cd1b1e366e379e6eaa6d37512128a4ad21e288cf2746a88dabc4767083848536

Analysis

max time kernel
43s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yssaas-release_107.apk
Size

10.1MB
MD5

1355a7e567f75c26b7d9b43eab352434
SHA1

054521d08ba2ddf335466261006c41a362dad6da
SHA256

cd1b1e366e379e6eaa6d37512128a4ad21e288cf2746a88dabc4767083848536
SHA512

6974d8d3cab9502a44ff16609a307bcc5b56b6cda8c447177c7ca547f5122b8b2d7dfb85f4db5d1e6cfc3e6a386c2b9f709bbf55a250a257388bf4dfe2ba1051
SSDEEP

196608:QjgFvcgZkNZ+5MABMNI62/wXCGtFdLNdIxElK0RkhU/uR4kVJQ9WHOS7xyt+nV:QjgFvxuLNNu4XCGTd+ElK0RkhU04kVJl

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yisheng.saas
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yisheng.saas:remote

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.saas
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.saas:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yisheng.saas
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yisheng.saas:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yisheng.saas
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yisheng.saas:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.saas
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.saas:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yisheng.saas:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yisheng.saas:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yisheng.saas:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.saas
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.saas:remote

com.yisheng.saas
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4508

com.yisheng.saas:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yisheng.saas/files/libcuid.so
Filesize
109B

MD5
e20791537a86b70ed541049c6480fa5c

SHA1
011ee3047e3d229b6a8ddb94035ed08dafb5cba6

SHA256
a40648bfbb5c422f9b139022c635d5d0d868aa5205754cfa0e27228387ac7fb8

SHA512
744adc172d90acb89cf74c02a0380eacc0e061dd8b61df5e42eee2410f79278385b775dd1f3c8f7245a92225cde1d62214e8910780be63320d60130d08212b07

Download Submit
/data/user/0/com.yisheng.saas/files/lldt/firll.dat
Filesize
76B

MD5
9bf180d0197698c84593b766c022e726

SHA1
cd50bc166c32c3b774159874a8605b17a3d732fd

SHA256
03c4052ed891e18fa0656772f35ca7d711ce3bb1a66b76814584418e6a8cbffd

SHA512
6c97247473e09ee4668e828901912652783054ecab2fd64169afae2d2bf46baa64cbaf611543e7f9aea989c309f09a83cacad5ee171b92fad7690e487d1cd743

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl.config
Filesize
235B

MD5
7e719429bd830ef4c0ef1b738b3d186d

SHA1
f8644059ded325e67059bc92826bd1837a44d8aa

SHA256
2b1bf37655c6efd659e5822ca5da15c321568a9fa15fd29590d33e0a1ce53b67

SHA512
13934ee92cc84419f3430706734eeed72f30eefec113db73e8e1c92f5cbd048a86650ec380199a65c7a06f2017b6706f66e6d8709c42ce47f59d5c01256cbf1c

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db
Filesize
28KB

MD5
0f1d016b72965660817257279fe6db8a

SHA1
c6df5e5df595298450460b93783f47d41de93da6

SHA256
28c646a98fca3b32bb3bff6b16e1804300bd374395fb345c4d3135f827143ebd

SHA512
c6200160aa333f7383ef48b3a8f0b94ec2e7fbb08ae8fa6df872a6e29b95457efae0ff9a0624e336369c69ecb91d0266ecdef94fb8d037ce94f99ba362a13773

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
8681dfab1b3e6715569f8b7d31417c28

SHA1
987fbd2e1762ab894595e60f11b628b2be952ca4

SHA256
04a30bec44e43e0930e8429f38981365c23823dfff805980c73abdc2ac59efd1

SHA512
52159fd129f75219e5de85e0b3379d075362c33fd21d05071fb20e810064e12d2b3ca5a1aea86ebf0ed45a5a6510a64a6e9adf5fb860d6c781f7b9697c4055e1

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
46b1c044b69dd133e4c5400a0df3e77b

SHA1
224e6d930a2416e842c6833787af983eb8764a4f

SHA256
6f8f9071259866b75502c9e64ab8c14e54548bd43c82e6d5203d7482ea83348d

SHA512
beef4729a50f58ab3c1045ce7613a69fb8a5464eacb9e363cbc22593173ab7831000f6188d076cc75de68207755745f83fdb0e3fd2c093709e3cccbc041dc6ce

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
549693f0b1b22cdb22cb644222aa613b

SHA1
54865a9de2db7f6976b409cf8a1970f36f1a8c60

SHA256
873be44dc4b5846f85712391bc2bd16564335ac2635dec1d2c64448239c6c729

SHA512
e0dc0544816a406b707541444e65993dab8c4dc13210590236ecb6adc2d64c4a0dd299a4ac806bdc759abb5b0b75429f67fe58c07b18ff2a566a3eb44ad27e60

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
512B

MD5
ab9a5018950ac1ded24f7b2a9be3a68b

SHA1
50f2be9819447e30ef681a616ee97921d4137b47

SHA256
78fc191a0f8733c6ea62f64b4fd8b54ecad85d80987ba5dfe4b01aaac34c6da3

SHA512
d7e162db015ba4cf9841ac223a20204936e8b5038f09bd145d5b64076a52f01bf4aa78bb41a5cec96e9693e0bbdf586aba413c519483ec346dc706d76ed04136

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db
Filesize
80KB

MD5
81a416795ad85900b4f6aaa10976fd8d

SHA1
01bfab1088f1b17a617cbde4aa68fbc71d513eff

SHA256
b6415756ec91cd098832b08baffbef01a9294312027318e92c765ffd13f0ab76

SHA512
0ada7b344840c4c3c98b063bd3d03570f14af7724301cb0abdff3a59ddea2bcb3a2e28f385a877857259c1acff34d063ff5947668588fa80d93b66897271a340

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
876189093cafea5a026243ff09f5394e

SHA1
a056607f48160a574efb2e6927a4c8224cdf399a

SHA256
851263d13ef8484113585c2a06265ae9c3019ddbbe37dc5f87fcd08ae54a525e

SHA512
f6422dbd153b52010069ee7f446a6dc3beb0bee5fa83fce431ef169131a4fd85ebb9fb5adc36cbea467e01e4a44eb71ae763cb387eb529eb4455f734baaa4af8

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
a78411748344cdf9fedcc71033cec732

SHA1
6693091fbd881eaa8fb35c61dca2153d80c20e20

SHA256
5b169d4941050d8639423db577ff77598e30f3aa70e97755dc17f35e21a9f65d

SHA512
72d6fae0a194393c5b6432ff384c881b343975c243811ac3d8a43a7bb4163e6056a0fcd7213e79e9c75a08f2300145b2591803d696755990bf6fee48db0adb43

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
d98f8557c6cdc58f6cd32e8f06882573

SHA1
6485a60dd92ac98574c1119da9f76f8f0f2d5d20

SHA256
52f2406033380aea12b26669da3d3b539f200daa52319d3ab985fb2b5666505c

SHA512
c970fbf95b7f9fb722a51de566f6476b3742474da44430cc060508e4ed9857787ff2ac1255837ad9b91b5538021cd5c9dc60ecb3198ec7c2296d34e8c5521d53

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
de3b31105a13556b29dac3b6b962f3a8

SHA1
498ce89fd210f621dafa325d2d2471fd453eae12

SHA256
5b15cd6efd0aea10148ac514392011cb289ac2ce0eb4266b0528aa9908d745ac

SHA512
2051ca64e4b362b9e15c9cad03f73915a39705408298d3fe19627823ab801e0e99b03a2d7c973db66df9ea807c2eecf55314b889e29002ce5458c04cb828dade

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
06e3eee80e0761c2bc05e405396fbac4

SHA1
607db3721f9b9b39e61b391aa6107f0488793a0a

SHA256
5aadeec74e5e4c08570f89836bfec486876a7b38c704f1cf88d9273a70d0e300

SHA512
6ec91eb1f1f911566a89ba11c729ffbd98132151248e8ec220690ac35fc92ab5495ef39193ae8d6e0c41b9eb29af895d4bf2ea6661f24aace933dc048d94bb0a

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
0727317d1e3a1ad3ee7caf98933ac151

SHA1
a34d0fadb901ab0abc988272cc0f6e0da8d4014d

SHA256
6879e2cfc89877bab41448160a51ab71a0419af3e7d084143188343997e17feb

SHA512
769ffb8adf0a4322430f2ed062a3c36be290141953eafa67a3171af32807b401f65022c49f4de94baf970fbc2d5d3cc772f0f9b54dc298fdd8dd029e8bb48a16

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/conlts.dat
Filesize
153B

MD5
02c95d6a9d06b70bf8db05b9c16d40ab

SHA1
b284c0a06e12cad123d83ffa28535feca1791d81

SHA256
ea142f212541088dda77d3d9579737e460f6e83a8e866a14dee1bdb6ee817458

SHA512
8485c5a77347a1c6422823e8726f5232f2a32ff1bce260d925e3b6abdbad9fd08d6e68b7b5d1d6cc95d6d455b53330247c3831ff4c028296e49a96607f83cd48

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/llg.dat
Filesize
478B

MD5
0d3eb88126acfe8e908a914b5663887b

SHA1
5f793c80f6f3f3ae46b904c6c5c7ae05cb2a19aa

SHA256
92035e7027435e1c179a8b161818751405f289095b00c865db5f9f1a46b9a017

SHA512
9f44fde6f09764c21217c289504efa806e0579516a38f17f4795697747e993293058f1ad78922e5343a918c3e76f9e4e3f0c7dfe2a46048db241b8f0e61eecea

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
512B

MD5
1aefd4007da0aec7814ec0f0b0785382

SHA1
8d79228edcc3bd3afca75b8d07fb2a33c5ffe776

SHA256
491ae35cc1bd905fb7c3e1ef735ad08a779b8f9a2f695dec6ab965e175876bcb

SHA512
11dc2c6c12c1706ec9013e64cb61c58a813837e45ab4f6e885a2839f62c32c774549d1d1923fbd858c14441dfc008894bdd03eb9622681f81c6bb86f95fda0ce

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
558adc2e8c0752053bf01d1b616d031b

SHA1
f3ba89824dae2e621f09e13f86d8fd7a34dfd753

SHA256
dd489cc0e5294f64f141edd19e595e085513d9e7a5d4c93702f3c1be1d34f3b5

SHA512
27bd0e863c45bf06b242b9a43aba0db71a66b2a1cf959a7b867c3d8ae9e3f667b7076579d32ae8651bec030e3c02acedd3d0a29158682c75f3bac724546feeec

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
e0e605f5b7dbb7f448096226286d2666

SHA1
ffea8377daac13ef1556a98bcfb5d785bbf86d9a

SHA256
d7d4d957b2469d2a4ff930c9b238a0b6caedceddde4f7b868b114d7c52fabd33

SHA512
cbd6bfd30d19730fb8432ccc65874092e3824c304a979682be89518c957b45a4f90ec0986d584e64c53cce140ce9b16b20554f079ec49857a15dc0ab28c81f80

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db
Filesize
28KB

MD5
e2c58b77c8409b969743565ec4a39d38

SHA1
cf67fd7fe48b4c0d371c7038953d96ae66cee0a4

SHA256
56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c

SHA512
768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
4d88b4dbbe6097ed7c0bdd4c97a949c8

SHA1
06769858ec77cf93d4e1161476b39448be0dfdea

SHA256
6fb41ac0a4422ab59bfb71e13111e6de6cc7f81b42e2f60895fe7db8ca16e2d3

SHA512
1bde274496990abecb6e23f132cc90c80d97c46c87a9313ab0daca5a5d1560eaa9f3edbad7ea9518d33451fa8f6d587aa6147d5e3e025b7d85947f7f53764b8a

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
e2a84fb2ac94e9d4c07fac06fdf31ed0

SHA1
7d2829265f398cbbe0b5ae65d840faa11c5e40d7

SHA256
fdeca975d788cad7ace7615131def11d14c259ec8ac1443cad8a054ce8d216be

SHA512
2817c2022ac4ab59d094dda5e4ef71594dad3b2b168f6f01212b1e54e50524542b93ac2607dfeb9d8d163e6f98359f34b423a364be6adffdbd5c0c3298e6e968

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
08a1368c03b8325cf82284607ca1af03

SHA1
b7df118392142f71f3d7d58052b827315691db57

SHA256
70699e54c329c256f9f91c7b4bee592ade1417e4bcc329db5c6e786e12f7b364

SHA512
ab55c7dac0d9f194e453d0a36ecbf4f74b57a105e85e9b1e90adde2e738cbd25fc138ddc5316c860bc88a6fe08b6d2c98830b97d514a2b19eacab28394e8788c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
4KB

MD5
0d96eeea950e1c67b7d89d467ff449ae

SHA1
c0fdb755931bcee486298b18026bdcfc7bbb25dd

SHA256
f0c9171e395e2253a372a5fa80cde760e9845fccdeb804b246e7b7a862b24a7e

SHA512
61cc61a5b9f70341cfef38214db0c758c556b6a159c3f679b7af08d5f9464368a678456ba03fbdd91b08e58b5b23a6e1cec6cfb58886ac929e1b1219dd5bcfb9

Download Submit