b12ddf2079cd8e588d406654eff4876e1642271b0d390ea66a344c8b7df2de73

Analysis

max time kernel
50s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09-05-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VqsVirtual1.apk
Size

3.0MB
MD5

6bb4b69cc2285d212d93831fe52bb6f7
SHA1

725bfd49a206f4d347d7105b7f278a4dc9ff5ddc
SHA256

4a12517417ce94bb25090760e60a92cf88b53479281af3f4e5104e2180410986
SHA512

ebc5f919b0c631eb791da1ac09c16813becac83189f67207a6d5b7d5391579799e2a17d8f6febd7b4cfc8afd798ca91a2c36cd084f93a442e88b0c9cf3b8ee18
SSDEEP

98304:LRKaWLkhyUnCnMeGnzWGLATAS4V0FvFP2bwojGy3m2Iv:LIaWLOnmMeGzWG8v00hFPHojGIIv

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.vqs.livewallpaper

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.vqs.livewallpaper

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.vqs.livewallpaper

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.vqs.livewallpaper

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.vqs.livewallpaper

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.vqs.livewallpaper

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.vqs.livewallpaper

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.vqs.livewallpaper

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.vqs.livewallpaper

com.vqs.livewallpaper
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4505
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4615
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4634

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vqs.livewallpaper/databases/ua.db

Filesize
24KB

MD5
e44210034ca642cb4d50d5327becd1be

SHA1
0396f8f038dfe8d30497a476958651391556e0ac

SHA256
c3022129168677957f42c537a04c5a3367973c8d2f99be46083c4ee7eb47c91e

SHA512
98fb0069cc31821b77b848e26b7a9e0b0ca27f6d0b11a04b220a00b437cf1e360c25d5eec2cb5e7cac8897bd72235f3961c0990742376f9e2e9992f5c9d31c65

Download Submit
/data/data/com.vqs.livewallpaper/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.vqs.livewallpaper/databases/ua.db-journal

Filesize
512B

MD5
90ecb185656dfca1089b38981493acf9

SHA1
f6bc98964a02d2140143362bc951d37e183cd49c

SHA256
3e5a57ccaa39bf66402cb6a30c33cd0a929696cb3445adc6b77a6a8a3c2c5c95

SHA512
eec9d99381c83db2229ded5de085b55c17b672926e47ef529d490594df842a12a7175bf704ee8f360ac14902c8e5a0e899f7427cff26b51f83a9deb44ee2d1e6

Download Submit
/data/data/com.vqs.livewallpaper/databases/ua.db-wal

Filesize
12KB

MD5
755bbcc16ca7c230c96478d93684028f

SHA1
12500935f9f263494a778ddd148864531c356030

SHA256
46a6cc23b8a89080f99c20e2c7bdf40e5e310408fdc5c7652aa3c50455fc29db

SHA512
2f327fa46097dca177446911e174876d2f13e949fb0be57b475345b10556148779c1579205586755f52375ba83c62be7c57729a00d288d1ddffa8fe1969bc1e0

Download Submit
/data/data/com.vqs.livewallpaper/databases/ua.db-wal

Filesize
48KB

MD5
11d13f87411b6eb7b88ebae9e0d3c18d

SHA1
b0fe368b1820eafad98319dcd9cf0a57148ea1c0

SHA256
c4d875c733fcc0deb637b09676fc4cdd162ef829aa9e93e232ea0897f05c8948

SHA512
8065c870395392f3f52841b73ea5a8f445bc6ac905b03d15996b089c7ad73c42441df430bb90f5e1bdb397714f3df806cba24330fa08a96501561dba3be981db

Download Submit
/data/data/com.vqs.livewallpaper/databases/xUtils_http_cookie.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.vqs.livewallpaper/databases/xUtils_http_cookie.db-journal

Filesize
512B

MD5
0947a51a7e6d4222fe65b76e4c85751e

SHA1
aaa824ba05f8d487d99c4e6a00afb346f167ff1d

SHA256
84dd4fb98f083f0995df5e34c4c2e677c6855f55840b1d0db1c9de462bc1db7a

SHA512
e3592f0ad17a6bd29eaf18db70a338a6b58583705587b36051be91309e3b22196b687d4d65a486e2a2963f2d296e9937f00bc31aed1a5bc1a24bfd7271fa1aaa

Download Submit
/data/data/com.vqs.livewallpaper/databases/xUtils_http_cookie.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.vqs.livewallpaper/databases/xUtils_http_cookie.db-wal

Filesize
16KB

MD5
04f0054644c8280cbc81752e85f5aed7

SHA1
4fcf1c994636b24fd9d023d8bb2d0a0eb3f7106f

SHA256
52c2321901c753f1549a32038adb28872ef15954ba0451db93c68ff8d17392fd

SHA512
13d12c710acc819173a97aa8df34b6f435c50845d91b94f5c22ed64750287ea585c771875195aba9a4299ba6a482bca21be97ed6dab95542751465ee07574060

Download Submit
/data/data/com.vqs.livewallpaper/databases/xUtils_http_cookie.db-wal

Filesize
4KB

MD5
cd6a50c9a5d505f292d21668a087f650

SHA1
307f3f05351de277c5d056209d8fdd924f141b61

SHA256
9e96cd7042b39b69e1be62bbc41d7a9f3d2320b78f3d1355809547d79f501443

SHA512
626d96f9883e15f909b2263285acbb382499ca564a857cf127e36692118cea3927a0419473e495ef3f7dad4510b83f68d944ab7abf61038931cf6e222313a346

Download Submit
/data/data/com.vqs.livewallpaper/files/.envelope/a==7.5.1&&1.2.4_1715225740148_envelope.log

Filesize
1KB

MD5
664bb364829ef0b35ab975cc609b2a41

SHA1
eb1626eae1b2f22d5ece869efe35e9fe9a9a8f1c

SHA256
89c2f3dbabf0c1a839b79a742448453853e8a5c905a5a08672a87efb37386647

SHA512
6b46f79bddf5d8c7c5fe15f15e33a5a8ff4d7c9797643a76e9b278e3c73ba2801e2377a18e14eba275d741becfef83e71aada8a279878a9dea4a485429e8b450

Download Submit
/data/data/com.vqs.livewallpaper/files/.envelope/i==1.2.0&&1.2.4_1715225741268_envelope.log

Filesize
2KB

MD5
def0109d9fb028992cbec8c871f8739b

SHA1
e98ce051a7ce1e63bc99b5b65bf645edf80e1c8e

SHA256
d9941ef50f84694e82b008ecc32394aff3b59df93455a9c15220c4e45c8a35a8

SHA512
14f8d1619b94ed13e2658e35a5798e1a8b856dda838811b84d1efe5702b1de2e4e910ec5532c95ec709dc3c488cd0faeeae1154aa2f09dbd8d146b4ec9636a16

Download Submit
/data/data/com.vqs.livewallpaper/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0f42cb4c03f530ec69771316161688d1

SHA1
feab1c9e36e0de2f9bdfc9f06f7cf7ef4a897152

SHA256
8a2f449a8f8552698d914557b17d604869993e6d1afe0041edf0af789572e7a0

SHA512
32afe4db9176bac4974490fd33a5ca30f17947de5ba8ad4071697c1042e4797efdea34e1798db21308d2e5538f73e791e3b8cde323d5c1d283886b94f2a20566

Download Submit
/data/data/com.vqs.livewallpaper/files/exid.dat

Filesize
58B

MD5
e7b115ca78ff184ebac98991c5620f71

SHA1
cb0d4bace577f7d5e2dcb13349828c1f2e367b44

SHA256
aca5cb56380f2e2a69b57143dfd3f68a67310da180abc4bf16ff59bc0d20adf5

SHA512
6e3dac7446733a705b02f081fb9a87de3906105a2571e006f4ea7ff37ef64f6e70507d4867d160e51695c88f1c63dc4dc44fdfdd340fb2cb75246fbf4d212dbb

Download Submit
/data/data/com.vqs.livewallpaper/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1MjI1NzM5Mzk5

Filesize
1KB

MD5
e97a4be5d6df1c179808ac344eb65b72

SHA1
572c6313b96eac8d2440b33c9c9ce750bd59d24a

SHA256
6a344509a23a544a3619f68ef735b06c4254a931d6ce04b3b42fa16be7e49d2b

SHA512
f6242633e5c265cbd5a1603159168528ee30571e7553f592d0e4747d546a8f77b1301759fac50b2b4a9b944109a149633b99768d0be59a46022fa9ff8dd189b8

Download Submit
/data/data/com.vqs.livewallpaper/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1MjI1NzY5NjE1

Filesize
1KB

MD5
6cf2cae4380f0458e00524b1f67ab665

SHA1
6f2bece6dc1709335d776cd9c1605890ddd9ac40

SHA256
bbdec019d09750bb35cdff534cb9c93304f265467481d536607b94dc8cb44c1b

SHA512
32e5736975d9105146fc0535e0eadd3fbb2a85cdb3fcf4431ff32bac2bf89a7ea72982ce599cfa0ae284448fb83e4a8ebe7df408bbea629ba9a7b1244df60bfa

Download Submit
/data/data/com.vqs.livewallpaper/files/umeng_it.cache

Filesize
415B

MD5
01925b288411409e1ff19500fb28cd38

SHA1
b1d070e37248b87aa978fa0317f8cd96c04fa834

SHA256
00721408465e7e2c4d9e22d64cd8aae0cb2c804f85d96b06adb242368132584c

SHA512
9f0906283d1ee26089b0195c2479b22771b6681f4129fec2ff7bca1acbf734497099fa2c446c6db5b6a44502c27e8028c4bb667a7a56a9510ab399a03b8daa70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads