Analysis

  • max time kernel
    179s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    08-06-2024 13:25

General

  • Target

    喜闻.apk

  • Size

    10.9MB

  • MD5

    47a05e6f5e0560ea0385f1776a956494

  • SHA1

    15d6ae0483d7f0788ab19abd85ef9d7ae5309b80

  • SHA256

    c09a691bbaaf0bcabce974f0471e538eb0789af56361f218b5d53b5f3f8f9cfb

  • SHA512

    d436d89e0932af408828ab0872d9a0d57e2d463a210e50780bdda4d1945e9078d443d2bc0c56ca6c77092976bb2504f7f95055214e6c63abea78f9b926abdaa1

  • SSDEEP

    196608:Pdzx6wDC0W46BkdriofBzgoof1bgSof9ngQofbvgVX:Pv6wexkdeuBLu1Ru97uby

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • plus.H5A5D9F54
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4557

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/plus.H5A5D9F54/.00000000000/39285EFA.dex
    Filesize

    69KB

    MD5

    75a8168e7080b90fc2956592c268371f

    SHA1

    3702da56d31f381525473364f031dc884e37076d

    SHA256

    0b9c032080788add7f5989d0ce145e66a4686ff3a43b0e48dec60bf18bf75701

    SHA512

    33536573c834fffab7236dd96c22cbc3d075ab70b622ff7787381e5c7c262ab62e0252f0d07313c9227ccc8308cd93cd96373e57fa55a066691d5b5cfb55f5d3

  • /data/user/0/plus.H5A5D9F54/.00000000000/39285EFA.dex
    Filesize

    69KB

    MD5

    02f69eb4fe05ebc6c9f736d83e5f7e26

    SHA1

    777d75e14a73f5721fc4ae34f49a9a4b82311373

    SHA256

    13502356b7d3f910107aeff131e9c4a2b892744a125a2d1a2a206b219dc36042

    SHA512

    7c1f5d68d40bf37aef2e59aa9a4f96d1ef642a8db7e53295953b0b5fa3a63cd7546c5cf8ad3fc17f6b84a795a08e13024d8dcb3db828ca3fad634964cba69bcc

  • /data/user/0/plus.H5A5D9F54/files/.DC4278477faeb9.txt
    Filesize

    32B

    MD5

    3606a2d05bc6a52709482c184162a48b

    SHA1

    ee68e1c8dc22af6e430f7a97ba4e532e230d4cba

    SHA256

    896a5f94fae94e737e4c16dc1ae42ff9c6831808bf151ed4a12a2e8ce459a436

    SHA512

    40a5a3e171a15e46f28fece398140d3477610c6cd5c6fa5d9b36eaef4ab190f08abc9789dcc86831f9f3729d98b8b8eec510015f8b6e91d06d03679d37acc400

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/1.png
    Filesize

    744KB

    MD5

    e63bedf16d1d083ee7fca223e1cf871b

    SHA1

    8afb3a0ed1dbe719eabea4614c463d78bf916f99

    SHA256

    ccbb22e16b2ec983cfd7de71ab2d9cf39e94492e8db7eb26084ed1b9172a5942

    SHA512

    cd234e9f8ab8e6c50b22f0cac0b685fbdc537d066363a12ab3e917093bb828c70d21d735c37183c8d735290f065db774392704f58bbf4c7edf551200a6f67985

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/2.png
    Filesize

    246KB

    MD5

    f2c520e615e27acfab5fcecaa5e4bdcb

    SHA1

    4262c680389720523757a452c5fc1ec0a035469a

    SHA256

    e973f3b973bcd4759e9b3d2c312d6586ecd96a1f65928b1ebbbc220953bcdad8

    SHA512

    ee246e66ff0b595e5ddb8766e286baffc9c7862d7cbd30f3e7ae906f4e75f5bcaf1f137e4812be40f6619970666216ca9ba37aff60cb3507de13be4e18b07222

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/3.png
    Filesize

    175KB

    MD5

    1cb0e8dc366b9a2d703fd9e0a366ad04

    SHA1

    b143d154bbee1493292ad878591da588f8629d7b

    SHA256

    fd4654f504114ca0dbb79dbd103fef54cf600c4e8987910b5c77ec750d492d9a

    SHA512

    eae987536b45c97e27bc7965c7c50c04aca572ddde80f77b93a982495faf9e55b661c0d393a7e357cfc006810daa41a56c44fc6b403e31d72179857f14036a05

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/4.png
    Filesize

    376KB

    MD5

    92334f7acde52b32d9b620ef9c1dd501

    SHA1

    72b809c158a488cfcfdfb7fc8a86bce5a9659663

    SHA256

    37f5deefb7f9a39d8ec502c74cdce7fe233131364a9fbe57057a1659857f2db6

    SHA512

    5d670b77893f2dcd4953f51c817851a82650950c9fa9b21167476f1f01b4c69875ab024488b5220cf3fffc65ea77d87514ff7a1c1faa0005ad2bbcf34685fe7d

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/404.html
    Filesize

    2KB

    MD5

    a8c0733e9ee848e3b93ba0f466eea14c

    SHA1

    221e026c471e29f8f5625fdafb712def71492f44

    SHA256

    7648a4c1e8a39ee0ff10dfdf622f7384faf098cdef524267c85f50c1debeb144

    SHA512

    028369cea228528b3e0e0e46ef46a4adb21b84f862c6efac0bcbb1abb27a32858dee4b5d50a5256e8a1128d58419f0d5c6d73b87f685d7267e46e5ff541ab161

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/888888.css
    Filesize

    1KB

    MD5

    5be8c13007090305527f8a3fee0b71cb

    SHA1

    6d18b573da00b093f7dc54c1f1ebda7bec295363

    SHA256

    519a34a6633d43c96e3c399f504713f7f98999822dffb0934668618d67506a4e

    SHA512

    82ebf0c510d564064a6d495a3c10c9bcf2523adcbd8f1f912a1f685a0fda779a94142ab6ffda6f34a908b43609a989adc768f6c9ab809e80a96289cb46427fd3

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/androidPrivacy.json
    Filesize

    1KB

    MD5

    c4231f4441889d09f18a702a5bf74486

    SHA1

    16ab2d07d170023ca2ee90d2881509a73ab1bc6b

    SHA256

    b2b108ed76f55dcbde7b0d549260020a3d0e64e66e1e9705867d2da806b9cfa1

    SHA512

    be316382b56aa19ff46c599b00366762fe2cea23ee7fb6637a1e1b646f44284569a24723f459d621934a398ed4b22be817c4d3d17d5e64009bd650a12c19b4ea

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/fwxy.html
    Filesize

    19KB

    MD5

    9df24747499fc86a166b8ac7d726f4f9

    SHA1

    5259f61ad6ad989bc133ab4cb2c81de3798e4f5c

    SHA256

    ba89e8bfe58d62705aeda4ae83ba886882cc61329682d233a3586103c426172f

    SHA512

    b8b6e4c030c4cd192854e3d8d225cf94e4a5ad2b8ffc3dba8e16608d98839deb7c66c7009d3df612b9649ff9f3abccd1ef84f4acfccca96013139a4da85c7ff5

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/index.html
    Filesize

    320B

    MD5

    d8fa1ecc27700b5ae5a9c1798b541ce7

    SHA1

    f1ad05c41c57663b86df51aa2310a072275a7db6

    SHA256

    a1fa6e0201d29600272a2f0a33a72962a8466d9f29bb1efd09f47d5307fd724d

    SHA512

    0d185df51bcb61a1a4ac347ba686bf43815a438afff107e1f7000539e79dc8cd56486d46708546aaa2847628e963d15f617c8883dac5a3837d737880b556656c

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/logo.png
    Filesize

    82KB

    MD5

    2fed2535c62e87ddeb0a163ade710515

    SHA1

    c98516ae634c6be92ea4b4ca6f04ab5d0fd1bc66

    SHA256

    435fb9944bc9190c2904584f21f88a3b052dd31a8ba05ba9e72ec1f98037dbe0

    SHA512

    b6cb42a26b1e6746ec72a4f3891c5661da5736338a001922c7006fdb1daa97dfbf9b5f52820b501d44a5ad041bf77e353ce5cf430d10fc59e265cfb9cd758b35

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/manifest.json
    Filesize

    1KB

    MD5

    060582f4e3f6888e553813fabef9a9ca

    SHA1

    7b2f60274024fcf327d4c59cfdb1548977193913

    SHA256

    4fa32fc1b9b3661a4808314fa4c61dd5c7662343982b28479d6b4edf4f11e88d

    SHA512

    79ef77c9c7fd83fb7b8bc5f956d98d26cccfd1a25e8985031ab14b05c53e4d3efe3a27da86c1e89c9f0b1ab91c773012199159c047728ad4c36022a6ebb92b53

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/oss.jump.js
    Filesize

    4KB

    MD5

    09d9519eff0a2ed5ee715a47e23601d2

    SHA1

    e565352259389a02cc1c7ddca7c4aa947bf49431

    SHA256

    09e8ef9c5c18e5bba46834b1d8c40322849d35e6a7ac4ef317143d2c6f1dd3c6

    SHA512

    1aa703680401dbb137ecefece97f83d3e7f0b6111b6a27e2a44af22bd26a282137c44fdcc4a1f39658789187c7d9290bc39172d40f21c0fd96dc92df20f002df

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/xl888.js
    Filesize

    646B

    MD5

    6b22964681b36a8643fc16d830969dcf

    SHA1

    e30137065ca10c7f75a4a79247b2ed5de1016c5d

    SHA256

    db1d328b7385991f59827a42f6b84b75a716c3d6312aaeac3f8ffca7d05e1b0c

    SHA512

    a01750d763bc017e9638bfcebfff552196ae098243cdc31e7f8e9f68cc16bb024581744a0b4eef3551092f17beb5bdc82f7c0ac0ff04d2d24c1a38d2acee9fef

  • /data/user/0/plus.H5A5D9F54/files/apps/H5A5D9F54/www/yszc.html
    Filesize

    175KB

    MD5

    040e2b859e148215e4b4258ca769e0b1

    SHA1

    d5a740b75be38e643208aa03b5cb464dd7b89dd1

    SHA256

    d96a1e3d03011ecfca0c3bdbdc4844e68c764c7015269dc3960afc5343fb1ea9

    SHA512

    6af1f928025a71fe3313a156efee5f9af5ae5b0f4de471546a406fb8bc6954f814cd4b26819923376cf0a9481f72f48154d22be146dbee2a97cbb1c72c0af152

  • /data/user/0/plus.H5A5D9F54/files/cnc3ejE6/eje3cnc
    Filesize

    35B

    MD5

    762298b93820a5cd8b6d8ec469078f7f

    SHA1

    d5b02a2ff3b235cd2b61ceff53a1d88b8984477d

    SHA256

    dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db

    SHA512

    70f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e