95bdaa783abcf6dcb5a23fdbfd090457ad52b2ad7eedef57ba50ba8a2e53f716

Analysis

max time kernel
160s
max time network
149s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yishengdaojia_v216.apk
Size

13.7MB
MD5

b9ff2bef94660cee2ba6ab6b1d90d511
SHA1

992a46f95e929e402d3e2d2828f3925e3557fb7c
SHA256

95bdaa783abcf6dcb5a23fdbfd090457ad52b2ad7eedef57ba50ba8a2e53f716
SHA512

10d3b63f84508deb4089e49feebbde2c122c3a5d82bfdf24607da2029a2c77213d066432b0437280a8e506226fcee8cfb5c20b0090257062d8de7363c8fd18d4
SSDEEP

393216:56uyx8P6QrZsSRHHUrhXOGYtRXu40/JOHW:ZyQDnihXOGE1u3c2

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yisheng.yonghu

description ioc process

File opened for read /proc/cpuinfo com.yisheng.yonghu
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yisheng.yonghu
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yisheng.yonghu
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yisheng.yonghu

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yisheng.yonghu
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yisheng.yonghu

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yisheng.yonghu

description	ioc	process
File opened for read	/proc/cpuinfo	com.yisheng.yonghu

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.yonghu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yisheng.yonghu

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.yonghu

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.yonghu

com.yisheng.yonghu
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4649

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yisheng.yonghu/files/libcuid.so
Filesize
109B

MD5
e4aa9f527be6d228b93aacbea6f87f4b

SHA1
db6f21eb1491d3bf5af2f3b425e06f9c2f557766

SHA256
dbf236c975695372741e9e25e0b9525517c8148384377eb0cf2824473f4d0cbe

SHA512
bc7e73e65dcc19aa1a4fef342d32dda093fefeec3fe6214d64e5541d6d89c191aa73b5ff8489f928cce3a008559ad9a458a95296302badbdfde2e1df666d6eed

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
db56eb6cf8ac46dedca28c7f2d0e1215

SHA1
e6278d7d022b8cd2ce07896e39a03703659060e5

SHA256
b48561f85b7b1cabfae75dfc53e6da871b27af7f21941b7b59b61f4de56e1a92

SHA512
e489c5081fa44bdf90de8fdf7375e885c6d4e40a464469da809ef8c98f8bac165c0bcc99a06035b623b36a0b02bab4d2965dfae9b13bb7a52f86ca69d6734052

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
43227a0091994621a9011269bf5495a4

SHA1
65d4d2543680787d3da4337c4c1abbf9f964aaa3

SHA256
a35bff5770f42f57443629424de8ca255eb8fe2ed4de99b6a3a049351e73eece

SHA512
052ffc90e9702be1856b2d59d1b70b8be23949af9bf75791bc5a26a9feb6ad24427ba2a10b0e36b4bd5cd5520f73afa4486ba42246af7c3ee068028836ee701f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
408B

MD5
1f563689911f4dde27d74c897dcd1559

SHA1
66f6309eda3b22774355601f1c1a3be12c42026a

SHA256
1dcaa8591728a28c5fe2ae26d54706d51a0d40aa179781ce90fa08bd37092bc7

SHA512
46b353386745d74361f6349037f3f8e1b7727e6b31efaea9207fa9ee740eb81536477c904ef327a87b3b483dc011b977fdba7446e31abe9b1268f9ebf32d25a1

Download Submit
/storage/emulated/0/Android/data/com.yisheng.yonghu/cache/xBitmapCache/journal.tmp (deleted)
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/ysdj/imgCache/783278701.tmp
Filesize
79KB

MD5
5d720209e004cbd8487f181eb2c47be3

SHA1
6a07016ce1ce78f4d2d9dc2ebb6640a2d644458a

SHA256
bfece1dcdd4350fb874e8b6f6b75d98a271cbf64985618a21e3696d5d6aee4cc

SHA512
3113bab8120fbeb856c464c0a05c8f844d647466e51bdfeb02e3eb1ea855b02166428cfd8a68a8c76733f454075fd3b57e042d3b18cdd8cc912458e7a9cb41a4

Download Submit
/storage/emulated/0/ysdj/imgCache/783278701.tmp
Filesize
176KB

MD5
0688bb0a23244833f9e70064653ec669

SHA1
65f7a97c3dc657c7ee444f68c6c937230a110e13

SHA256
411ae189350f65277037a69f0ff99ac4bacebc6e7f93f844ad5eac3f846219e4

SHA512
9463fcb7915bdcff7a3d708cbfc45d417134f459d5aa77315dfffa506c7ce3b04f22480fc8b4f55a7770d225f5eb75fa7cdce909c47224b020b54f5410a1f2c2

Download Submit
/storage/emulated/0/ysdj/imgCache/783278702.tmp
Filesize
120KB

MD5
9be99de78534d27379cb0ca3dad944c9

SHA1
d11aba8904cb83576251fb698493ccaaf95cd9ef

SHA256
881641fd8a38719f3ef98aec641b1abb270f045389970dc8f25283c01901fb40

SHA512
975d891a67c7a439e17bd86f1ec60bac3ad2c7a02c32aeb4cdc7e28282f09278622cf7291218ba64167ac4017c4a50bc23c0285c094fe9848fba3406ec286707

Download Submit
/storage/emulated/0/ysdj/imgCache/783278702.tmp
Filesize
275KB

MD5
cbdf0cbfb7c202fc1a88fc4b856a7026

SHA1
c3a9ced7ed625158e081edb6c0da181efa9aa812

SHA256
d8f55f7ec53476e99025b6010a5cbedf328bbfb979d5752456683aac271261cd

SHA512
b3b7a9d846165829bf6add66dce65f5a8697232773f6137461d4742eaebfab8fe8b76d7f45c6ae646bac7cede509dcca415ee8e81c7c625bed70c38d00291236

Download Submit
/storage/emulated/0/ysdj/imgCache/783278703.tmp
Filesize
106KB

MD5
5c855cd675819b8842094eb93ea3b8dd

SHA1
cca62ad3b2c246a27ff6d3545db83c3b9dce9206

SHA256
a34d6220e09458940d9494061fb836c0d8d13b1a654f8a4d5e78d76199376ccd

SHA512
54a9a2748f74b4b8df92a62109f079d492899c8f85066959a80f79f2f9c26de37eea3ad1a6a00d5c9e0c72144bf032c696de67ec154c83e046eb10d16b0bf7ba

Download Submit
/storage/emulated/0/ysdj/imgCache/783278703.tmp
Filesize
227KB

MD5
1d47fe4d7317862df73674fbb944945f

SHA1
6c344958bbcc237cb9c5dfb4571fc70bd72a4287

SHA256
d46ba3ae720b799b5786e26b28dd6d76e80915f8c1d583f0a5ef3421e874ff3b

SHA512
ba236d4f9f0b961030519affedd18bfa469bd8f58b76b9d01921577d06b5915b169729bc74756bbbbd6e62c6c99b3010315b59b82d7b878efd9879a55ac7d8a0

Download Submit
/storage/emulated/0/ysdj/imgCache/783278704.tmp
Filesize
95KB

MD5
4218f12d67954df23de5ea99b4992cc5

SHA1
fd65b000d89e860c893a14ef1de16f96df8f9a14

SHA256
eb54c3741db330eb7fbc210af5e850ab04b79c32015c5a2fa46db936bfb08498

SHA512
a84bb1bfbbe24adee3ed59a99a1e427bcead01eb4d29b534a5052c8b26bac2f5bfab079f20190575f15f6de79c8c349f69ca0c3ed465af85e69a215b33b54c85

Download Submit
/storage/emulated/0/ysdj/imgCache/783278704.tmp
Filesize
214KB

MD5
6e77d9b355a4351bfec91f190e4214b4

SHA1
cad3f0d0bbe9e03b4c19340591ee30eb667e2348

SHA256
c5d4bc2a41e14ba614184f43cbadaefcefa2bb240fc30ce2924a78c1bc26367b

SHA512
68e50710c6899530dc772e57f2bfd850c883165d9037afad5144bc79358d00aac8e4b1bf424653f4065c9715a501134be08387fefca6ccfb7467b94729ff9270

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads