91bae2756939c7852a638212bb64c45124196c1e3ced2b6efe7f2a3470822365

Analysis

max time kernel
176s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.17.apk
Size

12.7MB
MD5

4de6d4c2bf46cabaa0e7b700ba0a1460
SHA1

f64fa3f5bf94bfc45ff1826797c17b67e560f4f0
SHA256

91bae2756939c7852a638212bb64c45124196c1e3ced2b6efe7f2a3470822365
SHA512

d4de588a29000556d8c7d1d6be7493fa4544b532a8a5da9271da430ecc5bb34e5915b14eaa3deeecd55d2405e8c2da8637341455cab7a745b92104274e8dad62
SSDEEP

393216:/rQzcMLMDWXwvl/tQdPXJ6Ylr8lvWzvpiZqpNS8NVXFo:UzcDDWeQdAYlQlv3ZHSo

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
4KB

MD5
56df4133fe14905fa069f9eec2e0ce55

SHA1
3fdc28b0cb16cb602e7c95849178cf56fc458ccb

SHA256
4e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e

SHA512
6f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
512B

MD5
78bd6dbf13014ad41607aa6973c7b994

SHA1
f743d669a6fa16a62dc0dd61e48d12ec620f1182

SHA256
a55e6fbfe45d282a78de46960744272be4fc13f544226ea30904c5206031953e

SHA512
fc784922cd745f40a9e62e31f97146454f19f9885e98f209a29b2b8358fbd506e5760124b8ea171154b346f0d51ddfdb6d9dac82f9f0f26b63e3ffa8a328139a

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
ae3a7c1752b3c21529b3029d9c2fd39a

SHA1
0ed999de7e1c50fa10207f6a08256b0d10768d19

SHA256
b552fdb618b822ac546f43f5b42b55f648b20b80d4cb9505f704d507e5975f2d

SHA512
f5069c888a84f3e26132e36b37c2182e238239325cd0d5ee0ceb662f6d839e61d9ad7f1a5d9de094bcb9f03429f035dec2ce9af2458d977df725ba2b241cca26

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
ff212f92967d046ee691a3124ecd5efd

SHA1
a60c5caabe060945e9232847ed550f3a65349aec

SHA256
ba6db30bbbd045661e765e98d4bb3286a6957cce3a5fbe93aa4e902e1bb0c839

SHA512
9420c6b2649329b92105f905ae1d80775f8d9bf634af4b3c38595c65ad04ba434fb1e5acecd76ece3d28a715e106447680389db3d1001fb01ac5f573b7074fc3

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
df394aa990ade28130ce3707e4feccde

SHA1
63ca7006dcae6bd4ae3c43c5a67ce35b2fba3a3e

SHA256
7993cce5f2b8e36927d6f8481862dda63178fe58790220d7896bcbb2115ca203

SHA512
d10db6c1437f9a0031fedebacde52630e65f18294c4bd7ce713343df9cd1b017148e7d27dd5027b8c07cac112361b2f7113298ac43b69981fd43d5f68c785310

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db
Filesize
4KB

MD5
f1e14edf18df88d4cabbb817137fdb86

SHA1
4a1a96fc53e3e1965d45f60cc761e70faee28acb

SHA256
2d5d378c2c11fd6954f3171b6b8e262a7ee4506bae61a01bc040c898b9bca7ed

SHA512
f2aada8ef90cfa6c2be6a2cf9fe56c52f57394cd181fc1a22ecf720c158c47efed5f9127af6955f0da49811029c7855cf164fd6db446f7f59943e4b5ef9d1b1e

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
32KB

MD5
da4222c08e4df336ad37664e919529b6

SHA1
314831f5551f689c83729f9adcb4702569328895

SHA256
a49a76be7dfb9a56ebd329dabb1bddcd2bd81f053d68cc745992e7e4f1d4290b

SHA512
f25fe835957f46508fca6a570057863e3e3cbdb36cdba7e26986e90b8eb166cb6e28688d26eb065f1d600f2601210ea727c2e87c7f9ae1afdf10dc8ae8407ab7

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
32KB

MD5
ca3ff475ef2a40193e03e507cd9a6137

SHA1
eaf60d1d59c6a4ade0758c69e6a5a34b11af0ec3

SHA256
5fb0f3ae977a74b3f7c47eeb4fe0dff89e352cd2b0842b07d3208c4606b2477e

SHA512
72d4761fdfb04e35d51735e0163359a99549a1a80f84240e46c5efdb01f7fb70614d762e1ded3fb42630e24f99781913c732e4c9349a3eda6a714840ded0c38d

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
6cbc79eaca4cc5a81ce7c8d44e6cbf89

SHA1
07d5439d848aa2eaf7f1244733df5beae3e770a5

SHA256
e39425a1bc67f1b465f87331304fa4c72b3172b649d62e0c7c868a883db97198

SHA512
d16c51537cdea838a63b7df95646971b692734bdc1ca37f73428f9cdeb7cd0de6986a89c11d7ac1f0f30737933ccddb3c6802bec50d7085a1babf67979575462

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db
Filesize
36KB

MD5
9485679e0c5e2c23de85653da1dc3144

SHA1
64b1927e86c2bf3ccc87738a56f7f5d2e775fac0

SHA256
1fb2ff12fdcc900220a69b4902cfdf6a9b187c162d9d151cb73b848b3ed14529

SHA512
4f809fcff2057c3079a9d587f5244097da6ad53201595f0c04fb7d482c7e8a3838093a367a689d7fdca43d20931d3f22cf421ab970237460e549bb2674d22bfc

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-journal
Filesize
512B

MD5
fcb17f2f3b515dff1966f4897f43bef2

SHA1
e80acd36528c8e2a5af3fced1f32a21f00997209

SHA256
0e86d17bd315de14be30974df9aaf6f0ddeb99ee325f96c79348a680161b4994

SHA512
38ba4daf64412d9bcc8f855c1b102019678f0317426be9cbe2dc7cf9231537434cb916d864b082b8d73b383bbf7c81379239d56bd7280994196caf49aa6b4996

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-wal
Filesize
48KB

MD5
d37f37a514b03971b2c4dead51071483

SHA1
19fe376a2a696324f5e2175accfd1c48591aae98

SHA256
9455fa52865b3a4ae86510d220f2342ae3f97ed3d4bab7380c745a559e91d791

SHA512
b7cd61475d0925afed27b1958407a4c5f51895029e09c4c99f15d5ac0ab3c3cdf3834530b6a05758a18a1fbe4d8462b3b103fd86cd4b9598ee2adc900fb8f4b1

Download Submit
/data/data/com.yunchen.whzhyw/files/20adcd705384f3f9f9ad66be9a451171
Filesize
128B

MD5
017068871d37b4706409dbc728912592

SHA1
eeb8e79befe689aa1f6a899c351464a31b04067f

SHA256
cd4610807d6cd7459308a5233175262f229a06a8d958d0d369c5d6497d478466

SHA512
1b0525fef4036de75f320bfc2430c889dd4954b765fbd12851178bdc474b750f08aa791d8930982da4e31218c0b01f383e613aa5e9d27184ebfaef1f131e2e83

Download Submit
/data/data/com.yunchen.whzhyw/files/b42ebab520aca7335bca454e299398d4
Filesize
128B

MD5
da6394302007930b097be48f205bc0d3

SHA1
8cd229ed817b7e22f449c12ec28467e81bc90c9b

SHA256
89eee8d0644b237f6d63c2a27c5b052f93b762fc8eb00f0ce4f190ee4004a705

SHA512
f3ebd56ca726dc827c9b2085781537cb3b028125236767ebd9a84fcf050dbc227d7e27e074587efc66ff0c63169d555c0611cec5f76c7acc5d7fe8cae4207d54

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit