Analysis
-
max time kernel
177s -
max time network
188s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
17-05-2024 02:34
General
-
Target
b851761640c18d6ce981b2caa46b0021562586ce2fcef0c2b6253c73ac9ab4d0.apk
-
Size
29.3MB
-
MD5
4dfa2a2812981b7b881a292aad4c03d9
-
SHA1
6752394057effe2e4fe89cd0c5c4575b7b042136
-
SHA256
b851761640c18d6ce981b2caa46b0021562586ce2fcef0c2b6253c73ac9ab4d0
-
SHA512
68f78e8af3ca9b8b3e2da1af90b79d65d1834e9a347597c4dc6640fa94b3a638101eee8b6af2a9cf9b7c55210c942031bc722e91591b6ca9f0b6e2d1379b8ee5
-
SSDEEP
786432:swCggntDWPsYz9SUDRZl8PGxRF+owaFbrf0PI:swCggFOfDuPGjdbFbrsPI
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.ijingyi.buy1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ijingyi.buy:pushservice1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD534097f1fa73633491f8fccf7352ab4ae
SHA138c4d9e57a56ee1af4fbc588aff7cd0c4750657d
SHA25669f78ad30e6c6b14ce5e804cd6e76ec9b1575400ec8fb5af33118ebaad2633d6
SHA5126885efeba36514b8d0bc3f6d87ed9ff04c18a3b2be894a5deb7ad60a405b54974ca4d9dd4aa0eadbc1e8d42111de2730313bdab88bbb0506c15fb3182c3d1a11
-
Filesize
8KB
MD5e7cd57a0e58e189d5412456ea7132f43
SHA1dbaf8c9aa98d0624764a3fe22fb4207ecc4c874d
SHA25651b72e78ff2dace0745e8cbaae346d35dfd067dc00428bd1ea5c756e124f2f7c
SHA5124ed5965defcfa5c87862561a35ff94b0d760c43e4d3e9c33b877ff555e30ab4a10d1dda168f7b89da7d419440e50a4d12c18cd730e03c601ddd10e7c9d8fa01a
-
Filesize
63KB
MD5e0972a230a38bbcbc1c736626c74ba57
SHA14bf4367ac158f8704c07017308db35778eb0e2d1
SHA2566362cd0db68191ad8a5032ca44173e37850649ead084f4aea1a5bba3f5f66f2e
SHA5125c52155dfd557c6cb5c7db6a6d998586f477de1b332d825152522f7884921e550596c06d2c3f59643236f6ddf3ed165bed3df32af42af37fffbfefdad3bfb6af
-
Filesize
63KB
MD515d58661ebfaf97fd2b6ad1b8af9a3f1
SHA1c9ab491a9432fabf246c02301ce67358c903f6ba
SHA2560fcb8fe1120b04524ca04b2041f39865ff653920c199bd386c5e8e199fee072d
SHA5120ccd951d7b7a05dbbb152fa2eefbdf47b0df98ba592100e9d974683d7d21134a7d3a6b45e2ca6d24f0194ec81e3ae27f9850da5a235e019b59612223185ea893
-
Filesize
63KB
MD55061e4948844f7d366972ac8005e9f13
SHA1a2b79a1c79afb095ddebf0f16a1f9db64482bcaf
SHA2563aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45
SHA512223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299
-
Filesize
8KB
MD51721ec6937e722528f70b71a2cc889f7
SHA1b046e2dec76495690d53a2296e79ce2e77cb2d6c
SHA2565fb1b59d26906f283942c643cd8f900e9c6397c4b2b646777b3e019caac7f1f0
SHA512f63e2eaf76801ed32990a5da13a3afd72566f0bbacf97d6cbf44908a9dbe9192365115c6d7836901250e879c7ad7f70bed44a4f2dc9f958e2518cf6109bc18ef
-
Filesize
8KB
MD529fe59b6870b1ace2cef92e7b5eb76df
SHA14b90771e5fd61a210c49c64b0dbb4dea950da3de
SHA256386e0da2b68f88c037cdf04d5ffac4013f6364dc12a80b3e83c406c4aeca663f
SHA512d1845785be95eb0a3138dedaa486000f7c97734053d9168d61564a81abc8e59c38e246a13436920f310269a6e42cea291ea3f074af44dc20641158929b7c776c
-
Filesize
8KB
MD5c3b7e1c1e1ff729563fc7dd1577cde9b
SHA1cf144b2bb8c51fa974147bf6b1a8778cc7bc4794
SHA2564774c1b9594c06275c8403142889cd2dabe2410f9e7894bdea091aa2318f76c4
SHA512873c330e992849cb8bc6503e9dfa1d47b9b94888b7ff21492d861a6ed7ce651a84bfe95751dae156a133af1c2d2dc632446d6a29d491c1e047171fc78e2e9793
-
Filesize
8KB
MD544cd51940d2e24532914db8d9788e2cb
SHA1c36814eaef51cccf45662fa339eed2a959b3b889
SHA256f459aa4aa953ea5679c6ee4f4fe08055bba362a38ef6ffa25cac2da0f75ef582
SHA51275a757c7843e8aabcf5bc3fe8d21b4beccdcc82d3fa050bc458a93dfc5f1f92ccc73a7dbc1b2a638e8d7c3ee4720fe73cd4047b266b6813e09c8e99ba8f2504e
-
Filesize
616B
MD544a6e583834d114701e2ead8ca7bd9db
SHA1af996698a48f25b97a31d0c49d6d4eb80c99c2e7
SHA256fa152aa94d4d7cb23efd43525014b19d198c8b792f6e55dd667902d78975450d
SHA5127209d31886235f95bb08d879319310ae14b91f65303f9c6c67bc487abec0909835793bcb00cd03340af9f020c6f0838340b849ef439d17cb62b868abe42f3be0
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
36KB
MD5a925951bbef27a9ea507f847a6ceaad7
SHA134b73ba1b11a2423198826f820fe87a1b8cc13b6
SHA2561dd2d23b7c64bde28175205a16f99abac0aa5938d31812c095234defbd1f917b
SHA5124ce18802068f8549fae1d3c594423476753deb776c57acf8ddbacb47360db50c922452db037b3c2d852f28147781c6532a141e9cfae51772b96958825e7ce5cf
-
Filesize
20KB
MD56d39f95187ccd5a6111921081a937fdc
SHA1bf99b75b0bbeb204a3a835c103b4891f856ca6af
SHA256dfadd085bd82d83eeffb40eb865e86dd8ba05f9f05fb961a872fb7e7fc5edfce
SHA51213deb5cb36cd4f4da8845330ed694d8c8ce9946f241ea328f8f90285a26a85d9aa00942ed1eb7423f61d67f449179af4bae5085e9a74b09754f94ed2afbb5908
-
Filesize
512B
MD5448be97009186bae60fbc2bcfa5bb844
SHA1825069fde3cbb0d8d2b8485a85277e8a31f8263e
SHA256bb547ced4dc34de5a2af7c8b1ada5574da3831770dabfafdd5d3299e419c430a
SHA51299760a3094b739739c2f808aa1f5de07fb0c14cfdc22033cd235d6f6edcf63885ceeadb608fa65e59f20402e9f83648b2bbfde7c34619664fefd0d059fe2976e
-
Filesize
8KB
MD5a58b89a8895fd91e89c8effe181cb685
SHA1639f3f62deb4fd81b176c15fad13413dc10f05ee
SHA2563d0c0839e1ed982fbdef304de19afe1657007dd20a563ec60c01f6c6316781bc
SHA51220952fd403edc740019bb7fca877a5d7630c2a2f4cd3742b6a826b5e2e66f0a4a88a04629ed3949c7f8ee60bd68bc968f30f6d4cf3b740be084792a44435b9d1
-
Filesize
8KB
MD59967bc2c2ff2077c298183645e7550ba
SHA191649fd217cdf870418ceec2997b066d2b989e5e
SHA2567e0e9b51810fd1cdc1e4024848bbde7fbfb329b2940273a1e68ea5ed14d43bce
SHA51241ec9ced5f1321c3eace2a1eca746fa749221b1af967ce945d1df99ff55865019e65198d218d51e4848f89465d30ea1b80c87279dbe60e5b979694c9e0804c74
-
Filesize
12KB
MD518ee248c89b243523f07c6424ebad535
SHA1bdcdd27b849920053534a6f8511f4c2464d0c5d2
SHA25670d9e4f7164d9040b2cfcdb6a91cef2c17b539379ce0d373a9cf46defdd159f8
SHA512605fecea39daf8043c247f1e0f156ba7f5115c888e567b2a847559e1f0a7cea2d85939cd887fa7882039f9e5beeb1dca93e5e1096632cd093d8e2815daa80b47
-
Filesize
512B
MD58d3545d2455c436d51e0f536569b57a3
SHA16ef65e102d355cb2a88e493e42c4c168428fe5a1
SHA256e0b6e41e5da07fa38a89272ec2bc5b03055baf56d101af8ad51dc2e7283e1cef
SHA51207c550710ccfebc405928ea910496493a75db7506afec108494e8fdd15e88f4dc6f83bc6c36c1c525ba3b191ee22aa88d3e2e5fbb26079e27f5bc9d38e719246
-
Filesize
512B
MD5c41f75d04d38fd055dfea1651e79f92d
SHA1c371aeb137f10a7b32248b5664a72578e27a905e
SHA256a1a508ac70ddf5b5bf3c61b27b3efd89b4bf5aa02073e4238bcf97870e665344
SHA51281e3d73fa5fd324e8daf13a95fe3e09a072ff77b31399221c664092bbc4d46892e64b2536c7a9d2a5a9ff8918844a31bce192e39489a46d405947c97f1e51ca2
-
Filesize
48KB
MD55772d80290ca3b2c6a647392bbd91003
SHA1aec558596014267e9fa193fc6dba229f70c54ddc
SHA256474051bc78159c67ee3008c59f7df755049f5225d1e29040fa9cc2e693daefb3
SHA512d1665849df808bf9ef750063f16013dff5b3bbbae62d1d2f7c261158b7328078466c68b3fe155a640a2d24d54828454bbfa2d38ed24170d3813e43d54260f06c
-
Filesize
512B
MD507dbf40c981ff7f71f9fee4d42c53ef5
SHA1d66f4b34b6e5ed74d4c05819c203d5a7a8c2d8f6
SHA256ecf053efedddf97b26280a63e3711cbb56489fa826388ce52581af29e5a5a54a
SHA51207ea103ca1378fa9a8691cb416b77ad4c8327f5efe5145014fdf61216199e1ce466d8f0415639f5fc67bc56b7117c955b2e871cbe96708f868771a5d31fefb29
-
Filesize
8KB
MD5383149fedb971fb69d2137b28fdac5f5
SHA19bd3f78a5f641407b902281a501988cf6a30fad1
SHA256118c1fa9165dc3111ef4f45675291659be565676ccf04425822a9b26b41d8dff
SHA5125041047174bd6d25ff6a2849607d825a272eb04ffd938d5514e2cfef0e5ff5b25cd995da196eb5c5ad1da9c943c2c31200ae2531b6955e5e518b729b33fe9224
-
Filesize
8KB
MD59b5fad0d69515dda3bf92a861e23dd07
SHA1f717a48d07c77ed738ec0b91b9e55fd481f34ae1
SHA256db8c8e102061ad2907f7497b4ce0442513909f55d997934e6cc97e4f373ab7cd
SHA512885617f949211cd936dff87cac62ebd168179a6545bfd0143ea6f56579e6469c7133075f160ca687ad5fcf1e9321fa1a87364a568e1dd891de53722a53429092
-
Filesize
547B
MD5c258352d2dc80b3b3b84ed6bdbf11855
SHA127ab208ffaa178bd01f624a74ce31444589753bd
SHA25611ab7588fb5d6951a8d688cabfbaf9828185b9dd7efbbf85d4a3350e2eae11b7
SHA51251ea391c6df003fa89b24f316f7b9950a892846d4e6bdfb20b0450a2f209b1badfe14cbadd426a3c749e607954372bdf4141b7978040a90a20f764a6347092d4
-
Filesize
113B
MD594ea29ccc65d824350a5409832de3577
SHA1355bcb9e942202e511be21cb264dcfdbfc0a93c2
SHA256768bb5055e609f1dc8f2c10b27bbe265eb707d8585b80858253c261ef2682fac
SHA51240a00f4f7e7a882ed29f4e01301bdf3e020d7f5eae3936289e0952939c8bb3a908c4927ba2de6dec82f71eae09ebdb72380aa1c4e11bfef358ca14adfe7edf95
-
Filesize
32B
MD5e826b47cc4810a6b0594b20bc276e5b3
SHA13e5172ab33315cb1e5524afedd9f084723d6e072
SHA256b3356b40ab4f81880ad4af063c9b400f24860317c5457d82b1603ada8e691209
SHA5126dd8816851e49db006ad374c1380bba94ca8ca3806c00776165783336da35d3cdfa6eefba70a1d342cb62e520c5a21d8a9805c7b62eda96a2b2ab8bffa96ceb1
-
Filesize
35B
MD5762298b93820a5cd8b6d8ec469078f7f
SHA1d5b02a2ff3b235cd2b61ceff53a1d88b8984477d
SHA256dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db
SHA51270f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e
-
Filesize
14B
MD5f0ec1f7b0f3cb7587c3d2c3b9195c121
SHA1ca98e8bf7ad974f95ffb43a56abaab4dd082d899
SHA256ca3ccd08953185df01469211126d299fde8e09b31e1097f7e3e6a93c747fa390
SHA512b52f287c5df4ca83916906c64abfe14c0d645a00581eaaae8feb11625d3ac8e45e0a7ead55ba9b1da4c832ff793b2c1532e52f80a562ceaffe05b4967394bb53
-
Filesize
4KB
MD5f3410f8d6c7f88a0305ff8efd3025d11
SHA12f2762e55b2fc958f99561b31155a768dede650e
SHA2561fa2f2fb581b4d43d7a7ce086f4eac06124c8fcbdffbd5e7ea034beee456da2a
SHA5128b0b2e11fa57ca70fcaa80b053f58d623576da41fcab796eaae69ad939814db004f1ee2f27b86a35e40e42ac646c6e612f4feaf8f2aa808a29b5286ab2ea7647
-
Filesize
8KB
MD509cb41641da40f93f323c3f73c684042
SHA12120f5efc219e90860c21c06493a595082c37990
SHA256681a3203b29ca9d2ebea95f3dcbe8166aa7dbe42b3184110d867f5c010adf5bf
SHA512d8aa0dbe583ca541473b2a2ef3298722288f71e75c587daad9c68a918a78520315058e4eb7a116e15bd2feb87654b6c13df210e33921dfd09d658519fd8b219e
-
Filesize
8KB
MD5af8b1170f53574787e12ee8890ca3669
SHA12419327f9d32362a5aa9ebe81e1d93e1da34271b
SHA25640fe424da2155cf0433609594f06acae4c14316e2a67cafc64133764e47bb7a4
SHA5128751298dbb8a87c87b06f7c96502dc408c2bdfd435c09f8eff4609ff242fe8c74fa8a70d72af0df583e795a63ae6c323bc31122195b7dda0406cd94d31d1651d
-
Filesize
8KB
MD5dcf375ef52e46c769ec189dd66c4f34d
SHA17f94a1a68ce77b5cd55f854800cc4f1eb5247dde
SHA256ecebd6486d6e5d86e36b48283019843423d95c6adffd42dfb13f6a76c9b1ad49
SHA512d17c18a74f000bca7282175108ca5cff4fdc1aa0b62b92d0cb9052bff21efcb535c62e6fd96b089a3b9ebcafb2d4f3fa21681da6aaafc622a9fd9b4916131735
-
Filesize
28KB
MD5a4940433cb748b741e6f3c6de775910c
SHA1fab27c4083a847561923f3cdb96560e271b3a6e6
SHA25694e7b64fc1223db9ce5288d382c705d463f9207ce20506eb085bd1ccb7f5ea88
SHA51270565e8cce903d222afa289d0c41e7bb2b4868d7d9adacd994369e0218654cc073099b644785a739cdf8d425f20bf3e7e022fddc95dd58374cc40af90cd01b5f
-
Filesize
1.1MB
MD5cf4fd9aec12c6dd6dc32725e75aba94e
SHA13e05f7717cfd4cc4ba6708e73df7b1df678135bf
SHA2565ee8f7a5c1a2930627481f2594644a0707be46c0d84b6a59829bdd8574ab9c17
SHA512739dd2f1cefa8f29af61c6a5e1f730af2a436ac71b808bcf10241c5f8376fe491acafd14149ba0aa4093e045da8fa312e0756c65e1792465730e9ccbca947dde