Analysis
-
max time kernel
175s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 12:15
Static task
static1
Behavioral task
behavioral1
Sample
whzhyw_v1.0.8.apk
Resource
android-x86-arm-20240514-en
General
-
Target
whzhyw_v1.0.8.apk
-
Size
12.3MB
-
MD5
0c98f1af123261cf88134f91cb8318b5
-
SHA1
5a65a93916770f97c4023266ee52a36d415fb094
-
SHA256
967f590d415732ada59e27d6c6ef37598bc7daddd7c87c539212651faff25244
-
SHA512
09d37773dba1f8a29eeeee694c5fc2aeb3123c86c046a796a42dc7e162300a8bd67dcb9200e80f533f693ddfd75772763edf25d9a7ee8e9ee04661c5c682e45a
-
SSDEEP
393216:0xuUHNYT6W6Ylr8lvWzvpuyqyNSFTwnQFp:NUCgYlQlvxyG1p
Malware Config
Signatures
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yunchen.whzhyw:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.yunchen.whzhywcom.yunchen.whzhyw:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunchen.whzhyw Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunchen.whzhyw:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.yunchen.whzhywcom.yunchen.whzhyw:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yunchen.whzhyw Framework API call javax.crypto.Cipher.doFinal com.yunchen.whzhyw:pushservice
Processes
-
com.yunchen.whzhyw1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296
-
com.yunchen.whzhyw:pushservice1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4332
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yunchen.whzhyw/databases/cg.dbFilesize
4KB
MD556df4133fe14905fa069f9eec2e0ce55
SHA13fdc28b0cb16cb602e7c95849178cf56fc458ccb
SHA2564e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e
SHA5126f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134
-
/data/data/com.yunchen.whzhyw/databases/cg.db-journalFilesize
512B
MD50120d74d2381928cc76dd174ab455abc
SHA119af82bd2de2c1d18ae8e2c05ee37ccdb1d08ab1
SHA25648116114ac986e3a44cbff3a9e2bbbd54487447cc03b87e1920ee1981088bacc
SHA51215a76fec43cf247d1a21f062a37d3610c854844e2e01a04837419afc5e8368bce983e70adf7553371b23d7ffab0614cecd5fc574f213634cbbad24aeaf3b299c
-
/data/data/com.yunchen.whzhyw/databases/cg.db-walFilesize
32KB
MD5c30c064edbe0444ea833592d6678755e
SHA184e97710aa07a3c8ebbe4711092558d476ac2179
SHA256b46bfbf6a0902e508605ded7b47907070981514604451ea13d8e2537500cf90f
SHA5129bd3dc007fb703e6cbdde55f4429528f17de781e969d9fc3c03d795b6d6a9febffc570b56249a7edc78757f25adf14facf88a4cb60aedc2f5f2652fda418f32d
-
/data/data/com.yunchen.whzhyw/databases/dim.db-journalFilesize
512B
MD5c3c2d2c205948116512e412912c7775c
SHA1471ca0d8f8aa6a4c53f5478eff3fa6436dcce55f
SHA2560ad198060bc65f93a285ac3f6e2456dea0f7f56c5420e6e1099b96b6dfd2d356
SHA51200bf343f5cf5534bd58fb1255061b452e453f875930be4bb52c61914a6493171fb324fded6b27a3ea1838da65b30b0f143d3c6cd9d368074708e5560b785547e
-
/data/data/com.yunchen.whzhyw/databases/dim.db-walFilesize
88KB
MD59f2cb339617590900761004b2310cef0
SHA1de5c0f9a130e160ea5cac1b8cf742e9c8b4c9801
SHA256f3c2cc01cfbac9434b73099a7f0f9fd012dc76baaf635531a006291d973bf32c
SHA512159aefcd75b64bb958432edb323eed9800e3c11f8e0579f009cdfde948383dec24a533a49880b806daa77b2e0757efb0831cfe42e5739143c81e1dcfd79ebf68
-
/data/data/com.yunchen.whzhyw/databases/gtc3.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journalFilesize
512B
MD5277e28da098702114f97b41dc1f503e7
SHA18b1631617f152fef2c1efe46ca074a9ff4faa03d
SHA2564ebabbc02c8a44277de4528eb0466dfda0278cf4b205eb89ae86a59194328e3a
SHA5120bc8db2d9879646fd500d8a4a978fe60d97d99214d9c3b418043cd9e6d22077f246555a58dd94859ef0dafe27925915cbc1327dd648d7ccee6eb80f1e956f554
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-walFilesize
76KB
MD54c728dad9cc0bd2c4ec08c4f9d52f049
SHA1fa402f36f87471c03a0990cfa3aaf508564d53ce
SHA25681b92f8934219241f5de0d5dd543a3aa37f58d2d2971bbb9224c477f4d4fd268
SHA51282f248aed1e92eb44776153240523e8eb245de0b8c3c3cdb18bad7832d2ddbbfda657a9c13d0b1e9a5f4294562ac625bd82e71481743c4658d72d4c5019ad7ef
-
/data/data/com.yunchen.whzhyw/databases/pushsdk.dbFilesize
36KB
MD59485679e0c5e2c23de85653da1dc3144
SHA164b1927e86c2bf3ccc87738a56f7f5d2e775fac0
SHA2561fb2ff12fdcc900220a69b4902cfdf6a9b187c162d9d151cb73b848b3ed14529
SHA5124f809fcff2057c3079a9d587f5244097da6ad53201595f0c04fb7d482c7e8a3838093a367a689d7fdca43d20931d3f22cf421ab970237460e549bb2674d22bfc
-
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-journalFilesize
512B
MD51f6374c1835beee007ff0babc529cc57
SHA17c59f4a297a636ed607589757d54ee861a7c9a45
SHA256ec4a315459eada25e834afea2127d1d6f73c7022fc6654b7df682a05be8ae3b3
SHA512bf04e4bc1d39d661f56a62494bfb1990a16727f0de18aa51b557468764b150189b020fb59f969c8326cb8e7027f38724b1044ed4ec2a8c2ed64e00cdde4612ea
-
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-walFilesize
48KB
MD58b407a3440843ffb2482d4c6d511caf7
SHA11a442e655f9798843c68cca04d88e8309ac616b1
SHA2569235ed72e7cd76ab8592ef7632133d052b4a04f553aa48c8cbeb6fd89bbb856e
SHA512fbe0ba23576a30a13c50c1004eb7a2782c20ec75c7f999bf1137a9555b5c004809b381a02458208ca1faf0c459b4403bd48f80b2d0de5795e6fa23f5baef6330
-
/data/data/com.yunchen.whzhyw/files/6a00486d53a3b9845501be885e1912d0Filesize
44KB
MD50caa9169be2d78fd02abd1d76f78987e
SHA1583e8f34e482e43151cffaba3c3a4112a071b405
SHA256201d6ce7326255d5284c2ddf227bc932c61312b9d2059f566af2e5e838a48048
SHA51295b7bdb82d78ce8b128d0399dacb5cf3455023a1d557edfe4224c36513f105e630fb8a09f1405ea85a8f98eb8a00b5e25454959ff40f85d5819f087d393f2339
-
/data/data/com.yunchen.whzhyw/files/cc7e72ef557127bddeac6e7e2d847308Filesize
128B
MD58801f6b53587352c50dc3f515aa13450
SHA1978de9345e899b1229676c52a54395f28e59c333
SHA256b82f8c82197b37cf2dc60ba241fcdff56a8fb5d26e0795b4d6f851eef4b3172d
SHA512c2bf30895ea7bad2be50b96b5fe312513ab9452ca653df8d8e70e31ca95624c24074c7be8c66a940e723a374555560f0cb0df5887d1eb4530e6d11394dbd5a4b
-
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crcFilesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d