650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079

Analysis

max time kernel
176s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15-05-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079.apk
Size

10.5MB
MD5

469b6010012d338d6da768e818e78771
SHA1

8cf1349b8f202bb40cee49cd6598e67902426bda
SHA256

650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079
SHA512

795eabe05e546122d5f22f75ede9f22d3222979473149ca070567003eef2a6db86b5adaa0573350d23814a1129969b8a89b5ef0db5ccccb6e293cc695864ddc6
SSDEEP

196608:Dm6283ozh+7urCT29BUXRU4mRrcmYSHaciE4+L3p29/YDAT22vUqhJYL3p29/0Cr:d2wuWm5/bvL30YkT22vUqhJYL30su

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

io.dcloud.yun

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.yun

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

io.dcloud.yun

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.yun

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

io.dcloud.yun

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.yun

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.yun

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.yun

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

io.dcloud.yun

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.yun

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

io.dcloud.yunio.dcloud.yun:pushservice

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.yunio.dcloud.yun:pushservice

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

io.dcloud.yun:pushserviceio.dcloud.yun

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun

io.dcloud.yun
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4396

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.yun/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db

Filesize
36KB

MD5
d228fefd787d22d12d1cf6d19e0b00fb

SHA1
7bcc702267bfbd6b228a8e090ca3ab3f6088be63

SHA256
85e9cddd989f871b21395046f0230d0ce3fd1bcacd75fcf6894dd3aa533623fc

SHA512
33c3ba37c1ded9c81b46d11273396b02a9f44b1e3c3e78401f8706040e52b42782402ecfdb73b2e3e64f700bebd3cda02e834d1c76dc121ee6a0480d9dc07420

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
52KB

MD5
d0bdbc2cf07b96c01ad25ea0f8efdb7f

SHA1
a26bffb68f6f4521d98646f65e77ae584f5bffba

SHA256
2ec87cb06c5fd44ec3e36bdddf01fd4e49365ca395b67fe11f34d1d9ff1e5019

SHA512
e63c4a5d53e329961c74dc7f0bdae8245998a6c0e318b4af6df4b0c2d0d659b414ff43999657448c4c9f9eb9e917afb27094662bd4cff9d6f69080c1dc296fdb

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-shm

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-wal

Filesize
16KB

MD5
3044e14978a35e472b112808bd5fbe9f

SHA1
bc35bd40ad56f3f5329d914081b111db994d90a6

SHA256
7fb4f45be9dedd603583e8e2490763092bbfac0a9eca68d373944de0d3653807

SHA512
86fe114daf8b3cdbeaa5b889227e84c0fb5f0acf2db8a69a8c373ee56909385d63cfe741b54d9f8cd76471caccc4fdd3f453a577087ed352b1f279fb4ad4dc82

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-wal

Filesize
48KB

MD5
330628c81c871cfbc3e8ebd20fb1e062

SHA1
2f1ef18c99f65f0490c33698719ea18c9130b235

SHA256
9202466efce607fc471acd7c9de5af27f1b708c9427644ad25baf321e706d860

SHA512
5e1460974e75349b8e7168ba51467de3d73c634255afcb2d8ecfb618a4acb431155b4fea1e8bd2e64770b07d40bee72df32195e2c01b6685fa399793e89d1a3a

Download Submit
/data/data/io.dcloud.yun/databases/pushsdk.db-wal

Filesize
189KB

MD5
1f37da23a913b7673c33513003e609e0

SHA1
ecf70b85908aa5ce7ad9905af02432db0aecc8fb

SHA256
6df7b4ef56966ac3e4e9f05b1355103eedc2e97a3765d948a9e5bdd612e5d515

SHA512
55ac22cacb8355225ba57237140747e068da057d425a9b200b943ac20867e2d4dd19b54f54b70603433ea916ce3e3b018cc184df3a3eefe978a392dd36302997

Download Submit
/data/data/io.dcloud.yun/files/.imei.txt

Filesize
512B

MD5
f6d8c83f2442fc43799da942f4a8b191

SHA1
2d16c8fe9b9246d921462253fb7ac83661606091

SHA256
9a811855456f1be2b2652f18f5f27ae2e7307f8c5da33f345d2e6e78202781d9

SHA512
684fd43e5d5ea688ec50f557d140fd99d9f8986e2a04803f37f2b25d5942f17c3f69c85d99d2e95957a73cc0a4149735bb0ea6461e72ca042c8697ea3c14babe

Download Submit
/data/data/io.dcloud.yun/files/.um/um_cache_1715784807714.env

Filesize
1KB

MD5
de6edc7b33a74d877e54264796ddb52e

SHA1
88d4290aa28eca79518314c4d4720946f09aedcb

SHA256
e00ec5aca162e908af03e8d5d2e42df7bbbb5187aa46c37da8fae6a78f81a177

SHA512
86b184957819d07c1466f6826b65d55ab119ccaa6f59bf6ca3f99e5f1a17c628d72987c4ea0bbd4a3373a2730adf8fb9d7cef66818be0f88ce5784d5f0174a01

Download Submit
/data/data/io.dcloud.yun/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
89171cf4a3c95b53e9f51c2ed915164d

SHA1
703fe6a49ed6c471328189f1f327799df641095e

SHA256
f687f295143ac5422a7cbc30be05686b16b518997b3d8c77d8ca7217148ebbd4

SHA512
a3aa4b2dd4c9ec61f091ba855fb755c8c81909e9cdc2bc548117502cc305c9c46a0a22e942c8026e1a2ea984dd88161a272c6736f17730bfb710f9122985dcf9

Download Submit
/data/data/io.dcloud.yun/files/umeng_it.cache

Filesize
498B

MD5
69a5532320c1501eacfe5a30e73b36fa

SHA1
ddb9781183a1d7dba132964e3766373cf71815ff

SHA256
b3b0b56b426e10bfa558582515c6b97e4740452e040d6e793c84f4ba810a4be6

SHA512
4044326674c58ee8f15775250075aa2354dc1c15f64d552464789afadf0a1717cb6deff1400a8523b444414ffc461a2b8730ddccef7e87c977a4d983d364b481

Download Submit
/data/data/io.dcloud.yun/shared_prefs_ext/test_app

Filesize
32KB

MD5
cd3a330290e5c3487c0819470756a65b

SHA1
425ac9a5d66fec3058335c1f720c5d72926afeb2

SHA256
e5b5bae4aab22acf880f1741c2461e71b38b7d304f70e7950ad6c75ef27acd46

SHA512
84d122a405338660609b525babfd5c6f26c3a8233c76e30e3a1f9e2af5520bca148e5d05586ee5754900368bb0593c100bfb58a0882104cfa4a5d89388a58ced

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
32KB

MD5
b15b00bf90b7c93b3665eda88fbc4808

SHA1
5d90cbaee0798753afcad7e6555a92d2567dd02a

SHA256
92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429

SHA512
cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c238cba7c426975fafef01f59bff5d17

SHA1
d17c42306c3f856089bdb4b20d958757867ca7c6

SHA256
7d4bfef44a8e99138b513c73c07d890252738c008aa86cebc06a3514efa13f63

SHA512
28f8e6334a71092587987b8e7c5eb6d011133bad8bdfe72d715a046b53dc7b9b651401bf73b1848df62726486f15be4c911878a015cb38c057ab8de54313b582

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
4730889b62ba3cb3925883b1e11986cd

SHA1
3501f2071de8729fe568e6f929e164ca5d4da7c4

SHA256
9c591fe44845018b87793be30c3eca27eef0cc8ee9b14bb3537e36d276f76aad

SHA512
23b5c6478a59750f3163d448b815a1001c4ca20bf10d34b91bf95770ab612b2973418e7e7c469f90aa6637dee6573bc53ea07c48481d05cf0838b3bc1eae00a0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
185KB

MD5
53957a8ee5b51602b6fdbef4aec262db

SHA1
d58ef1480abbd0ff98b29826ac14b3d66ac4372a

SHA256
b51ff7f171f704f4a9b88621684d9bcea26f8cc321c4d99b685de8ae22020216

SHA512
d11ea4c1398c18bb6f2df5f38af2330295b36eac62d22c45c9d82f59ae8a7688a5b48acb8df305eaf93432a10e8952a1c69398e5f88d1877aafbf55afee2cdbe

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
5ee2f95d6e03d67e7e2763ebab239839

SHA1
b4822cc4d9dc53f1a515feae5264aaf784acf18a

SHA256
e7c5746f651970944faf72d20fa629e2c7191bcd905fcff47f3111ea4616e4db

SHA512
fa027f6a18486e9b5c15e8a92bf9cd36e2dfb69f99cce97b63c0b8d849246f1ad9ab21ead3fe419e7cb556168927a02a8f2eef740b9d1eafb6b7f7ad79dfe863

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
b638a67dfcd1c6e18535730621513c77

SHA1
46f4c6a4ed213415191321a5ceddbf9f43deffd4

SHA256
fe661573bc4c3f6b7b3f79819075ec53c8ddb241aaf7d6760ba7e6cf8069e3c6

SHA512
612283149fbaf1b4d37ca29cf21c838cdd20db8bef194394eba121acf2d8778ff3b28d4122497c106fd021628f5f7cabd55bf15959080f87651477c48bce7f40

Download Submit
/storage/emulated/0/Android/data/io.dcloud.yun/cnc3ejE6/eje3cnc

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit