6e961d215f55efbdfdfdcc7f83961f764c643de7c63b3a3327b4df00bb0a7cf2

Analysis

max time kernel
174s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
31-05-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.7MB
MD5

f166fff17a539f053550965c87c42054
SHA1

8be071793576b6e324db218f02a017439fe826a3
SHA256

efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
SHA512

26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
SSDEEP

98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	sh

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.muzhiwan.market/data/mzw.apk	4405	com.muzhiwan.market:mzwlogservice

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.muzhiwan.market:mult

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE

com.muzhiwan.market
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4319

com.muzhiwan.market:mult
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4352
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4485
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4536

com.muzhiwan.market:mzwlogservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4405
- sh
  2⤵
  - Checks if the Android device is rooted.
  PID:4514
- su
  2⤵
  PID:4557

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/data/mzw.apk

Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit
/data/data/com.muzhiwan.market/data/mzw.apk

Filesize
17KB

MD5
e65188742e10046597a4c648d045699b

SHA1
37b2f1e3e89d3b0d8683737ccae2ee725e82a312

SHA256
d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

SHA512
3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal

Filesize
512B

MD5
c5af75e8dc0665516181075624d4c994

SHA1
5aa3898f76144a4b9276471de4f46774eb804a2b

SHA256
bb7299ffdf184c620396158ca227a05956d4c76af305550cd18f575a1c6748f3

SHA512
f1527ace7a81a8984d7e7c0b9114cfd2250fd0ab6821cbac32c1960f4cc7b354036ec4cc1caf34d288172edf59833084f02fa98f0763bf19771e6813e2f4a29e

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-shm

Filesize
42KB

MD5
c04d422c5a4bf58a127bbf2bf014965c

SHA1
3b1f3f4ad21fe0febe567e5a56996a7e61658cf9

SHA256
7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978

SHA512
6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-wal

Filesize
28KB

MD5
5ff19cdcf0b916272c33fad4e54bb4eb

SHA1
6b98f7b7754f01d6f2e5a157ab68975183ba26db

SHA256
0cd7117a64047c289d056ccfb5ca1ec4c938d61f979a17adb4a0912b26df856e

SHA512
992cf4ccc9810e18fd6823455fce85896f0e2f569b161d4fee3b4d02b346ff846dfd8dbc6846d4717bd9a9c72d1853c0eb38ad46ae8b95c97fdc245423c79055

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal

Filesize
1KB

MD5
26d84699b7f2730b58ea20f5d2b1213a

SHA1
6ed6a93ab9b1e6d9b0958d046cb27cb2b03f627e

SHA256
01ff39de58d48be8e640fb22ec92bfcb9afe8639ec729d779d5711615c406c4d

SHA512
7fd067690313b6d0fb5b57910f0dbfac3c7e16a34407bc547f7d5d5b7cccdc37c8b6c04efe7d55f8aea7a8817ab98cc7adaec8484c4ac59957db4dd7263cb286

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-wal

Filesize
3KB

MD5
965fa8f38e0e3811abb57ea7a7856097

SHA1
822ceaaa900d31ed3ec2fabab771caadbdeceacd

SHA256
a63f5764f6021936ddb246caca98c4bb889250968f4ce7864ed58c94047546da

SHA512
ebc65e9d143f8cecfc9fea1e706cc80f7e47ed5b82ff046324e4f6710f7a481f3ef92a5012cd7701c461bbf00e5ec88a57f9c5c9f167f5221b40c4ad3a775395

Download Submit
/storage/emulated/0/data/.systemid

Filesize
59KB

MD5
b2a8fd2dba92c8f75869f79c70d441da

SHA1
faaf88b3c3653fc205a3a125ccb77fbc87b76215

SHA256
2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

SHA512
a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

Download Submit
/storage/emulated/0/data/.systemmac

Filesize
5KB

MD5
72a239b77072f4a325001408279d8756

SHA1
779ff775879ecb0b2f0778ff8311de79b67eadd7

SHA256
17adadfbe797cc54277c3236e9a84568c102dfc63c54ed64d073d02b6424e885

SHA512
9087ecc8d32faf66d91b1f10cddcc7c8cd7d28d28de9014f08413cad8904683d3b81cd75b25892f5342ff4b8f013fb46edf97bde91648ac1dd48d44db7584c7c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads