5248aa86ebaf414c75378b70a8fac9cc457340f2fffc03341a9fab412f5d374a

Analysis

max time kernel
173s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.15.apk
Size

12.3MB
MD5

7a142ce7b941ad825383ce1b0e746dac
SHA1

0a03444adaaac947c33c55261a037c9504576644
SHA256

5248aa86ebaf414c75378b70a8fac9cc457340f2fffc03341a9fab412f5d374a
SHA512

3c9e806f4790165af43e573d75921d9b3699f9a13f89d191ffdfb700d8edf356f9715e1ddaa95dbe3029a750e77aa167d0b1363a1ce6833823d22cc445e922dd
SSDEEP

196608:uNFbGBleHlfokQqNGwp6YlrBc3lbKKWvrvpnuyXTnmbczASm+d2K6JRVEQXdL708:EkLsQkQsp6Ylr8lvWzvpuyq7NSqRVXFL

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4318

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
4KB

MD5
56df4133fe14905fa069f9eec2e0ce55

SHA1
3fdc28b0cb16cb602e7c95849178cf56fc458ccb

SHA256
4e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e

SHA512
6f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
92KB

MD5
172df76e619d924625fec7cda5fc2945

SHA1
a7754f03960c9e1602ec45d9d67930551ff1c1a6

SHA256
ee778ea2238c29ba6d998beb85e1eb50c2ea502aece08b668967b6d0e6bb9ab8

SHA512
28a0781e482db4cfc511b77572d3929cce9668d18480ca285eee8c0024ed48c953824b6fe448776167a6d1d50c4a0cb9de2d5fe0f9f644c9499ddd6eb0de729c

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
5de9b0b4fb16a6ab2344bc77523e6762

SHA1
2fe1f236c5a15aedfcdb79a7fbc25ccb585fdbf4

SHA256
295e41a73691cfc32249d249ed69f3b01fde9c602e9d4381175de199be6f8058

SHA512
40db4804e390f63b56ce27e47d7ec245737d6bf0bafeda9eb586a55b97e5785d150104ddd3236836bf4e0011d38388330fd745cf90b51f8232659256dac0d030

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
441f1d7185eb2300c58c09b4eb455436

SHA1
aff3cfcd0ea4f056eb0d75bc6d1a0050a1981682

SHA256
4da2c1d85702bc31de61d2abbbbea39295356f4a69880ed58bcf5f4b82fff90b

SHA512
ac94133ee9b990dbd17cd0ee5522b8abbb44dbc823bc94bc7a6d34200c5cae353b9d4194b900db542ed963844159d48973053e185f4cade64f625eb1352c9d89

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
32ad8ae3e485fd3f1c101ff6b1b9e2f2

SHA1
e744feee4a6c4687362e7a063f874e1a18c5f245

SHA256
353cab30939dd5bf42bf0c9db5ab738afd73bf6cf8009cc20a4f60b5fc35013a

SHA512
d8dd446357f7e7f38b129826d818af4989ae73782255c88348c565ab3cb8ef650031cc0a0a0454d89ec552cef225d562791dc28e9a0b6adf59a3b0421505f9ae

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db
Filesize
4KB

MD5
6be1d3cdab6f2589e030d2a0d748e6d1

SHA1
cadb29326f0ef56484532832aee41c07dc1d906e

SHA256
2495e5869c0dd11bd435853dd8df7e6fe94cc64d57537592dd6f08168ade1bb0

SHA512
69897d2387a1d670f06032ef96aaeb04e0ea08f981b79be2d7d95aca484a1e1559dc3d4e16c7bf0809f5a6b64ea92506ae4142cf6c4ee47156d2ec9a0c18aa62

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
72KB

MD5
00b55a0799f321a8ac7b31f512aa40bb

SHA1
b67b5a826a0a1f0524acf0590a7cff18c61fa123

SHA256
4c36e9fd77b4607414c35ff0ad66f51de5fb0f333a109cc21249a91c9a0c0272

SHA512
253faae5fb73b9e91f857a3dbe7e72ca53e6207ee62ea014331636c16fea49b38817cd2a473e9525ba06cd508b210b137adca6a61a7bdcfae4f970d0f43fc092

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
32KB

MD5
ca3ff475ef2a40193e03e507cd9a6137

SHA1
eaf60d1d59c6a4ade0758c69e6a5a34b11af0ec3

SHA256
5fb0f3ae977a74b3f7c47eeb4fe0dff89e352cd2b0842b07d3208c4606b2477e

SHA512
72d4761fdfb04e35d51735e0163359a99549a1a80f84240e46c5efdb01f7fb70614d762e1ded3fb42630e24f99781913c732e4c9349a3eda6a714840ded0c38d

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
0bee3699aaaa5941dc313e125b1b4c68

SHA1
bd698e74cc717d533dda222ff3238246771b24cc

SHA256
c573c563f00972855cad03d251c5a6cd3d1452ec84250ae433c31df7f7c47941

SHA512
bd348fa4cec97a7c29d3010af05577b46b9f4084ed563ce60bca34f4450c770e893e43e47e626509ee981c30dbb46a928eba4bb869291ad4eac399492f7067b2

Download Submit
/data/data/com.yunchen.whzhyw/files/195eae59931bec2d5949b3e103270ebb
Filesize
128B

MD5
b1d098967315bbd6d0f987a7cf3ea223

SHA1
70acc9946e80255a035cf67b4df62c5c8f5a9a14

SHA256
2bfb270e672194d1732cf9c8e88bab4cf834d534fb375d2b89c47d20e3c098aa

SHA512
f25b1d86892814612a764d02884eb6fa00f70eb5fa99241a5971e1396e8693feb23f284f8b7dfa23f397d5147dfa322b0646d79d0f6c9cb211ef699717a7b93b

Download Submit
/data/data/com.yunchen.whzhyw/files/296d9680442deb28b1f4ec71f0ee2429
Filesize
128B

MD5
186eb7058c8fa8e17390e59cc816464a

SHA1
d787a69370e53fb2a7b8e5bd657a2cac4582e319

SHA256
290d59673c7966bb2ee0f4ed960e449df71d8fd4b68e8adac5c25f993a4bd378

SHA512
383e18734668408022143fde3f20b021c7bb6930c2f192c5580e31c415709bc85b1ecdd0db9347951a9f8baaf8c7dad5dcc73a3050871ec19f897c8e174cc357

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit