3152588a1046af34389c4c01e3f011dc00fcdc6bdcf0de9ba20c5b27fa4a60dc

Analysis

max time kernel
177s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zan5.1.2.apk
Size

11.4MB
MD5

de5e6582431c19c8e512a5164c3c13c2
SHA1

5904e555facfe88f43343856207864a1288337b5
SHA256

3152588a1046af34389c4c01e3f011dc00fcdc6bdcf0de9ba20c5b27fa4a60dc
SHA512

6425d0e446e9c78af4919472025c9fc13fca39911a35557c2d0f818722642a0df878d599456d8c717fc48e2c1d94249608c2899dbd783143c2732bcf5bb40b8b
SSDEEP

196608:cHU2J1fe7ad+E9jLfyuoPZTWJewYss04D3GVHvAiGJQOWC6Sj8lBM6hHAHI2ceSC:cHU2bmaZ9UWJBgfstuUC6SMe6VAHI2TJ

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

sh -c type suls -l /sbin/su

ioc process

/sbin/su sh -c type su
/sbin/su ls -l /sbin/su
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.zms.android

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.zms.android
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.zms.android

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zms.android
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.zms.android

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.zms.android

ioc	process
/sbin/su	sh -c type su
/sbin/su	ls -l /sbin/su

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zms.android

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zms.android

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zms.android

com.zms.android
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270
- sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4484
- ls -l /sbin/su
  2⤵
  - Checks if the Android device is rooted.
  PID:4505

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zms.android/app_UApm/efsid4270

Filesize
36B

MD5
111751c8518347d064bfac547d01c71c

SHA1
5878e62cc0c3f88d531905daac35eacc345d7394

SHA256
af05e38f6e6e63c364ee43b4c211b57fbd367913338e2a9bf3085e24e1ad536d

SHA512
592add38ee30b5c34dbcf30aaf39971270eb3adcc176835d8f13f1cb8b92d169b3dd0648b78687570b0ac5b9df3ed2993bb5562c2c5ea927e5012db98ef3c6e9

Download Submit
/data/data/com.zms.android/crashsdk/tags/DIORDNA0SMZ0MOC.ss

Filesize
1B

MD5
8fa14cdd754f91cc6554c9e71929cce7

SHA1
4a0a19218e082a343a1b17e5333409af9d98f0f5

SHA256
252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111

SHA512
711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b

Download Submit
/data/data/com.zms.android/crashsdk/tags/unique

Filesize
36B

MD5
0e107c3b0947485eaefedc22a323bb4f

SHA1
0ca29232089f34c7ea90d4a6c9de698b1fd41adc

SHA256
8bb9b00e6fb46fcfc749265d19a509fb814a6ef1b0ce691df967913f0a0a1d68

SHA512
7dc5329af38d52b4abcdb2d7562488549d8507c7cc4ebb50cbd6303c080b26124e7e117cd444682e3139b19592db1d63ba565ec99a1fbde91db234c1f3d8ac27

Download Submit
/data/data/com.zms.android/crashsdk/tags/ver

Filesize
24B

MD5
7702f80a3adb6488815260a46a5bdfbb

SHA1
c5c812ab215db60d819f784d3c54095c853aebdb

SHA256
5eeb8aca4feff0d5372a873341610cd93a02dfa897993d01bacc5f5050ffce47

SHA512
8de51501ee4bb8cf57b8639ff385093a75ba7d7ea833b17c65b89b58e6fa8197206b90e2c36c146b3b8c904ef0b2bbc7d47f25bd1cba43dd0219f470b3a890a7

Download Submit
/data/data/com.zms.android/databases/ZanplayerDB.db-journal

Filesize
512B

MD5
68c46073cfda225e35137f231d8290ec

SHA1
867bbb644772bfa4635b7b9f72eabfbed482458f

SHA256
de4ac443e80f4dde6b5c04925a2fdbe0e03e87eaf5e8c2c6dcbde5041f04b884

SHA512
59040a1174ca2adc2f938d47f80802cb0ad3677c557562994bcf6345b585f03651ecf114e7726bdde86cf942c256194bb366867835a7a39777472974ecc31588

