00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e

Analysis

max time kernel
10s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20-05-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e.apk
Size

24.5MB
MD5

5e5fba142b81f9a6bd10404ffcfd023e
SHA1

cea2d35031731b97c4f9549bdb4c101eb40f2d5c
SHA256

00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e
SHA512

94613301ce630ca7bc8994e40a57efb4a7928f20dc45701ee2756f2ef5ba4eea0dfe55c94826974dfbc30988067ed1b64bc70c4f5d299b80b268befd8580082a
SSDEEP

786432:sJuvJLqZvnOt1PaqJOrDFGPKbHMhWbv9Be/E9lJFX4cws/xSO7HGZpug6f/Mhz+G:vvJLqFEerUqmju//e7

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

fm.xiami.mainfm.xiami.main:pushservice

description ioc process

File opened for read /proc/cpuinfo fm.xiami.main
File opened for read /proc/cpuinfo fm.xiami.main:pushservice
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

fm.xiami.main:pushservicefm.xiami.main

description ioc process

File opened for read /proc/meminfo fm.xiami.main:pushservice
File opened for read /proc/meminfo fm.xiami.main

description	ioc	process
File opened for read	/proc/cpuinfo	fm.xiami.main
File opened for read	/proc/cpuinfo	fm.xiami.main:pushservice

description	ioc	process
File opened for read	/proc/meminfo	fm.xiami.main:pushservice
File opened for read	/proc/meminfo	fm.xiami.main

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

fm.xiami.mainfm.xiami.main:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	fm.xiami.main
Framework service call	android.app.IActivityManager.getRunningAppProcesses	fm.xiami.main:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

fm.xiami.mainfm.xiami.main:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fm.xiami.main
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fm.xiami.main:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

fm.xiami.mainfm.xiami.main:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	fm.xiami.main
Framework service call	android.app.IActivityManager.registerReceiver	fm.xiami.main:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

fm.xiami.mainfm.xiami.main:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fm.xiami.main
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fm.xiami.main:pushservice

fm.xiami.main
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4355

fm.xiami.main:pushservice
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4472

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fm.xiami.main/app_SGLib/libsgmainso-6.1.33.so.tmp

Filesize
539KB

MD5
eb913b5d92b796eb399b125ae87548cf

SHA1
dfb945d92b1311086f9b8edce92687cf694c0252

SHA256
d6eb1e7a24c2a9f893cfdf6d863498027b936bcb0f12edc2575031ee003e63cf

SHA512
bf9e1464d8e1e5fecdd2775e6b8956384ee7d3d7aa62d0f4515b345208d5279b51ba1c2c7108c4807b7b42624410b4b24eb1de6381c302ae4fd9f05b979548a7

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db

Filesize
20KB

MD5
afb0fe03dd3c6285f687bd8eeac67bc9

SHA1
a4835ac3a1378963f9b8b9f477ef9c5d9e53c47d

SHA256
b76f6f58bcfbe88904beb38e06d4dead94fb5be46397d82d0e9c7fc8b5ed23a0

SHA512
d2adb89b9dcc26873b40632ac0958d175dbee030bda357f32da06954b8e7183dc2186242a3f4c03f1325b860c859f19b846c0c31ccba7e1817b1d4a9b85de849

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-journal

Filesize
512B

MD5
edebc4ebe1e2b56e75b5048291634c4a

SHA1
de56069b890c4ab38bd08c283a134387af792d52

SHA256
e277d2df68654e848199c6f9d9dd0a0658e1b886a6e4ff200470f5b01ecbca1a

SHA512
27b1659a2ff380501b50ebdcb7503ea49b122e89b816b83c04c39615ebeb16de135151e305f35b65c642ac3b9d5cb528751a3e167f515b8fb765c8465867e57a

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-wal

Filesize
32KB

MD5
0862e7ae4b66c79de3d0b5bd1375c9af

SHA1
e37068f86102ca5923b79f9ca90387f24577d6f6

SHA256
19199d44304804033f1fa779d3d4476c49f8d651bed34302cc2f7ad415ff331a

SHA512
7db9d31c3766dfab77cf03875a1b12c18f09fd7c85f1337df268cf1d9d040bbad0c9bf2f9372c38e987ea6a5aaf63f8af33075a7f453ce9649b3a97ea3a4d6ba

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
94KB

MD5
93cfd529da3ac31d41bf57e4fe01100d

SHA1
064d2358587938bebd5a361efb565d6d75f9311d

SHA256
df9a7d2b2b9a852e2f33b2ec5c6f598a397fc3c3212b62b9981d950819b39cbc

SHA512
28365e924302c646eddc226770f318be385d9a7bf3b48ab9b8b17d367a808930e4b584c501cebdbdaa0f1dca875ae1c36fa4fe6175d95e8228abb5c8ff76d2e4

