Analysis

  • max time kernel
    58s
  • max time network
    89s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    08-06-2024 13:25

General

  • Target

    喜闻.apk

  • Size

    10.9MB

  • MD5

    47a05e6f5e0560ea0385f1776a956494

  • SHA1

    15d6ae0483d7f0788ab19abd85ef9d7ae5309b80

  • SHA256

    c09a691bbaaf0bcabce974f0471e538eb0789af56361f218b5d53b5f3f8f9cfb

  • SHA512

    d436d89e0932af408828ab0872d9a0d57e2d463a210e50780bdda4d1945e9078d443d2bc0c56ca6c77092976bb2504f7f95055214e6c63abea78f9b926abdaa1

  • SSDEEP

    196608:Pdzx6wDC0W46BkdriofBzgoof1bgSof9ngQofbvgVX:Pv6wexkdeuBLu1Ru97uby

Malware Config

Signatures

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • plus.H5A5D9F54
    1⤵
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4247
    • stat -c "%x" /data/data
      2⤵
        PID:4329

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/plus.H5A5D9F54/files/.DC4278477faeb9.txt
      Filesize

      32B

      MD5

      3cd8376765dffa414d0feb54f8aa922b

      SHA1

      38c4c80fd54eb568702b759d76df541ea5dae6a7

      SHA256

      e5611705dcf3a31d2e65d21395e89ec2689acb0b4d826f74e8e37f8acfacd644

      SHA512

      b9d6f3ad5089b47fb543ce2540ae908b5186de54ca4056b1a30b54ff929734ff3af987fb33fb28c52c44f9d2625529a8c1d54898a42b7e81af8b014dcf574e08

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/1.png
      Filesize

      744KB

      MD5

      e63bedf16d1d083ee7fca223e1cf871b

      SHA1

      8afb3a0ed1dbe719eabea4614c463d78bf916f99

      SHA256

      ccbb22e16b2ec983cfd7de71ab2d9cf39e94492e8db7eb26084ed1b9172a5942

      SHA512

      cd234e9f8ab8e6c50b22f0cac0b685fbdc537d066363a12ab3e917093bb828c70d21d735c37183c8d735290f065db774392704f58bbf4c7edf551200a6f67985

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/2.png
      Filesize

      246KB

      MD5

      f2c520e615e27acfab5fcecaa5e4bdcb

      SHA1

      4262c680389720523757a452c5fc1ec0a035469a

      SHA256

      e973f3b973bcd4759e9b3d2c312d6586ecd96a1f65928b1ebbbc220953bcdad8

      SHA512

      ee246e66ff0b595e5ddb8766e286baffc9c7862d7cbd30f3e7ae906f4e75f5bcaf1f137e4812be40f6619970666216ca9ba37aff60cb3507de13be4e18b07222

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/3.png
      Filesize

      175KB

      MD5

      1cb0e8dc366b9a2d703fd9e0a366ad04

      SHA1

      b143d154bbee1493292ad878591da588f8629d7b

      SHA256

      fd4654f504114ca0dbb79dbd103fef54cf600c4e8987910b5c77ec750d492d9a

      SHA512

      eae987536b45c97e27bc7965c7c50c04aca572ddde80f77b93a982495faf9e55b661c0d393a7e357cfc006810daa41a56c44fc6b403e31d72179857f14036a05

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/4.png
      Filesize

      376KB

      MD5

      92334f7acde52b32d9b620ef9c1dd501

      SHA1

      72b809c158a488cfcfdfb7fc8a86bce5a9659663

      SHA256

      37f5deefb7f9a39d8ec502c74cdce7fe233131364a9fbe57057a1659857f2db6

      SHA512

      5d670b77893f2dcd4953f51c817851a82650950c9fa9b21167476f1f01b4c69875ab024488b5220cf3fffc65ea77d87514ff7a1c1faa0005ad2bbcf34685fe7d

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/404.html
      Filesize

      2KB

      MD5

      a8c0733e9ee848e3b93ba0f466eea14c

      SHA1

      221e026c471e29f8f5625fdafb712def71492f44

      SHA256

      7648a4c1e8a39ee0ff10dfdf622f7384faf098cdef524267c85f50c1debeb144

      SHA512

      028369cea228528b3e0e0e46ef46a4adb21b84f862c6efac0bcbb1abb27a32858dee4b5d50a5256e8a1128d58419f0d5c6d73b87f685d7267e46e5ff541ab161

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/888888.css
      Filesize

      1KB

      MD5

      5be8c13007090305527f8a3fee0b71cb

      SHA1

      6d18b573da00b093f7dc54c1f1ebda7bec295363

      SHA256

      519a34a6633d43c96e3c399f504713f7f98999822dffb0934668618d67506a4e

      SHA512

      82ebf0c510d564064a6d495a3c10c9bcf2523adcbd8f1f912a1f685a0fda779a94142ab6ffda6f34a908b43609a989adc768f6c9ab809e80a96289cb46427fd3

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/androidPrivacy.json
      Filesize

      1KB

      MD5

      c4231f4441889d09f18a702a5bf74486

      SHA1

      16ab2d07d170023ca2ee90d2881509a73ab1bc6b

      SHA256

      b2b108ed76f55dcbde7b0d549260020a3d0e64e66e1e9705867d2da806b9cfa1

      SHA512

      be316382b56aa19ff46c599b00366762fe2cea23ee7fb6637a1e1b646f44284569a24723f459d621934a398ed4b22be817c4d3d17d5e64009bd650a12c19b4ea

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/fwxy.html
      Filesize

      19KB

      MD5

      9df24747499fc86a166b8ac7d726f4f9

      SHA1

      5259f61ad6ad989bc133ab4cb2c81de3798e4f5c

      SHA256

      ba89e8bfe58d62705aeda4ae83ba886882cc61329682d233a3586103c426172f

      SHA512

      b8b6e4c030c4cd192854e3d8d225cf94e4a5ad2b8ffc3dba8e16608d98839deb7c66c7009d3df612b9649ff9f3abccd1ef84f4acfccca96013139a4da85c7ff5

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/index.html
      Filesize

      320B

      MD5

      d8fa1ecc27700b5ae5a9c1798b541ce7

      SHA1

      f1ad05c41c57663b86df51aa2310a072275a7db6

      SHA256

      a1fa6e0201d29600272a2f0a33a72962a8466d9f29bb1efd09f47d5307fd724d

      SHA512

      0d185df51bcb61a1a4ac347ba686bf43815a438afff107e1f7000539e79dc8cd56486d46708546aaa2847628e963d15f617c8883dac5a3837d737880b556656c

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/logo.png
      Filesize

      82KB

      MD5

      2fed2535c62e87ddeb0a163ade710515

      SHA1

      c98516ae634c6be92ea4b4ca6f04ab5d0fd1bc66

      SHA256

      435fb9944bc9190c2904584f21f88a3b052dd31a8ba05ba9e72ec1f98037dbe0

      SHA512

      b6cb42a26b1e6746ec72a4f3891c5661da5736338a001922c7006fdb1daa97dfbf9b5f52820b501d44a5ad041bf77e353ce5cf430d10fc59e265cfb9cd758b35

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/manifest.json
      Filesize

      1KB

      MD5

      060582f4e3f6888e553813fabef9a9ca

      SHA1

      7b2f60274024fcf327d4c59cfdb1548977193913

      SHA256

      4fa32fc1b9b3661a4808314fa4c61dd5c7662343982b28479d6b4edf4f11e88d

      SHA512

      79ef77c9c7fd83fb7b8bc5f956d98d26cccfd1a25e8985031ab14b05c53e4d3efe3a27da86c1e89c9f0b1ab91c773012199159c047728ad4c36022a6ebb92b53

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/oss.jump.js
      Filesize

      4KB

      MD5

      09d9519eff0a2ed5ee715a47e23601d2

      SHA1

      e565352259389a02cc1c7ddca7c4aa947bf49431

      SHA256

      09e8ef9c5c18e5bba46834b1d8c40322849d35e6a7ac4ef317143d2c6f1dd3c6

      SHA512

      1aa703680401dbb137ecefece97f83d3e7f0b6111b6a27e2a44af22bd26a282137c44fdcc4a1f39658789187c7d9290bc39172d40f21c0fd96dc92df20f002df

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/xl888.js
      Filesize

      646B

      MD5

      6b22964681b36a8643fc16d830969dcf

      SHA1

      e30137065ca10c7f75a4a79247b2ed5de1016c5d

      SHA256

      db1d328b7385991f59827a42f6b84b75a716c3d6312aaeac3f8ffca7d05e1b0c

      SHA512

      a01750d763bc017e9638bfcebfff552196ae098243cdc31e7f8e9f68cc16bb024581744a0b4eef3551092f17beb5bdc82f7c0ac0ff04d2d24c1a38d2acee9fef

    • /data/data/plus.H5A5D9F54/files/apps/H5A5D9F54/www/yszc.html
      Filesize

      175KB

      MD5

      040e2b859e148215e4b4258ca769e0b1

      SHA1

      d5a740b75be38e643208aa03b5cb464dd7b89dd1

      SHA256

      d96a1e3d03011ecfca0c3bdbdc4844e68c764c7015269dc3960afc5343fb1ea9

      SHA512

      6af1f928025a71fe3313a156efee5f9af5ae5b0f4de471546a406fb8bc6954f814cd4b26819923376cf0a9481f72f48154d22be146dbee2a97cbb1c72c0af152

    • /data/data/plus.H5A5D9F54/files/cnc3ejE6/eje3cnc
      Filesize

      35B

      MD5

      762298b93820a5cd8b6d8ec469078f7f

      SHA1

      d5b02a2ff3b235cd2b61ceff53a1d88b8984477d

      SHA256

      dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db

      SHA512

      70f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e