b17fec8f357130122913624fa16dcb12442bdf3851a02b2aefe5593167636b2b

Analysis

max time kernel
178s
max time network
199s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17/05/2024, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.8MB
MD5

25a12b3e3d69b621f16d6809d57e37ee
SHA1

7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6
SHA256

63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6
SHA512

d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47
SSDEEP

196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.muzhiwan.market/data/mzw.apk	5189	com.muzhiwan.market:mult
/data/data/com.muzhiwan.market/data/mzw.apk	5257	com.muzhiwan.market:mzwlogservice

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.muzhiwan.market:mult

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.muzhiwan.market
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5144

com.muzhiwan.market:mult
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5189

com.muzhiwan.market:mzwlogservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:5257

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/data/mzw.apk

Filesize
17KB

MD5
e65188742e10046597a4c648d045699b

SHA1
37b2f1e3e89d3b0d8683737ccae2ee725e82a312

SHA256
d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

SHA512
3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db

Filesize
16KB

MD5
2667900bf3b5ab90121d0a3ff8ade390

SHA1
d82120444613139e2f4547f2872aa2c95ed9dbf5

SHA256
bddb108ff2c0d509cd953c8dfb2b7c4e838d205291a4da8ab6c65cb98986416e

SHA512
03db7a94d3760f47c9546e3c033647e853a984385e871d46d056509b8812422a2a3389551c30ec5a9360cebb5e1786315c6891611638c60642d3107dfd8006c3

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal

Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal

Filesize
8KB

MD5
ced8625a74ac1eb11828bf5cc298df9a

SHA1
bcfdcafd538cd19ee2d38cad766e380c9c69c1ac

SHA256
76ed9cf2752c4df48d453093e6b5754ac0e02536ca9518ab66a96654decc2891

SHA512
38f1bee3ccb6660eaf461573c26df899823e4dd64800831d8abbde98a32e34df6fd1b8fe856a3536d4a9ffda5f27df4174b0af01fca11a738d5ca3b8ea96113f

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal

Filesize
42KB

MD5
5e481327e8554c85d8b2785650a6fb3c

SHA1
ae3a32d747dc703f72e83bfa432bc3682cbecf77

SHA256
e2ce4b91688294f21f13fea90fc63b0fd54d5c0b5d2a10f15883795a93030f89

SHA512
f64c07bdaabf2f54812a8ec061be82912b2b65b6bc9ecf216a0b89bed68638957f2885a1fa1fd0ac11bd5542f3344821148ee3907a00c33536c7e08fde729aba

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir

Filesize
5KB

MD5
437260597d072bf8652ed2f2dc893f31

SHA1
1f28291d89531b1a0389941f0636f52cee8dcbd5

SHA256
b694abb4a56699542e20d3b3a38870dc1366822ebdd30abaa321f66cfab4bd97

SHA512
cef20c4873433b811047d626e097eecab9ab41e07716871497abdc36748539f4613ae6118da0b999d3cc312411bfd04dc9004564bfbda98d81075830ce49b868

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal

Filesize
1KB

MD5
e70c7a5ed9a50ef3ca88452ff6c94909

SHA1
099268a7aa778588293c4158699b0714e4a3b854

SHA256
aa630430f26dc63815f1fc2e20411e7809459b9cd8811803bd2d853b82b52edd

SHA512
c14aac3c42115c6b1ee9f8fd0d99305ceb5fb5f016007aadbaa36d494156b0d18a47077166c5fa0f9ba680d00e1e1818e1d4ff1b76a249efa9abd66ba07cbb72

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal

Filesize
2KB

MD5
81ff6329bd007874a47565fa948a44dc

SHA1
51fceeb09a678c473d2d88e04d4dfb7da2b2a1a2

SHA256
1d25732b63a203de9b0269c01cae8aa25313233c199f49fa3d85fc727ecb0326

SHA512
5fd723249e567042105459cc704c65adc114c0b29848ff80d04ad04fdff2c75851049c0e9c7a43c5d282c2a53ac59d1338e55a78d5e1b7a77968fbe5973cb24e

Download Submit
/storage/emulated/0/data/.systemid

Filesize
59KB

MD5
2c7ac559af2c9ff63184e32b9079bd06

SHA1
28e5a5adadb3e27dd7cd37e544deeaff4a2499a1

SHA256
8a4fc823165a3e36b7211e0bd44394fb43fb1698f46772e76e3bd13c6f9b262f

SHA512
32da3ec558f3f93a1f6bbedbd545c1d43f241cde71fd70e27818aa8b127529e9e0191d8438f1a8b654f7674149b3aebda76df7f1246b3d2fedb98425f6d8e5ec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads