4ae6eaf06047e3a164c442112e10185222ece46e49e9e3a5b2b9e74dcdb49e13

Analysis

max time kernel
125s
max time network
183s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app-release-xjtwms_4.2.0.apk
Size

8.8MB
MD5

8b7dc53f7b572c34b5fe4e38c2682648
SHA1

c323dd5fffc3399ef93e99510b4377b9edd32a43
SHA256

4ae6eaf06047e3a164c442112e10185222ece46e49e9e3a5b2b9e74dcdb49e13
SHA512

2a46fb4f7edf7635f0e4af8f12b089d1cb1f9fd488aadf5544daf1cefaa8e3b6171523e40c2992b0b028553cd1d25d12788c566485afbef0b644b8a28d8ecdcc
SSDEEP

196608:VpIuq0AUscfMttuUm/t0AIXxNEwszmh+Z3O93rPk1yUHarGA:Ve/2sckDu7eLFh+Z3OprPkNA

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.xjtwms.www.wms

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xjtwms.www.wms

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xjtwms.www.wms

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xjtwms.www.wms

com.xjtwms.www.wms
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5152

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xjtwms.www.wms/app_crashrecord/1004

Filesize
229B

MD5
5c7bbaace287758318ef136df2e6c78e

SHA1
51d13e7a3209eeed96f5033e8c6d2f3640bb2df4

SHA256
c7c5f9626a8e2c8cbe5c66294dcd62fc6109c1ba9402e3c8f5830224a9403c79

SHA512
e3e56d01817d9d52be5cd1197eaba875a98a85b19ce63b5a0fc98e81da3d63049e0bb5c0cc020ae07f05276418924bb833840d5932038c3493b25b55a781793c

Download Submit
/data/data/com.xjtwms.www.wms/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_

Filesize
60KB

MD5
bb4f295dcc212686045dc9b968d4c071

SHA1
3504345fd0acbfd6aef853a6f253f937cde7a33f

SHA256
555e88f0e07789881bca18aacff045a12f5c50dc9a6cfef85086f7817edc55e8

SHA512
37a77bb45373c5d704e1b5878ca677cb2f45bade11954e08335a32e838d434497a806ad72ff478620f8aa1cff09594cbc4891508b2d5cb707224c34ee985653a

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
166a6e27b3f185bec459c97f9016469c

SHA1
3fe4b972bf1cba586ef9009bee8c7a19a9297b05

SHA256
62d9fd03f5a52e37988e184e91458016aef3ddbb8fb4768ec73f2e4f7fcad5a9

SHA512
180056d85922ca88439b3a80530662eb9b98f2848ba6e08262da9e0bf28ef89775218e1e09a064ca9e5967c7736cdc683fd7be2e5a9ebf7fec3198bd8f09ca47

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
a95f6a22e8da94b4b00812058137aa44

SHA1
ab73ac177228baf4c119e0aa78d37dd63b2d9e18

SHA256
c294c2402a408e23321797133d807b975b649681a8cfac5d9ea9809c2ee8d942

SHA512
ef7b9c4fdb62dea92d87b085d14a97b78564c00319258b86ee2750d5d7dda6970fffb44d07f20593acb81dabb863909ca636e47bba410c1ee15f397f4adfa473

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
f2078403c1466e1903b5321f593cc10d

SHA1
fe0f52a75280b9dc8daa67cb335c97d7404a5605

SHA256
51a597a531cf43b892f6a129b07ad2fe42df8a1ead96878f6325d58f9fcf088f

SHA512
fcf3b19bed833bbb5dca4a70c59e82dd6c5ad7199c551628c6b85db5dc5c643bbe31a81fa84d99d1022b8ed7db6c82641f380fb16da227079bfe2ed9c025ebde

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
c89358dd886a0fe9acdd8def9a853455

SHA1
169e6d93ef73b12d7296b77f60ad997f25c88ce8

SHA256
7e2f1ab9cf5758cd993a78cfafa4f728a9198f48313eb36f198052ac2c1061c7

SHA512
b239ea6a76238843198b366a859beb6a9de15a6d93d57cfa982206ae7797f09d0bd3829ff8453b863f8a99c0f377fe3cf70ffc390e823a904d103b0237bf3cdc

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
512B

MD5
e6544bd3f157171446de9abe4b8d9bce

SHA1
6aa4e6c554526ddea3274f7db743969d31b17656

SHA256
28e1c79b52e55df717dbd63ebce82fc350d0db90db12d589c37cc8e4b1a05ff4

SHA512
710e2070adac5432c97ceaf43670737268848a666306674ebd45507db8b4d24c2b4a322356b00f3576a89b1ff5af2e1ba0671d505bdd2313234ada11dd345a20

Download Submit
/data/data/com.xjtwms.www.wms/databases/bugly_db_-journal

Filesize
8KB

MD5
b8c69087eef8f58ecc292d01185a8b8b

SHA1
9921a3b01e92b274e8c78d95edf21925fa4d008d

SHA256
b606c72c6716969356522826cd3ee35da61d550f584cd0a6df700cdf4442d3f7

SHA512
b25988b79513fc6f8d9959843a01114f4f080151c8c3c623cbdcf69e7d667be7f7138f25bb05002d522e8485d9b22436461470c63a59fa9b49bb828d9833c7b9

Download Submit
/data/data/com.xjtwms.www.wms/files/bugly_last_us_up_tm

Filesize
13B

MD5
8348fa28a79df8c36e3f872894afb34e

SHA1
f41804e5f5d4e95cc98db2182d2ca62d29867e27

SHA256
f3a4a81e800aadfabeb7e21ee5bb7a7bcdf9a17b8f26b3216419c1e97e7a1c47

SHA512
259106d0570322323c5af70347edd6c8cac2b4257047636dd0a6da9abc2b8d49a4f5de54c341392dcaa3926e6a2a63aff064cc90e01ba0f59d8f93b8cc97a5d9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads