d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768

Analysis

max time kernel
177s
max time network
189s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768.apk
Size

13.7MB
MD5

670fb510cbcd5ce864020e049d5bff6a
SHA1

f3c26ad3eae4825ab5b17b2e6b87ce781736f4f6
SHA256

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768
SHA512

dba9b05935b4cb8cb41b7a888c80c98f8f0d296f78d58fb3f90ef6cd82dfb28aec400cc82b0893e2face3423c5d3520dc25f06124854ff26581f691242d1c892
SSDEEP

393216:zOfzI6WHGrXt+em3eRxZNjR7VQ+5cFXNXQbAXmlh:zOfCHGjpm3eRxPjRW+OXZQbAWz

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.guokr.fanta
/system/xbin/su	com.guokr.fanta

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.guokr.fanta

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.guokr.fanta

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.guokr.fanta

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.guokr.fanta

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.guokr.fanta

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.guokr.fanta

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.guokr.fanta
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5174

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.guokr.fanta/databases/mwsdk_analytics.db

Filesize
20KB

MD5
e1082aab98ce5822329659e4f25f57ee

SHA1
61d131280ca2fb7a5676f4386ff089ea18cb1961

SHA256
cefdefa5fc502204de91a8829c84c2f87ee0e12d81f40a61231ebd669f50770e

SHA512
f4933b7908c88dcd1853acf2857226b03fabaf92b0a3f3fe6290100a305db7279eae0cb33e9bca1dc9983ae45abb6a1de3ff2ffa7eed7b6cdfa4d0e19b2458da

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
63f5da2d07ea0ffa919dde081707e32a

SHA1
943bf3f5b3aee0afc1d6a7d421270c998669b3a1

SHA256
977af216b33e4dc7d5d124094a2772676e5f07c65a6c2fb8f2dddef2d93bf4a3

SHA512
215df45670fbe18c2ff2f1d902557682e69ea737919b9dd9e17743e447341935c0e8cb56b9b455502845024a5382d5b1b78e9683e5e7e6679af763f081b4e6c8

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
8KB

MD5
89f5dca2ca188a0db9865dee92a3d358

SHA1
409011b946c40b2d6a34838004865a1aa491488c

SHA256
e62a66a472659df314b972881447e83364f1de7bcac81aeef466a0feb65fd4b8

SHA512
c3d0044cc0d7fd3a607bbebd5274076ac1af1c3f21e4ca0290cd91865de993b988ebbd01f9716765ebbe2ac0f249335cf1a4c27b8026994a833f1a1e879b6776

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
8KB

MD5
26ed6a504fab1f360b869003f575e9ac

SHA1
8b78b3403a1a540fca030107d767b9ee653fad23

SHA256
5473d9d4127342026f77fdaec1c2cab8d4e03c5da6a4e75a48348b4517076fb3

SHA512
012a168006d20d559030df3cb80cfe7f365bc3e7277da13ce784dedb01340d0ccbca38449a1317e2033921ad15efaed189f025391b726183d600ec0ec12caf65

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
12KB

MD5
2e4be7430fdcd10edb7eae2f51517e71

SHA1
e7655ad79f3afde51e79001df30d2bbd68b286b6

SHA256
778b1e656560b56ee6fb0a92bf27608ad694e6fb98f817b8a6f41b9b27ef8f2c

SHA512
0bdca70cc4db496cd84fefe0d643bb69e8c59bbb54894b5f0158066f9857d0162d6a58b966c81aa0fcfe896587d58813141b3b9ef6adc4d9247ea1b5e802ed6d

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
6fe49576a6549f3d769171ecabf1ec58

SHA1
d18a3eab75fa5ac54473f7909f7ef2d8b31a7148

SHA256
1636d11e1de276838e45c375f1b877a5fafcc6728ebeb2718873550c49b1dafb

SHA512
ee1169d0f2099661dfd113c1a17da82f8113cdf303b744170506928135b1cf14c6c03fee2d435af7feaa91f80680efff08720230dd14a935eef5c0030f9ecd73

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
a73e8911eac9bd7cf4aaff7dff8e4078

SHA1
979656edbe5102a1e67747d18b76ef05b6d09ed6

SHA256
d9420c57a7f1e8eabbfdc951ff7c7884d567883328f1f669c7d79d0f344f8bd9

SHA512
1fc04ea3ae86d53e65302aeaabbb935e793cd676ad8680916ce38e28b9491646ddaba861c316b3581148820a622b96fb86e01eb5b55f20a7d3591e7e5e5bde79

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
512B

MD5
addf19ddf6cfe537ac2aa81e1846dc15

SHA1
ebb33a3727f38da963f9127aad568ad2ddf8b107

SHA256
229bca1ca8bcc84c8fed3d47d5d9bab1497e79cc3dda6e3323717fc374aadde6

SHA512
4b68cadd246b463d4e4613a7c8b9754f7248c0ae94d1df37410eb06bfb35d8ceb3baef27f8163c084f95d922660310a54a1bebd691e2d929081e87f867dceb1a

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
8KB

MD5
77efb93cae0ec15215422a2277d5c08a

SHA1
a9ab7308ef292f02263e4c2d87e34f4c0c245cbe

SHA256
26f59ea2e4b5c39bd99524aa1ac6026c77f1c39db5b6bf64a87b73018939b44d

SHA512
bd0db885818c06eeb55a09ef18b5755a8b4003deec7db03e0cb8daf0d529525d11ddf4e2d5ed71be113e99fd3b485198150d58cb1b945b2e0760eb1467dc4685

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
8KB

MD5
542189f7186474fffac46cc04fb9cb8e

SHA1
8533849ba78adfadd1d7c33db1c5edc95eb284b7

SHA256
b40b0ade92274c16da76fd56c84d6a8d7dacaba17729673b034e194a37d932da

SHA512
614da14334c81297f9766a7238182af9a2b71b12e66aabf52d7466ba4806c0ad571dc4ead55e3b7e85d72ef480b869f1ce239900094c63f991dc3e36a349eff6

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
16KB

MD5
089f8e02d4be81271118a0849697ae0f

SHA1
11187a9a173e696596deaf000cbff19f28884538

SHA256
69b3b77d7692adcdec489ec237097066fd1c52b5b96352201a0a7137c9a9a01c

SHA512
9645b91767e128a586d8d5821f155345186f6bba14b2458b53b76a36ba0473a15fa91556777f59ab4416367c83120eb3879d360e1f1a68c897e15978dad9b75c

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
16KB

MD5
3082a05d1e3ab4d9ff6f51d554670a60

SHA1
0b8c72a63965f7d17f044f7326617214c13e541a

SHA256
fe94da6c95d3a6a900d6e159fb32b16881b40a4880d9d431898fd6fe1662ce3c

SHA512
c4eaeb820e82eedeef8865b02af2b010e5bdbddd009cfb7f2ce182f0489ba8470c6b20a4811484ddef881be1386c109c95707e1c5b3faad08dce1ef2f5918da6

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4D002A5-0001-1436-9C51ACA2F5DFBeginSession.cls_temp

Filesize
77B

MD5
d5c4153017d3392efb71f4f13df2e2a8

SHA1
304830630735e68ebd7e2ccfd01869e5b4d7aefd

SHA256
61b28a351b33e19e0dbcf491d98a849dc8b4f13e29b3c5f2a0ac495dcee18bf0

SHA512
5e44c799a0b678c1ccbf3fc9712727a4399cec2d1e785bd56791f7cf8ee5a6dfee56edc05f6e08423921f9c625d81578a0330b36d9cfee957c4b591175927239

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4D002A5-0001-1436-9C51ACA2F5DFSessionApp.cls_temp

Filesize
112B

MD5
ea4a633070b638cae5a23410477d9025

SHA1
2b0a98d5fa974b8fcae0f547f3aeda67796639dc

SHA256
3afd57d4a6e8f79739c52ba230842cd0f02a6114497f9cf41864fe279b78c2ad

SHA512
26ab795ac1147b83cf9f7bcde4a33efdc390a3f217768be480a004f20f743d924f1e105a83a599644beed4c5c043439758906e4a77eac47da96b5b12772c07e7

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4D002A5-0001-1436-9C51ACA2F5DFSessionDevice.cls_temp

Filesize
88B

MD5
375de4c521757216a7cc7797d1b4d62b

SHA1
6c4c1d83f899bc4f4cd42f4a4cbeb7852dc3b439

SHA256
c693d8f716e30cd4b85da2fb6cd9dcc9fffe13f49d1fb423ff96d7f6bae45675

SHA512
88eb0f693c7ede199e6f06a0282136ad63b3e3c976576fb0e792850a686d71959bcb716fe8177f39c2bae51065ce7c3c3a97bfd052404a9857b705b960f8e408

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD4D002A5-0001-1436-9C51ACA2F5DFSessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
955B

MD5
8e1a4565ce4acc948ed572a34cfc3c3a

SHA1
2fc71d281a58ffdeb670643ba87a43e7857e566b

SHA256
40caa52559ee5811f53c7efab9c942d3761cd048f2994b4a4ea39318fb42c917

SHA512
7ee5de6b831715536f44d4265fe997b12651fffa1490d78404b8cf8c54f7371267c318168cdd30c470aa8430a4797abb1bc664a7d141db9b5cc92a45e47c2bbf

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
419B

MD5
a59317296805e9f34f9a193ba9228f42

SHA1
102ac2ec2c00af58d0a7018c22c404222a9e92d7

SHA256
9c22689082c9a530c06aadff758f24a3ef52fcd67d472c5be1f0157e01a268c7

SHA512
794a7be5572371ef824cdd671aa14fc3436b2ed77d4291c1033040999e81bce51d13e7b662e2d1a646b94457f6417176151dcc450d810b4999b929dd81a0ac8a

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1ae41ff4-424d-4602-9587-2ff09b15abf8_1716376785106.tap

Filesize
342B

MD5
f18b137dc86d538e451ec00203548b64

SHA1
1c6377633ad9046e226e362932e78b28a2ed7c94

SHA256
b9dd191d56ae61cbb77e6293bdf817e2aeefff569a0e30239d04454f6d7cd8eb

SHA512
13d169fabe08b26adc64822b730b9babd482c65668bb76f7b3b7d308c264c2270f0b42a575d2fae8cf866dca52dc270333dee2e60b54e686933a3b6f4733347b

Download Submit
/data/data/com.guokr.fanta/files/.um/um_cache_1716376847282.env

Filesize
647B

MD5
bc008b2d1f9a53f7c89324c7f73da954

SHA1
66c122632b9ff5219fb692243d45bfb8cef9b6c4

SHA256
b50a3aa4d0cb502233eb3c0180520c1b7f6598c160235f246bcce6654679af32

SHA512
9f9568202fb2bb1cc1138798c9aa8fb8d3195fd10a791b1a948d196c247027a1139b79c87219427efa3e103973a00c779c4a69dcf36b1264ecb1c64055462012

Download Submit
/data/data/com.guokr.fanta/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ed6056fe9ba7ab3b93dbf59ff0c4d777

SHA1
aa8f9d11762a2fd86189bd5d91cbcce63d65940a

SHA256
a9ea40edd7b2c72ef3212c06a9a8383ea1954c3dcaec6c3fb99cd2eb9ba94fd3

SHA512
54c57eb68500de973721770625889f9217fb96589572bf57c5c6a96999b31ab3fb60be92cbee19b88bc0f7b976a2e75f2d84e5e5d20bb84d99677d63991b0763

Download Submit
/data/data/com.guokr.fanta/files/umeng_it.cache

Filesize
350B

MD5
d320dfd6814e9d0575c5050257c017f6

SHA1
6131d2b1b531b8543c4f20d67495e0cd0ffa1396

SHA256
79a4164513a07c099bc0bd876cb51cdd17b6129d5cf2941bdc6537e07b84134b

SHA512
caed58dc871158e544fb697fba95b12af3e581dac2532874e46a4a18d7c83aaa222366d99e095ac525304df5100ae7870fec356e2302decaa5cc243df15ffb1d

Download Submit
/storage/emulated/0/Android/data/com.guokr.fanta/cache/bitmap/journal.tmp

Filesize
34B

MD5
c6cfedd7f0c75e730f54e9589d6abfe7

SHA1
93cd842fed00d466b97059781a459a3d5417f82d

SHA256
2670af997d01b27e5f81054ba5a0e83b0b2a0ceca4571b0218e08e7623c1d376

SHA512
35588e4d35ebb57758675efe0551f4c56cc073b320bc9ab492541875672f9d476b6443d2401c31575a58da7e0dce7c81f92d9c5427e17c18b0d598c36615f690

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads