit
/data/data/com.lyufo.play/files/PersistedInstallation8058692220805089061tmp

Filesize
569B

MD5
95b952ebf48ce89f9bff0fbf7b382764

SHA1
7a1fcd6b0b67335ce9f4ef9961b821a838a35e61

SHA256
2ba9f4732792ff433c2040496ab28758dc351385f9f023c95c7ace07d8798f06

SHA512
f0eb48229014b41e39eda667bcf807c557c0bc9fd04777df0060b0b52293847311e6b01cb3f6fc804778cc4611d5b065a0d0171673d1a4f65b2adf4ec2a59e45

Download Submit