967f590d415732ada59e27d6c6ef37598bc7daddd7c87c539212651faff25244

Analysis

max time kernel
175s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.8.apk
Size

12.3MB
MD5

0c98f1af123261cf88134f91cb8318b5
SHA1

5a65a93916770f97c4023266ee52a36d415fb094
SHA256

967f590d415732ada59e27d6c6ef37598bc7daddd7c87c539212651faff25244
SHA512

09d37773dba1f8a29eeeee694c5fc2aeb3123c86c046a796a42dc7e162300a8bd67dcb9200e80f533f693ddfd75772763edf25d9a7ee8e9ee04661c5c682e45a
SSDEEP

393216:0xuUHNYT6W6Ylr8lvWzvpuyqyNSFTwnQFp:NUCgYlQlvxyG1p

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4332

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
4KB

MD5
56df4133fe14905fa069f9eec2e0ce55

SHA1
3fdc28b0cb16cb602e7c95849178cf56fc458ccb

SHA256
4e751ae4de8e9307f464a9c6caeb30f49c94aa71ff943371902b19be4450914e

SHA512
6f5377e4b99f4f938af91ced9f86e268715f4bdc09e92b90145f135d6985b12307d86bbaf2454223450650f2235a4f68c657da65877121433d4b6aa9186b5134

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
512B

MD5
0120d74d2381928cc76dd174ab455abc

SHA1
19af82bd2de2c1d18ae8e2c05ee37ccdb1d08ab1

SHA256
48116114ac986e3a44cbff3a9e2bbbd54487447cc03b87e1920ee1981088bacc

SHA512
15a76fec43cf247d1a21f062a37d3610c854844e2e01a04837419afc5e8368bce983e70adf7553371b23d7ffab0614cecd5fc574f213634cbbad24aeaf3b299c

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
c30c064edbe0444ea833592d6678755e

SHA1
84e97710aa07a3c8ebbe4711092558d476ac2179

SHA256
b46bfbf6a0902e508605ded7b47907070981514604451ea13d8e2537500cf90f

SHA512
9bd3dc007fb703e6cbdde55f4429528f17de781e969d9fc3c03d795b6d6a9febffc570b56249a7edc78757f25adf14facf88a4cb60aedc2f5f2652fda418f32d

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
c3c2d2c205948116512e412912c7775c

SHA1
471ca0d8f8aa6a4c53f5478eff3fa6436dcce55f

SHA256
0ad198060bc65f93a285ac3f6e2456dea0f7f56c5420e6e1099b96b6dfd2d356

SHA512
00bf343f5cf5534bd58fb1255061b452e453f875930be4bb52c61914a6493171fb324fded6b27a3ea1838da65b30b0f143d3c6cd9d368074708e5560b785547e

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
9f2cb339617590900761004b2310cef0

SHA1
de5c0f9a130e160ea5cac1b8cf742e9c8b4c9801

SHA256
f3c2cc01cfbac9434b73099a7f0f9fd012dc76baaf635531a006291d973bf32c

SHA512
159aefcd75b64bb958432edb323eed9800e3c11f8e0579f009cdfde948383dec24a533a49880b806daa77b2e0757efb0831cfe42e5739143c81e1dcfd79ebf68

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
512B

MD5
277e28da098702114f97b41dc1f503e7

SHA1
8b1631617f152fef2c1efe46ca074a9ff4faa03d

SHA256
4ebabbc02c8a44277de4528eb0466dfda0278cf4b205eb89ae86a59194328e3a

SHA512
0bc8db2d9879646fd500d8a4a978fe60d97d99214d9c3b418043cd9e6d22077f246555a58dd94859ef0dafe27925915cbc1327dd648d7ccee6eb80f1e956f554

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
4c728dad9cc0bd2c4ec08c4f9d52f049

SHA1
fa402f36f87471c03a0990cfa3aaf508564d53ce

SHA256
81b92f8934219241f5de0d5dd543a3aa37f58d2d2971bbb9224c477f4d4fd268

SHA512
82f248aed1e92eb44776153240523e8eb245de0b8c3c3cdb18bad7832d2ddbbfda657a9c13d0b1e9a5f4294562ac625bd82e71481743c4658d72d4c5019ad7ef

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db
Filesize
36KB

MD5
9485679e0c5e2c23de85653da1dc3144

SHA1
64b1927e86c2bf3ccc87738a56f7f5d2e775fac0

SHA256
1fb2ff12fdcc900220a69b4902cfdf6a9b187c162d9d151cb73b848b3ed14529

SHA512
4f809fcff2057c3079a9d587f5244097da6ad53201595f0c04fb7d482c7e8a3838093a367a689d7fdca43d20931d3f22cf421ab970237460e549bb2674d22bfc

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-journal
Filesize
512B

MD5
1f6374c1835beee007ff0babc529cc57

SHA1
7c59f4a297a636ed607589757d54ee861a7c9a45

SHA256
ec4a315459eada25e834afea2127d1d6f73c7022fc6654b7df682a05be8ae3b3

SHA512
bf04e4bc1d39d661f56a62494bfb1990a16727f0de18aa51b557468764b150189b020fb59f969c8326cb8e7027f38724b1044ed4ec2a8c2ed64e00cdde4612ea

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-wal
Filesize
48KB

MD5
8b407a3440843ffb2482d4c6d511caf7

SHA1
1a442e655f9798843c68cca04d88e8309ac616b1

SHA256
9235ed72e7cd76ab8592ef7632133d052b4a04f553aa48c8cbeb6fd89bbb856e

SHA512
fbe0ba23576a30a13c50c1004eb7a2782c20ec75c7f999bf1137a9555b5c004809b381a02458208ca1faf0c459b4403bd48f80b2d0de5795e6fa23f5baef6330

Download Submit
/data/data/com.yunchen.whzhyw/files/6a00486d53a3b9845501be885e1912d0
Filesize
44KB

MD5
0caa9169be2d78fd02abd1d76f78987e

SHA1
583e8f34e482e43151cffaba3c3a4112a071b405

SHA256
201d6ce7326255d5284c2ddf227bc932c61312b9d2059f566af2e5e838a48048

SHA512
95b7bdb82d78ce8b128d0399dacb5cf3455023a1d557edfe4224c36513f105e630fb8a09f1405ea85a8f98eb8a00b5e25454959ff40f85d5819f087d393f2339

Download Submit
/data/data/com.yunchen.whzhyw/files/cc7e72ef557127bddeac6e7e2d847308
Filesize
128B

MD5
8801f6b53587352c50dc3f515aa13450

SHA1
978de9345e899b1229676c52a54395f28e59c333

SHA256
b82f8c82197b37cf2dc60ba241fcdff56a8fb5d26e0795b4d6f851eef4b3172d

SHA512
c2bf30895ea7bad2be50b96b5fe312513ab9452ca653df8d8e70e31ca95624c24074c7be8c66a940e723a374555560f0cb0df5887d1eb4530e6d11394dbd5a4b

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit