31e2f57c92941780cb8ea0114c07258aa7604f01cf333769fbbc80b68c246f29

Analysis

max time kernel
176s
max time network
190s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.7.apk
Size

12.3MB
MD5

80c4274b3c7c60d3d46bef18c2971229
SHA1

fef1980c05b587717ac2338cc264efe43b4e1cee
SHA256

31e2f57c92941780cb8ea0114c07258aa7604f01cf333769fbbc80b68c246f29
SHA512

883d30f021dab4f169336da071b29cbd087aa20f1bb290f32c62e6f9c076bbd9a7da85d88e14d9eecf623154ecbb8b8f0463a99ae4e7b2d63e114190cc4b5e37
SSDEEP

393216:odw6/n+iCfcQW6Ylr8lvWzvpmyqfNSyIkn+Fi:odnvfCJfYlQlv9y1hi

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4317

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4407

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
4KB

MD5
56df4133fe14905fa069f9eec2e0ce55

SHA1
3fdc28b0cb16cb602e7c95849178cf56fc458ccb

SHA256
4e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e

SHA512
6f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
512B

MD5
091146a2ac5a746ed8ef8d2985cbc72a

SHA1
0cb0765aead9d68ad8c6ad6e6d78750d20c49995

SHA256
95ce1b104dd3038621276e886eec0f202783e7db05f764a924dc12e5ac2596b3

SHA512
11b1ed571c04f26bb968b96a73f1814c05061180df8eeeac4df2ebb7256bf58c4cfe4506597490dc6b65158408bf2c23e1fbc0f55fec6d641cbe4730e1ce2072

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
c6c12c6e2aa0502fabbd455d783aa8c8

SHA1
04c651467bf505572efd84ba7e40790d7ee846b0

SHA256
b69b69cef262b44d6be013c5956067a624b80adf5473bdc9751959bbc66f2c22

SHA512
d9b5d7f58b44c906628e7845f5175878fa4b10cc57103624d0a8a02700c034b7c76f4afa80a13f363243460ab35bfe6c7e4194f4e8163798bac423089a28513b

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
faef2b81dd101764f2225927d92a68e3

SHA1
4a64f51bbab6003d6f406681567e4187b5b6433e

SHA256
1c83d1ae7d5ef2b4becb5b525e5a894658415657d058fcb0940b476258c503ab

SHA512
28010a5cf803d2af827a42911286ed9ddccddaa9f7a413d399065e08199f833e850644d51a3a322b017af1a7b76d4ba4f86264c5c17a8b8acebfae64b7084c90

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
8d47b1c5cf4af4dadd85e333bc3b6a39

SHA1
6854c32b7537423a32de33e59fc2364a5faf9918

SHA256
273bc18d2670948d909829e8ecabd39befd01ff35e5879beb64dea98dc7d91d8

SHA512
b717bc5252bfa50b2566cce522d857d00a9d4e03796c6f5ea4c3b77fe506f016d9f6a97ad0c140499b13403f6b278ae5500d38f2cc69f88e47b01d6f4a051d47

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
512B

MD5
1cce8fcccb848114bdaccf402a2e3479

SHA1
5acab05e624580daacf537de07bfdcbf18765e49

SHA256
64d6b6b43f2864d6a59d4dab71f5abac629026fae644297167543f33b33d8a37

SHA512
023f40836d06d3b6cca54cb6f44ffeb7bd4807d55158bff0ec72b0975f90a552dd9dbdf1a585ea35ec7b9ffe9aa3f73c2d37d4d0d699be2bdcb0ed8576f2f801

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
654f06ee751395904352b42ac94b219b

SHA1
d99202ae639f415e9bea02f4aa2de89895bc2bbc

SHA256
2ea29973f85ca5c45849b465f439f63472986661660a82d8ceb5f6e2398947fb

SHA512
faa06e2ec3803c40ce6b365e90b7f5dc5f1f41c83f00f04fbfba7cd521f5cffa41fcb09c412428be4beb8f16662399daf5fee8a282727bdd95d98c5f6263a03c

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db
Filesize
36KB

MD5
9485679e0c5e2c23de85653da1dc3144

SHA1
64b1927e86c2bf3ccc87738a56f7f5d2e775fac0

SHA256
1fb2ff12fdcc900220a69b4902cfdf6a9b187c162d9d151cb73b848b3ed14529

SHA512
4f809fcff2057c3079a9d587f5244097da6ad53201595f0c04fb7d482c7e8a3838093a367a689d7fdca43d20931d3f22cf421ab970237460e549bb2674d22bfc

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-journal
Filesize
512B

MD5
2df055e25c5ab319cff2990cbfb02d61

SHA1
fedd9b2a9d9b207fc3db3976b363a677ce791f5c

SHA256
68bc3ee2b8e6946a36372fc88cceb2a96ba44162b20e9871eb522e4a528d33f1

SHA512
5ead30b2fd2e3d6b256c4dcf03905b336e5ccc1d2cd1793cc071354eae380a6b0e0be5f64d1ebb72df1abc591c9fc5e24ffb0261d16f068dfea68ceafaffdda1

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-wal
Filesize
48KB

MD5
7b03c6e4bcabda3c8768acd6e34ddcdc

SHA1
b6500020edfe08f0a2ae4308ae5ebf9a10aca8fe

SHA256
af7afbeb7b81dbe3e2773a64c9cacd6de4b6420ca68b74481ce3f17a1e748194

SHA512
7c33b30ca54f832608159beabc3be46204e4106ca71cdb0c3a13276e0bd88ef3f25a02c561639da354c30bac7605be761a88bfd7d68cce4b8b75174af089f7d4

Download Submit
/data/data/com.yunchen.whzhyw/files/a250186b6b6b83e902072df948636956
Filesize
44KB

MD5
a20768bb116108975f05e41b80ed4a7b

SHA1
970a72fb42942042aacc78a49129f0f0892ebd2d

SHA256
b77b3f9a32453ba8af6b3bf93acf549ec79aa3da29c9837c9292eec230515656

SHA512
9d83dfcc341c1125731caa8420942af5f6a4c6bfc5c2112668e5399579b8d4049235afbc291372db71289149cf8cf3726bd70bd1cffa3592fd7062f656372c44

Download Submit
/data/data/com.yunchen.whzhyw/files/c285ba5ac7ccc20c70d7ebbaf3504811
Filesize
128B

MD5
7d75f5edf3eb70fc658a78a11a680513

SHA1
9cf908c0ce8900aeed9e3e33f10fa49d1d6ca5a0

SHA256
cf81cd972b11cfe3dd94fa049643a4557c4e879d5fb020b6b467b01fe26fd187

SHA512
23b419ebe5fd0cfa006f5474506ad7ab45feb5016d9bf410927d8ef1e9dd67b630a41071225b41b4f078fda58f254e716b239afa27a2aec7e7ec875a904c0afc

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit