dbe63111d70e15fae9048f49f7a6fe3a35bb25bafea71874d857e65e17f3ab28

Analysis

max time kernel
3s
max time network
134s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

geihuiTBOrder.apk
Size

4.1MB
MD5

78cb8658c22673f6a57d070436a20ddd
SHA1

27052dc104d6dbc507a3079b59ceaac02be11dc0
SHA256

8bcc7be26c5c0e35e210168121c86cbc1fb4cbce7f604161c428a9cf4baebcfe
SHA512

709967f82f10fb52df5c5bd1ef63b9d4815c59e3a1183518b9ff65d6804530eae33fb91d50f4e9f1f3a9be4b2aad4972d8cf52fdaac7dd4b8991f0e0cab3391a
SSDEEP

98304:dxx9aeqSohaCLVXsxpx3dpqMYCGMXAgF3tb6I7dXJBaGFHbcPNd88Y6S:Tx9aeqSonZ4xNp0CXDZJ6IhbFGNdNY5

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.geihui.test

description ioc process

File opened for read /proc/meminfo com.geihui.test
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.geihui.test

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.geihui.test
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.geihui.test

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.geihui.test
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.geihui.test

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.geihui.test
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.geihui.test

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.geihui.test
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.geihui.test

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.geihui.test

description	ioc	process
File opened for read	/proc/meminfo	com.geihui.test

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.geihui.test

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.geihui.test

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.geihui.test

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.geihui.test

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.geihui.test

com.geihui.test
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.geihui.test/app_SGLib/app_1716443894/main/libsgmainso-5.4.94.so.tmp.4293
Filesize
638KB

MD5
e8203144f80c10f26ac159969d12bc0c

SHA1
a355ad3767b8f06bbdbd55f38f709d4b2bb867d1

SHA256
55a408c14eef4de4fc025f0945eb067f744cd9e86780ee9ca0ecc6ebcffb6a43

SHA512
4ee0b4400230817906a89f610a037598a926ef33fb903ff65f430ccfb7aa3c608a955e795723257a1c08a678a70957ee558a4d6d732e8093f625aa9ffcd0e010

Download Submit
/data/data/com.geihui.test/files/Q0VSVC5SU0EK.txt10c5
Filesize
893B

MD5
834ff06eb813e2050e462b30da839dba

SHA1
42d827c7e9c765f4c33ed1e6dccd532d1f35c8e5

SHA256
d66f225d37edbb247e9563cda5be29bd8feb146f9c43f0521b3dfa103acbd12d

SHA512
9f77204fbc88ec0e1e9808d676abc6f973815ac09bd4fbd106351b680ea1cece71fc21b3a21288dc3fd0b33d7312399fa70d953e334f6bc8179d062ede4d0896

Download Submit
/data/data/com.geihui.test/files/SGMANAGER_DATA2.tmp
Filesize
45B

MD5
97f339ad326cb62bbf8b433fba5e09d3

SHA1
15f0026855089f8d0d6c777048a81fa8855f2aac

SHA256
f56d4964135cfc0314fa540396eda6325336ecd074fe669df414e0ff920ad3d6

SHA512
d9819589b578530601946449d9cd77be4a4fe30123305e067edf96ab25a5333f2be6d3661344521e394a689dab0353df8ac06c347583d57991784dba6e0b0753

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
28b9af2972346e73f7cc71a621064768

SHA1
a2f08aa9cb6079d628acac01c66c3b9090f838d6

SHA256
4e93db99e81368bde3fe4569f2aa9c9a4ab448663efdfdc913f00e4cee45be49

SHA512
f8662daf123791c0563097028e52a5376e220cd09dbb3d1bd1eeb496f45ce535d8a6353f51a1ee6acc52fd857dbedc266434ee3e5f32ec997a192780fc2487fb

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
61b26ce18b91dd68181d39461429d280

SHA1
056123aaf56c2b126052d67dd1e4b4b3226d764a

SHA256
db2bb74fed0c9be8fb8fb315aa9db577934149b3dede4c22c243f0389b75aea9

SHA512
7d927b2f767d1799af04b16bcd284bb7783962217cbfceadf13c29c8a8a388640abfb372587c5dcdccfba33a7aa603dc353744959fb99d23ab0fb22f13ecf227

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
83a89e07c8213e33836824f6417d168d

SHA1
c4fc4ed18ca88477408e4262a5d254aa6a77ff3e

SHA256
385171e4f8e3d9a7a7da82109fa099b05436747d2fa3f348c4cc8856504f916c

SHA512
512346ab1dfd275a65a57899d89c6ba092389a925fa213d49d92a568a2924c5d4ce2826b0bbf34c8ee9941504201e58d692584808d6f33641d55e3b9a4be6d08

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
c80725388d8b8758754c78709146f7c5

SHA1
f9bef9942485d097985cd6a9d178f21a0e67e9cc

SHA256
e3eb44b3563858d8d4c4718828cc26fd47cdbe46f849ee486127c7e1597f4f54

SHA512
4051da287ad8e6b4c17fc5ba6f6d55d00c89239a39751beab879fcef9bfdb1b36af6c619029b8604cfcd7307d2ba9b035398c5eeb08b82a1aea28ae8407dab17

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads