Malware Analysis Report

2024-09-09 13:00

Sample ID 240613-1v878avhrr
Target a6c5fd7105fc67d4069f3817ddc1ca0e_JaffaCakes118
SHA256 b87af696ebd9577b4c3d3db7cd3642c6110e72330705715c32cb30103f8dec84
Tags
banker collection discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b87af696ebd9577b4c3d3db7cd3642c6110e72330705715c32cb30103f8dec84

Threat Level: Shows suspicious behavior

The file a6c5fd7105fc67d4069f3817ddc1ca0e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker collection discovery evasion

Loads dropped Dex/Jar

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Requests cell location

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:59

Reported

2024-06-13 22:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

6s

Max time network

139s

Command Line

com.lzk.weatherwebservice

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip N/A N/A
N/A /data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip N/A N/A
N/A /data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip N/A N/A
N/A /data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.lzk.weatherwebservice

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.lzk.weatherwebservice/app_cpdex/oat/x86/popdex.odex --compiler-filter=quicken --class-loader-context=&

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.lzk.weatherwebservice/app_mdexk/oat/x86/ghkn.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.map.baidu.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
HK 103.235.46.245:80 api.map.baidu.com tcp
US 1.1.1.1:53 api.is.guiji.com udp
US 1.1.1.1:53 www.baidu.com udp
HK 103.235.46.40:80 www.baidu.com tcp
US 1.1.1.1:53 webservice.webxml.com.cn udp
HK 103.235.46.245:80 api.map.baidu.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 4cfc23d640639fbfd71f1ad21ee362c5
SHA1 7f1a8959decaf14b05213c6f9eb81dc706a266ed
SHA256 77b12ae598f871cefc9af6acbc023a7d5f5dc01ad1e2a94b8f0180875f295b63
SHA512 83e81c4b803e4316ec3a1a54656c0723026f611bc67cc53f9603d04aff526244187a02eff7b0560310e44b6d77cdb4296742d650f2d1b6c91ce893ca4d962ef9

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_blue.png

MD5 cd03c81961866339359a8862cd420751
SHA1 4356e958c4b333453a187b13cfb8e4951e85b5c1
SHA256 5d81cceefef430d84abee2aee1a655e975e638eb6e90d9edeaf70df18f761453
SHA512 29c6a83607ef938c8d74031781008075f9e29f28381893ce565d0d0e5e2193657264deb7752709f124bac8a7625ecda18a90763f8b8cccd48868105fde62846b

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_green.png

MD5 b61c2cbfc113d3080881c1a6c805de7f
SHA1 8bfb29fbebab3ff36faa5f6d19bf7bdf57608dad
SHA256 740a7a55675de72a6d165dd1aea7f15e6744f08e5131c2abea7e6e02ac4752c9
SHA512 7cb6ca09b180adeb87552b9b814ec50723d2f8e909a5aa1c3c63526bfe90043c0f6f97696b0e40d33c045a6d7f4b4df711ecda2a93839b9409f69c84491b3151

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_orange.png

MD5 144bfaa9628bdc547f92dd8ce04960db
SHA1 f60797400afdb88cc1a7b26eaaf5c18b7d34e3c3
SHA256 56707731bc7b76b806d9db7ec7e73173d0ba7c5acf22c8c040fb1bbb0d07090e
SHA512 071111562423e811333afd56dbd18fb68e0720f41936c42d266f70d041862560b363aa202ae24af40e9ca611d7f3eb996ee4184834097e85fbda1e2d36291f4a

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_yellow.png

MD5 c56a569d3e2cc40deb8ef6dd9c8273df
SHA1 fcdfdfa5f883afe7dea8a08b4e22d66b243065c5
SHA256 0e603b7797d42f1eadf5ea14499460e84e6525df6bdc4ee1464e00789c10c057
SHA512 b1549f4667c2765feb11d38469a5bfa4f599609ff519e65b73fc01521886cd57e7f30c2c43655d2b3af8665c77cde4f3a07e1e21f7dded059dc22ac60cbdb4b8

/data/data/com.lzk.weatherwebservice/app_cpimgs/default_bg.png

MD5 67d8c02c18a4eebb21aa28ebd88d7a8b
SHA1 f31fe91485bba4da727e9a0d0525c7417d6c72ee
SHA256 7b341f9b1ab0a691029b44f9b1d64cf74fd72ad0c74772964645c79f687402d0
SHA512 73c14d96680105ce3e24ba0667cd2452848f9c7d2549e937667c25bcce01a4d9207a78f2dcfc7c09cdb39f87f079c7847ceacbed36cfae55013126ab3bdbf5fd

/data/data/com.lzk.weatherwebservice/app_cpimgs/dtop_closebtn.png

MD5 6edfc3ccf80c5cb2c25bf82dd5e78c46
SHA1 0f71fe007ebb0479e42905c6a78f80b0a109a03b
SHA256 2225deaa4204ae88206589b390dd277c9e24ab0a68338cec19eae600b854fe32
SHA512 a8e4adcc0cd0867e8bb2cfe43a04c3a8e8a84de99ad7150c339c4dab1e81c8dab87af17fe7b7bbea41d54c6acd6214224f07ba456a8dc0fc8c33b3782e83ba4f

/data/data/com.lzk.weatherwebservice/app_cpimgs/install_btn.png

MD5 c64af13b874ab8cfdac99f000c29a3be
SHA1 e5274173c7721f8c77bb5da46fc94f195abb4924
SHA256 67af721ddafee67f3eea6241bcdb5b8c1315e8ed1b8dc852646cde24fe040516
SHA512 d59c85b4576152848427a74214c7b979c576f5cc6978430b9d7076f50cdf8957d8256eccf55aaba2bf7f80da2a7a2b445a26758aeaf3e889ae1c84a3fb2185c9

/data/data/com.lzk.weatherwebservice/app_cpimgs/listcloseBtn.png

MD5 6fb767d2563a35f3c0e362a5970ffe1e
SHA1 6d3a8fdbd7ced06a363517cd6cea7a7fea16c269
SHA256 534fe818efbaa752826c53f1b63d3ecc1b647c8a9f7970012e316cbce5fb5ae2
SHA512 ab989e8b01b9d397cb2968dc8191a9c2c6fdf19947b30b96cd5266afc6fc330a318de8c914d34adef98caffd151a0bc29fb130bf11c5638e97b3ff15c723fc2b

/data/data/com.lzk.weatherwebservice/app_cpimgs/listview_bg.png

MD5 28554ef38f282f89a2f3b298157fc984
SHA1 08147f2b5a83fd07f5acadb43598480a13d3fac1
SHA256 b4034e26cfd742433a0b59676bf73a78d93d413decc891abf3d34486160d307b
SHA512 cd31cd81a7c37155f540c1b636cad9ea198860952d79f8b3d39dac661c2e7fa82e1398830c7aacfa6904e4d4cffa6f5f1d906dabbf97091f3e38a65fb5fa51da

/data/data/com.lzk.weatherwebservice/app_cpimgs/list_title_bg.png

MD5 c34bb6ce3d7def12e8af79e87a6b5173
SHA1 99e8103027a7bba73b736fcded9d0d91b49e4ed9
SHA256 daf75ee4e642b335cf1918ac9678502bace139f76645eedde7eaca4f296b7e57
SHA512 58735b6034ff6ce1974aa0a48952100345b6bdf74a4dd083925aa87b0882e1931ff8608d03d0854c9de23ca409e5726ddc1e8313339181f57312bee0804ee2b7

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_normol.png

MD5 2bf3d7d7ffe4a54396979c2802e5a0a7
SHA1 631def5dc6bd48080d51d3482a85c470b291c316
SHA256 ec1601e7e19b69d6d6bc8f18738698a6b4483a4f1ac546215dbcff9cc74acf7f
SHA512 2a9a95a9298c59a90b7234343f01b70219653e4d43217c83dd3dcafea84b96727d1e5f40ba035c36fb4dc6a83478fa66d545a2cf8221aa2da1ab9565b3deae79

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_blue.png

MD5 1c4e3c1de688a5cde892bd74eec4bfc1
SHA1 bade0d4743822214421dc664449c0b0d94d69aae
SHA256 ee7abc5886a058b4436aa0a53c6be535fc0bd3a6832f2b0b0e611473667dca5f
SHA512 ccf419b266d7fcdf4c6696963c657f7138a59b06a4fdd900effebcaac0b162ddb5e9135f5032a33e2b3ffc17642065600d9b9292005e200f5cd8e79b17968f24

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_green.png

MD5 9dfe941765a15b163eeb46b49cb4e89b
SHA1 caad3358c1706f28624e10616cf6d26a45b2dd5d
SHA256 d92d42135d59f97d35cc2d553b7bc79f19397a40cae9ac971a86def6fbc9167f
SHA512 0a38e4a6187fac65999a9a27ff4a917ab6dd023587ae5b0e33c95a502e7e93626ac3cfb48affaacc274b5f7fa118f483a627e70288757308041ac67e3337a4f1

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_orange.png

MD5 ffaccc20bf244076988df00a6bc20b06
SHA1 4a7176527cca9e9a862cb12485cf02c49c228913
SHA256 71d16959b999e8251ea5ffbf0075a43724b02f85ca34e3ee82b31935537c9a9f
SHA512 dba973767cc9e9eec698232e9f7d057bdf5464c8d70fcef3e6631ad72d9e62ab4cc08169db2e3927e2f3a870787ee60bfb4b26ec1ed8c3fd30e84aa38afd65c2

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_yellow.png

MD5 8487656fa992a7c3603773e0b1b1d7e0
SHA1 ac740cc2ce2ff0729b70c26c70ac0462072d1b81
SHA256 12b5a8c075e94cfd69d4a3ea6e62552d7e3e7e2ae5f6e69b7fc4ab5a6c9635a8
SHA512 b6be96693719978dabdaf05e3f733925b126959bf8ec0096775d76eeb08a6a5fd56c2ddb4697d81a8da9ef1e00524348c0ec7aaa36ac5302d89dd51db6f08fad

/data/data/com.lzk.weatherwebservice/app_cpimgs/sc_circle.png

MD5 e50c867a1725d1a77477d0a3931266f6
SHA1 1561a6d26dcc43254237e0dd99a8c1a8f0ad7d67
SHA256 0a549f08924e57ce9a5142fae8932efc57eca3454ae80ba8af57553f834be8be
SHA512 88faee49b0db9a401dee69f8fccb96fd2b671bb646a3cdb91d5f53a110e470d9fe027cd36684c77b0aed4e0f19d71522b1b88551ade135d5828ce4f41ad4c28f

/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 93c512958f79e2db1be15fef62aa458e
SHA1 fef70da3577d5947ac6c5a72e4fa9438424a4c86
SHA256 b2f0a0d6764325f92935f22cfd537cdc166ce4a44eda38a1ceab2a5c26c250da
SHA512 3f2ddf8b303d05b24b0c5c32ec15ed5b80e74355c1375250c7d7451c6af6b5a5496de23e2d2bbc807b48ba6dc2a7594d72064c84284cebcb04a9750543923be3

/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 296b40391d40f2e73d36190afd70d8d1
SHA1 9e9770a0c6fe338b07e6a9efe56c4e1912051f8d
SHA256 ab9d8ce9710b6b5c87c65049ae08a9aa8dd0b624e4602682f9eb9113acf8499e
SHA512 0c58d3819e66a95ab083c8d71819a0b4cf5fb557dac4b84ac6af0171369030774b0274f26b22ef24dbcc1c89588aea032652e4f06725033846e12063fd59179f

/data/data/com.lzk.weatherwebservice/app_pushimgs/adwords_bg.png

MD5 baa4da557d56b7c0ac8da3fb3f8e96ec
SHA1 582141c313ddc962142604c5dea11f29756b77b0
SHA256 19eae7f25cfda79543ea12c784cd4870dbba252d6f408bea49320c3ace990b4b
SHA512 99c53ef6ea7c3917a0a82064c1025afb75f6540c09398c9edca8e5c63d4e76a0568b37185534eb0617593f537b9a12b42a2dbc8fed3514be9418038c3e038416

/data/data/com.lzk.weatherwebservice/app_pushimgs/arrow_down.png

MD5 db45ab95930456e6baddab4e6fcbe712
SHA1 fa0c152e3afd7fa7026b0f688a3c6ea2c27b53c8
SHA256 5c3755a2f79003a4702ee79232d59efad418aa83e30b2691256a44457b0c602a
SHA512 d658b23e0687867f44567ae4dddb1a01cebab15508032ff7336458fa226e592db84217c852eaaa2132226cebd4bd7f74b8144a78aa85f77e979a7a1f104b8582

/data/data/com.lzk.weatherwebservice/app_pushimgs/arrow_up.png

MD5 20c4a831398dd9ebd8dba380a2e7857a
SHA1 c6db26860686a65f5f402d29d98b358630c10e40
SHA256 03353442682b665da8ccb439ac22407ed53cb499266361581a818d3b267b356d
SHA512 85ca28c7eace2766c4a5d8c8b1df4dc81cdecb241e8d129b9e43ebdcc2f3c7385aecf12afd02755bba850c19260f07635199ca606f32a8ea0d71355f64e4e423

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_bg.png

MD5 ffe93c95f1ceef187397bb763c992ccf
SHA1 6b082b7f6c55acd0987611b3b9a5aac9a5b06d67
SHA256 06dcc9066f53227b50faa763aed62944dc8d5a1612beba619caae2b1a81b42d9
SHA512 10693e4df14b0212798817d20cde37c88226353f4389968a81607fe7420244cabe2fb2074627e5194ff2c06cba0cb068598ab5078c0dbf8dbe4928f86ced6161

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_cancel.png

MD5 a7481cc1f04ff397669d5313711676b9
SHA1 6a8a1755f8bae8c1c4236420de731ac5e6479df1
SHA256 7bb0b4de65d49b7256c1083332005aac1f40eb496fe16996657721570b427c0b
SHA512 6cad2566cc0c5b2247a2309180659a883dbdfd7e546c75bdb0683e3102ccc833d63255a5776a466880cba7f7f12666c493e84043c8512ab929dbf357c32609bb

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_install.png

MD5 6a976eab4bd6a204fff19f363a3e0fad
SHA1 7815e2d7905bb25ecec99c6491e05e498baefefb
SHA256 a2520bd431de7d71c9453f9e808369c694b1214b4d13759fc0a08d5af681f796
SHA512 8f0537ebd9954fe5792421f15e499c71e009d26aeac810672e8d3cce982c4291c64917ca36651f4c7f33f4bd32480c9eb3ee6ee7ffd82d2e08d8147d850ae285

/data/data/com.lzk.weatherwebservice/app_pushimgs/btn_install.png

MD5 135b4b02c06ce896c0289c06931523d7
SHA1 219d7fcb9a47b14dc724030a5b22b00e4912c419
SHA256 7bc734fa69ef36df3ed4d3926657a52eee7f8448842586a3320804b7f86c47bc
SHA512 e9ef72d8a52cf365cc0d32d6ac9d333b3fc116b70e87d4279249efbcc0c57bae2951c4c6ecf2e675ab37f6ebc4374898cf75ca3ac11aa3286136b6770d680fa3

/data/data/com.lzk.weatherwebservice/app_pushimgs/img_bg.png

MD5 089965b9fb96326ad74e361a9a524e4b
SHA1 528cc6c7a10de9f525919a477c9e20d6b6e93d55
SHA256 d7c9eec30a30c3da3e80d2f7db31ae1ceb542c590f5ce8abaa77f39a16a0cf46
SHA512 b19f99764693882cb845b024bf5ef42121826dc92047532df19ff3e236c5e5e57e1390b942182275cc906fea83c541190325d21c88f70bd1041288b17489a579

/data/data/com.lzk.weatherwebservice/app_pushimgs/item_btn.png

MD5 c273f481a2774797a0f67a6f4a042bbe
SHA1 2858e907a559742835b1d820c8fc635ec5f7d094
SHA256 bb44dacdbda4803c00d0d7ef98376a2c3ad17d4c8b33084918a4986c744135ac
SHA512 75ee76ba31b62d0fbf0d17da7db4732664bf083e3848a1c38d82aca70d8fdeda54b3bef06c6df833fb9a4459c7789db2240dc886e52f2d82b50c464d505716cb

/data/data/com.lzk.weatherwebservice/app_pushimgs/m_star.png

MD5 590dd3230f50ba57b7a828cf1ad04aa0
SHA1 d8cd7d9cca6d011d3d4f6cea8c76fc3c1a7898ee
SHA256 d67f2ece3ab36175096b96cf121f83b0e44d7bf96fc5c8315b0c26ceb6d53cb7
SHA512 449dd317e61e063b342fe5491f8f09344699ec92a7e46aff6eea231472c55a0ee772ca875f46900de7f20c9d760fe20a662aea42551328c0f3cefe9bfaf82b79

/data/data/com.lzk.weatherwebservice/app_pushimgs/pop_back.png

MD5 64e607b18ceed3c184658ad0bead2c87
SHA1 ce0da694a61264c3dc52a42c5e4eef67c267330b
SHA256 ad6e950cabd47d19678ed9e243a954c428e11aefc17b14b03929ff9e7379a7ad
SHA512 a37c72b611a02dbcf6621904e34bd80fa2f0c71b5ff0f229cff91794924d3a8907d5971bc3dddc8a81536e78ec7b92cc1ca4c782ea91bfd065defbd842cdf63e

/data/data/com.lzk.weatherwebservice/app_pushimgs/pop_bottom_btn.png

MD5 153c4a358fd2029b62d88c5abc8315f8
SHA1 b8db469b4ed0798040ed2cd7618fb31c143bb733
SHA256 6d7b544ef6694a9440ab7b2fe902a67480f4cfdca37156b12db1ecb4bffd1945
SHA512 7cf959e5fa3bab95af3efe74e56b82d48e393b5ef1b733fd37e2f5f62611083fe58ace340a3b0bfea2227e94cae921714a82bcf64d1bb5834ca73ef088876850

/data/data/com.lzk.weatherwebservice/app_pushimgs/safe_icon.png

MD5 5101a78d00419574d0dcc0eb1f4b75a1
SHA1 c4142d79270fddb27f24d6e8e8b61e9837b3de48
SHA256 abe1bd342d024dbe2e1e853af11ce74d2e3d9286a8e44c6d94b4b5e4e7abf999
SHA512 cbe4d2438dbde51d36c19d26afc826d37d8221bd76a6641e93e6c2e6e4e124fedf8dd5ae10c90c882ae0220ce4647d7dd469c53ba5a8c2769e0a4983c5df637e

/data/data/com.lzk.weatherwebservice/app_pushimgs/safe_line.png

MD5 1533f88b71966664017deaa78437e057
SHA1 7b68a5bc7a6808a041c05ac7adc5da0fd378aecd
SHA256 ba11714200029dfc64b90b9953f80cdc49f30eaac9bbe8597d949f7a89b52b8a
SHA512 f04b79396404b4cf1cda6ad3ed7af3137b177d0da249d59a818c9a8ddb1e80cd98d078bfee9c352117f8c62303f08c9b3565bbd558a08d5aa07cf07527318728

/data/data/com.lzk.weatherwebservice/app_pushimgs/tj_line.png

MD5 83f9aabf34554a65a8f47514703ea69f
SHA1 bc3097db92c0f1821d60779d9b1f712cd0cc7866
SHA256 a5d81d5357d00dcff6099ee28f989711e289cf1e41fc6ef0903640d5ee73fd6d
SHA512 11fd5b05b830a48f658a9767556b8dcdfefc864bbe0ce5278f40c272879326fd03100cf73e2d762c3ae674f2eafc2ae5ea0285e690c4c18c7721ddfeb447bcbe

/data/data/com.lzk.weatherwebservice/app_pushimgs/top_bg.png

MD5 17f5c25477711a64b0dac419b8d68c0c
SHA1 475301f9d8143ba1548114d1de9272a18298a5dd
SHA256 b0e6d8458712cbb246fd4022cefee92796e55858a2c4f25cdec4dead894006a8
SHA512 09050759dca1837f59ab10d8c2531d986483ce50af2ab5038aefba3e5255fc8f67db1412f50717022b2c54fc39acc5ceab7ef3dcd51b38a61086ecedb885d478

/data/data/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 30b0ea972455b4ec549080b00d89b707
SHA1 65f1971c330b1a89717b8cbddf3b450cb64854d8
SHA256 0e5c1622f0caa03530c2a692682a39f6084553c39f263a58399db3578b47d57d
SHA512 cbfa765a4c390634850df1e3aa4fa8beffc556fca58597b0a3e7a424b83fb8c425b1edff9b6016b485ffc9293c9b8656aaaf28a1ac14268a96937e1abf0f07b6

/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 efe346aaf6f2c6cdc2cc01fd998a36be
SHA1 c10503e9fe8af53004ea8aeb22bf869edf33a5c0
SHA256 403b42e649dcafedab14f95495abfbc20c44339d8db8e016561f0b75d0e6579e
SHA512 37d9b43af7e4c1e9d37fda8a02024abca915835f780da07cb1679fd7bcc25764ae6b23640e46afe253937e5a3031086bc9cf166ba8f8905b5c9bedb8c8712ccc

/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 192d9fbf2392b976240ab734d818f677
SHA1 81efdcd29f3940f43f65e6084a28316be2f307e5
SHA256 76b4cdb95d1e4d645990a5eff381d729e2a8b9f7c82ffbd71b713ead80b9be3f
SHA512 63fdeb54c5e6430650cc7e1d26395a3728c1c224fd9fb3dda177683e2e20ce29fec3a9c391097583c7e68d1f7db17f4bce2596a9d56008424429f05ec1894755

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:59

Reported

2024-06-13 22:02

Platform

android-x64-20240611.1-en

Max time kernel

5s

Max time network

151s

Command Line

com.lzk.weatherwebservice

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip N/A N/A
N/A /data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Processes

com.lzk.weatherwebservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 api.is.guiji.com udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 webservice.webxml.com.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 api.map.baidu.com udp
HK 103.235.46.245:80 api.map.baidu.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.187.226:443 tcp

Files

/data/data/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 4cfc23d640639fbfd71f1ad21ee362c5
SHA1 7f1a8959decaf14b05213c6f9eb81dc706a266ed
SHA256 77b12ae598f871cefc9af6acbc023a7d5f5dc01ad1e2a94b8f0180875f295b63
SHA512 83e81c4b803e4316ec3a1a54656c0723026f611bc67cc53f9603d04aff526244187a02eff7b0560310e44b6d77cdb4296742d650f2d1b6c91ce893ca4d962ef9

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_blue.png

MD5 cd03c81961866339359a8862cd420751
SHA1 4356e958c4b333453a187b13cfb8e4951e85b5c1
SHA256 5d81cceefef430d84abee2aee1a655e975e638eb6e90d9edeaf70df18f761453
SHA512 29c6a83607ef938c8d74031781008075f9e29f28381893ce565d0d0e5e2193657264deb7752709f124bac8a7625ecda18a90763f8b8cccd48868105fde62846b

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_green.png

MD5 b61c2cbfc113d3080881c1a6c805de7f
SHA1 8bfb29fbebab3ff36faa5f6d19bf7bdf57608dad
SHA256 740a7a55675de72a6d165dd1aea7f15e6744f08e5131c2abea7e6e02ac4752c9
SHA512 7cb6ca09b180adeb87552b9b814ec50723d2f8e909a5aa1c3c63526bfe90043c0f6f97696b0e40d33c045a6d7f4b4df711ecda2a93839b9409f69c84491b3151

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_orange.png

MD5 144bfaa9628bdc547f92dd8ce04960db
SHA1 f60797400afdb88cc1a7b26eaaf5c18b7d34e3c3
SHA256 56707731bc7b76b806d9db7ec7e73173d0ba7c5acf22c8c040fb1bbb0d07090e
SHA512 071111562423e811333afd56dbd18fb68e0720f41936c42d266f70d041862560b363aa202ae24af40e9ca611d7f3eb996ee4184834097e85fbda1e2d36291f4a

/data/data/com.lzk.weatherwebservice/app_cpimgs/btnbg_yellow.png

MD5 c56a569d3e2cc40deb8ef6dd9c8273df
SHA1 fcdfdfa5f883afe7dea8a08b4e22d66b243065c5
SHA256 0e603b7797d42f1eadf5ea14499460e84e6525df6bdc4ee1464e00789c10c057
SHA512 b1549f4667c2765feb11d38469a5bfa4f599609ff519e65b73fc01521886cd57e7f30c2c43655d2b3af8665c77cde4f3a07e1e21f7dded059dc22ac60cbdb4b8

/data/data/com.lzk.weatherwebservice/app_cpimgs/default_bg.png

MD5 67d8c02c18a4eebb21aa28ebd88d7a8b
SHA1 f31fe91485bba4da727e9a0d0525c7417d6c72ee
SHA256 7b341f9b1ab0a691029b44f9b1d64cf74fd72ad0c74772964645c79f687402d0
SHA512 73c14d96680105ce3e24ba0667cd2452848f9c7d2549e937667c25bcce01a4d9207a78f2dcfc7c09cdb39f87f079c7847ceacbed36cfae55013126ab3bdbf5fd

/data/data/com.lzk.weatherwebservice/app_cpimgs/dtop_closebtn.png

MD5 6edfc3ccf80c5cb2c25bf82dd5e78c46
SHA1 0f71fe007ebb0479e42905c6a78f80b0a109a03b
SHA256 2225deaa4204ae88206589b390dd277c9e24ab0a68338cec19eae600b854fe32
SHA512 a8e4adcc0cd0867e8bb2cfe43a04c3a8e8a84de99ad7150c339c4dab1e81c8dab87af17fe7b7bbea41d54c6acd6214224f07ba456a8dc0fc8c33b3782e83ba4f

/data/data/com.lzk.weatherwebservice/app_cpimgs/install_btn.png

MD5 c64af13b874ab8cfdac99f000c29a3be
SHA1 e5274173c7721f8c77bb5da46fc94f195abb4924
SHA256 67af721ddafee67f3eea6241bcdb5b8c1315e8ed1b8dc852646cde24fe040516
SHA512 d59c85b4576152848427a74214c7b979c576f5cc6978430b9d7076f50cdf8957d8256eccf55aaba2bf7f80da2a7a2b445a26758aeaf3e889ae1c84a3fb2185c9

/data/data/com.lzk.weatherwebservice/app_cpimgs/listcloseBtn.png

MD5 6fb767d2563a35f3c0e362a5970ffe1e
SHA1 6d3a8fdbd7ced06a363517cd6cea7a7fea16c269
SHA256 534fe818efbaa752826c53f1b63d3ecc1b647c8a9f7970012e316cbce5fb5ae2
SHA512 ab989e8b01b9d397cb2968dc8191a9c2c6fdf19947b30b96cd5266afc6fc330a318de8c914d34adef98caffd151a0bc29fb130bf11c5638e97b3ff15c723fc2b

/data/data/com.lzk.weatherwebservice/app_cpimgs/listview_bg.png

MD5 28554ef38f282f89a2f3b298157fc984
SHA1 08147f2b5a83fd07f5acadb43598480a13d3fac1
SHA256 b4034e26cfd742433a0b59676bf73a78d93d413decc891abf3d34486160d307b
SHA512 cd31cd81a7c37155f540c1b636cad9ea198860952d79f8b3d39dac661c2e7fa82e1398830c7aacfa6904e4d4cffa6f5f1d906dabbf97091f3e38a65fb5fa51da

/data/data/com.lzk.weatherwebservice/app_cpimgs/list_title_bg.png

MD5 c34bb6ce3d7def12e8af79e87a6b5173
SHA1 99e8103027a7bba73b736fcded9d0d91b49e4ed9
SHA256 daf75ee4e642b335cf1918ac9678502bace139f76645eedde7eaca4f296b7e57
SHA512 58735b6034ff6ce1974aa0a48952100345b6bdf74a4dd083925aa87b0882e1931ff8608d03d0854c9de23ca409e5726ddc1e8313339181f57312bee0804ee2b7

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_normol.png

MD5 2bf3d7d7ffe4a54396979c2802e5a0a7
SHA1 631def5dc6bd48080d51d3482a85c470b291c316
SHA256 ec1601e7e19b69d6d6bc8f18738698a6b4483a4f1ac546215dbcff9cc74acf7f
SHA512 2a9a95a9298c59a90b7234343f01b70219653e4d43217c83dd3dcafea84b96727d1e5f40ba035c36fb4dc6a83478fa66d545a2cf8221aa2da1ab9565b3deae79

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_blue.png

MD5 1c4e3c1de688a5cde892bd74eec4bfc1
SHA1 bade0d4743822214421dc664449c0b0d94d69aae
SHA256 ee7abc5886a058b4436aa0a53c6be535fc0bd3a6832f2b0b0e611473667dca5f
SHA512 ccf419b266d7fcdf4c6696963c657f7138a59b06a4fdd900effebcaac0b162ddb5e9135f5032a33e2b3ffc17642065600d9b9292005e200f5cd8e79b17968f24

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_green.png

MD5 9dfe941765a15b163eeb46b49cb4e89b
SHA1 caad3358c1706f28624e10616cf6d26a45b2dd5d
SHA256 d92d42135d59f97d35cc2d553b7bc79f19397a40cae9ac971a86def6fbc9167f
SHA512 0a38e4a6187fac65999a9a27ff4a917ab6dd023587ae5b0e33c95a502e7e93626ac3cfb48affaacc274b5f7fa118f483a627e70288757308041ac67e3337a4f1

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_orange.png

MD5 ffaccc20bf244076988df00a6bc20b06
SHA1 4a7176527cca9e9a862cb12485cf02c49c228913
SHA256 71d16959b999e8251ea5ffbf0075a43724b02f85ca34e3ee82b31935537c9a9f
SHA512 dba973767cc9e9eec698232e9f7d057bdf5464c8d70fcef3e6631ad72d9e62ab4cc08169db2e3927e2f3a870787ee60bfb4b26ec1ed8c3fd30e84aa38afd65c2

/data/data/com.lzk.weatherwebservice/app_cpimgs/page_selecte_yellow.png

MD5 8487656fa992a7c3603773e0b1b1d7e0
SHA1 ac740cc2ce2ff0729b70c26c70ac0462072d1b81
SHA256 12b5a8c075e94cfd69d4a3ea6e62552d7e3e7e2ae5f6e69b7fc4ab5a6c9635a8
SHA512 b6be96693719978dabdaf05e3f733925b126959bf8ec0096775d76eeb08a6a5fd56c2ddb4697d81a8da9ef1e00524348c0ec7aaa36ac5302d89dd51db6f08fad

/data/data/com.lzk.weatherwebservice/app_cpimgs/sc_circle.png

MD5 e50c867a1725d1a77477d0a3931266f6
SHA1 1561a6d26dcc43254237e0dd99a8c1a8f0ad7d67
SHA256 0a549f08924e57ce9a5142fae8932efc57eca3454ae80ba8af57553f834be8be
SHA512 88faee49b0db9a401dee69f8fccb96fd2b671bb646a3cdb91d5f53a110e470d9fe027cd36684c77b0aed4e0f19d71522b1b88551ade135d5828ce4f41ad4c28f

/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 93c512958f79e2db1be15fef62aa458e
SHA1 fef70da3577d5947ac6c5a72e4fa9438424a4c86
SHA256 b2f0a0d6764325f92935f22cfd537cdc166ce4a44eda38a1ceab2a5c26c250da
SHA512 3f2ddf8b303d05b24b0c5c32ec15ed5b80e74355c1375250c7d7451c6af6b5a5496de23e2d2bbc807b48ba6dc2a7594d72064c84284cebcb04a9750543923be3

/data/data/com.lzk.weatherwebservice/app_pushimgs/adwords_bg.png

MD5 baa4da557d56b7c0ac8da3fb3f8e96ec
SHA1 582141c313ddc962142604c5dea11f29756b77b0
SHA256 19eae7f25cfda79543ea12c784cd4870dbba252d6f408bea49320c3ace990b4b
SHA512 99c53ef6ea7c3917a0a82064c1025afb75f6540c09398c9edca8e5c63d4e76a0568b37185534eb0617593f537b9a12b42a2dbc8fed3514be9418038c3e038416

/data/data/com.lzk.weatherwebservice/app_pushimgs/arrow_down.png

MD5 db45ab95930456e6baddab4e6fcbe712
SHA1 fa0c152e3afd7fa7026b0f688a3c6ea2c27b53c8
SHA256 5c3755a2f79003a4702ee79232d59efad418aa83e30b2691256a44457b0c602a
SHA512 d658b23e0687867f44567ae4dddb1a01cebab15508032ff7336458fa226e592db84217c852eaaa2132226cebd4bd7f74b8144a78aa85f77e979a7a1f104b8582

/data/data/com.lzk.weatherwebservice/app_pushimgs/arrow_up.png

MD5 20c4a831398dd9ebd8dba380a2e7857a
SHA1 c6db26860686a65f5f402d29d98b358630c10e40
SHA256 03353442682b665da8ccb439ac22407ed53cb499266361581a818d3b267b356d
SHA512 85ca28c7eace2766c4a5d8c8b1df4dc81cdecb241e8d129b9e43ebdcc2f3c7385aecf12afd02755bba850c19260f07635199ca606f32a8ea0d71355f64e4e423

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_bg.png

MD5 ffe93c95f1ceef187397bb763c992ccf
SHA1 6b082b7f6c55acd0987611b3b9a5aac9a5b06d67
SHA256 06dcc9066f53227b50faa763aed62944dc8d5a1612beba619caae2b1a81b42d9
SHA512 10693e4df14b0212798817d20cde37c88226353f4389968a81607fe7420244cabe2fb2074627e5194ff2c06cba0cb068598ab5078c0dbf8dbe4928f86ced6161

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_cancel.png

MD5 a7481cc1f04ff397669d5313711676b9
SHA1 6a8a1755f8bae8c1c4236420de731ac5e6479df1
SHA256 7bb0b4de65d49b7256c1083332005aac1f40eb496fe16996657721570b427c0b
SHA512 6cad2566cc0c5b2247a2309180659a883dbdfd7e546c75bdb0683e3102ccc833d63255a5776a466880cba7f7f12666c493e84043c8512ab929dbf357c32609bb

/data/data/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_install.png

MD5 6a976eab4bd6a204fff19f363a3e0fad
SHA1 7815e2d7905bb25ecec99c6491e05e498baefefb
SHA256 a2520bd431de7d71c9453f9e808369c694b1214b4d13759fc0a08d5af681f796
SHA512 8f0537ebd9954fe5792421f15e499c71e009d26aeac810672e8d3cce982c4291c64917ca36651f4c7f33f4bd32480c9eb3ee6ee7ffd82d2e08d8147d850ae285

/data/data/com.lzk.weatherwebservice/app_pushimgs/btn_install.png

MD5 135b4b02c06ce896c0289c06931523d7
SHA1 219d7fcb9a47b14dc724030a5b22b00e4912c419
SHA256 7bc734fa69ef36df3ed4d3926657a52eee7f8448842586a3320804b7f86c47bc
SHA512 e9ef72d8a52cf365cc0d32d6ac9d333b3fc116b70e87d4279249efbcc0c57bae2951c4c6ecf2e675ab37f6ebc4374898cf75ca3ac11aa3286136b6770d680fa3

/data/data/com.lzk.weatherwebservice/app_pushimgs/img_bg.png

MD5 089965b9fb96326ad74e361a9a524e4b
SHA1 528cc6c7a10de9f525919a477c9e20d6b6e93d55
SHA256 d7c9eec30a30c3da3e80d2f7db31ae1ceb542c590f5ce8abaa77f39a16a0cf46
SHA512 b19f99764693882cb845b024bf5ef42121826dc92047532df19ff3e236c5e5e57e1390b942182275cc906fea83c541190325d21c88f70bd1041288b17489a579

/data/data/com.lzk.weatherwebservice/app_pushimgs/item_btn.png

MD5 c273f481a2774797a0f67a6f4a042bbe
SHA1 2858e907a559742835b1d820c8fc635ec5f7d094
SHA256 bb44dacdbda4803c00d0d7ef98376a2c3ad17d4c8b33084918a4986c744135ac
SHA512 75ee76ba31b62d0fbf0d17da7db4732664bf083e3848a1c38d82aca70d8fdeda54b3bef06c6df833fb9a4459c7789db2240dc886e52f2d82b50c464d505716cb

/data/data/com.lzk.weatherwebservice/app_pushimgs/m_star.png

MD5 590dd3230f50ba57b7a828cf1ad04aa0
SHA1 d8cd7d9cca6d011d3d4f6cea8c76fc3c1a7898ee
SHA256 d67f2ece3ab36175096b96cf121f83b0e44d7bf96fc5c8315b0c26ceb6d53cb7
SHA512 449dd317e61e063b342fe5491f8f09344699ec92a7e46aff6eea231472c55a0ee772ca875f46900de7f20c9d760fe20a662aea42551328c0f3cefe9bfaf82b79

/data/data/com.lzk.weatherwebservice/app_pushimgs/pop_back.png

MD5 64e607b18ceed3c184658ad0bead2c87
SHA1 ce0da694a61264c3dc52a42c5e4eef67c267330b
SHA256 ad6e950cabd47d19678ed9e243a954c428e11aefc17b14b03929ff9e7379a7ad
SHA512 a37c72b611a02dbcf6621904e34bd80fa2f0c71b5ff0f229cff91794924d3a8907d5971bc3dddc8a81536e78ec7b92cc1ca4c782ea91bfd065defbd842cdf63e

/data/data/com.lzk.weatherwebservice/app_pushimgs/pop_bottom_btn.png

MD5 153c4a358fd2029b62d88c5abc8315f8
SHA1 b8db469b4ed0798040ed2cd7618fb31c143bb733
SHA256 6d7b544ef6694a9440ab7b2fe902a67480f4cfdca37156b12db1ecb4bffd1945
SHA512 7cf959e5fa3bab95af3efe74e56b82d48e393b5ef1b733fd37e2f5f62611083fe58ace340a3b0bfea2227e94cae921714a82bcf64d1bb5834ca73ef088876850

/data/data/com.lzk.weatherwebservice/app_pushimgs/safe_icon.png

MD5 5101a78d00419574d0dcc0eb1f4b75a1
SHA1 c4142d79270fddb27f24d6e8e8b61e9837b3de48
SHA256 abe1bd342d024dbe2e1e853af11ce74d2e3d9286a8e44c6d94b4b5e4e7abf999
SHA512 cbe4d2438dbde51d36c19d26afc826d37d8221bd76a6641e93e6c2e6e4e124fedf8dd5ae10c90c882ae0220ce4647d7dd469c53ba5a8c2769e0a4983c5df637e

/data/data/com.lzk.weatherwebservice/app_pushimgs/safe_line.png

MD5 1533f88b71966664017deaa78437e057
SHA1 7b68a5bc7a6808a041c05ac7adc5da0fd378aecd
SHA256 ba11714200029dfc64b90b9953f80cdc49f30eaac9bbe8597d949f7a89b52b8a
SHA512 f04b79396404b4cf1cda6ad3ed7af3137b177d0da249d59a818c9a8ddb1e80cd98d078bfee9c352117f8c62303f08c9b3565bbd558a08d5aa07cf07527318728

/data/data/com.lzk.weatherwebservice/app_pushimgs/tj_line.png

MD5 83f9aabf34554a65a8f47514703ea69f
SHA1 bc3097db92c0f1821d60779d9b1f712cd0cc7866
SHA256 a5d81d5357d00dcff6099ee28f989711e289cf1e41fc6ef0903640d5ee73fd6d
SHA512 11fd5b05b830a48f658a9767556b8dcdfefc864bbe0ce5278f40c272879326fd03100cf73e2d762c3ae674f2eafc2ae5ea0285e690c4c18c7721ddfeb447bcbe

/data/data/com.lzk.weatherwebservice/app_pushimgs/top_bg.png

MD5 17f5c25477711a64b0dac419b8d68c0c
SHA1 475301f9d8143ba1548114d1de9272a18298a5dd
SHA256 b0e6d8458712cbb246fd4022cefee92796e55858a2c4f25cdec4dead894006a8
SHA512 09050759dca1837f59ab10d8c2531d986483ce50af2ab5038aefba3e5255fc8f67db1412f50717022b2c54fc39acc5ceab7ef3dcd51b38a61086ecedb885d478

/data/data/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 30b0ea972455b4ec549080b00d89b707
SHA1 65f1971c330b1a89717b8cbddf3b450cb64854d8
SHA256 0e5c1622f0caa03530c2a692682a39f6084553c39f263a58399db3578b47d57d
SHA512 cbfa765a4c390634850df1e3aa4fa8beffc556fca58597b0a3e7a424b83fb8c425b1edff9b6016b485ffc9293c9b8656aaaf28a1ac14268a96937e1abf0f07b6

/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 efe346aaf6f2c6cdc2cc01fd998a36be
SHA1 c10503e9fe8af53004ea8aeb22bf869edf33a5c0
SHA256 403b42e649dcafedab14f95495abfbc20c44339d8db8e016561f0b75d0e6579e
SHA512 37d9b43af7e4c1e9d37fda8a02024abca915835f780da07cb1679fd7bcc25764ae6b23640e46afe253937e5a3031086bc9cf166ba8f8905b5c9bedb8c8712ccc

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 21:59

Reported

2024-06-13 22:02

Platform

android-x64-arm64-20240611.1-en

Max time kernel

5s

Max time network

132s

Command Line

com.lzk.weatherwebservice

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip N/A N/A
N/A /data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.lzk.weatherwebservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.is.guiji.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 webservice.webxml.com.cn udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 4cfc23d640639fbfd71f1ad21ee362c5
SHA1 7f1a8959decaf14b05213c6f9eb81dc706a266ed
SHA256 77b12ae598f871cefc9af6acbc023a7d5f5dc01ad1e2a94b8f0180875f295b63
SHA512 83e81c4b803e4316ec3a1a54656c0723026f611bc67cc53f9603d04aff526244187a02eff7b0560310e44b6d77cdb4296742d650f2d1b6c91ce893ca4d962ef9

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/btnbg_blue.png

MD5 cd03c81961866339359a8862cd420751
SHA1 4356e958c4b333453a187b13cfb8e4951e85b5c1
SHA256 5d81cceefef430d84abee2aee1a655e975e638eb6e90d9edeaf70df18f761453
SHA512 29c6a83607ef938c8d74031781008075f9e29f28381893ce565d0d0e5e2193657264deb7752709f124bac8a7625ecda18a90763f8b8cccd48868105fde62846b

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/btnbg_green.png

MD5 b61c2cbfc113d3080881c1a6c805de7f
SHA1 8bfb29fbebab3ff36faa5f6d19bf7bdf57608dad
SHA256 740a7a55675de72a6d165dd1aea7f15e6744f08e5131c2abea7e6e02ac4752c9
SHA512 7cb6ca09b180adeb87552b9b814ec50723d2f8e909a5aa1c3c63526bfe90043c0f6f97696b0e40d33c045a6d7f4b4df711ecda2a93839b9409f69c84491b3151

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/btnbg_orange.png

MD5 144bfaa9628bdc547f92dd8ce04960db
SHA1 f60797400afdb88cc1a7b26eaaf5c18b7d34e3c3
SHA256 56707731bc7b76b806d9db7ec7e73173d0ba7c5acf22c8c040fb1bbb0d07090e
SHA512 071111562423e811333afd56dbd18fb68e0720f41936c42d266f70d041862560b363aa202ae24af40e9ca611d7f3eb996ee4184834097e85fbda1e2d36291f4a

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/btnbg_yellow.png

MD5 c56a569d3e2cc40deb8ef6dd9c8273df
SHA1 fcdfdfa5f883afe7dea8a08b4e22d66b243065c5
SHA256 0e603b7797d42f1eadf5ea14499460e84e6525df6bdc4ee1464e00789c10c057
SHA512 b1549f4667c2765feb11d38469a5bfa4f599609ff519e65b73fc01521886cd57e7f30c2c43655d2b3af8665c77cde4f3a07e1e21f7dded059dc22ac60cbdb4b8

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/default_bg.png

MD5 67d8c02c18a4eebb21aa28ebd88d7a8b
SHA1 f31fe91485bba4da727e9a0d0525c7417d6c72ee
SHA256 7b341f9b1ab0a691029b44f9b1d64cf74fd72ad0c74772964645c79f687402d0
SHA512 73c14d96680105ce3e24ba0667cd2452848f9c7d2549e937667c25bcce01a4d9207a78f2dcfc7c09cdb39f87f079c7847ceacbed36cfae55013126ab3bdbf5fd

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/dtop_closebtn.png

MD5 6edfc3ccf80c5cb2c25bf82dd5e78c46
SHA1 0f71fe007ebb0479e42905c6a78f80b0a109a03b
SHA256 2225deaa4204ae88206589b390dd277c9e24ab0a68338cec19eae600b854fe32
SHA512 a8e4adcc0cd0867e8bb2cfe43a04c3a8e8a84de99ad7150c339c4dab1e81c8dab87af17fe7b7bbea41d54c6acd6214224f07ba456a8dc0fc8c33b3782e83ba4f

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/install_btn.png

MD5 c64af13b874ab8cfdac99f000c29a3be
SHA1 e5274173c7721f8c77bb5da46fc94f195abb4924
SHA256 67af721ddafee67f3eea6241bcdb5b8c1315e8ed1b8dc852646cde24fe040516
SHA512 d59c85b4576152848427a74214c7b979c576f5cc6978430b9d7076f50cdf8957d8256eccf55aaba2bf7f80da2a7a2b445a26758aeaf3e889ae1c84a3fb2185c9

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/listcloseBtn.png

MD5 6fb767d2563a35f3c0e362a5970ffe1e
SHA1 6d3a8fdbd7ced06a363517cd6cea7a7fea16c269
SHA256 534fe818efbaa752826c53f1b63d3ecc1b647c8a9f7970012e316cbce5fb5ae2
SHA512 ab989e8b01b9d397cb2968dc8191a9c2c6fdf19947b30b96cd5266afc6fc330a318de8c914d34adef98caffd151a0bc29fb130bf11c5638e97b3ff15c723fc2b

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/listview_bg.png

MD5 28554ef38f282f89a2f3b298157fc984
SHA1 08147f2b5a83fd07f5acadb43598480a13d3fac1
SHA256 b4034e26cfd742433a0b59676bf73a78d93d413decc891abf3d34486160d307b
SHA512 cd31cd81a7c37155f540c1b636cad9ea198860952d79f8b3d39dac661c2e7fa82e1398830c7aacfa6904e4d4cffa6f5f1d906dabbf97091f3e38a65fb5fa51da

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/list_title_bg.png

MD5 c34bb6ce3d7def12e8af79e87a6b5173
SHA1 99e8103027a7bba73b736fcded9d0d91b49e4ed9
SHA256 daf75ee4e642b335cf1918ac9678502bace139f76645eedde7eaca4f296b7e57
SHA512 58735b6034ff6ce1974aa0a48952100345b6bdf74a4dd083925aa87b0882e1931ff8608d03d0854c9de23ca409e5726ddc1e8313339181f57312bee0804ee2b7

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/page_normol.png

MD5 2bf3d7d7ffe4a54396979c2802e5a0a7
SHA1 631def5dc6bd48080d51d3482a85c470b291c316
SHA256 ec1601e7e19b69d6d6bc8f18738698a6b4483a4f1ac546215dbcff9cc74acf7f
SHA512 2a9a95a9298c59a90b7234343f01b70219653e4d43217c83dd3dcafea84b96727d1e5f40ba035c36fb4dc6a83478fa66d545a2cf8221aa2da1ab9565b3deae79

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/page_selecte_blue.png

MD5 1c4e3c1de688a5cde892bd74eec4bfc1
SHA1 bade0d4743822214421dc664449c0b0d94d69aae
SHA256 ee7abc5886a058b4436aa0a53c6be535fc0bd3a6832f2b0b0e611473667dca5f
SHA512 ccf419b266d7fcdf4c6696963c657f7138a59b06a4fdd900effebcaac0b162ddb5e9135f5032a33e2b3ffc17642065600d9b9292005e200f5cd8e79b17968f24

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/page_selecte_green.png

MD5 9dfe941765a15b163eeb46b49cb4e89b
SHA1 caad3358c1706f28624e10616cf6d26a45b2dd5d
SHA256 d92d42135d59f97d35cc2d553b7bc79f19397a40cae9ac971a86def6fbc9167f
SHA512 0a38e4a6187fac65999a9a27ff4a917ab6dd023587ae5b0e33c95a502e7e93626ac3cfb48affaacc274b5f7fa118f483a627e70288757308041ac67e3337a4f1

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/page_selecte_orange.png

MD5 ffaccc20bf244076988df00a6bc20b06
SHA1 4a7176527cca9e9a862cb12485cf02c49c228913
SHA256 71d16959b999e8251ea5ffbf0075a43724b02f85ca34e3ee82b31935537c9a9f
SHA512 dba973767cc9e9eec698232e9f7d057bdf5464c8d70fcef3e6631ad72d9e62ab4cc08169db2e3927e2f3a870787ee60bfb4b26ec1ed8c3fd30e84aa38afd65c2

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/page_selecte_yellow.png

MD5 8487656fa992a7c3603773e0b1b1d7e0
SHA1 ac740cc2ce2ff0729b70c26c70ac0462072d1b81
SHA256 12b5a8c075e94cfd69d4a3ea6e62552d7e3e7e2ae5f6e69b7fc4ab5a6c9635a8
SHA512 b6be96693719978dabdaf05e3f733925b126959bf8ec0096775d76eeb08a6a5fd56c2ddb4697d81a8da9ef1e00524348c0ec7aaa36ac5302d89dd51db6f08fad

/data/user/0/com.lzk.weatherwebservice/app_cpimgs/sc_circle.png

MD5 e50c867a1725d1a77477d0a3931266f6
SHA1 1561a6d26dcc43254237e0dd99a8c1a8f0ad7d67
SHA256 0a549f08924e57ce9a5142fae8932efc57eca3454ae80ba8af57553f834be8be
SHA512 88faee49b0db9a401dee69f8fccb96fd2b671bb646a3cdb91d5f53a110e470d9fe027cd36684c77b0aed4e0f19d71522b1b88551ade135d5828ce4f41ad4c28f

/data/user/0/com.lzk.weatherwebservice/app_cpdex/popdex.zip

MD5 93c512958f79e2db1be15fef62aa458e
SHA1 fef70da3577d5947ac6c5a72e4fa9438424a4c86
SHA256 b2f0a0d6764325f92935f22cfd537cdc166ce4a44eda38a1ceab2a5c26c250da
SHA512 3f2ddf8b303d05b24b0c5c32ec15ed5b80e74355c1375250c7d7451c6af6b5a5496de23e2d2bbc807b48ba6dc2a7594d72064c84284cebcb04a9750543923be3

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/adwords_bg.png

MD5 baa4da557d56b7c0ac8da3fb3f8e96ec
SHA1 582141c313ddc962142604c5dea11f29756b77b0
SHA256 19eae7f25cfda79543ea12c784cd4870dbba252d6f408bea49320c3ace990b4b
SHA512 99c53ef6ea7c3917a0a82064c1025afb75f6540c09398c9edca8e5c63d4e76a0568b37185534eb0617593f537b9a12b42a2dbc8fed3514be9418038c3e038416

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/arrow_down.png

MD5 db45ab95930456e6baddab4e6fcbe712
SHA1 fa0c152e3afd7fa7026b0f688a3c6ea2c27b53c8
SHA256 5c3755a2f79003a4702ee79232d59efad418aa83e30b2691256a44457b0c602a
SHA512 d658b23e0687867f44567ae4dddb1a01cebab15508032ff7336458fa226e592db84217c852eaaa2132226cebd4bd7f74b8144a78aa85f77e979a7a1f104b8582

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/arrow_up.png

MD5 20c4a831398dd9ebd8dba380a2e7857a
SHA1 c6db26860686a65f5f402d29d98b358630c10e40
SHA256 03353442682b665da8ccb439ac22407ed53cb499266361581a818d3b267b356d
SHA512 85ca28c7eace2766c4a5d8c8b1df4dc81cdecb241e8d129b9e43ebdcc2f3c7385aecf12afd02755bba850c19260f07635199ca606f32a8ea0d71355f64e4e423

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/bottom_bg.png

MD5 ffe93c95f1ceef187397bb763c992ccf
SHA1 6b082b7f6c55acd0987611b3b9a5aac9a5b06d67
SHA256 06dcc9066f53227b50faa763aed62944dc8d5a1612beba619caae2b1a81b42d9
SHA512 10693e4df14b0212798817d20cde37c88226353f4389968a81607fe7420244cabe2fb2074627e5194ff2c06cba0cb068598ab5078c0dbf8dbe4928f86ced6161

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_cancel.png

MD5 a7481cc1f04ff397669d5313711676b9
SHA1 6a8a1755f8bae8c1c4236420de731ac5e6479df1
SHA256 7bb0b4de65d49b7256c1083332005aac1f40eb496fe16996657721570b427c0b
SHA512 6cad2566cc0c5b2247a2309180659a883dbdfd7e546c75bdb0683e3102ccc833d63255a5776a466880cba7f7f12666c493e84043c8512ab929dbf357c32609bb

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/bottom_btn_install.png

MD5 6a976eab4bd6a204fff19f363a3e0fad
SHA1 7815e2d7905bb25ecec99c6491e05e498baefefb
SHA256 a2520bd431de7d71c9453f9e808369c694b1214b4d13759fc0a08d5af681f796
SHA512 8f0537ebd9954fe5792421f15e499c71e009d26aeac810672e8d3cce982c4291c64917ca36651f4c7f33f4bd32480c9eb3ee6ee7ffd82d2e08d8147d850ae285

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/btn_install.png

MD5 135b4b02c06ce896c0289c06931523d7
SHA1 219d7fcb9a47b14dc724030a5b22b00e4912c419
SHA256 7bc734fa69ef36df3ed4d3926657a52eee7f8448842586a3320804b7f86c47bc
SHA512 e9ef72d8a52cf365cc0d32d6ac9d333b3fc116b70e87d4279249efbcc0c57bae2951c4c6ecf2e675ab37f6ebc4374898cf75ca3ac11aa3286136b6770d680fa3

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/img_bg.png

MD5 089965b9fb96326ad74e361a9a524e4b
SHA1 528cc6c7a10de9f525919a477c9e20d6b6e93d55
SHA256 d7c9eec30a30c3da3e80d2f7db31ae1ceb542c590f5ce8abaa77f39a16a0cf46
SHA512 b19f99764693882cb845b024bf5ef42121826dc92047532df19ff3e236c5e5e57e1390b942182275cc906fea83c541190325d21c88f70bd1041288b17489a579

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/item_btn.png

MD5 c273f481a2774797a0f67a6f4a042bbe
SHA1 2858e907a559742835b1d820c8fc635ec5f7d094
SHA256 bb44dacdbda4803c00d0d7ef98376a2c3ad17d4c8b33084918a4986c744135ac
SHA512 75ee76ba31b62d0fbf0d17da7db4732664bf083e3848a1c38d82aca70d8fdeda54b3bef06c6df833fb9a4459c7789db2240dc886e52f2d82b50c464d505716cb

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/m_star.png

MD5 590dd3230f50ba57b7a828cf1ad04aa0
SHA1 d8cd7d9cca6d011d3d4f6cea8c76fc3c1a7898ee
SHA256 d67f2ece3ab36175096b96cf121f83b0e44d7bf96fc5c8315b0c26ceb6d53cb7
SHA512 449dd317e61e063b342fe5491f8f09344699ec92a7e46aff6eea231472c55a0ee772ca875f46900de7f20c9d760fe20a662aea42551328c0f3cefe9bfaf82b79

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/pop_back.png

MD5 64e607b18ceed3c184658ad0bead2c87
SHA1 ce0da694a61264c3dc52a42c5e4eef67c267330b
SHA256 ad6e950cabd47d19678ed9e243a954c428e11aefc17b14b03929ff9e7379a7ad
SHA512 a37c72b611a02dbcf6621904e34bd80fa2f0c71b5ff0f229cff91794924d3a8907d5971bc3dddc8a81536e78ec7b92cc1ca4c782ea91bfd065defbd842cdf63e

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/pop_bottom_btn.png

MD5 153c4a358fd2029b62d88c5abc8315f8
SHA1 b8db469b4ed0798040ed2cd7618fb31c143bb733
SHA256 6d7b544ef6694a9440ab7b2fe902a67480f4cfdca37156b12db1ecb4bffd1945
SHA512 7cf959e5fa3bab95af3efe74e56b82d48e393b5ef1b733fd37e2f5f62611083fe58ace340a3b0bfea2227e94cae921714a82bcf64d1bb5834ca73ef088876850

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/safe_icon.png

MD5 5101a78d00419574d0dcc0eb1f4b75a1
SHA1 c4142d79270fddb27f24d6e8e8b61e9837b3de48
SHA256 abe1bd342d024dbe2e1e853af11ce74d2e3d9286a8e44c6d94b4b5e4e7abf999
SHA512 cbe4d2438dbde51d36c19d26afc826d37d8221bd76a6641e93e6c2e6e4e124fedf8dd5ae10c90c882ae0220ce4647d7dd469c53ba5a8c2769e0a4983c5df637e

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/safe_line.png

MD5 1533f88b71966664017deaa78437e057
SHA1 7b68a5bc7a6808a041c05ac7adc5da0fd378aecd
SHA256 ba11714200029dfc64b90b9953f80cdc49f30eaac9bbe8597d949f7a89b52b8a
SHA512 f04b79396404b4cf1cda6ad3ed7af3137b177d0da249d59a818c9a8ddb1e80cd98d078bfee9c352117f8c62303f08c9b3565bbd558a08d5aa07cf07527318728

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/tj_line.png

MD5 83f9aabf34554a65a8f47514703ea69f
SHA1 bc3097db92c0f1821d60779d9b1f712cd0cc7866
SHA256 a5d81d5357d00dcff6099ee28f989711e289cf1e41fc6ef0903640d5ee73fd6d
SHA512 11fd5b05b830a48f658a9767556b8dcdfefc864bbe0ce5278f40c272879326fd03100cf73e2d762c3ae674f2eafc2ae5ea0285e690c4c18c7721ddfeb447bcbe

/data/user/0/com.lzk.weatherwebservice/app_pushimgs/top_bg.png

MD5 17f5c25477711a64b0dac419b8d68c0c
SHA1 475301f9d8143ba1548114d1de9272a18298a5dd
SHA256 b0e6d8458712cbb246fd4022cefee92796e55858a2c4f25cdec4dead894006a8
SHA512 09050759dca1837f59ab10d8c2531d986483ce50af2ab5038aefba3e5255fc8f67db1412f50717022b2c54fc39acc5ceab7ef3dcd51b38a61086ecedb885d478

/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 30b0ea972455b4ec549080b00d89b707
SHA1 65f1971c330b1a89717b8cbddf3b450cb64854d8
SHA256 0e5c1622f0caa03530c2a692682a39f6084553c39f263a58399db3578b47d57d
SHA512 cbfa765a4c390634850df1e3aa4fa8beffc556fca58597b0a3e7a424b83fb8c425b1edff9b6016b485ffc9293c9b8656aaaf28a1ac14268a96937e1abf0f07b6

/data/user/0/com.lzk.weatherwebservice/app_mdexk/ghkn.zip

MD5 efe346aaf6f2c6cdc2cc01fd998a36be
SHA1 c10503e9fe8af53004ea8aeb22bf869edf33a5c0
SHA256 403b42e649dcafedab14f95495abfbc20c44339d8db8e016561f0b75d0e6579e
SHA512 37d9b43af7e4c1e9d37fda8a02024abca915835f780da07cb1679fd7bcc25764ae6b23640e46afe253937e5a3031086bc9cf166ba8f8905b5c9bedb8c8712ccc