d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768

Analysis

max time kernel
177s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768.apk
Size

13.7MB
MD5

670fb510cbcd5ce864020e049d5bff6a
SHA1

f3c26ad3eae4825ab5b17b2e6b87ce781736f4f6
SHA256

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768
SHA512

dba9b05935b4cb8cb41b7a888c80c98f8f0d296f78d58fb3f90ef6cd82dfb28aec400cc82b0893e2face3423c5d3520dc25f06124854ff26581f691242d1c892
SSDEEP

393216:zOfzI6WHGrXt+em3eRxZNjR7VQ+5cFXNXQbAXmlh:zOfCHGjpm3eRxPjRW+OXZQbAWz

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.guokr.fanta
/system/xbin/su	com.guokr.fanta

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.guokr.fanta

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.guokr.fanta

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.guokr.fanta

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.guokr.fanta

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.guokr.fanta

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.guokr.fanta

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.guokr.fanta
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.guokr.fanta/databases/mwsdk_analytics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
7631558f903acfe56819b7442e11cf8f

SHA1
99cc33be86b156d1dc00010e7a3282e197160d0e

SHA256
8f57bd98c4fccb0e990b1c197d41d31ea0bcf6c8fc35c1b27a159ec106ade0da

SHA512
7d8dd1415828d0749643f56b2a01cbcd8b5dd391d5a815f90eb1226636ef0e5b2afbf6f49d00402f81e04808fb730dbf5e71e9d49c4976652816693f6f835645

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
b43eca5a277a6b359d3c8759ddd757a2

SHA1
1f131030942387b4f78afe71808cbff5e0929c01

SHA256
a839c7bd450a767c343c0cbaa8693d17e554d167aa2fdc9e22220781d3680f1c

SHA512
d854c7e45cebbf4b046ed72dd9ab0888b279d23f5c352f74ca4dfae07b8cf5e534d09738c3b84ddc1f4485f4aabd29a925542c66b9a8203395e0a5aefa65e701

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
727be0ca266cf2f78b4a30fbb457034e

SHA1
8c3523282b74ef3e6fd42c94fcb9c337c041d3e4

SHA256
7dfe9040c0ec7dc97e5dfb9cb6195413bb51c6bd1acbf801f6fe9c91120bbc55

SHA512
f1e8e125625bbd3f5f2c6d8da0e70319f6f08f0a034abc43ca1722b7601239895728a4dafac0c49edb12fb1afb50ff1e4b2579d128a27be4b0052dd548c63ab5

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
a7b824004a2df83212e663794870c17a

SHA1
35b341ca9fe1c327c09bded22d2117129e48570e

SHA256
db19432722bc70b3008e2fa9578282112ac49d742912c40b3794f0e6d3fd936c

SHA512
f2b441b6d72b910d63c650eafc48fff15d45ea2c95d085782aace1eac2a54e2db230691c70484fe2d1bcabe3e2e20326af82853ec807cae461ef091174b4349e

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
512B

MD5
5970258d2bca133d8d69d598480a4ca0

SHA1
2051f7bd0a0ac26fffffe0a21fe389cc0c5d8ac2

SHA256
4c94beb90c667a184eb3dd64a2acb8fcac432e09a3cf1c9e1a09bf558f967fdf

SHA512
7e5074ac7549ed6273149bbc6adef9cfea69bbeb29f65df7dee8a8af940a3a7b03b0db8a6885737d70264e6d27ceecc8a3b6a3e5fdf6d9490c07f4f3c87e538a

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-wal

Filesize
48KB

MD5
837cccc03fbc4ceecf72b9d6d3511ad6

SHA1
983a04438931b925228ac9ebfa3dbcec49cc1174

SHA256
eec6ba71c6ade4dd202b11a1a5e055a599ccdec64eb2c749941d8153632a67b0

SHA512
62367717203028064f2c20c8f31c34208d737c7682c6da178bb549af7c12d42d7b8163fd99d4b76c13804279f65f014b34470e85a4632d65d98cce71a40e43ae

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-wal

Filesize
12KB

MD5
6ee92ba6005050032a14902c9f673840

SHA1
7bad56c542c8ba0860404d4bd43c492df1f55c0e

SHA256
0947cc0498798432bed31629eebb8905f4bfeb7c2b6583dc3fd08bf48763a15a

SHA512
7a97c49f15b5c8e70fce63a5b080ae82c50e6e10c9430602395cc7a7b7c904497662a881d651a3e7b8d9e41a291501e89cd5652880153429c78ef689530c991f

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4CF00CC-0001-1099-151FAAE70362BeginSession.cls_temp

Filesize
77B

MD5
e2e472eb85c11bf0cf2eccbc896cecda

SHA1
7cde151629d5197dcb17af9af7e0a89918464b84

SHA256
b4dd16fcc09c85d981f97f0ddd819152fe25ac4d1ac21ec7939d07fafaae9fcd

SHA512
52e8bf721ad0ced9fc5ab70ec1a210c40e4ca2768c6c84a00bc9f372cc431389f4fceafd68f8738cb94f5284a0aaf089ec9ec52d76180d61b2d6a3d964f5ca14

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4CF00CC-0001-1099-151FAAE70362SessionApp.cls_temp

Filesize
112B

MD5
fb6b4d702e4b4d3b4d40bbf6e8efcab8

SHA1
69634a4e15612601d5de6c05f310ef7a80ecd574

SHA256
4831c93e7ba728ccfea3981aa1abaaad9a01b64876be45cf708d792155108dcb

SHA512
f009869261a5de8f16ff507b874ec408ec279019ae8a4ac4e8746eb0b8d94899b748fee5904ec4e8580808b9132dcfabda5062f77d2e68f6bb7846c384148f17

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4CF00CC-0001-1099-151FAAE70362SessionDevice.cls_temp

Filesize
88B

MD5
e08243ebc51dfd3001c846b35d622ebe

SHA1
cc7f89eb64c90e6a874492ff61ead4c5e9013242

SHA256
fcacd60b9e7be487d806fb23844c846d74a06f2231a9d2f086423797bdfc979e

SHA512
84c325fa848725b47c350d2a775d50b1ba309f9970b36b2685f2844e9db278241ce7cc72f824edd6cc94a3dfc0c070a32953888df9e961f13bb54e42bae40d99

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4CF00CC-0001-1099-151FAAE70362SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
953B

MD5
94b9fdb8bfc303c2fd7509494b5b3c77

SHA1
eaf74217e85bb67dd192725c436f8944df895d79

SHA256
2aec65a56cf705c8fef6492f3f47b146bd3a8b85aceae20eff031f3baf203284

SHA512
94fbaecf1656ff98686d7277feaa6a03e77bf7a3c511b810ec4038292b8eca0c113b0e213f7869a7a12f01052ef7f857801ff74e23f5106c754e41cece7f3af3

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
418B

MD5
ca77370ece88e0e0afd90bedff988189

SHA1
c62e6d67acbc551b4fcba43bd49007cde08c1b91

SHA256
4ca028f71cf764c57a377a5e1fd50bae91727218b0473b518f2db414bc31e6fd

SHA512
227f32e7385cd3d9d8f2a4440174a5c180dec99df886adc79ba4b4c8f091444cc1ae20fe72c0800f5f742836749351a3e728e7201cdfc356d1d5660f39200a85

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_89bf6025-b1f9-4eb2-b5d2-5e906219ce35_1716376783613.tap

Filesize
341B

MD5
e34110cc88fe01a82cfe439de35b8dc1

SHA1
38574670ed51143f760695f9d1a136f171753075

SHA256
1f4683dce4ce1c84a57dde3a81ce1c8aaed985c6e31939ae0a7a270a2e8d899b

SHA512
ad816e029ba691199e322ff1bb26e62b53f1c143a4cc03222f39ffb15dec53283e04b245f1eee742b202a4d24963c404b3c26c12a30c1c49d72c4466546470c0

Download Submit
/data/data/com.guokr.fanta/files/.um/um_cache_1716376850771.env

Filesize
674B

MD5
91f60ec8c53c9ba1acb96abcb7316b32

SHA1
0e8948d47153c557edea6d2c11ad54b0558b5669

SHA256
21f39a7fbc69438616ba8653b1eed6b7060a904455d8524de8ad0f8f84c51af4

SHA512
688412eab78ebaba8a2e4d1a6ca5427d02652ad26eb879a099e45ecd0c0b145e27e2b3a6f25204cca84205bf178d7f688fed1d82c134d5763326c92fc14a1c4a

Download Submit
/data/data/com.guokr.fanta/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
191d7f36b932f606586a3182cae9f06a

SHA1
27dccbc6f0bcfe932dd384c88aba2c5c9b755a98

SHA256
9d8fe219df70a970317c0d3662e7a2b3e8640a8ed0594b41b5eb15afe98d9e04

SHA512
996a267cf033cc594d795cae16677777fe15dd2d0f6e6d7aa1a7d73a43d883cf1b429c393e4ee838af3cf8fea7ad34ba1811b9b2b743461b1b14b3fd7fc842f6

Download Submit
/data/data/com.guokr.fanta/files/umeng_it.cache

Filesize
415B

MD5
30124c4be19d42c7f418f04e5e80c142

SHA1
22e8c20e3821fea06618196b78c6b4a3fd2ecbad

SHA256
89321a62d82c139ebc369519d35de96ef672b79dee1e178d3fedff43f9bb2098

SHA512
3c20b221923714ed0ac90bbae29b294fef2d3eb74b4ecfdfda58bb64b3a150cca8f29776b09dd3ce2258a9eef423f1b54fc192a83aa7a0a45b23a07f662ec006

Download Submit
/storage/emulated/0/Android/data/com.guokr.fanta/cache/bitmap/journal.tmp

Filesize
34B

MD5
c6cfedd7f0c75e730f54e9589d6abfe7

SHA1
93cd842fed00d466b97059781a459a3d5417f82d

SHA256
2670af997d01b27e5f81054ba5a0e83b0b2a0ceca4571b0218e08e7623c1d376

SHA512
35588e4d35ebb57758675efe0551f4c56cc073b320bc9ab492541875672f9d476b6443d2401c31575a58da7e0dce7c81f92d9c5427e17c18b0d598c36615f690

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads