95bdaa783abcf6dcb5a23fdbfd090457ad52b2ad7eedef57ba50ba8a2e53f716

Analysis

max time kernel
162s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yishengdaojia_v216.apk
Size

13.7MB
MD5

b9ff2bef94660cee2ba6ab6b1d90d511
SHA1

992a46f95e929e402d3e2d2828f3925e3557fb7c
SHA256

95bdaa783abcf6dcb5a23fdbfd090457ad52b2ad7eedef57ba50ba8a2e53f716
SHA512

10d3b63f84508deb4089e49feebbde2c122c3a5d82bfdf24607da2029a2c77213d066432b0437280a8e506226fcee8cfb5c20b0090257062d8de7363c8fd18d4
SSDEEP

393216:56uyx8P6QrZsSRHHUrhXOGYtRXu40/JOHW:ZyQDnihXOGE1u3c2

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yisheng.yonghu

description ioc process

File opened for read /proc/cpuinfo com.yisheng.yonghu
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yisheng.yonghu
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yisheng.yonghu
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yisheng.yonghu
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yisheng.yonghu

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yisheng.yonghu

description	ioc	process
File opened for read	/proc/cpuinfo	com.yisheng.yonghu

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.yonghu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yisheng.yonghu

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.yonghu

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.yonghu

com.yisheng.yonghu
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yisheng.yonghu/files/libcuid.so
Filesize
129B

MD5
5d48c29bd2fde152a65b6a29ef7bc741

SHA1
e06ab14f96b7c9fe3dddac5f3b406aaea28caf09

SHA256
c5a39a253f5cd3ac3813f308bfab74d67d5e6f7fb486592d6d2c3d1da96942bd

SHA512
8f8438cdd83913399ab9bd6c8fff46ac9d6f52aed4025e84b6fe3666a11dabc2ae5b3601300ac0e78daddb05e702cceb95d0e2f4ece73ca5aa1db72fb141ee4c

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
0228073dae619eadb54db8416e5a02c5

SHA1
42442e0c2f56af1729affef6676d8452b10e8037

SHA256
452582446985a0065be4b39b232a2419eb3bf91c4a4cd0f97c34fb0ab2f2677b

SHA512
a4e990746002af8eafe1cdc0f2776ccf0b2d9fd4bf669d51f561bd8f28c57afc682a1805252ae7d7abd99082516189de80f4d75b1eb1c411e31ac0326136e773

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
4daf92613abd18315ab41e44f9fa6a35

SHA1
849a6cb155a16d793aead648b89c97cd97e89a81

SHA256
ed933fd3aab826d635bd72497b758e2972fd5db2e700d277710f329164861634

SHA512
8aa499b7231bfbb6dced2b062d76d34fa60453b2bf22c002ab4e753e7f0fafab44ca67ac0f8da93651e64f7340beaf97fa49b1d8a9c48fd34f9f7a4137dd2d7c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
4349b8f7b7b67ef11271ffd035f49368

SHA1
324a3fe2dd4f8d5ec4a98678755f43e940d71c4f

SHA256
4d9fb37c2e96047f8e4772b175a1dc90ba563213ccbce37cd468146b05cd21f0

SHA512
7956b2fc3c30b686af789f0596539f967ada2c30fe5617a564a08398661f5d884986f18fb88f3326ceddcd05191bebce81cafacfd6b74f1776e7702e4bc69c5b

Download Submit
/storage/emulated/0/Android/data/com.yisheng.yonghu/cache/xBitmapCache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
89B

MD5
795cb8d2c653bdec3a052642bfef63d8

SHA1
9c4590217609356aea9598d449a6c9ce0b83b3fa

SHA256
42b5a069ac4eaff1c6b5acb880f3cc1e9d3324c8adff46f2b31367eda94365bc

SHA512
1da5d03ae8d0e9497d0c8c5264b2e3b1a840490f6dfa6843e2e3510fe8010e1ca2ec01a265098fda60d522a9bd6e251a1da153a688b626ab13b4ce68d50e253d

Download Submit
/storage/emulated/0/ysdj/imgCache/783278701.tmp
Filesize
79KB

MD5
5d720209e004cbd8487f181eb2c47be3

SHA1
6a07016ce1ce78f4d2d9dc2ebb6640a2d644458a

SHA256
bfece1dcdd4350fb874e8b6f6b75d98a271cbf64985618a21e3696d5d6aee4cc

SHA512
3113bab8120fbeb856c464c0a05c8f844d647466e51bdfeb02e3eb1ea855b02166428cfd8a68a8c76733f454075fd3b57e042d3b18cdd8cc912458e7a9cb41a4

Download Submit
/storage/emulated/0/ysdj/imgCache/783278701.tmp
Filesize
175KB

MD5
27452294bd41aae390ca01b03c3064f5

SHA1
2b04ab5496bd7497fcdbb1b3121e07a075e372b0

SHA256
af62ca48ceb2b0b24bd73b932309f1e72e7ff7ca31864939fa4b41ec771247a2

SHA512
0f775ae1b67116af83cfa7df862ab29cf2a1bf72616abdccd3d86395ef600dbd41d77cb26f2872fed814d90a183975060402e341bd59ac733c23fae399d1aea6

Download Submit
/storage/emulated/0/ysdj/imgCache/783278702.tmp
Filesize
120KB

MD5
9be99de78534d27379cb0ca3dad944c9

SHA1
d11aba8904cb83576251fb698493ccaaf95cd9ef

SHA256
881641fd8a38719f3ef98aec641b1abb270f045389970dc8f25283c01901fb40

SHA512
975d891a67c7a439e17bd86f1ec60bac3ad2c7a02c32aeb4cdc7e28282f09278622cf7291218ba64167ac4017c4a50bc23c0285c094fe9848fba3406ec286707

Download Submit
/storage/emulated/0/ysdj/imgCache/783278702.tmp
Filesize
272KB

MD5
5b33ecbffcece11cd08a1b451c1d012e

SHA1
3533e3551237d6cd5e2cc9887d070e39b960ffe3

SHA256
a44437509e91948b2baedfd4d6064b702ce559c7e80c257128fe42e36f5b48a0

SHA512
1a04b65ab94a1799fed78bf175a690784edef378dd00117cb507515413e464a9f2c18065a2e3485131df0ac619e1fb2c5ca927c16d8f0ea6e3eb92df06c612fb

Download Submit
/storage/emulated/0/ysdj/imgCache/783278703.tmp
Filesize
106KB

MD5
5c855cd675819b8842094eb93ea3b8dd

SHA1
cca62ad3b2c246a27ff6d3545db83c3b9dce9206

SHA256
a34d6220e09458940d9494061fb836c0d8d13b1a654f8a4d5e78d76199376ccd

SHA512
54a9a2748f74b4b8df92a62109f079d492899c8f85066959a80f79f2f9c26de37eea3ad1a6a00d5c9e0c72144bf032c696de67ec154c83e046eb10d16b0bf7ba

Download Submit
/storage/emulated/0/ysdj/imgCache/783278703.tmp
Filesize
226KB

MD5
77afcaf4db3950705b98e5e2e7e9df44

SHA1
3d6f65ff9ec8617a32e4e0e32ce2f1ef233117b2

SHA256
9ddfedb24e1cc09036b5c8fd3b2122161b1f88516de3cc5768579832510db4de

SHA512
3dee6ff2d2c85d1b5448dee9e9becca35962e34a08d58282bf86700d3ff6de57abcdf18abcf79e289bef5debfabcd4fb82270fcfc5526866d4d05c52f5c06ef7

Download Submit
/storage/emulated/0/ysdj/imgCache/783278704.tmp
Filesize
95KB

MD5
4218f12d67954df23de5ea99b4992cc5

SHA1
fd65b000d89e860c893a14ef1de16f96df8f9a14

SHA256
eb54c3741db330eb7fbc210af5e850ab04b79c32015c5a2fa46db936bfb08498

SHA512
a84bb1bfbbe24adee3ed59a99a1e427bcead01eb4d29b534a5052c8b26bac2f5bfab079f20190575f15f6de79c8c349f69ca0c3ed465af85e69a215b33b54c85

Download Submit
/storage/emulated/0/ysdj/imgCache/783278704.tmp
Filesize
213KB

MD5
abe12e80521df21bd30cf6c9f97d3632

SHA1
72e764e96bb35c2a86bf425cef826990b0e45ef8

SHA256
2552e46e8134b4007bc5f9c2a91db3b8a43ac732f0f8b0b027db4e62b49369d2

SHA512
c5c7e5dfdcf121b9c33911fc2d6fe424d29874611e6b4f4116117ee7b486c886403a38608a0734269b44dfb55a485917bc1d69d7f95ac10892a0a67e71d1c4ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads