dfbfcb106b992394201c523c5a53a0847d9a36f844724435cdb822fc5faddd4c | Triage

Analysis

max time kernel
48s
max time network
301s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
14/05/2024, 12:54

Sharing

Report Analysis Logs

General

Target

3.apk
Size

55.4MB
MD5

564db55f4d3264e1c9f68c3d0d927125
SHA1

17e1da8eb4f96f8942c385f0b392b4b56c3590db
SHA256

dfbfcb106b992394201c523c5a53a0847d9a36f844724435cdb822fc5faddd4c
SHA512

aa4d7286e1e230ca398da7c60a45c5b1a8cecd0811767e63631809fdef3ee00cf3f7ed7bb7b43f8aa3ce15f8b61d18cfbae28b3426947c549cec03852f904c98
SSDEEP

786432:CrSP/Bk9vOuEN7AMIIpH9PR8BxmFhiWQq6aayfDct4n73YcLAP8Ip98xbocbXnxF:bebU8qH9p8BxpfZyfDc4Ul8iG7xF

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	com.csdf

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.csdf

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.csdf

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.csdf

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.csdf

com.csdf
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4203
- getprop ro.product.cpu.abi
  2⤵
  PID:4243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.csdf/app_tbs/core_private/download_upload

Filesize
56B

MD5
19fd171e53f0786ec1bfc8c80a6e4141

SHA1
42498022ed02c0bace9728c7227384adc0108b1a

SHA256
0eb730c63079ef504ad0eed28bc3615dd1551439ab5fb37b559d64f4269ef1cc

SHA512
7423fcb042e7879eede93b17c17a0af5e0a02c4484170a31eb1d6f32269f3761f4095a8c18ed1bf0c44d8e0a2df92f16597f10ac3be424ab97b0e298dd2915f6

Download Submit
/data/data/com.csdf/app_tbs/core_private/download_upload

Filesize
56B

MD5
0f0e38c8a44db6068b3f3b0affacb654

SHA1
5ab430e1d6bbe73670cb218030600074ccb14938

SHA256
6852e9bf67f735ef3940734f4f1a332d324b4f7cb332cbc6ccb631d1b3d5a028

SHA512
b24dc8edb9722138557ae269807aca97b039a0eb698c097fc0ed0081f3783483878587ebb46cb400431d43e5f60ff4492ded4489a3daac61577e35482f7f6a39

Download Submit
/data/data/com.csdf/app_tbs/core_private/download_upload

Filesize
84B

MD5
02a93d55b4e431f97937b6af4aef5351

SHA1
fb03bff2f8a58a92fb4ca08085aaca7e769d2fcf

SHA256
98ea5d16639fafa12f2fb59f37dbb3f5788bbc962a81141986ba4182b990732d

SHA512
f2a9c38c0f413e63cfb682c6443462922acc17f621a38d3bf08ba07501e1865f08cfd531ead106a5bdb209c6f2f75cb7d8fcf3f2c49971ff2b9a1de84f428d23

Download Submit
/data/data/com.csdf/app_tbs/core_private/download_upload

Filesize
84B

MD5
3c325c90849df18b7f81931a043cb42f

SHA1
ff0972720d7bf7f87413b8806a2e1caabf8aa7dc

SHA256
ed26e8830f1c35e7c867bee57acce867b7de28609248ffd3f40e8fc12f33cad6

SHA512
a01bcca0761a44518eb28012a0fa1b07a4cbf108321e6a8275f2504e3937a167bff5b665b1117b6c85668fc1d2af2530d8b970cbc83f4704a6dc552f238a2dd3

Download Submit
/data/data/com.csdf/lrfiles/proxy.apk

Filesize
1.2MB

MD5
6142b23970ef35b2f18f8b7e84dae8c6

SHA1
44ee0436734693f5b983f26cb731cfccbc3388b8

SHA256
9f77108a48b5812a04e8b5bff432f36db14581bb30846c0b6a581b498b45ebad

SHA512
814c59380849f4770ccbb188187bd8dcd8c7e80502ffc53ddb5e1ea5e03cc034d4fa1dd97fbf29e2efe87f04b1c0ed460b3d11e2f5e31864d57f618edad401f5

Download Submit
/data/data/com.csdf/models/angle_net.onnx

Filesize
759KB

MD5
2110338ed034189ab529f86de41b6d72

SHA1
5911f4fcfaa66e357f80abeda7f62a9d028b2e91

SHA256
3c70f78733c84c9cc08814e55fee51cf15fbe33e23460b9af0302e0a84d9f6e0

SHA512
6d42742351a9ab8b73e3569ee1c33e3bda5c137c22dc92a7224b180f6747ed4db81abc7abe9ba57dde33fdc86bcac5d752229e12337af196a3e78214441acd69

Download Submit
/data/data/com.csdf/models/crnn_lite_lstm.onnx

Filesize
5.0MB

MD5
2e12fb5fc7eca461c0bf3365da230411

SHA1
6c2dd4782f414ab16f6a46bcd80f37eeacffeff7

SHA256
97cf9dcdb7a47063bea4207237ae922231f51228529ff5198d958ac99e2804e8

SHA512
04589ee691b84d7c9fccf96d69eeed0a40c563a67f2d089db6dfd35cd400d4a83092fa5c226792bf5d1cdbdd92cabddd276fae4274f55af7466d0e060b230f96

Download Submit
/data/data/com.csdf/models/dbnet.onnx

Filesize
3.5MB

MD5
615bc27acc59278f61d051a372a5f8f9

SHA1
3ca6db817a07043be1b245af76db283e66dc6027

SHA256
ec31eb2b7daa39c4e0307ebb290045deecd515f4e9656d5d987eb82148aea867

SHA512
c7e3bb90b8751602824501becbb77c055f8390e4fabc3a6122d212a140b2b746eef4f8b8f4e24b7c7878bf16a016be4f370ac744e0c81082e3d3523b95ca6408

Download Submit
/data/data/com.csdf/models/keys.txt

Filesize
21KB

MD5
e7b0b09311be418a932aa1ef9df0d432

SHA1
cddb75906fbb8121c0e827b0dac6a34e558bea0d

SHA256
c328d4126cd351f8ee73f347ea92eaf91dcf2c14a7f9b70d5280fa156917a5fc

SHA512
57ded49b4040a5e41550fda3f0fa8d801f5d1ff4d0a1687aae9788760c23b21bf641f0fa6f02cfba0c7ff23778c1fd0179f014af92c666ac348c264c8fa1157a

Download Submit
/data/data/com.csdf/nxcache/luasocket_x86.zip

Filesize
945KB

MD5
041aaca2cf894c9cda8d254e311f3a53

SHA1
834c5e992c76b2c30b7d59da2edc9e5879f27f6d

SHA256
851f741fb61c32a0f35ca71700e62ccfae30848cd3053f4d6d7fd8ad9e024e40

SHA512
6ef4e4966d112bc95911d843d5b7906b90ec2c94aa288b453ac660773c56a850418d37f3fdbba3fc576e33fe6964b83b4f4098499f80625f7f52072ab76465f4

Download Submit
/data/data/com.csdf/nxcache/models.zip

Filesize
8.6MB

MD5
29b2fa821e3500020290a31f32bbbd93

SHA1
cf31058a3496d262db67fc87f378dd353a4652b5

SHA256
b024a57619251399c5c158ad169b59b1158dfe65c1df47089348c47482d14cb6

SHA512
f70bc323b0e29fbd6adcbb1adbd308b9e896b4f66cee5c69073a84235e975275fba5cee61cad7feddd4c2314e0aa246ece092f48a4418b3b3756373f6777afd3

Download Submit
/data/data/com.csdf/plugin/lua/ltn12.lua

Filesize
8KB

MD5
85fdbc403e3db12ae78a428d12e09d5f

SHA1
e8d1205655b4bfd5d047b9715fd57bbe9d7d5088

SHA256
f8ebb246919c73c9fe1c12a0a8fb0f1124835a0bd56a55df02163f96d664f795

SHA512
3c3eef39bd653cb42cd315047dd3322e00c1e2c5608941505331062c264968f4fc3bf80cbe25e138ee8e151aaca1b9729804f917c205592ebb357468936fee75

Download Submit
/data/data/com.csdf/plugin/lua/mime.lua

Filesize
2KB

MD5
c8ceedbe56d980d320847c292ce8c5c5

SHA1
9d988b86a81228ae69cf043c423af2ca22746b97

SHA256
922ca4eb2baf9e24fdf6177027bca8e569563608748d1d658a20d7bfa2fd3c2a

SHA512
71f11d9d2a69dd32796ca00cc6387ae5f3832e959ab7e7220a5148167271b2ab38bed44fb661bd539685fff3e8728fbb7c84529aee14b228d19482b0159b6c97

Download Submit
/data/data/com.csdf/plugin/lua/socket.lua

Filesize
4KB

MD5
f62021b8c3d4b62d419fdb2054c86e31

SHA1
d4029602f48f4feaf3158fc58b895487c2d2ff43

SHA256
a92ae132ce092dc5b8e164ccbc7c737f987b8bbbd481b531db9b64d6c2be4e11

SHA512
b404912d47425fbabe069f81db3e1b35f73d620b14c25284240fc6bfe31f42006a42d29c9233711ddfaf9b171b943bacac8213b6775a0b67571c20507011eb0f

Download Submit
/data/data/com.csdf/plugin/lua/socket/ftp.lua

Filesize
10KB

MD5
b73f82e73c34cf4d802dc3cffdc2a33c

SHA1
aaa4ba09ce5d2a2cc255d3e90db6b74ca817fb7d

SHA256
f874ae11becdef5ad36488a2b2e7eb330443212be37d8170536938c9caf83f64

SHA512
a368f096d44e5436752688d158d97ba9af24f796c3ec2de68ae088038827382045cfebe1bd15ddbbfd7fe4422088f0646c6e480c8b47dee4027b4d2e545b58c9

Download Submit
/data/data/com.csdf/plugin/lua/socket/headers.lua

Filesize
3KB

MD5
61a437d6aeb2885e15540a01e32f85fe

SHA1
77c3b50cb5a730326920e539b85eff824a33cc1a

SHA256
aecff8c2d99d77a6473269367d5b085ad0db189d9699c2f47dcb97ae5ad348df

SHA512
d161d729c7ca1aa3b991a0bf1c280dbf3a265d413737a3019f32c81ce4452946a72570b8ccec5da4ad8cf73a72dd9cb883785c3bb318fff55aefdb541320e0a9

Download Submit
/data/data/com.csdf/plugin/lua/socket/http.lua

Filesize
14KB

MD5
ac41e8ca9fa5b7c80e26344a9984f802

SHA1
a550f19fd2e54321f77e59ad2949c80fe945f261

SHA256
bd3bb6b71c3f4a925be4b16b23dac10b750ed3943378c4e2191ed19926767ded

SHA512
b2bbf7590e84e10c8dbca0fbd045731cf2f5d42fd4803ef886e1793381dcab8d6be284e83b03eef0e1635ec559cbb2612e873d79c0045196f44ce44c860d6ad8

Download Submit
/data/data/com.csdf/plugin/lua/socket/mbox.lua

Filesize
2KB

MD5
f68153634b992ca72297da4deb9cd75c

SHA1
af1437857d69e2e7cced948f01b22b1988ce1e0a

SHA256
c66e22f1cbc1bdb705b32dd51db9daba315058f362cae5a8f1638d184cfddae1

SHA512
dd1c7bbc786cf67a1ead2b3f3accd79e8c401824f659a5daec8f66c7e62335fb8738c8cf9605ce3977014d03e46dfa8152473ed7684893bb53826b847cf55728

Download Submit
/data/data/com.csdf/plugin/lua/socket/smtp.lua

Filesize
7KB

MD5
163b55d0c7f29f68533758235fdae254

SHA1
0bfa6ada93af5dab6fae71f941e86e6a8b4f2814

SHA256
55bdeff392dffc381b1487b6e9493a7aadb52f851f78ec29316decf50d88df58

SHA512
b7b0038019ea7edc0adeb584fa0dd1cd63e049258cc9f6f0547c6514bf1b8c56c22ab355dc73a0bc1a190ff4b2ec2ea1123e9e74ee7d63cb598ad3da5996370e

Download Submit
/data/data/com.csdf/plugin/lua/socket/tp.lua

Filesize
3KB

MD5
8f24bdaa02a0e1579d2a3ff6b19eecae

SHA1
727810076d9ad66d81a559e313184b7380ffa586

SHA256
3ab4f0fc85807c1b1c0b329ff82c74f8dccf9b2a0eac4f2571956641e890c149

SHA512
7c147f1b2c3136ebb9af6dd866ba6bffee3a945f458b55084b02c96ef36bdea852671e0fa15b3951638a4e054d9a28e0837d1565027899292395135140cd0325

Download Submit
/data/data/com.csdf/plugin/lua/socket/url.lua

Filesize
11KB

MD5
cc7a58b2762ff5d3ebe12f594229af5a

SHA1
6fb0087adf732afe7196cabcc7d07deec7666d34

SHA256
50c742a3e7b9989e3b2502e81845e4818360ae3d648895a8875cc14008436ab7

SHA512
1aaf81cdfc3c545a2ab5677ee9d212402c4eab3c2c603fb577d0a915bf8156b2454d066a7f250ddf1299f93b9867aebb0ac2dd9923942f57ab484a7b1b55c17d

Download Submit
/data/data/com.csdf/plugin/lua/ssl.lua

Filesize
8KB

MD5
7bd527727afc2cb7f568026665a42650

SHA1
3a41e00611ff5e5da10c39b4fc467b59583f3b40

SHA256
d279430820050062db0043bc2c9a0c3ad0331859a14a738a6a12fd4c138776af

SHA512
08c1e0957807d256bb2233a20fdf2ea1ac18c09f6d8a22225520281c04a7e247a81a8a70733b4f050f9debc9ece8f0d234926d306cb66402be3b8caa3a940c87

Download Submit
/data/data/com.csdf/plugin/lua/ssl/https.lua

Filesize
4KB

MD5
c796841e0a2b45ce38bc359a8dc3ca83

SHA1
52c88bc6303a5352a204adba734f5d100f0f4f8a

SHA256
407e503b325cc13c0e3c5e3b5bc292f0a3561d982429f2e12c8e991afaede5ea

SHA512
29a675a08a462a5f55eb9c68d8745cbb374c2243e130c5b65967dbe7f7ac75b983653c6416fcbada2515ea04dbfbdde57859248e8479c41599e3c040775f6bbc

Download Submit
/data/data/com.csdf/plugin/lua/ssl/options.lua

Filesize
2KB

MD5
a271ae25322140596858bdd6f8105f28

SHA1
d118751b8165261d74818f3c0d1f7bbace566cc6

SHA256
fd28671638f1a51ad1b48b921cd66d924f2e9ad85185ccbf107b3d1949fd624e

SHA512
a7529ce41e3b7d510e4be10524c6f43caebfa88988843eb1779bf83c4d474a187450849dd57a120dda5fa5a8b1146687bbd3211dbab3bd460490a702f891a457

Download Submit
/data/data/com.csdf/plugin/mime/core.so

Filesize
66KB

MD5
a961d03890bd83c4b33f110b6ca6f708

SHA1
ecb1b9508dfab0c15cfc64cc2112d5f8a08af0b8

SHA256
4a2d77d562eb42530b49c8597932f9bda2b55b4e39c6fb36f29699c1da521df1

SHA512
c90917e3a1df291c189542a155971d68553576a91ac6cd5b5757791da64791039b0bfc1b67adade53b7c5f5febc3f488a01101fbe940e52179e6778e3474b436

Download Submit
/data/data/com.csdf/plugin/ssl.so

Filesize
2.2MB

MD5
eb5d881cc3050bd27ae97a86aebd316c

SHA1
a1d5db40a186714a711c45bf3d1e778070681cf1

SHA256
698acd5fd585cb0c2bcffdb95e471985ecfbab64acafa31e7da71134fe802d8f

SHA512
59c5b5c34cb402a809a74919a2f9ce9846ff5c3dd9692df470fff065015b2b2fd88425c0df2d28f1f4fefbbc1db01106d346dd520402649e3594547a61549199

Download Submit
/data/data/com.csdf/tressocr/tessdata/eng.traineddata

Filesize
3.0MB

MD5
b566f11da1bfad8cb6af0e82e4dde0f4

SHA1
88a9bbb630af50a3d0179fa25b9a0fb167483326

SHA256
355e8fa15574940b644a3e4526fbe372508fb15ab67cedef2e7ee573d5a26067

SHA512
cff5f9ad9da758e3c798d4512243b3a207466c8e768a0470433878c06bf1a71f8843e78c40da1048d25bb74142d1c5db6161cbc1d864ddf8ff750e4641efe990

Download Submit
/storage/emulated/0/.lruuid

Filesize
22B

MD5
593353db1e8d0b11f53ecc4f42fe7482

SHA1
7e0fa638c29e20448f283048523b5b5520693f01

SHA256
17fd2af01a907e35d9ca539bf0d9f4ede373ce4ce147e15c15f2980ef7065403

SHA512
3b311eb5f85a9caf1610c61a6ddb2b8aee2b09fc59b38734ac7850cd991915a3c92fa0a57fcd5ee66a0fd44194e7f07b02a11b2d2a868042f63ea30219558886

Download Submit
/storage/emulated/0/Android/data/com.csdf/files/tbslog/tbslog.txt

Filesize
33KB

MD5
2fa0a2c4814061feb1303c277896d285

SHA1
086023aad46534b01aa25cb094d1e6b75bb4b5ae

SHA256
cc335a15383667925a6a164116534573704c8a0757e471c13ce5372aded528f1

SHA512
482e50c2de4eb01184182cd21f68efefa0b998e7f83c71358c0f5d90ed93561af37fc3d1a7c66f54d0c854aa634b945bf008862d3b21b338802071179054eef1

Download Submit
/storage/emulated/0/com.csdf/syslog/0514130428log.txt

Filesize
453B

MD5
35de1b303905cd96281bf14b2e3df7c4

SHA1
b096b3db33f2777b32b93879df6b270f69a7c6d4

SHA256
094b3cd05811deed0cb655c0bf6a287d4c06a4aa1a8649607d9eb187e753ea1a

SHA512
41175829ff9de3b119f12e4434a07a119cbe791a9c6962500f94037c44e5052b29009422d7e1bcc1897fca2ebc4fa12c5e36f4967e2320399520ce754faf622e

Download Submit