d834afe7795a20d46749a909a4134fa0ab874dfd3247964e504a03c42ae24bc8

Analysis

max time kernel
46s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yssaas-release_108.apk
Size

10.1MB
MD5

06bd00532f7212ff59ea3af1f14f24ff
SHA1

d0ca98c2e0b22f76e181abeb72a557ccf86fd635
SHA256

d834afe7795a20d46749a909a4134fa0ab874dfd3247964e504a03c42ae24bc8
SHA512

6c2eed96340578480fc5c22e49ab4fb0cc4ef44e49d73ed2c8d35e0a386ca61a65cf3200e559bef49dc4ceb4bf42c6145a873c66d5bc97caef08dc935c5c1a5a
SSDEEP

196608:XhnAUmydd3zROQADEABMNI62/wXC2JFdLJdMJElaYRkhsjKR44VJQ9WvmS79yt+n:XhnA2D3zRMwNNu4XC2HdOElaYRkhs84O

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yisheng.saas
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.yisheng.saas:remote

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.saas
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yisheng.saas:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.saas
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yisheng.saas:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yisheng.saas:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yisheng.saas:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yisheng.saas:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yisheng.saascom.yisheng.saas:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.saas
Framework API call	javax.crypto.Cipher.doFinal	com.yisheng.saas:remote

com.yisheng.saas
1⤵
- Requests cell location
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4308

com.yisheng.saas:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4370

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yisheng.saas/files/libcuid.so
Filesize
109B

MD5
477b6bef36b9f86f3485724c4cdee195

SHA1
80f1d16b172009c49dcdb6dc32426831bba2f79f

SHA256
1185d340e47e544def3045ff3e1146269d9576668507cea67b3e34c21953642b

SHA512
7441a7aee0a9fe1d2b7a3b55b191b06f0153d578ed7f18f7a574e45fc215e3ff33dcc71ad5eee5ea867040fa39ca3884e8d8ecf378de687c8f5efbfc4166cf57

Download Submit
/data/user/0/com.yisheng.saas/files/lldt/firll.dat
Filesize
76B

MD5
156b23026dc44d5f69329d80616dc6a5

SHA1
8d67efaf29b28b1dd33e96741f2d5b3639f213f2

SHA256
3ef51e4effde85bf3fde4a6142b4d7e72fd119ade41c944af2811c3d662ce2b4

SHA512
39c03ede3169f3925fbdb4b64c0922b2b7994c34acfce552c7de42eabf40dc5803292a76a052d4b2e7fcfe6385c314a00d59e6734e9c8fe57451a5b168d3c93e

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl.config
Filesize
235B

MD5
18c144c4a6df403bfa1eea025cb0fadd

SHA1
7cf1bf8eccf3f7d7c838e4ac0b7bfa66636d016b

SHA256
fd61eed51843aae00c715c0b86f0294a44fe021bbf6a048daf82c502fab90cbe

SHA512
87a8b3d35b46c44aea0dfa9e5295fed96cb0877497a83bc1ffad8b76ed710689e54da2660535cb6f089afaa110e572c002aa30ed25ee44ca7cc95fc7c235414c

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db
Filesize
28KB

MD5
4a5738275ba2210055579a5cb2b8f245

SHA1
8684e24b58caa38f49e0e3dc58722d542517020f

SHA256
16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef

SHA512
768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
c110df5d8a2d3594312eb260817a5ae1

SHA1
901ba139b2197ee70ae8b5c4a9fc73019bcd03a0

SHA256
6cd5550c69e66dd1249fed74d507e102c804fa269e6dac02175a870b6eff4ef9

SHA512
88f48dbeebf736d10dedfc1f3efb04297927281aeadf82d7727635fe1123d1f61423d13438d096832e7089129ec6d20cf4380946fe7e2f0db68d7b5c27bde167

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
9d51162c6c95e9c03cf12cbfd6ca23f1

SHA1
498967b1cb7727f6f7a44fa4b9f69358f8c33e25

SHA256
02f970cca5c50c91b726ceb076eeb717abc3944dc9ae963b7c51949383080d50

SHA512
3717c4de4182a876854e17e9a5604160594f4a1b3f4611e3665a3e4be84cae640158ac550aa3b6b1e4a1dfe03b0673cefd444da6e88778a14f9810a0798b2468

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
55aadb8581523cfc6f29dc336445f9fb

SHA1
b68334632583e4843d5be58c83ebb83ecb35507e

SHA256
3db475f0ea94ce31028f3c805bd2210fa0a1938a67ea116fbeee25415613bf90

SHA512
36ccf6bb30e7cb1ab570b2fe93c9e99bbf5e09531709f73e0c8cf5b86e0e0e35462ad6913889203ea54807fb6d9e95585ef7831f8aa6f00af9c34a291afdf45e

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_location.db-journal
Filesize
512B

MD5
eebb3ecbfbfdbc9d8e803ff85eab25e5

SHA1
3819d9d70ad36c9c362177a101b9b2453e9deffb

SHA256
a926dc0ca74ee13b0d58029fe142629cdd0167d47a4a24a422c175def3cb1232

SHA512
cb095f4e82aa9c19e57e84dd96e555455d7586ce30c64c6d8dd6fe4d2f6b4fc6d171a376d5ab094643071a72f5c161b15a7e12c19b44e6aedebff5e98407ab23

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db
Filesize
80KB

MD5
cf2cea7e9b08ffeccdad60248f536765

SHA1
61f97840aaf57a7d1c9ce994a5176ccfcdd7188c

SHA256
b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1

SHA512
c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
abbbd1ae0ca6c168659c4e92d0c1f6ce

SHA1
790c5bb9fd45299ebd8d89948dfb0866261b669f

SHA256
1924a614b8b6e4fced35ebf1295ea51c8adfbb1268cf79652d475671e195285b

SHA512
5c2407fcebcb6cc9ea45768bb703968ad487d849f4172cb5a60dc63ea0a2745e4e52e220d1684738f3d921d02e6efa4d6eb6d727a150df0063ecd162d6d82a0e

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
546aeb5373840189d036181570aca77c

SHA1
913d38345c54f86803646fcccc6c8272b89d9d2b

SHA256
a6572913c8af1486cbf1d6ffe1f3bf19103cb9204e54ee067f783114d0f5e624

SHA512
ef288fc1e0d7d895f89cb872d8de3220855d60ce6add722a56787593beab82fb90456f836832c41dc7e1204fa396bddbaffe3974a4b6d0f783b4687bf3ded4c3

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
f85931879c49dbb337eb94543cf3844f

SHA1
a6b38267f733a89fcd426bd56fc39cf6fccd3f6f

SHA256
e0d6ad3719bbc0c4ceffda1228ca8410c27d9e949e78f2a9c28ef63560b510d8

SHA512
33153cd32603175778550163bd15e05158a1ca5103b0592dc8e68de926af1207f46a93399acdc83028face00f67159102675abef5ee088cfe0f05688055acc44

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
4c6caafe0fbac77c18db420c51ea7dac

SHA1
7f14c68bf910c5b33d46dcbb6842e6b57161fb86

SHA256
6312960cb1b8e5a480626b6ece610db9d3306e2a19b2faad90ec08f442058942

SHA512
a9295687f1aab0cc1bc74723ad986646fc55d39a24c67d9e5a78fcb13b117d42e1ed7845c40092454c04fbd12682088d25630a70239914bc156d3d76ae3e4900

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
3b51da56ed351fd0b1bd50dfefcdb9c3

SHA1
be7cbb7edc28b2476dfdfbf425efa3b23d92a6ba

SHA256
e9de39dacda82ff44afe13a1caf80f11f536e43bcd8b7dcccd7ae7ad03ae2f89

SHA512
5aa54b5c637c560d21eab02e87d0c3f67fabbf0ee15f5f5d638b62cf8075accac26c9bce1c097dd0c2d93fade05015b5d4641a4cd417112715914094da5258bd

Download Submit
/data/user/0/com.yisheng.saas/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
cbf78030c40b146b8f5b1c4ca06e81c9

SHA1
9847e79552caf321189c556b39aeffd3f201876f

SHA256
1dc9cd9c94db05b0fd8593b70155ae35e9713f8aa1d520af5273737506d3b2bd

SHA512
fd4b39fc827c86161d2e10149257b61a1261d5600cb54ad88506a58c59d92809b38a434ebbcb1ebece4235fdbddff8c34443ac7cd3670cfd15b945a1795c7d2c

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/conlts.dat
Filesize
153B

MD5
02c95d6a9d06b70bf8db05b9c16d40ab

SHA1
b284c0a06e12cad123d83ffa28535feca1791d81

SHA256
ea142f212541088dda77d3d9579737e460f6e83a8e866a14dee1bdb6ee817458

SHA512
8485c5a77347a1c6422823e8726f5232f2a32ff1bce260d925e3b6abdbad9fd08d6e68b7b5d1d6cc95d6d455b53330247c3831ff4c028296e49a96607f83cd48

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/llg.dat
Filesize
486B

MD5
17f20156045ab52361b738f13d8a7ecd

SHA1
ca48c9fd107f77122169a9dd09b752b2ca1fb101

SHA256
d8a0c72067e340360c98dc1cb9c93a1f79656af27918e19065d537e260a75573

SHA512
b219056ca8e46d2cd078d1c68b2c665e819d301c875208b43127d5a8d7d304c3b43a8e9215fdbc63aa0009d885e42a47bf59082c30a4b53da5804deb78f98988

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.yisheng.saas/files/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
512B

MD5
ffdc287d07c7d4ebf5e403586d29a851

SHA1
b28a6e9b33b8d21037f6f0be61817b4692d873a3

SHA256
a76f2e263daaec27561c79dfc45a491992506c01da1df1b3acb1f6fa97f8635a

SHA512
7be1ee0b88fbdf32b28bedc0d3b5f9a9d598e738e6d28b46b90ea7aaf21e95c87d0f496453604c7eecec685fc6f2aaa62c2229dabb5293ece086f5e40dc2207b

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
48e21fc66b2aadea663ac9013f02e46d

SHA1
070de700363aaabd764e925b7af330fff5333d82

SHA256
9a8b1cd89cbf9b3846386b0329fe9defc112e5860f0cc7a8a5c4b22dbdcc7867

SHA512
231343ef018d4361cf071278a868cb7d82957cc3df6822c2a35f8a3f60585754617f070f36e1e0d7deb47697922ae0ae0e0e601552d02280cbdc926dcbb2ae2a

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
901dc7a83b80affe2b20b5be47459c44

SHA1
b9be32d359d58396c7d948eb2e6d06a969fefa99

SHA256
9f3a5ace0636445fda81b37d04e58680aebd88ba890270bc4a1307d760a0020c

SHA512
7184ea5921df431f3df318bcf7274a605e891b5e940f3c244381f0b3d1454df9b37db0f35dc45ec9179d2ba5133f0d271f0d085a3959e0ab9e8deee201d53160

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db
Filesize
28KB

MD5
f8df032b186b8daec21b955238836997

SHA1
6670b787d78d0391ca067ee9d89c1fc99ab248b8

SHA256
0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283

SHA512
97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
6f8c1de13dd19cd3541906a54cf8daeb

SHA1
09c4ae5799df251a7b664d99fab861c48a7459a7

SHA256
8a3023774efbecfc461c109acf7028250284085e77e82a714624d94169a54dac

SHA512
6468b543c1f91bd3d780ea63be012bd9cf8c089889b4ba08df6225b496ccd3b4536583644adb092f5cef88f3cdbd4e7368fae0c288524f421d5b3de79c22343e

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
5b890a33a39f5bf2ef058491787d94e0

SHA1
f799a01561686ed863d7fac786065390fa8c0fdc

SHA256
778e71b52b1bc4a88229b606a025918144ca69bf651ba3fc1bf6242159108a08

SHA512
cd26158923254b06a3eebe968d06f7d7f8b30934b6c01f9a1eca8014a197701ddbb95397dd0b73b642e779f5f4677d1732b7f086180e13fb29b98dcdaf925272

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
8b546bd36a3f1ea9c4be3f8338cdbbc4

SHA1
26e62698a7c9d0a5c9719fe3cb308fa355f0118e

SHA256
bc601d9d735cb8b0e92cf5f6d297a4ef06f00120767a2cb7674f0724dd978137

SHA512
974739273f4e0c762e195749b1a0971238056f099c7c0a2b87b453efd8806e96d94beb6daccbc9479217be0873cf0b7cd6e4275636988c068ff86a4c075e677a

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
4KB

MD5
942da9997b64dfc96ed57f1c70c7a3de

SHA1
12c676446a5db056870dcd053128feecc444bc47

SHA256
96219594372ff041af15e0aead13b3c6f8295ee20ff8fd277c468f6621c74396

SHA512
303a9b58df4e40db41f08e0473a5fd9a57b6dfceae9b349bb817537f9a6c23ee43eff74be7b1fcef41ba0d511af33628d9cbe520be01cf54d153d8338171bdef

Download Submit