e663e504cc2170d1b9de697e908705e922a6e91e851ca09e61a30b7fba599066

Analysis

max time kernel
174s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.5.apk
Size

12.2MB
MD5

f74090ca909a7409bd533ebf25f740e8
SHA1

59c0bbe5f95cdd8d4f30603d905edadca133e082
SHA256

e663e504cc2170d1b9de697e908705e922a6e91e851ca09e61a30b7fba599066
SHA512

19fc2f748fcb59d33437c149ca1eb9f3524686826b8d71182d1ba87a40b4ac070342632b2861c3d1f757b5e2db93b4c6318ef22efecc7c9044e29aae757c6c43
SSDEEP

393216:z6crehXyy5Du6Ylr8lvWzvpmyqDNSYIkndwO:0ND5DHYlQlv9yVXO

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4306

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
96KB

MD5
f54d2ef575729353af8ef773974ee858

SHA1
6a9f106108287ad5d18faa30657a6048eb356b3c

SHA256
8fac41e590bf5a14cd1276bc70ac53d7cc2e339d8241715aa1e0bc697fd01531

SHA512
8155a3b8c0ebe731fb46beab7b5f6ab65ae32a0ee793a488b8b02807ade9b08835b899048a336cd5d49475528c90afb49531fb25626c472f37d85db0df416140

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
512B

MD5
12c191629f171c96e03c5255621bc5ea

SHA1
e5b88638bd588dc2a3902bdbad7a65d1893a9871

SHA256
c497e7a0deb1ae911cc801794ede1301258e5845d51b58f8a36f06e49f985ff4

SHA512
e282bb5926b744b5b64a19b7d96b41a2f73e90a260242c035ad2dc20d0a0b596f42c3dda3ad13e52062282fecc2f37e93d4d270b1c753963e050c871c3db05fe

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
b2673e9d3847dc1bc83e8baa1eeb3ace

SHA1
a077b9dc0f6b4e6947d80473efc204c42850426b

SHA256
8ab57e38683ce7639e1738fd88d5043a3a418272125f8e8148b8445b69a385d2

SHA512
67e6fa7b987d5d4f07ffdb783202626c06b8af3b2d54a794e47d8eff9850eafefc8901c8a811fa0b5cfcd510b7e2108ca29cb2ec3184d770a9dd046f9f72db02

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
1efa51158ecf7b5c08a22d9a7b6688e0

SHA1
60cb12415e4a3e8982a0ce4936f33b3cfdb6df9f

SHA256
418c2b3e93bd8dad5308b863ecd0b3c466a973937edbd1e3bca7c225c352c589

SHA512
7e88fad551b33fb9bbb2a428b7469e331c25a84f7f5041e3930d30416130f1df55d60f1c267649cfe4eb6708baf1e43973961e021a66e74e5d094e6618a36cc1

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
6163667c8ea924677f0ba29149326f0b

SHA1
517a62f6c73496eb2b4f99d8f53b13bc8b850505

SHA256
6bbd201495862a5215fb21e90a2b8f2952be027235225aefa3c7e2944496211e

SHA512
8cb86e7a0f6a7228c5d36ac6ae5e9449f8cd37fd93aef0fdf5fce7583e39422f2400d18d5974eb1e099383201a2f440c1ee1485cd4fd4b25ca3023b00606f320

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
72KB

MD5
1a9a8fb537b0da2a4da80936798bf1bf

SHA1
8a7d233e3c42997f48d876c84842c6b3b276ab87

SHA256
d8c4c02de0b0f537d1dfe5bdfe86fbd5efe39f4ff3d9a7ff469a6ef88ef76a72

SHA512
98d307e97324a517fa383bb13fead82da24ecfb00788c043db85749ec124ad742f2783580efa4c7096cba660dc92022393e60e92a0dc43ebbda0c99e1e403c7c

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
993ab949543b0d9929fd171cf8f7e2a8

SHA1
9f7739240181ad5e11ed4edd3a601ab6807b2df3

SHA256
198ed57ac0fa12e59dde9689a7b615097484b9e3a375d65fbd769a292e4af4d1

SHA512
573514123394f0a61563e7f93f37fc721d071b7cf464608d1e1839f7cdc86f48923ffa08102ea9bf879882b14499dfa3d57d273ca16e4b162b38250f86c47906

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-wal
Filesize
56KB

MD5
e4c4a5fcd4a5da469711f957b07fc0cd

SHA1
99101bc372bfa9e489c0b3f29496da3a2fd1d32c

SHA256
bd1bf3fa399b346978fa2d76e7e838290c813f46955c40555d40d7e4d2ab7961

SHA512
be32d1d6936c8dbc087f44b92cf900d08d06eaf676c8e91324fb71292301a6921276d90205ecb9677e6e11464fc775e1a9416af4df4226e3e0dc18c2cb49b0bf

Download Submit
/data/data/com.yunchen.whzhyw/files/3d5a788cedd624e1503bcc85e633ae43
Filesize
128B

MD5
b00c94381e37ad662b2fc5e2ccae8afd

SHA1
f609c2adf17396a4bf2902a237643a1247d09a46

SHA256
a68e22b8fdd8f25effffc3d661be9bc964a78d963a09b6b8a7f245f3946f80d4

SHA512
03dfbd6bacf78457b0baf960a5a1a9417ba3f000a8faedbbfda76a2745ca22d8ce26ca961198a1cc40f10f1f5886d191ece564210b588c90ebadf9a23a838891

Download Submit
/data/data/com.yunchen.whzhyw/files/ac2bf301135ab36f7269042516583971
Filesize
32KB

MD5
622068f3d2564aa0a82669dfd31e286b

SHA1
aee6726a5a895b13405955db3614c623dfc577f2

SHA256
a7aee853e5aa01dcfe7a06ac94bd7b414564a5e7ca33f0f84a89d80940af7cde

SHA512
9609181afb0f19aa225ee28dcc5623dcf74c1685885d95e0563de26613409d8bdafa1c3681d89e964e6786f6548286dd1b487a4f1fb2def35a92a3da805d796e

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit