0987114fce3e6e76586a5701c3bb8dab0315b46892d9b011f3ceb5e0ad06c78b

Analysis

max time kernel
174s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whzhyw_v1.0.9.apk
Size

12.3MB
MD5

6788338c20efd43ebc63394c0bd92388
SHA1

eb6989af0ff53c2db30d688090d80b01c424b134
SHA256

0987114fce3e6e76586a5701c3bb8dab0315b46892d9b011f3ceb5e0ad06c78b
SHA512

03df0a66160b104c59839574bda504b945f57c8d5c91ebc149f43fae9c003175418e2bb63ab008ed31c462877c3a6465a5bc357de70ccb43e3f84e2ff5782079
SSDEEP

393216:yl+KHu7urZkq5GD6Ylr8lvWzvpgyqhNSjAwnQFe:yTJFkQVYlQlvlyvue

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yunchen.whzhyw:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yunchen.whzhyw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yunchen.whzhyw:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.yunchen.whzhywcom.yunchen.whzhyw:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw
Framework API call	javax.crypto.Cipher.doFinal	com.yunchen.whzhyw:pushservice

com.yunchen.whzhyw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271

com.yunchen.whzhyw:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yunchen.whzhyw/databases/cg.db
Filesize
4KB

MD5
7132a2dd3dc8a06db2ff686f413d4c31

SHA1
8799cc58e34deda7eff9c5cf568a833fb7cf3580

SHA256
97df96556430dd7f48235aed159aa93718d20af217eaa3426b21dee056ed3a0a

SHA512
b5c78c27b04ff576b655385fc2b1796672bc1fb544793891f93270beff153fa89a387441fb2d5dd350c4870c366eac96318c317297e388d182eb3c115664e2cc

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-journal
Filesize
512B

MD5
7a56233253511f557f6cdc84afcf4f3a

SHA1
836acb9ae8d1d8010ecace8ef21407949506c6ae

SHA256
68982cf974d502d8b397f384e8f71b343df84a0299f827d2683b6c086b8d7b5d

SHA512
fdc9438d3f128dfa162a06599f4ba2cb95f53aaf490f079a2781cc57214d2239b308470458031b05b07f74fa7cb366c9de79704d17d65353be5729626bf5a638

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yunchen.whzhyw/databases/cg.db-wal
Filesize
32KB

MD5
c573b2e48a998a1a680f58fb1a8d4dca

SHA1
b80945e71c3efa3c5be93bbb6f73f51be8e12b25

SHA256
92cb350f7dba6c8e261098197591f1e0f8390bdc52b4df940e32ef34f36ef7c7

SHA512
ceef5440170f5ceff59282af995f6cf0d90074d33e773f57ef04537ccad08aee1944a891ecd5fffcdeef5b895207d95776f848da6441e3bebb2d336aab71289f

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-journal
Filesize
512B

MD5
af635cc1dd37294c32fb28e5ce52522a

SHA1
e7e755d94010a38b444eff25fc1e4d659b8de2ea

SHA256
8011a729a4605e296249b1c0561179e5af436289ea185b560fe3668d532320f0

SHA512
c5b98904337ae187a30af489fc98251c8af025faa97a9ad0e1205336bf1bd052d53051bb7447cceaa54081c3dc69f2e68e9eb891ebb6451361bf5b03449a975a

Download Submit
/data/data/com.yunchen.whzhyw/databases/dim.db-wal
Filesize
88KB

MD5
ae3dcef9a12d9c8459f14f260e35c878

SHA1
411a78d1beae7abd59004602c93e285b7b1c68dc

SHA256
10fcb5bdac001251739a32d5fe9df9059b7f806609ebe68525094e4992fe1a77

SHA512
9104ba6ed3e9a56abc2a071625e8c28d03ba3eb75e9472ad49e08f6329e701269286fc8ac4bc68ba830121b203f88dc2030a27a5385558c5d967fc3cbd6d5377

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db
Filesize
4KB

MD5
c6b924e2f99aa14191b059c337cacdc4

SHA1
46f284290f60e425988c3a8eae767fa49f141f32

SHA256
176ad3e19affafef55efd7744097de01a50f4e42295f639482cb5bbaa26895b4

SHA512
58e12bbcad9752e3389a9fbb3cdf090824e4953e33fa359c9a2c07b9085671ffd2aaa38ed7896875dab8b24046460f7d6aad231a545cc198f3195c27b0d07194

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-journal
Filesize
64KB

MD5
739fb0d871b561ad280937712d999a70

SHA1
dd1d55beb52c413475dde216eacd23dcb5dbcdfa

SHA256
0667e2a12015c1e730153565566656f1df3c7864218684ad59d296765ef1f3c4

SHA512
3ea60b5bfc487c102ce0fbc53fe9390c5ab5f22a4addfc94eec026be89f06830cf7c507c092308085975f4cfbb8cc9cf2bb5191592fbf7a3424605e16d2a6aaa

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-shm
Filesize
96KB

MD5
be5898bfc47e2f85fff0dcf042bedeb3

SHA1
c54780e748bb9d8afc83fa3a8db03abe81723aa8

SHA256
202ce581dc52081ec28861249ba88273fe6a33a628420a1da66d126200a4970b

SHA512
8c32a7256659affd07eec80b499e69606799c4b61645b53794769c03ef6fc2dacbeab71ed14630264d17250eede2e5a006c37e73329d9b4de7f22fea01c04f0c

Download Submit
/data/data/com.yunchen.whzhyw/databases/gtc3.db-wal
Filesize
76KB

MD5
4fac59d5aab921c305ad4b24a8c93a34

SHA1
60ec972dca7054fef27058ea26a2ff01cfc98d24

SHA256
3144cbc63ce53887cf1ecf0a14011afe4de2576576cb1572f334aa656aa69170

SHA512
c51959826a549e05c220230afdfd6c2d34b1805cea00af6502afb043ce58fb55c4b8e83b64106e22c305f4b50803a36eea7d5d2fb1ac464e9353837d92103fc0

Download Submit
/data/data/com.yunchen.whzhyw/databases/pushsdk.db-wal
Filesize
56KB

MD5
671ce4656565acc7ae33b6a551e1badd

SHA1
885312d7acf962aac5b8b6e2ae99e5ac7e52b5e2

SHA256
c6dc3f82133b56ba16e69225c6a9d233e1d832241a9bf09928d9d62adf843c92

SHA512
39989a20ac6016ee02ff29bcc14169b37d9d926f00374be1a6f823839fd1d25ca94da4d323870e3117923b9d2a8d8e859a011676f6b17a216c95942f71bb66c9

Download Submit
/data/data/com.yunchen.whzhyw/files/38b1da0790ee03ec7286e6ae17116470
Filesize
128B

MD5
295f06f2e6eb09509d9de9e6d8c943d6

SHA1
b7eb66ee283b3413508af201eeb1cb25b07e03dd

SHA256
5da828d090183e1057a9621a07bf72230593216d022096f63455467b3816b088

SHA512
1cacc4a5340b7ab12e050456a93f4a295cc732bd219205c2a50d943b65cfb96869f9f8fc5b8912a6fa9e6a4d1b84b231bdd0f819bc67052db08c1949334d816b

Download Submit
/data/data/com.yunchen.whzhyw/files/a6855b9a974e39b9f2361452a5321871
Filesize
128B

MD5
26e383758944ccfe5d78a6bf5ec0f83e

SHA1
3d78b7a80ecc8ffdfa6953dfab693e44d62fdc36

SHA256
e3a005a64b5a4a277d74a7cda5733ccab92be64217e7373eaafe8f05fbb02e13

SHA512
b03af6a1a620ee7e21ed5ff476f318f90c439d886fcedbb645abd0dd231f072fcbb8bca00f9593910c2760e6c002bca5a4af8819abd99566f3ed969896425960

Download Submit
/data/data/com.yunchen.whzhyw/files/mmkv/mmkv.default.crc
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit