Analysis
-
max time kernel
174s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 12:14
Static task
static1
Behavioral task
behavioral1
Sample
whzhyw_v1.0.9.apk
Resource
android-x86-arm-20240514-en
General
-
Target
whzhyw_v1.0.9.apk
-
Size
12.3MB
-
MD5
6788338c20efd43ebc63394c0bd92388
-
SHA1
eb6989af0ff53c2db30d688090d80b01c424b134
-
SHA256
0987114fce3e6e76586a5701c3bb8dab0315b46892d9b011f3ceb5e0ad06c78b
-
SHA512
03df0a66160b104c59839574bda504b945f57c8d5c91ebc149f43fae9c003175418e2bb63ab008ed31c462877c3a6465a5bc357de70ccb43e3f84e2ff5782079
-
SSDEEP
393216:yl+KHu7urZkq5GD6Ylr8lvWzvpgyqhNSjAwnQFe:yTJFkQVYlQlvlyvue
Malware Config
Signatures
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yunchen.whzhyw:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.yunchen.whzhywcom.yunchen.whzhyw:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunchen.whzhyw Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunchen.whzhyw:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.yunchen.whzhywcom.yunchen.whzhyw:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yunchen.whzhyw Framework API call javax.crypto.Cipher.doFinal com.yunchen.whzhyw:pushservice
Processes
-
com.yunchen.whzhyw1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271
-
com.yunchen.whzhyw:pushservice1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yunchen.whzhyw/databases/cg.dbFilesize
4KB
MD57132a2dd3dc8a06db2ff686f413d4c31
SHA18799cc58e34deda7eff9c5cf568a833fb7cf3580
SHA25697df96556430dd7f48235aed159aa93718d20af217eaa3426b21dee056ed3a0a
SHA512b5c78c27b04ff576b655385fc2b1796672bc1fb544793891f93270beff153fa89a387441fb2d5dd350c4870c366eac96318c317297e388d182eb3c115664e2cc
-
/data/data/com.yunchen.whzhyw/databases/cg.db-journalFilesize
512B
MD57a56233253511f557f6cdc84afcf4f3a
SHA1836acb9ae8d1d8010ecace8ef21407949506c6ae
SHA25668982cf974d502d8b397f384e8f71b343df84a0299f827d2683b6c086b8d7b5d
SHA512fdc9438d3f128dfa162a06599f4ba2cb95f53aaf490f079a2781cc57214d2239b308470458031b05b07f74fa7cb366c9de79704d17d65353be5729626bf5a638
-
/data/data/com.yunchen.whzhyw/databases/cg.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yunchen.whzhyw/databases/cg.db-walFilesize
32KB
MD5c573b2e48a998a1a680f58fb1a8d4dca
SHA1b80945e71c3efa3c5be93bbb6f73f51be8e12b25
SHA25692cb350f7dba6c8e261098197591f1e0f8390bdc52b4df940e32ef34f36ef7c7
SHA512ceef5440170f5ceff59282af995f6cf0d90074d33e773f57ef04537ccad08aee1944a891ecd5fffcdeef5b895207d95776f848da6441e3bebb2d336aab71289f
-
/data/data/com.yunchen.whzhyw/databases/dim.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yunchen.whzhyw/databases/dim.db-journalFilesize
512B
MD5af635cc1dd37294c32fb28e5ce52522a
SHA1e7e755d94010a38b444eff25fc1e4d659b8de2ea
SHA2568011a729a4605e296249b1c0561179e5af436289ea185b560fe3668d532320f0
SHA512c5b98904337ae187a30af489fc98251c8af025faa97a9ad0e1205336bf1bd052d53051bb7447cceaa54081c3dc69f2e68e9eb891ebb6451361bf5b03449a975a
-
/data/data/com.yunchen.whzhyw/databases/dim.db-walFilesize
88KB
MD5ae3dcef9a12d9c8459f14f260e35c878
SHA1411a78d1beae7abd59004602c93e285b7b1c68dc
SHA25610fcb5bdac001251739a32d5fe9df9059b7f806609ebe68525094e4992fe1a77
SHA5129104ba6ed3e9a56abc2a071625e8c28d03ba3eb75e9472ad49e08f6329e701269286fc8ac4bc68ba830121b203f88dc2030a27a5385558c5d967fc3cbd6d5377
-
/data/data/com.yunchen.whzhyw/databases/gtc3.dbFilesize
4KB
MD5c6b924e2f99aa14191b059c337cacdc4
SHA146f284290f60e425988c3a8eae767fa49f141f32
SHA256176ad3e19affafef55efd7744097de01a50f4e42295f639482cb5bbaa26895b4
SHA51258e12bbcad9752e3389a9fbb3cdf090824e4953e33fa359c9a2c07b9085671ffd2aaa38ed7896875dab8b24046460f7d6aad231a545cc198f3195c27b0d07194
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journalFilesize
64KB
MD5739fb0d871b561ad280937712d999a70
SHA1dd1d55beb52c413475dde216eacd23dcb5dbcdfa
SHA2560667e2a12015c1e730153565566656f1df3c7864218684ad59d296765ef1f3c4
SHA5123ea60b5bfc487c102ce0fbc53fe9390c5ab5f22a4addfc94eec026be89f06830cf7c507c092308085975f4cfbb8cc9cf2bb5191592fbf7a3424605e16d2a6aaa
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shmFilesize
96KB
MD5be5898bfc47e2f85fff0dcf042bedeb3
SHA1c54780e748bb9d8afc83fa3a8db03abe81723aa8
SHA256202ce581dc52081ec28861249ba88273fe6a33a628420a1da66d126200a4970b
SHA5128c32a7256659affd07eec80b499e69606799c4b61645b53794769c03ef6fc2dacbeab71ed14630264d17250eede2e5a006c37e73329d9b4de7f22fea01c04f0c
-
/data/data/com.yunchen.whzhyw/databases/gtc3.db-walFilesize
76KB
MD54fac59d5aab921c305ad4b24a8c93a34
SHA160ec972dca7054fef27058ea26a2ff01cfc98d24
SHA2563144cbc63ce53887cf1ecf0a14011afe4de2576576cb1572f334aa656aa69170
SHA512c51959826a549e05c220230afdfd6c2d34b1805cea00af6502afb043ce58fb55c4b8e83b64106e22c305f4b50803a36eea7d5d2fb1ac464e9353837d92103fc0
-
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-walFilesize
56KB
MD5671ce4656565acc7ae33b6a551e1badd
SHA1885312d7acf962aac5b8b6e2ae99e5ac7e52b5e2
SHA256c6dc3f82133b56ba16e69225c6a9d233e1d832241a9bf09928d9d62adf843c92
SHA51239989a20ac6016ee02ff29bcc14169b37d9d926f00374be1a6f823839fd1d25ca94da4d323870e3117923b9d2a8d8e859a011676f6b17a216c95942f71bb66c9
-
/data/data/com.yunchen.whzhyw/files/38b1da0790ee03ec7286e6ae17116470Filesize
128B
MD5295f06f2e6eb09509d9de9e6d8c943d6
SHA1b7eb66ee283b3413508af201eeb1cb25b07e03dd
SHA2565da828d090183e1057a9621a07bf72230593216d022096f63455467b3816b088
SHA5121cacc4a5340b7ab12e050456a93f4a295cc732bd219205c2a50d943b65cfb96869f9f8fc5b8912a6fa9e6a4d1b84b231bdd0f819bc67052db08c1949334d816b
-
/data/data/com.yunchen.whzhyw/files/a6855b9a974e39b9f2361452a5321871Filesize
128B
MD526e383758944ccfe5d78a6bf5ec0f83e
SHA13d78b7a80ecc8ffdfa6953dfab693e44d62fdc36
SHA256e3a005a64b5a4a277d74a7cda5733ccab92be64217e7373eaafe8f05fbb02e13
SHA512b03af6a1a620ee7e21ed5ff476f318f90c439d886fcedbb645abd0dd231f072fcbb8bca00f9593910c2760e6c002bca5a4af8819abd99566f3ed969896425960
-
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crcFilesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d