5248aa86ebaf414c75378b70a8fac9cc457340f2fffc03341a9fab412f5d374a | Triage

Analysis

max time kernel
173s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:41

Sharing

Report Analysis Logs

General

Target

whzhyw_v1.0.15.apk
Size

12.3MB
MD5

7a142ce7b941ad825383ce1b0e746dac
SHA1

0a03444adaaac947c33c55261a037c9504576644
SHA256

5248aa86ebaf414c75378b70a8fac9cc457340f2fffc03341a9fab412f5d374a
SHA512

3c9e806f4790165af43e573d75921d9b3699f9a13f89d191ffdfb700d8edf356f9715e1ddaa95dbe3029a750e77aa167d0b1363a1ce6833823d22cc445e922dd
SSDEEP

196608:uNFbGBleHlfokQqNGwp6YlrBc3lbKKWvrvpnuyXTnmbczASm+d2K6JRVEQXdL708:EkLsQkQsp6Ylr8lvWzvpuyq7NSqRVXFL

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4318

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db

Filesize
4KB

MD5
56df4133fe14905fa069f9eec2e0ce55

SHA1
3fdc28b0cb16cb602e7c95849178cf56fc458ccb

SHA256
4e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e

SHA512
6f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal

Filesize
92KB

MD5
172df76e619d924625fec7cda5fc2945

SHA1
a7754f03960c9e1602ec45d9d67930551ff1c1a6

SHA256
ee778ea2238c29ba6d998beb85e1eb50c2ea502aece08b668967b6d0e6bb9ab8

SHA512
28a0781e482db4cfc511b77572d3929cce9668d18480ca285eee8c0024ed48c953824b6fe448776167a6d1d50c4a0cb9de2d5fe0f9f644c9499ddd6eb0de729c

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal

Filesize
32KB

MD5
5de9b0b4fb16a6ab2344bc77523e6762

SHA1
2fe1f236c5a15aedfcdb79a7fbc25ccb585fdbf4

SHA256
295e41a73691cfc32249d249ed69f3b01fde9c602e9d4381175de199be6f8058

SHA512
40db4804e390f63b56ce27e47d7ec245737d6bf0bafeda9eb586a55b97e5785d150104ddd3236836bf4e0011d38388330fd745cf90b51f8232659256dac0d030

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal

Filesize
512B

MD5
441f1d7185eb2300c58c09b4eb455436

SHA1
aff3cfcd0ea4f056eb0d75bc6d1a0050a1981682

SHA256
4da2c1d85702bc31de61d2abbbbea39295356f4a69880ed58bcf5f4b82fff90b

SHA512
ac94133ee9b990dbd17cd0ee5522b8abbb44dbc823bc94bc7a6d34200c5cae353b9d4194b900db542ed963844159d48973053e185f4cade64f625eb1352c9d89

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal

Filesize
88KB

MD5
32ad8ae3e485fd3f1c101ff6b1b9e2f2

SHA1
e744feee4a6c4687362e7a063f874e1a18c5f245

SHA256
353cab30939dd5bf42bf0c9db5ab738afd73bf6cf8009cc20a4f60b5fc35013a

SHA512
d8dd446357f7e7f38b129826d818af4989ae73782255c88348c565ab3cb8ef650031cc0a0a0454d89ec552cef225d562791dc28e9a0b6adf59a3b0421505f9ae

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db

Filesize
4KB

MD5
6be1d3cdab6f2589e030d2a0d748e6d1

SHA1
cadb29326f0ef56484532832aee41c07dc1d906e

SHA256
2495e5869c0dd11bd435853dd8df7e6fe94cc64d57537592dd6f08168ade1bb0

SHA512
69897d2387a1d670f06032ef96aaeb04e0ea08f981b79be2d7d95aca484a1e1559dc3d4e16c7bf0809f5a6b64ea92506ae4142cf6c4ee47156d2ec9a0c18aa62

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal

Filesize
72KB

MD5
00b55a0799f321a8ac7b31f512aa40bb

SHA1
b67b5a826a0a1f0524acf0590a7cff18c61fa123

SHA256
4c36e9fd77b4607414c35ff0ad66f51de5fb0f333a109cc21249a91c9a0c0272

SHA512
253faae5fb73b9e91f857a3dbe7e72ca53e6207ee62ea014331636c16fea49b38817cd2a473e9525ba06cd508b210b137adca6a61a7bdcfae4f970d0f43fc092

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm

Filesize
32KB

MD5
ca3ff475ef2a40193e03e507cd9a6137

SHA1
eaf60d1d59c6a4ade0758c69e6a5a34b11af0ec3

SHA256
5fb0f3ae977a74b3f7c47eeb4fe0dff89e352cd2b0842b07d3208c4606b2477e

SHA512
72d4761fdfb04e35d51735e0163359a99549a1a80f84240e46c5efdb01f7fb70614d762e1ded3fb42630e24f99781913c732e4c9349a3eda6a714840ded0c38d

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal

Filesize
76KB

MD5
0bee3699aaaa5941dc313e125b1b4c68

SHA1
bd698e74cc717d533dda222ff3238246771b24cc

SHA256
c573c563f00972855cad03d251c5a6cd3d1452ec84250ae433c31df7f7c47941

SHA512
bd348fa4cec97a7c29d3010af05577b46b9f4084ed563ce60bca34f4450c770e893e43e47e626509ee981c30dbb46a928eba4bb869291ad4eac399492f7067b2

Download Submit
/data/data/com.yunchen.whzhyw/files/195eae59931bec2d5949b3e103270ebb

Filesize
128B

MD5
b1d098967315bbd6d0f987a7cf3ea223

SHA1
70acc9946e80255a035cf67b4df62c5c8f5a9a14

SHA256
2bfb270e672194d1732cf9c8e88bab4cf834d534fb375d2b89c47d20e3c098aa

SHA512
f25b1d86892814612a764d02884eb6fa00f70eb5fa99241a5971e1396e8693feb23f284f8b7dfa23f397d5147dfa322b0646d79d0f6c9cb211ef699717a7b93b

Download Submit
/data/data/com.yunchen.whzhyw/files/296d9680442deb28b1f4ec71f0ee2429

Filesize
128B

MD5
186eb7058c8fa8e17390e59cc816464a

SHA1
d787a69370e53fb2a7b8e5bd657a2cac4582e319

SHA256
290d59673c7966bb2ee0f4ed960e449df71d8fd4b68e8adac5c25f993a4bd378

SHA512
383e18734668408022143fde3f20b021c7bb6930c2f192c5580e31c415709bc85b1ecdd0db9347951a9f8baaf8c7dad5dcc73a3050871ec19f897c8e174cc357

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit