a754307414a4467ca04a1d1a70c30ae23b8e21a1ee8054b1b092b437631adee5

Analysis

max time kernel
138s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-04-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.7MB
MD5

f166fff17a539f053550965c87c42054
SHA1

8be071793576b6e324db218f02a017439fe826a3
SHA256

efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
SHA512

26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
SSDEEP

98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.muzhiwan.market

description ioc process

File opened for read /proc/cpuinfo com.muzhiwan.market

description	ioc	process
File opened for read	/proc/cpuinfo	com.muzhiwan.market

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&com.muzhiwan.market:multcom.muzhiwan.market:mzwlogservice

ioc	pid	process
/data/data/com.muzhiwan.market/data/mzw.apk	4633	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.muzhiwan.market/data/mzw.apk	4252	com.muzhiwan.market:mult
/data/data/com.muzhiwan.market/data/mzw.apk	4310	com.muzhiwan.market:mzwlogservice

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.muzhiwan.marketcom.muzhiwan.market:multcom.muzhiwan.market:mzwlogservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.muzhiwan.market:mult

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.muzhiwan.market:mult
Acquires the wake lock 1 IoCs

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.muzhiwan.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.muzhiwan.market:mult

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.muzhiwan.market

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.muzhiwan.marketcom.muzhiwan.market:mult

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult

Reads information about phone network operator. 1 TTPs
discovery

T1422

com.muzhiwan.market
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
PID:4217

getprop ro.board.platform
2⤵
PID:4351

com.muzhiwan.market:mult
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4252

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4633

com.muzhiwan.market:mzwlogservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4310

sh
2⤵
PID:4556

su
2⤵
PID:4590

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
42KB

MD5
85d09558a30b56872ec4df7909292387

SHA1
799259262e84952063d2013b843285d4b9865c5e

SHA256
abffa567da8045874417654e8a98ef889f729455aa0e48b11a89b95e386e0ef8

SHA512
3a97ecb531586f8b4d85877a2bfd5878c0b63c99ca12a6adb06d143fc676f67a5ee060e25a730c36eaa9693ab15048782f1810e818f5fd8005c60dd9465fe755

Download Submit
/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
17KB

MD5
d1a020921eff5f91e5900a64bc558eeb

SHA1
f03fec1fb79a3b528aced885a8e95fb0a7eb01ef

SHA256
de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6

SHA512
17f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e

Download Submit
/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
17KB

MD5
e65188742e10046597a4c648d045699b

SHA1
37b2f1e3e89d3b0d8683737ccae2ee725e82a312

SHA256
d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

SHA512
3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

Download Submit
/data/data/com.muzhiwan.market/data/mzw.d
Filesize
59KB

MD5
08bd167a18ea9107699a99290667d430

SHA1
24ea26b18af4d0340653f75bed34185710fdd492

SHA256
cc2813abbe7d6d1215ec29c421ea986f8241cfc781276c812a455e6748d36cc5

SHA512
aec4ae1588e2c1915a261d89472da0947a1d268e4025f3baf7bf247faa31fe636e36b7cfb0d7c86b6b711da5644cbedf651b59690566ee7ed7ab7e728560337c

Download Submit
/data/data/com.muzhiwan.market/data/mzw.g
Filesize
42KB

MD5
31c07ebfd99e7a6fa40025c33e486e52

SHA1
4f35868a9b70906caf65444767ca7900ef332058

SHA256
a872154216d0fcfcb1259fe494391689046c9c0448f16dac46760aa427be714a

SHA512
ab83c98ce86d8c7cf1f9394af46337ddbc04d68ee5b935bdad812dd570beceb865602f12d620f974a0796d678f1580f7afe4a7c4e8864ac9e8fdb028bd381b01

Download Submit
/data/data/com.muzhiwan.market/databases/download-journal
Filesize
512B

MD5
9af2b8d5a31e84b8ab058be1a75a1807

SHA1
b996e36b8fd51578fd23b2c65c6f2d80e4b8f4a4

SHA256
9fcee8db16115f11c504fdd5e492584fbe5394c6214d05f2a1e0ea27012b3362

SHA512
e58e46c63b3e80fb71365c0afb36765cb3106bd3b231b63555fb6b838fa4fef59cc8139d44799aa1c44a1294d2562102b547b58475b366fca043fa6bdfc4f40b

Download Submit
/data/data/com.muzhiwan.market/databases/download-wal
Filesize
28KB

MD5
33fbc0a3ee7bf4eadde79364ce8db368

SHA1
3d61d8ee1d543cfd0dd9a231f245f481afac8ee1

SHA256
d2de5582316bb739a5f003b981cb8c0839ecdbd26774c82f05b2e0a324215856

SHA512
d4a7e56c03b37fa7c4fd9f78cb32306fd5cdddae324a06d4d4bf2d1d402d7d6dd1b4ff6279390909ff0625fd6fdde5d85929b91f84b351f67b2212bdd95d714b

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal
Filesize
512B

MD5
d4dc33a71974cba1adc2ad962e0a1005

SHA1
32fe4fefda0eacac1bd9a7ced384edf6ecac14fa

SHA256
70d620e217d39292de1ba60c1bcbb0621486d891d7d6b3176cc2464d139efb88

SHA512
7203d4f65f5d51a19527f30084662c1643fdec1a6335b7ebd5a2687c4abacbd7b83037afadf2362128953414e8c8a7716b88adc030bf6f64b8659d7708ab0a9c

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-shm
Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-wal
Filesize
28KB

MD5
cc29b620e175e810d884b147da7181c1

SHA1
3bb1bf8c5302102fcac8c0aa81adc299f74ee887

SHA256
b9c06b12ce1d851e5443d8db3884273bbdf530d067db3df3964bd792e59453a5

SHA512
0667690d1defeacd699ccd29270e000946dd887b0179148aaf0ab85b283e091b21bcc8668596f9f3799db11690ae85c0df13b0d59fdbf99db097d10c7ce55342

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir
Filesize
5KB

MD5
95e8c0f41aa8ccea981c9893e0f72d30

SHA1
24cd083f7223552130189adc3ec132c13d33d877

SHA256
9c7aa4702a91892412cb4b3974fb525b9b088d745b7c236c85d7847c140ae743

SHA512
98b2aa33eccfbfa7fd849dcc3470c9433c6446c8443f42b4614354100139ee11c5ccfc087ee1ebdcc3d7994109ab207422c347fcfff9fd885cc9a5e88d1a8bf8

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal
Filesize
1KB

MD5
0a33fc0030b842efba5b056c85abf15d

SHA1
0fb77f4db742dbca10c6a30e997037664fae36e0

SHA256
d4562c8de2eac39c2d3fb306b66bdcbce94515003bb41e72ad90564fab23a0dc

SHA512
d07bea5acd094d9526ab1f64c6424194c1889aec10504eef9a545859a8a23e5b10d89d5543df4e8f2e5fd5206dbc1f43fd29999d3e31571117206c0421f2abb0

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-wal
Filesize
3KB

MD5
92fb187a06b9bbe618109876be17222e

SHA1
1d717c050dbe68d0db0c2b935d96db26b449c2ea

SHA256
a339dac97f0945df94e9f8e335e16a8abb8b00cff5284e80e9c8b0715418a166

SHA512
339fd20fc4657f69a84c5118171b1842917578dcfa47979ff869072618adb00ead323d014497f4fea04adbf7307e87fe02a7cedf8f82de8d051650ab14d1d788

Download Submit
/storage/emulated/0/data/.systemmac
Filesize
5KB

MD5
72a239b77072f4a325001408279d8756

SHA1
779ff775879ecb0b2f0778ff8311de79b67eadd7

SHA256
17adadfbe797cc54277c3236e9a84568c102dfc63c54ed64d073d02b6424e885

SHA512
9087ecc8d32faf66d91b1f10cddcc7c8cd7d28d28de9014f08413cad8904683d3b81cd75b25892f5342ff4b8f013fb46edf97bde91648ac1dd48d44db7584c7c

Download Submit