af566a23cce333ae23785c10dced0b3d373e5f475666d0318a908783fb009697

Analysis

max time kernel
179s
max time network
133s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

expert_100.apk
Size

12.9MB
MD5

d8d0e0c812b1b3442b973dda6b81a673
SHA1

ed59cbf28c4b378b9dbd8107d98f459336df5629
SHA256

af566a23cce333ae23785c10dced0b3d373e5f475666d0318a908783fb009697
SHA512

d14eacf647a4320650e0627c0963c0612d838387d58fb5d549915044a3208677109aae8233db46a3904aa2eed4a9aa301712b67617f701289a3793bcdc77a0f0
SSDEEP

393216:ZmuY/gIUHt9NNe4XCopdiElsORkhyG4kVJIEf:ZooIunmUu5FV5f

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 3 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.yisheng.ysexpertcom.yisheng.ysexpert:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yisheng.ysexpert
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yisheng.ysexpert:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yisheng.ysexpert:remote

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yisheng.ysexpert

description ioc process

File opened for read /proc/cpuinfo com.yisheng.ysexpert

description	ioc	process
File opened for read	/proc/cpuinfo	com.yisheng.ysexpert

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yisheng.ysexpertcom.yisheng.ysexpert:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.ysexpert
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.ysexpert:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yisheng.ysexpertcom.yisheng.ysexpert:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.ysexpert
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.ysexpert:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yisheng.ysexpert:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yisheng.ysexpert:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yisheng.ysexpert:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yisheng.ysexpertcom.yisheng.ysexpert:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.ysexpert
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.ysexpert:remote

com.yisheng.ysexpert
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

com.yisheng.ysexpert:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4381

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yisheng.ysexpert/files/libcuid.so
Filesize
109B

MD5
ad49d79252bb41e775ae7a2189f6e942

SHA1
44bc68f9320a4eb945b19be2a70178e179d6c0ba

SHA256
f693a6bf36795c282c0bfb03d42161d863b935d1d402c7706b5c0b1b91cbf93d

SHA512
cb7d295f57c2438546276c6f4566ad5d350744259699f34fde4898662cbcfd5ccf67aa77f00241f8711c9edd3cb599f3bbc3413c91b2cd1a71ab18dfcc8ba09c

Download Submit
/data/user/0/com.yisheng.ysexpert/files/lldt/firll.dat
Filesize
76B

MD5
af357642d197b2fc12e565adb2f5ad34

SHA1
22f22fed043b4262c481f27c19a92b8f5beb1933

SHA256
fc564af6aed9c7a280c3f8822ea029653d07bd846f17178e241f646875ecaed9

SHA512
a37031686db2f4f1ae9ecf74e59afb7052e84190e450a210d2965cb8c3c971828a14d61100a8f549ed388ff7ba174b73af80a631e83aaf67ce586eeeb181bf1b

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl.config
Filesize
235B

MD5
57e28398a7b0e1dabf0b15986cb4a09d

SHA1
96ed07be71121f7f4e83a554e439a50708662c40

SHA256
ff80a62abeba2125c03391409afdf488daf75d63a33dfc2c3aac52d91da71218

SHA512
6e9459e64d4fd092af1e2c1a26175bc44ded24090224621a48ef41b0c5158fe1dada3d542910436b8f92fa5555685fa004bf547bc3d93e533ac54cd14f6937e9

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_location.db
Filesize
28KB

MD5
4a5738275ba2210055579a5cb2b8f245

SHA1
8684e24b58caa38f49e0e3dc58722d542517020f

SHA256
16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef

SHA512
768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
7c01c11a065718ead8bffa58ba31b3c0

SHA1
fcde5a9576161ebd010e824364c0a738a48c1de5

SHA256
581fa43b05f9a49ad38ec7112311bac4619e389735fb1d7469f5671b6a221082

SHA512
f9d2d91c42567a300dc0c88b6b20ddfd8f19bcde6f2be34566f37a581e39f402e62e2abc1c11cca5cb48e72e31f6c6a3de1fd6cd22787dfb91ec707040266516

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
46958a550cc325d657eb97a67c45efb0

SHA1
0782fd61d43890f7927b14bb16de79c5670edcfb

SHA256
b1b8c0ef183a5bee1ba31a286ced82a9b0b1ed1c1cca9397261c0fc4b6912209

SHA512
63dd5f32e9fa6de5065f366ede9deeba7417929caaebc7f3c865c096cc901fdfbb5eb10c733ba68bd32d3171081e5ba4ed5b0ce175f9283eaeeb0f906f60c473

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
da4f2d9c94f99738e53c66007a7f98bb

SHA1
73ea2ea865386cc08560ef5833be5f03d2c92688

SHA256
822c817df43972213d9f1033205b1b7f9099cc0aaa4cab3066bc626f603c3a30

SHA512
1dc07674f91fa24f9cae57c6d56d70d76fee6430d8ceb30d0ef2a6ef8539bced079bd8544f2d4a3f542c2f80f9d19f8737218e8372f965da77e59df5691d33d6

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_location.db-journal
Filesize
595B

MD5
6bafee4ed0ef30ed0b94e1501b7ec1e4

SHA1
6f7232439e5cb862de0f81918dfba345fc53e560

SHA256
5a23769d3c477c5722189ab4acaff3157fb1abbce7f7412abb6baf9f7f40a9eb

SHA512
5ab81a9e4cdd3e7f385c40a9d0f77afb8f05f531a6043126627ecc050209978a959a8515fc1d1d633d2f3bf280f111b025d249574277e1c3cf5349115e1ee2e3

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db
Filesize
80KB

MD5
cf2cea7e9b08ffeccdad60248f536765

SHA1
61f97840aaf57a7d1c9ce994a5176ccfcdd7188c

SHA256
b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1

SHA512
c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
172f730a4124c4e6c3a889e32144f9c8

SHA1
cb2e5c8d2a675f002a9f70b85ba570f58648348a

SHA256
df6f1a9b992e98d60ea4ab234eb9819d85d4fe25637111353d510aff0b9fc7a0

SHA512
772976d304451b4177ca617253772b075fc793ec830eae48f76f25caba8cef54889f5bd8f4f8762e3c238fbb535b53c4babbb6182b0083f580b662051ca96050

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
6859bace61d729740dce8c5369c83c6c

SHA1
2cc2645e3a1802f03272c7529fc35eb3021c440a

SHA256
6689aa0a9b2561be0ca3d9355aec9937cc3ec6d63ace671bbca9e49563fbeb2a

SHA512
b3114e387fc926b1db68d73a0d5c95cefed8a473e35025e51fd2ddabf80b12c19dea32f1b16230fcab010c2fa4357c580f933a0954b8aa4b2fc14a4782cc42dd

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
c70cf655e416f52f8c9104c1b745da2c

SHA1
2b553d581e84c5af817cb09b05e01e192e261698

SHA256
325313bc8f4d229864570521b73531f31c6b15d2f7e810ad40ebe168d86f7783

SHA512
bf5ce063e5b93b135074bb6f7143a11724b73aafb938f8138849a5de61fb1eddbe2b03180eb1f0e1da133377014cd7dff9f3dcaee09784b2b309b97bc01918c0

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
c9bd07ce797054be1a36e7fcc995af07

SHA1
255fa5956a13508dff9ec31a195bd4984686c979

SHA256
08bc81a728323d816de4a262d5cf394b4f678403d5a7380bb93b01561d1f14eb

SHA512
e8fbfe0b6c77700644b705c0cf4484d6e5a8a0a7ff4bb1fba3bde70dd0ee784152d5278f86f01d182ecab30d70efb7792f3d3531c4c0323ba2f790a94f9e2c88

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
dece823975534f00845032d66dbd8cac

SHA1
1d7ffe617011c532fbf38efdf1cc0f8cf84266fb

SHA256
17ac64c714c48538a669c935e63bf5b662657ce093bfc977656dfc5f00d6876a

SHA512
77c2b8c9b107e6375cea8088ce2c182f170fc6db753e74b402fd8731904a3977568bebf12da43404dff91bb3c4783e1281b8c1ab48667773eb2047ac1d4606ca

Download Submit
/data/user/0/com.yisheng.ysexpert/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
2a4681fdb70f28cb235e1ca705e04d88

SHA1
711ce6ef9981358e814da8c1aeca865383df88ad

SHA256
1b69b7e9b1d3071fd9e5377f5df1c874574c9fc915177013e70fde22bf7bbb7f

SHA512
3786ef503f380217176231d643040d58174612443304f0e6d9d10cbb9255ee74ffa244a936b0ab7993142b2488b06b6d5e4f948c0d484c9a1762ed260b57ecfc

Download Submit
/data/user/0/com.yisheng.ysexpert/files/umeng_it.cache
Filesize
328B

MD5
baead2b50d7ad88eb4e0a79c9517e9e9

SHA1
47921f4729c975f233b878af2f49a1c2b47698e3

SHA256
7da8cf3de087d118cd34bdf22a8a51886662c6034d8717ba20e3cbea03cfb8ab

SHA512
7b50abc8c2b9ea5f28de2ea17df6d1781b7fe19e7a4848a6f3fb3ea7fd4ba3c1b143b06fbaf9f0900b1165fafe5deb28f0c66cf44c8909f23fbd806eb8825fe7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
8KB

MD5
9f6b1636a88d82eefb1e405df8b91878

SHA1
d688e89d3f495025845e7af9c9e3616fe69a6476

SHA256
b7fa5b54dd347c07a3ece4b5f0c79b2a5e8e6a229e58266f73aaf4502d2cb937

SHA512
ad794d94004fb4d2b389dfc6177e569fbf9cc96401c643071efef906e1b993785cb953925460f84f4bef36f793b0d093b9b88772f6eb1b21fc2eba3d17413125

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
8KB

MD5
254ea5b04969c4e92f584764899dc136

SHA1
bcf969262dbbf4cb2c573ca39f61faade3eecdd1

SHA256
1136620a6b68d6e8bf18c385dd85ec81216a0d1db5fd970c61b12ee6d659e854

SHA512
6eb3fb910c53335b66aa2221d7255e83db2269e0948b80e1148d455ea37093bf52387dc385325a80ca821cceeb4c0a952b57e3e93b1b73bf59c4ec48d1724884

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
28KB

MD5
f8df032b186b8daec21b955238836997

SHA1
6670b787d78d0391ca067ee9d89c1fc99ab248b8

SHA256
0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283

SHA512
97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
321580b1db5824587e5ffdd2223835b9

SHA1
88f6c9a2e9996a5774dbc83f0dee7a51f3191bc3

SHA256
800fdf6c04911d07b97255e1ec5278c51bf53082249e45bda8243e297f578c9a

SHA512
a4ff57fb594b538929c6828bec5a9f00d1f391028d2bdf542d2f756b8e38bf535ad262e948b09858c8bf51c6c5fd947e8b1c7d009acd789f064356ec5b8de20c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
4KB

MD5
5fc2053fc93e00d8ef496799fec548d7

SHA1
aa7cca43dcf4bf39fcd722d083639aa6c3a1dcdc

SHA256
4f0b44ed7140594bc8e1394f5e141dba2dbfb53e7669218ed34517c3004b50f9

SHA512
94144c4f8617967b27d70a909c49d467c4a53301a298fa2edd305735cfc526f9633ae1c1d413989556d9b3113de7f14dac107424877c9c1982e56617acff6cfa

Download Submit
/storage/emulated/0/Android/data/com.yisheng.ysexpert/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.yisheng.ysexpert/files/baidu/tempdata/conlts.dat
Filesize
157B

MD5
0eace6e264f50887b2885f8701ce6cdc

SHA1
069bb2f2d27adfe5f2318c7a2815ba0610e6fc4c

SHA256
f29419ab25ca6931b750e8cd009d2d203e95fe92eb223ae4aaa412f3d956e0a7

SHA512
6fe2010e5b57484e267e644adcfb2e7aa3ee4e30dfd540b5d86321405942c3fb4f2e818ef05611572872361cdab552d33904fd624746fdca57c7667214d84800

Download Submit
/storage/emulated/0/Android/data/com.yisheng.ysexpert/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.yisheng.ysexpert/files/baidu/tempdata/llg.dat
Filesize
474B

MD5
5b384c34e12ca0a3c7e69f6eb06c3618

SHA1
0a97629ee9518a35f66d56e99ac24bb7bf8909d6

SHA256
a2b58bd40131192e4831a59e899a7d5c8955f3a2f419f7e618ba3e22db94d77f

SHA512
e85acce4f929f80eb36a0e27dd8b256511caaeddb011a4bf621cca5fcb01ab522f3325b321e5d4bb099cf4507ab51c62e13a0e29f9bf2cfa3d28b7e77b4978ef

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
512B

MD5
38c8df1660e0ba50d3855ef306c90494

SHA1
9985eb8089dc279d91541983e555dd3debf970d4

SHA256
85f2cfca6a165c1ec4d27bb3660c94dfb752d875e44ec9a0b8a9b7b2ff1fb235

SHA512
3ae69e3e0b6079d8ed01a2c17c3bddbd5094d6d59e7c06a4923fb306fba511c57707d98f8d962e1ee07cf2798cf3f03884f8802cc9fe8007ac1c59a550425919

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
084e9cb15c92172cfece4f18d94681e8

SHA1
408fb3e525f12166e36a0edfedb00e80c60798ed

SHA256
f5e6fd7032ca4fe9b4ab773462befe2d9a93a309ce89baa52f5ac531a673436a

SHA512
4c95eda7d9eae2f9000295966cd534aeacc3155fd3d7711aaefa93de644bc8da400aad56814decfe66a15de2e4775d653b246b04fbcbb865c5b49e21e62a7fa5

Download Submit