71681246e76db8456246a2ed80fcc599e7c0dc416185c4d56d5e9bec41f18205

Analysis

max time kernel
127s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21/05/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app-release-xjtwms_4.1.3.apk
Size

8.8MB
MD5

89edd8274e2bddb3bd619fffb6ac0011
SHA1

11a453db24ff9e919f7c8bccb4d4ee0ba6fd3b4f
SHA256

71681246e76db8456246a2ed80fcc599e7c0dc416185c4d56d5e9bec41f18205
SHA512

9fb3bf8837eb1939ae0c7d00f8fbb82a7f2d9e0f561d54c6da8049d1b79bfd0b2c4feb427f3bc3082f1a40d80b6117ba48a10ec2848ba96e0ea782bedede2e60
SSDEEP

196608:GJAUuyHoJEe++ko9tyL3YV7lLUm/t0AIXxNEwszmh+ZMO97rI6XyUHarGz:LRuoJM30yzWd7eLFh+ZMOJrI0Nz

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.xjtwms.www.wms

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xjtwms.www.wms

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xjtwms.www.wms

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xjtwms.www.wms

com.xjtwms.www.wms
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5233

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xjtwms.www.wms/app_crashrecord/1004

Filesize
229B

MD5
f93441ac81ea85403890c59de8f59681

SHA1
927000bbeeb56c79127babffe33fa804a2b14126

SHA256
00e1ecab41c5b8b12fc86f7ba80045f1f1fe73b40ba94a6d0f971ddb8d0669db

SHA512
8db4a9e3886ae2495e3c29a55082bc0239563935068e4926c0a22452bf014b55bc4825096ea41a90d0c2f627851b7746b6ff59932aeb3dfd5905f93c339d07e0

Download Submit
/data/data/com.xjtwms.www.wms/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_

Filesize
60KB

MD5
88d74b6acaa467fc8b8ebd4fefc49053

SHA1
b11d09750b43d2345147974dd316b9364ee7f1e4

SHA256
76b5b32d9bd11146f801ca3341e6b723483e5f101dac06d18487ab2ba3541436

SHA512
9ee653714ef8ac058cc2e819881acb3d27f53e32e5993ed030d46cc0b6632dde6f8acc4ffeaef321b508be39a74951096e7627c230484c4c81be0d37c6b46826

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
1e3b9d5aee191e154f99513ebf50b80f

SHA1
0e5cc61b363329cb1b7f23ff9d8cfba93dfd464d

SHA256
cf5807c984aab7bb7cdc3648cb4e814d4aa813f1a68f277d6a1b6282880aefe6

SHA512
ee723e44ea8eaa376e5958b121d8c4b252b72fae13599bf9f02aaf8954e9aacaa47b2a9c6a853141d97b98fe68c48317e2f7fb1d607bb70bc37144cfa53edf31

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
c33790dc2c67f248cc342459604cbea1

SHA1
3647fb2efe473f8e91c30911a1700dbc95cd6a0f

SHA256
1f10a2d1a20bd726e7da1e1191189843ec17a12bcccfa395437c95308fb07337

SHA512
eb056f9a06bdbfc0d7f1f98d2c4a7962a96f9bec74233f3f319983f4e414ac94013efec8cd0a49a6c132def1d92a3c168cbfc535e86280e6f357a5ff4fbe8420

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
fd249d9a5aa2a221a890f7e9b9d69ede

SHA1
44856b094c667f459e2e739d7a50ccc36387baca

SHA256
b2b0520048f20a0775fe12af9f819a7cdb30c909642831c245942d82edae3714

SHA512
73c718f9eb2cea279bb598720ea6c0cb9f1dfa8a657ac686b0953bb6902ca433a647c62cd850df7e237a8a25bfec510de127a799842b993fa0186cdb80bd5557

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
ae2b1374babb89e35a0c215ec82a7655

SHA1
01e9a8d28bac282c40ee83a4c38f57ff395b7792

SHA256
96f9ffa67edc8ba8f6d40f31ba3f6e712e5af74c3f03b2e259ca3727fac12868

SHA512
5626d377832726e26db150e4b061d29a9c4b7970ba846d7c7e8b463b505721aa587e500e7f7d61dced9014b81cce68b8d86eabfecb690cf477d2903a0f2df951

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
512B

MD5
c330ffd6250b63de43b27305de546fc6

SHA1
d34d083d5f36781a5ba813d8368e2d04998a3891

SHA256
6473e3acdb5eec3d05ad5bf81759b0c1b23b4a6652fbfc4b24f50211f573f656

SHA512
9c8f583574677dbda8dbc265eac01cb955f6a010277ad8d7e312e9f9e78e7a19b915d17ec251e314a5bf92ea1aee21e10ba912a02c48063a917b59b4b08dc078

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
6c72c248921bb4c2e84e4b8c6158926d

SHA1
2adb8f2fc8e5b69401cedc6689f5866dfadb89a4

SHA256
1559f5083b4f37771916139f3abed255089242e87d41fcda159aac2f52b8df78

SHA512
4c38cc6590303c8aeeb50da61f87d9d3d01e55deb3588aa48c2895e478adf59e46b982ef3ac997e9b77b21c218b70145266392d4c49b172984a8f225d11689d3

Download Submit
/data/data/com.xjtwms.www.wms/files/bugly_last_us_up_tm

Filesize
13B

MD5
aceadc352fffaa0ca4b2afff499e4939

SHA1
131b996d8a1c3f428e05628c7048d506a2231b02

SHA256
c0f14469fb505ecef1a5910782d05f0f34c050e8e6ee9a955dfe94db5d90983a

SHA512
1c8260d6b234263a2127a7c718465078fd33ced6a00e8a732cf9c4e6aea9bfd5fda069bf60bdce8e3295298c56f607a4d3295a04b9c5fd0126482ad3f783bf44

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads