650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079

Analysis

max time kernel
172s
max time network
190s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
15-05-2024 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079.apk
Size

10.5MB
MD5

469b6010012d338d6da768e818e78771
SHA1

8cf1349b8f202bb40cee49cd6598e67902426bda
SHA256

650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079
SHA512

795eabe05e546122d5f22f75ede9f22d3222979473149ca070567003eef2a6db86b5adaa0573350d23814a1129969b8a89b5ef0db5ccccb6e293cc695864ddc6
SSDEEP

196608:Dm6283ozh+7urCT29BUXRU4mRrcmYSHaciE4+L3p29/YDAT22vUqhJYL3p29/0Cr:d2wuWm5/bvL30YkT22vUqhJYL30su

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.yun

description ioc process

File opened for read /proc/cpuinfo io.dcloud.yun
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.yun

description ioc process

File opened for read /proc/meminfo io.dcloud.yun
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

io.dcloud.yun

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener io.dcloud.yun
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

io.dcloud.yun

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses io.dcloud.yun
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.yun

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.yun
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

io.dcloud.yun

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.yun

description	ioc	process
File opened for read	/proc/cpuinfo	io.dcloud.yun

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.yun

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	io.dcloud.yun

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.yun

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.yun

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.yun

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

io.dcloud.yunio.dcloud.yun:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.yunio.dcloud.yun:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

io.dcloud.yunio.dcloud.yun:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice

io.dcloud.yun
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5165

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5321

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.yun/databases/cc/cc.db

Filesize
36KB

MD5
ae7e3507051c744230fef1df0b88db7a

SHA1
ebfdc5ccc353b473ddb5839c47c81cfed346fdf0

SHA256
28526635f70cafbbe4edc1400f70bb1f5c035c07b121d3ede0e0cb899ce0a205

SHA512
bcd68135f5a1a700eaef3d62f48bd5554d061e170cab855f6641310ec812953e29efdc7d133d829f02c0772a08a3d6fde6026c687b8a7b2a5352202082e5a2c3

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db

Filesize
36KB

MD5
e1cd328c72d6861e1064ff137f4dae8d

SHA1
5a292a2b56f632b32c4bc2526da31601d5901283

SHA256
522e8489336a08401b68bd11b6ac8cd6264de81d5c0df19895917a22d56b7a93

SHA512
7be6505c67db07a63a9e3ed36c09fc2136954a3261e4f0f30e5f8cff7fbad25f67c9292ae6a6334cedbb11fdf0f5ad04ce59a4c419069b6209e46df50e9c1832

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
8KB

MD5
9c42c1a281b097932e043c447cc23b0e

SHA1
e3c09763c6adf45d5ab949a657b90ec3119c361b

SHA256
2ad74b5e5c6887f66dabe2e422a4afc8d391dc7b462ab1a14f33aa169d64de4c

SHA512
d33575111ec96564d3ac2239c0911505387df0aa99c60bdcf2cc5bfcaa0cb708248695207133866072766e7fea9c2874be2928c973a448ea7d015b6391a14ee1

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
8KB

MD5
32feb0f8e5ff6ff28ae102b881e2c1d8

SHA1
06c2be33cbc309ac97a3a6747181cd3a0c8be334

SHA256
77951bd3a784136365d76cf1f27a4201487b58965b9e1b13dc9a611e1f3e9564

SHA512
b0b8f4252fc43eef5cc74bc57f3e85036ff96f7fa4aae70b2f176ca1f390e2b7d7d95fed8dc6f74623a4336c5d83e81015224b9169713e90af49efed65a0da2c

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
8KB

MD5
bda635d6cdea8a7d46f8dba7d715694f

SHA1
cb520d694766b974707dafc2499059c5cdc0ffe6

SHA256
b52c0bdd67bc0a263b86b0138ae585f25ca882b44b0d825b8ed438b83eb9916e

SHA512
a8e0d30f30ad43d6cdaf331605df030185a25e8985d23a4da483eb3ae5f68ec29cec766b36abd3fb05e7f6f61b5ac550bed0778b3dd7e3d15d05a429729f3581

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
12KB

MD5
10ae6771458ec4237159a43c1ba9ddba

SHA1
cbec26607e4f6cb699f1e01f0155a28c88ad5da9

SHA256
767c76f55ecc2ac719bb2e6fde99dd4eaae72812b3e569f36286b749942b7930

SHA512
f749878e203b71a0837f82b6c3463cd671892cf17a1343509764595bf2acfd4d93d59c18711e0217e1e697a405ccf8938c08bdf70161bcf788ac4c8224640f23

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
8KB

MD5
b6faf1157697f2959cf1aefba090e1cd

SHA1
94871aa010e3f497ee8660ed44a73d9be14d9e81

SHA256
1f26518d629f7628ecf5839f19b25701157c6091e08218fbb16be100d73f420e

SHA512
ecb7745fab48c83e04a4943cb4fc52307b165645e900ba62adf79875d4b97e81a0ac0c63d9be97bc7c3eea3320189dc2d02cf20e3db5e02419e74417d1bf3498

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
32KB

MD5
11a4282404a0ac43bcd09c36b096e299

SHA1
e8da622b7e346e0a768ddf0a3443afcfd25f6ce9

SHA256
aa7b98bd36f6130a8b86c86b5a92ad3cb454f95d511df05952d19a1e4d34106a

SHA512
38188906592d9feeb2eb5af00e2d8d07b008c3d486dc3251b1ad92bb7e2622cf7bc676474749aa7f01042e4a5624bcac67b8af5471219de444416dda19873cca

Download Submit
/data/data/io.dcloud.yun/databases/pushext.db-journal

Filesize
8KB

MD5
a0a02116f788329e0981d676c723ae1b

SHA1
0d9476b220e904f957e80ac6567489c33f4cc473

SHA256
9673aeac4cc41628e377061552446120be4f2e87d6018eb5a8c08d926162b451

SHA512
93967314f1ab6878bfa55e49b4f7d74db7f8d035331f084479b1d045084adca6485844fe44c8841fec69af420fea5cc441916ef7433179aaa9f9f6cb39244c80

Download Submit
/data/data/io.dcloud.yun/databases/pushg.db-journal

Filesize
8KB

MD5
fe2e5991b815b2917cc6a3d8fb7db588

SHA1
c32ce5f33ee4599a6b0c8f277f7c0a86ec063ffa

SHA256
d797a0f029880b458132f034c1c166c3b0f3ee17252887c6d683dc27707d6ff0

SHA512
01fedf3a20012685314ccad44f1b94555009c12f4a5f280b1c5fe92c0c5086079b5117701554a306d6436ac2296e3f8556d5422e7f1bbd1f1fa3cb6f8afc59db

Download Submit
/data/data/io.dcloud.yun/databases/pushg.db-journal

Filesize
8KB

MD5
bca0ced9632178e89009723f25bbf3d4

SHA1
e6e385d6983b07665fc7fad1c9b020b47b11187a

SHA256
6797a3a2b60661d768e4ab3452e0c2bdaca5e67f1524577c3e00638c35aad519

SHA512
cb8a8c1a7e6909f3d9f5668c017ef4b941371f86c6b259c30f87521843a050da991117248759235d81bbc25eca88fbe957ccd6c1866cb7befe90f6cb3151c70b

Download Submit
/data/data/io.dcloud.yun/databases/pushg.db-journal

Filesize
8KB

MD5
1f08fbb012fe2dc69ca708e2fe6d48ac

SHA1
b004469d0f683af0a36b14103977899788881369

SHA256
a8044ffde4c70e65855adc8e336eab33593b0b166ad4d8aa07678952db411e9b

SHA512
a9103d83d48c761816241496f570a90d3c1b7a473145919917b8c9db167a38c8a1ca3d28be5c18ba20263b97d173d0f59a91dac8a91fbde5f5799a6be8fc80c2

Download Submit
/data/data/io.dcloud.yun/databases/pushsdk.db

Filesize
48KB

MD5
f99bd8e318bde4ccca12cdfbf2a10648

SHA1
99d6a74f5e50960c778fa080318b7ab8304d0ca8

SHA256
77fe419e1351f3204b652db65eef1a7f7273ca889537ca3b7420e5dade7df47c

SHA512
6f990ba45a6e9b03626abd3db13ce6ab7a326119ef63cda50e04747bb0a38b7840fa63a610cddfba637c267218245a557309871ee54511a5bdd44c649890682f

Download Submit
/data/data/io.dcloud.yun/databases/pushsdk.db-journal

Filesize
8KB

MD5
e61aa6394df515cbe690420a349278ff

SHA1
76114bc344bed0f34d8ba63e3a624846f5d79f48

SHA256
500fbdb15b356c53ec9e6fe4dccb0f4e3d0f871837e9fc8216cd39eaa49798ac

SHA512
8b9453bb7e0a071b37d96c82f24c8ab524b0da06d6b8725b06a01c786ec78581197ffdc69a250c6a91799058d34a1eacce8241fef33b049de3ee29b8bde00b7c

Download Submit
/data/data/io.dcloud.yun/files/.imei.txt

Filesize
512B

MD5
357bae156929f612119b5ac6b144c667

SHA1
c62fcd6ca38c2181ae1e2ba9f44a0b3478a0b3b3

SHA256
d162e0d24a1483c0d4658bc365dba22923afa603e6004151dda6427db7690654

SHA512
ba7899c15ae3a521867c1b90940f72f20e209ea8be408266a606f096ce853b0bb285f8e57ddce3924ae9e964815f55bbfe85c7d375f3a3300780ee6cfbfce05e

Download Submit
/data/data/io.dcloud.yun/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
1a328605552b460e73b7c225d84348cc

SHA1
10bc2bfadd5f5ffecdd72e756188458a852e57f4

SHA256
9b4bef7cdcb1d6a63c09ad2c8516be1f1ba1be0818b69a917f6313129c197898

SHA512
a38d612840153259901ea308370abb8f37f7656b6b75f25445d9d4f4eed332a8c6da190c3c9619091e294a8610d78ca0e7393f123ef7448b28d101084bb6dfc0

Download Submit
/data/data/io.dcloud.yun/files/umeng_it.cache

Filesize
431B

MD5
9c25402968fb2204584e59e5ed7c5b76

SHA1
b62ab0a382b9eb07841fac9b29984dac721895dc

SHA256
0c895abcefca38abaf465730b2ce8d143e2b6ca4152ded1dd34411f1c2419537

SHA512
08993a6060cd9636033ffcc59be90636f67f84ce75a56087a56f4c66cf6a9b9e3072dc2b4fbfded18135f9572e2baf0d0a3db0e5558978b265f14e5795509c1a

Download Submit
/data/data/io.dcloud.yun/shared_prefs_ext/test_app

Filesize
8KB

MD5
4dec75fb2d49d2b7741d7b61eb4ccb98

SHA1
f070dd57e96473a30948f45c339acd48462bfa23

SHA256
00023601ec2cbe78b51053deea270c87cc0eff54895e55f012fac4398ad007b7

SHA512
24ecb99bf20e56cb462383fe985fbeaa0d62215d4b67d3de2904a3709e6df642df60d06d78ff7b193acc9af34d5a985997e21fcd7e625c6a229cd00a96245c8d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
8KB

MD5
680488ceb0ef60be5676a8e86caa5d65

SHA1
439c83b553ae8b64ee4634cc784577174904e877

SHA256
0287b9690bcc1712701324b46baec6797df639b2432f2025ea4df3cf58551579

SHA512
6c0f86b37ed034a33fb478de7fb7dab650399490a2bd6f779bbbb99b62dccfdce4708a729e773ae6ef1babe5350f6bc1f986eaacd0bd6becf0d317abfa256a9d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
28KB

MD5
4e0621bab5529d6893b2b3b9e71f8ed2

SHA1
b267739f0cf2c3499c60cc227eafe1351e7fcbea

SHA256
d3078fc410a53a39794157c716992b41de40ada3eb7496a15a0368cfc7a01165

SHA512
760a978abe55ed4650d514ce30c579b21c635147760ccf0f18e9093c3469ec1c6f7510c5ac14cf8666590a62b5efc8915e2fa0242757cb428776e5476963d0c5

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
8KB

MD5
8fa9c68cb5d9baa5252d60df5ec7bee5

SHA1
f45667a1135cd9b5eefdc768a9022664771c6ec6

SHA256
e370309b09b46df742d204375b4aba2491a2bcb6c08bbf1f5eb6d044008ff695

SHA512
19083902ffb857ab6d1fcc226668b195d3c29de21ce5f49f1a7938323b1fa7015e2d5faf1414eb52b758c18d74dab719e02f2d91fde3d1e69fe7a6eca99ad6ea

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
8KB

MD5
281c63e715bb147642d19c5c8c73cd08

SHA1
3663a0bcda63350de5bc619d0567780ad96444cc

SHA256
9ff2625222b0347f7d962f05855e78180c6ba4095cb5841ba6bdda5f02989e49

SHA512
d49430312aef45653e3c19cff88b205d7af179ebfaec5b581fdf3b3cad61ef58a9d01cf7072b9d7ac51a7cf77fc2db625de59cba772d3f962ef5c5ff2da18f37

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
7770f644dc0c916c10d3c7d6f79e2cda

SHA1
1dcaaa65801e12e2a96beb67cc1eccbff2ee4c6b

SHA256
5957c0904b298cc42c7449c7d72534efc0dad1b0d4c1fc5c8e93bcd7e5a3538e

SHA512
91ddba11906880a11fcf812ede34e2c06c7988bad0938cd82542c14e6c231496901dcab479aeec8881d606308e0f0b7dbf17ffe4d684de363fafb586df87de8d

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
9d6867c6d80470d77ff65ba259d92699

SHA1
6ff52501dce007a577517b7d5776e36810a2d501

SHA256
1aff12bfd3d0f91e577e3db238d928e0d22b0ccbe69916ad60649409692b82f1

SHA512
ccc85eb48f8507a2ed670d2b643fe264ab86f0036a65fa98ff8321897fa8e1290ab696f2842f212729cdc8b6078cd1b9e3a62afcab1670dcc80f2e68ec934e6d

Download Submit
/storage/emulated/0/Android/data/io.dcloud.yun/cnc3ejE6/eje3cnc

Filesize
4KB

MD5
bd3f17b1ac2e804a421c82ae4dfcf542

SHA1
c83d17e79c2f94bd0221cb1986f6010cc7cf2b37

SHA256
ade14a231493f84616912bfa82ae01d20ef0557a78a6793190874b21fdc88000

SHA512
ef5b0ccb8dbbad1140b57b36391eb58dcb2579fb0d729f4c448fb72c55e0fdd13b47345715be8075ace561544e46b2ccdf5e43121bb0c139979210d640b38ff6

Download Submit