Download Submit
/data/data/com.zms.android/databases/ZanplayerDB.db-wal

Filesize
152KB

MD5
2a9e52bafd8344f18b3c0bbcfcdcdcf8

SHA1
27accde7a686e765c65abd772c236d4474b6cc41

SHA256
45530ff2657d20bab889c7539e7185a007010a29d91d3e5329161ec32a3ee6cb

SHA512
5fd8e218b1bdc5cc8684a746b114c11cb67fcacbabfe027a79f9a1f418c7eb62a6bed9d6ede5eacdcb5374b4ec8d36c50c460af32488e64562d181c6377aed7c

Download Submit
/data/data/com.zms.android/databases/cc.db

Filesize
20KB

MD5
14bd9e0f903206c643f87fb90619f985

SHA1
84405d9b590ff02c571eee4aa7aaf06dbbfd2114

SHA256
8e770afe811beebbe530409e0fa001cf1b83dbdc7b03125e8d0194714cf1e573

SHA512
bf8e59fa4ea56e855dd3009fc8c2c6c3e67dcdebb0938cbeac4cf750f36e38274bf64f554f2e006bdcc7de28bad23dae0bdea50383257fc122c1e1c8e43c353a

Download Submit
/data/data/com.zms.android/databases/cc.db-journal

Filesize
512B

MD5
f6c70e1a2455114b26018567be3a8224

SHA1
3c56a1240485d39877bc3a357a203a3068fddd09

SHA256
99aab73c5eb592e247a718c7c969d3664080e5c60f99f8afe257c78ab2a8a210

SHA512
45c36f7769ec6335f2c14da26c86180af463ac0dc5352c9c7bc4371a9732be4558bb828ffc68a8c4157415dd39c8ea14bcef8f9bb314174058ac3ddb9c35967a

Download Submit
/data/data/com.zms.android/databases/cc.db-wal

Filesize
32KB

MD5
5e60d8e48dc83ea63968f4d5c8ed1a93

SHA1
868cd4e84d6391cf344d3d22f340ba9317fbea98

SHA256
9580c5baab1ec35e140f4122940234411cc35d16a7dd7e0dc59af493e86796ac

SHA512
0f402aa8b3268cc97a0a71dd24f0796d7a2ed567ebcab0d3098dac13c4d12ef2ce1104f502c7fd61707f80ffcd9a383784110d9244877dab06217d351f90eddb

Download Submit
/data/data/com.zms.android/databases/ua.db

Filesize
40KB

MD5
0a7ba2ff805730e40aca982c8ea80c53

SHA1
85137d4eefc732fcaf86db90f368608ce6a39710

SHA256
5b921b0e38035d89c62b02d6c50a7d1c802b61f51b86d8f17b6715a555010545

SHA512
b5dd81da81a3e3617742161a6fdbbae3073961e845ba66cc192e9b372ccdd8ad2f660f03d08372d16398c5f83b660ec72e95937da33a4c2645cd1a84b988bb77

Download Submit
/data/data/com.zms.android/databases/ua.db

Filesize
24KB

MD5
915d748615e3ab24ac470d75f00f25d4

SHA1
bd8f4bd0dd40ce9a9fcc7a1469740fea74fbcde6

SHA256
1bb58efddd270a9734c7296ded825ea4ca3cdc3e5f11465df941748db31e564a

SHA512
6b9db172a3d75aa1d15abdc4ee25244f77f1b8d2d393d6327b2835049d7dffbf7021b399f7bef8d3339c417632b3dcafa0679128b4bc4ffd736ff349d4ca14cc

Download Submit
/data/data/com.zms.android/databases/ua.db

Filesize
32KB

MD5
183688f49cd0c6770ccb6989e26633a6

SHA1
184ba0a6aed479afff819c15671baafcd5346651

SHA256
d3b61f0db0808d691850cf68932451e51efb92d1f2de47f72beca3475d5a93d8

SHA512
dcd8ebc586ccbd34271bc56aa4525b485fedb5257d486b4517377c1e3f3a9f9789026c6a23d42aa5bcc521c14fe21b9676bb33339a478bb9bebdf1901e1a1676

Download Submit
/data/data/com.zms.android/databases/ua.db

Filesize
36KB

MD5
128175f06641be83c5fa2e70f0116083

SHA1
356305d7959d9f3f13a54f368360fde37f647275

SHA256
d60e5180c6728d2e593526f37f0a001fffb88addd34c403f633d1999cef2333d

SHA512
8e470b41d9f4ce748b492eef1fc9f39d35f191caf36f9a592beb368818a663decd3545142961c5c60fe83a825f608dfc4ffb1e6c14d0dc242b90b5466bfff362

Download Submit
/data/data/com.zms.android/databases/ua.db

Filesize
16KB

MD5
f75022b88c45c90594543445e49bca97

SHA1
27b6ff929564ad59713346031310162cf0ee6b12

SHA256
8f9ba40df7079a01ccf7ad1030f269c0cc42504bf35c03e268f178170ad67e4e

SHA512
a25eb8d13a0e0a32970700f984dbd029a013894520cdd6c3bbb11e57fd5c72d9375ba3e23a10e3f7f12148b3b20671a13ac036b5ce771fa141d27221999274db

Download Submit
/data/data/com.zms.android/databases/ua.db-journal

Filesize
512B

MD5
e50a20b92cfe49e84464f64d7acad8b3

SHA1
ae5daf8cf4eeacbc24b987e96c25747ea315f327

SHA256
9cd41bfca558fed30627131403e7447f2890ed8335252cc41b428389c5030f6a

SHA512
66df4209e048a49621368e4c6d2909a6e667d1fed6eed59493c69f9806f944b3d0cd5980635b5c520168d07bfeb1d0a1000f90c22a99f51b28cd0069c7b5aea8

Download Submit
/data/data/com.zms.android/databases/ua.db-wal

Filesize
60KB

MD5
dc28e2d8c8fb98fa9a327e85e19bd6a9

SHA1
96032758139d6db32da28899625178461dc0b32b

SHA256
418626bcaefcb77c36f6a87f69dcf538e4df6d5979b5a2ffa97473329f067d10

SHA512
9c83eb112e9f9964f60ed179508d57e3261eef02988eaad8c07c232b5d82b34d5feb75e2081ff7b63d4511e43df26f4136ecbfe9e288daa4be156a35410786e3

Download Submit
/data/data/com.zms.android/databases/ua.db-wal

Filesize
12KB

MD5
9eb20383e5442cfb655db88bd23ebdd7

SHA1
008ac56e68ca250efcb1f7389163079fa48d344a

SHA256
3409831640e12409a02c7e94825e89f9d2c942b60cda347e06b744a6bf8bd3c5

SHA512
b1897618777470bee0e992a0958563ff0d0749fb19e9522403f2f6c4cc832aaa1e2beda606a71529f062c7db0d2c0a6699274df77fa4ba955cef76738a650285

Download Submit
/data/data/com.zms.android/databases/ua.db-wal

Filesize
12KB

MD5
74c69fba56737a63f557c3f1e07ad27a

SHA1
e547d46767f1714c003d8feacbeadc8b2d798c99

SHA256
e1360bac287a1906aa59d74888c92a45eceec44ee98987e49addcbee481e3d49

SHA512
d79467446456252a8bfa9aa3c6dea58be4f6aef132ec9de2ec5c1d1f63eef12d6d53f30892ee428bfb8663e4e130b788f3966ef0a9d60148ab53d6d80526476c

Download Submit
/data/data/com.zms.android/databases/ua.db-wal

Filesize
4KB

MD5
102fdfb4a096c37f1882b3ea87f67409

SHA1
0d85f9ecc92f2c04f7cb4a16c9fc1e0bf83ca833

SHA256
1aafd90e67093820fb472434ea4b63f7971752203f3c4c061ad40ca268748524

SHA512
d21f735d27200718ccfa203e19d2811fec5a15e1879b78552103fa934bdda9dc637b9ec3040060ed7a6476837d5e3f9df6f35fb7641e52eb34ad134d9996b359

Download Submit
/data/data/com.zms.android/databases/ua.db-wal

Filesize
4KB

MD5
43a419a6fb080177cae5e1457d5148a2

SHA1
7303cad60c761eb9374a42be2e2cd622344e6a0d

SHA256
8968980705a7b31a09517bbfbf8ae8cd54a0bbc1137142723bd89ef5b9066abe

SHA512
73c66a708c07fb234b01ebfeab2222234855e805ef6e27ffa07d23b641450a68ef120fba3de37b9d7992c5fcac7b596d48baafd0f337df8a1ab15f70af7ec9ed

Download Submit
/data/data/com.zms.android/files/.envelope/z==1.2.0&&5.1.2_1716468045026_emNmZw== .log

Filesize
285B

MD5
8f627bb128379d0df32af13a06b2f43c

SHA1
a77c69f79e2ebbc6a04631a9628389a7cfa44379

SHA256
61b9bb25fda8ab681c20e279b7f2a5969be06014dca69d9ea808b299f0929abe

SHA512
bb0a4aca7026e86a07dc4a5badd485df35757f0833f83cc054e7174401b7741d3bbdc4d0a158f3821b8e5d2d692c8c2ffd6042d5699ceceac5eede50e4dceb21

Download Submit
/data/data/com.zms.android/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
b5a7cc424d50d1531c70116bee84f132

SHA1
79959a2b0fc35615a2ebdf1736fdf2eefd6c5c40

SHA256
83bb91967a0fbd025e54c55900daa1964e1e994e756af45e7b63baa43b983e18

SHA512
e06f310e4d9407d3a12c3a07c1d0f71d7cf4eeed87896008a811daaca54df37f987772236346022ee7e7e06073e4b7e5dec120036d04ea68edf2951e86a8bbda

Download Submit
/data/data/com.zms.android/files/exid.dat

Filesize
55B

MD5
b62640f1056442a159d1917766277fae

SHA1
e72b7179c222f7f96dc7b670f49ffb9a7490bdf2

SHA256
3ab7a12ff0e031cd17f14708895ddd06e63a45363c03d93639da6bba20b70736

SHA512
78a88308bdac3bd79464b646051dd4aeef2cc23a496aaa27e8eace4a46ba680d3b2f366d306d2e5d131c4dffe73bb54990d7ebcabdb05b3e6a22e95b2865c494

Download Submit
/data/data/com.zms.android/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zms.android/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ddc6c5ec520c96353a08053133e192d5

SHA1
ff6f5d0e4bbb77084425f8111b3368293b6b25b6

SHA256
24393993fe551fe923eca56760590be8e344e6378b5f9f4934d790dc43ebf3f0

SHA512
d2dc6b85b35dc557a78a5998f1a645a4332ffc6a44332764acfaf87d6c5ac3ee1d77cf4c3b5dac2c766b8ad3bec68a216e1a6040799fc9307552601683e1356d

Download Submit
/data/data/com.zms.android/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zms.android/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
2c5b6c179771f2cec79178e6ba1715e2

SHA1
08a3aab4b6fa49e20792bf2f983d7da094cf10ce

SHA256
4303496f408c7e28e798d1388d0eb9f793cac8a9f6200ea08e0d340ef05e8eee

SHA512
cd07c1914774723ce8499ff23e1ed4062fdaef4fb4eb13041ee5d12f80bf5a0eb80a207daa0dc4a6215a83dce24ed9c4b74bf811e860af24f54b7df5365f8165

Download Submit
/data/data/com.zms.android/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
04fcf326e095da65584c286296631797

SHA1
d9f470910d136ba3b9811329941bb9378765faf5

SHA256
d4bb4ee2166b6e0cb55e64d6ba1fa0319e251aa12ff273d9b5b7a8331de7a719

SHA512
275c915e6ead8c81c592df636e0d8547bcbf0c7f5318055ed398a74bfe8edabaf22c36d21dba0815fa2332f9f75eaced0caaf6dd01830cc832fc2b76cb92c7f4

Download Submit