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
93KB

MD5
0a21f11e7873c000cd3d984fabfb24f9

SHA1
b48d9555abb23635993539bb0dc3cf8740dd6f21

SHA256
37a578616e6eb5e50bf17b95599b177bb5de0728bad87b7bdc996abe965ac9b3

SHA512
22b9f0cc34ff0fcb47a322718f2afc6de41d796ed09546edf8cfebbcb6d08f127d5c5165f8bea6631475dcedca1dd2cc20a7faea030bc06b7f90373b1f2e351b

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
1024B

MD5
c99d70f662dd0938b3df317e8b6834a8

SHA1
5f13be92862aa0cc9c2d1e44e1454fd1bf903e1f

SHA256
17cc759ab10bef7e5f8a6eeb029d4fdd1b8016617ef847fbb1b12e538287dc3d

SHA512
f5458b3c168545b3264b2dd8b446f8f5aa217e977fd96378f23c8ecc8a51a43b23430a089b6707496e0f73b7362481e6d60972164bc2233dda948f687e3ecb61

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-journal

Filesize
1KB

MD5
c4a9773138ed86ef2335c1654a45b678

SHA1
00bb638065546246b34ad205256b48a7ec5ec098

SHA256
1cef2d81ea884f74ca2dace16a1fa946865d4da640579c57f515477d1ed7a47f

SHA512
18bcbbaf7910f93fdf90dda5a46b24d09df4e9bef64ad02f21629fa2a7310195ddfa6b59fc63b2d52049ad39b96c7b7a1015796e642738c00394f8f8655f119f

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
5KB

MD5
387ef22ce621d167d8f6ca8fb0f38cb5

SHA1
9195de6c939316349d83b8cfe2dae294c8c7be58

SHA256
38383a56d882a8249d8752b2458d88b64aee88d8b712a9ab9888cfbabd02540d

SHA512
d4c7571de0b822139f3453759293f9bb7e4f8a7aa1e5a145a742fad66c125b47de7c3ee7650ca5d9761e0ee3bf4b0149f0c0bbcbd2d3f34b84c346f799a8f964

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
1KB

MD5
9e2bd5fd56d25b2feea327da8b9c9c98

SHA1
f2f5ee7672403bbf6134112a1272301c67ada2cb

SHA256
4eff7c898449901d630b0f13c459bc20fd04ef2c30ee07815d3fcd98f84346e2

SHA512
bc65bc0afdc59483138201029c7c0f34b1a82b79ad0b0ee083b9cea673f0a3c802e26e71322a0dfc0998c80b73933ff9b0be5857ec8d6dd51d75716e07bbc39e

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
15KB

MD5
6c8650d2dcfae5f816cf72b25368fa56

SHA1
6af8301b7e1867e4ba39e026494dad740800e731

SHA256
23d7c9723140633a8c0d9c82d77a5a2852d5e78e7c8f4875d2c0f0446795175e

SHA512
46e61281610453694d031a81c752de07faee40e08d23423cc795ec12f723d6b8896f317fe2ef06f4ccb36f8f74a21d84f20e1333d49814689dfb8890ccea1339

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml (deleted)

Filesize
167B

MD5
c58c13653270f3e87e7370cbe00de3dd

SHA1
aaddf72c9644457fba3300edbbfb7d901851bac3

SHA256
b88b718d4033c8d8250c1444c4fc76a20260de5ce065ab92c03c76948c0b96e2

SHA512
cee924a3f323492df39650ed19369c70baf5a932f29dcffee3af6acb658ef61d0833b737599bfe34b57c03635bc5b282ba1c7509b882e138a640e7a8feaf7b37

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
385c526ca0b05f7f3fc790234b164066

SHA1
431aa4c46bfed8e7c0b87281e960eb395193814a

SHA256
bc57b8bedecca9b60a5d0102f811da416a1f6acf3cb811605d6e224adffa246c

SHA512
8fb121c48619d4e79017a0f2c98c8d824277d3bb8e0d22f2e72d1cfbf68faa14077aedb5577e3e94cc7f12f81edad2ed5720c717c32524f428902b71495459f1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
57d9eb21e4208e23da9385972516d3c5

SHA1
0e95601e2fd3617f7a84fc4a441f4028fe0a57ac

SHA256
619ba533f3fc4baca9521482316ce639ff3e7c2c3645c6ac2b2a2c159a581f18

SHA512
d9bdaecd0e5c756c89dfe1b7b53c1ca867aa1b47c7e5afd12d35332c1b6ae817c412252b54fe4bab187863e74cc4f87ec0bf5f466cd371a49c92655b8fa6bc61

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
b13ee8a6d376b7922a9871d6e222d2de

SHA1
7d5943e2e16a309afc41b465c99f2780582b8b31

SHA256
ad27cff02e6460168a6f1f33a61357143c4aa4a5ab1900138ba526c7b478508d

SHA512
28b1d4752a057c1c874758682e170be87312e2c59555c29cd437a1355db8b89dca3ad2b67e6162ee7becc290d02722cfb29b5e60a1900edf3c80c57604e9482c

Download Submit