7031ff31e01ff7edce3f830ef6bd2e83606b4c1898264d4e16261c663042bc2c

Resubmissions

13-06-2024 23:42

240613-3qcpkazbqk 8

13-06-2024 23:38

240613-3mwm9szapp 8

Analysis

max time kernel
12s
max time network
1853s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shopee PH_ Shop this 6.6-7.7_3.27.09_APKPure.apk
Size

229.1MB
MD5

c0982b9a45d3249372a069f35c530d48
SHA1

211e6c454f7adf9f0b7547f4b35ec30cf3b544e9
SHA256

7031ff31e01ff7edce3f830ef6bd2e83606b4c1898264d4e16261c663042bc2c
SHA512

38144db25fe4fc3a4d9986e40f9eed52016366ffa0f14e1bdc99f484fca721d2399e0e93d9720703d8a997039d6553e56cd05ef79923884c5aaac385d3e5648c
SSDEEP

6291456:om+xTdJkhc+TpYke9WREzFN5GHN+RppFX08ym7sHP5KOV95q6G+0Ma:oZdJkbpYkeoS5+MrX08QHXvGt

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.shopee.ph

ioc process

/system/xbin/su com.shopee.ph
/sbin/su com.shopee.ph
/system/app/Superuser.apk com.shopee.ph
Checks Android system properties for emulator presence. 1 TTPs 2 IoCs
evasion

T1633.001

Processes:

com.shopee.ph

description ioc process

Accessed system property key: ro.product.model com.shopee.ph
Accessed system property key: ro.serialno com.shopee.ph
Checks known Qemu files. 1 TTPs 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.shopee.ph

ioc process

/sys/qemu_trace com.shopee.ph
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.shopee.ph

ioc process

/dev/socket/qemud com.shopee.ph
/dev/qemu_pipe com.shopee.ph
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.shopee.ph

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shopee.ph
Acquires the wake lock 1 IoCs

Processes:

com.shopee.ph

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.shopee.ph
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.shopee.ph

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.shopee.ph
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.shopee.ph

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.shopee.ph
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.shopee.ph

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.shopee.ph
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.shopee.ph

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.shopee.ph
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.shopee.ph

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.shopee.ph
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.shopee.ph

description ioc process

File opened for read /proc/cpuinfo com.shopee.ph
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.shopee.ph

description ioc process

File opened for read /proc/meminfo com.shopee.ph

ioc	process
/system/xbin/su	com.shopee.ph
/sbin/su	com.shopee.ph
/system/app/Superuser.apk	com.shopee.ph

description	ioc	process
Accessed system property	key: ro.product.model	com.shopee.ph
Accessed system property	key: ro.serialno	com.shopee.ph

ioc	process
/sys/qemu_trace	com.shopee.ph

ioc	process
/dev/socket/qemud	com.shopee.ph
/dev/qemu_pipe	com.shopee.ph

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shopee.ph

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.shopee.ph

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shopee.ph

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shopee.ph

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.shopee.ph

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.shopee.ph

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.shopee.ph

description	ioc	process
File opened for read	/proc/cpuinfo	com.shopee.ph

description	ioc	process
File opened for read	/proc/meminfo	com.shopee.ph

com.shopee.ph
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4237

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shopee.ph/app_lib/libanr.so
Filesize
341KB

MD5
56e7b64102f0cd7c3a5a83ef02aa2660

SHA1
ef38f3b1b89aadc29fdc9060e2547bb4ba678bf4

SHA256
8ccfe4b01adad16d175ec77ba097611cad3afd1e0b437442bf749339b09b7701

SHA512
c7c2382e61dab17a84125cb12ea55a2d80d24e1aea973db324b5be2eaf017984094dca539a02de35128f5e5d3c2a62669ffb2de9c543434d3ff47e952c8cdb28

Download Submit
/data/data/com.shopee.ph/app_lib/liblinker.so
Filesize
109KB

MD5
dc3db524f96609dafba7f00febc00a9e

SHA1
a153492027abf341e8436c620f060a1ab7270284

SHA256
3b0f956bfc86940a46628c69636d4362585e67c69d511831642af261dcbbf144

SHA512
1260cc8601b627d47e050d617ef5cd9dce3b9d29c1e01577cab78b007913a5fa4717cc23fd3ea44acf2641cafdcec91c58602bacf1702775c4f93aa6313d8ef9

Download Submit
/data/data/com.shopee.ph/app_lib/liblogger.so
Filesize
3KB

MD5
15b454805616029b2d06fd89e06f9fbd

SHA1
04f7e1b12dd64099e62051bbd0b227e53f3f3b5e

SHA256
50b5046ef21e53f41921cecc411edc2c52ecdeda4216f734882fe85de50a361f

SHA512
c508fd7dab130bedcd9b3aaa8cae4f0bbf4d28dba9fc687ab76270f9ec3e9cf8e8064753fd34f6b45331fd70d56f3daa0a4714ae6b831916e450ab3efd691505

Download Submit
/data/data/com.shopee.ph/app_lib/libnative-crash.so
Filesize
146KB

MD5
7b1495fa8b7ec87add2fde9c95a100aa

SHA1
1ab2d523cf3fc55995a73402efb91aee98a1eb1a

SHA256
c76e615c21eec72e4b24c928638c63b5b9935d5a78b5a253f64cd3a811cb0c69

SHA512
8ba913d0ec44d16b0730c65785684c2ae111f1428e618e6006bda5c1659f229aa493c75a218f950835801f606bc24f054482ec9b60f07977cb10172a8e791686

Download Submit
/data/data/com.shopee.ph/databases/DBFriends0.db-journal
Filesize
512B

MD5
39bbbb82d0484f86ebad976ddb7fa445

SHA1
69d8d5da21251cb657e3c391fceee3a3ee1d2847

SHA256
c247babdd58840863ba2e0c7a33623b225f394bf52f6e52b1038b4bf7ee6c779

SHA512
ae4b16ea2d96f95215fbce0181e2f28c578a481f7bc7df3e90b3536a95a92889a5125ba6d176ae17a50f6adc0252a1cec51bd9bcf668f12a7835c35f9dca7737

Download Submit
/data/data/com.shopee.ph/databases/DBFriends0.db-wal
Filesize
16KB

MD5
841deea0f0287458a55b5bd7874e3d8f

SHA1
77c413b46c6ccd550e57fa1becfd15e6dc175859

SHA256
65ba762318f85d013b74f4a54dbb101174bdb0d95baba729f068eb00c152785a

SHA512
853fd7ead0515b2788a10c524737d9cb46e29191db2d62fc00d6943cfa3e946c688bc94945c806077de10f8e96c01cfe23425a5f721fa8993cbdbe787a1a385b

Download Submit
/data/data/com.shopee.ph/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shopee.ph/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
048113ae7e13c03bd6d850a1f1fd98b0

SHA1
ea47a44625122374266d2cffa58fe6f331c067e3

SHA256
944ba78bc3a381acfd8597b7df91ce2359713edcfad62823d221b0cc48fe28ed

SHA512
db4ac69333475eb7b6f8bd9bd9881a2249a355719edccbc3c6bcaf32ce29b3534e3a2fe5abd2340863c3dc8f318ba0b707275bb4724641f780e36571e1343d3b

Download Submit
/data/data/com.shopee.ph/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shopee.ph/databases/com.google.android.datatransport.events-wal
Filesize
68KB

MD5
38f773149fdc08f3d72975449f1963a1

SHA1
4ea2c1bda301d0b5da8c7e8f4b9866c52a1786b7

SHA256
3da759172cbf9b759fbe569780c042ee65d18e33063dd85a553fe5fe006cfc04

SHA512
d8dd5bb0b956ce5822ebda5df343fa70b419e98fdf302608a756f85eccc672b719e424af04c685a61c9c95663d9d41492b087c48d93ef232dff6205c59b2048e

Download Submit
/data/data/com.shopee.ph/files/.com.google.firebase.crashlytics.files.v2:com.shopee.ph/open-sessions/666B847E03B20001108DAB6098C7DB68/keys
Filesize
37B

MD5
e8ab329d2430610d42422f664ca97e9b

SHA1
bf8ff0d69c7f5e05662f763e8b45a4d2e4694308

SHA256
bbc15a937cb2af08ccd3e6e3af02cbbe7c40c2b420b2659c907ed808ee814b27

SHA512
ec3d9fbfcf53198e218d50aacaa1b5fb4e9410c98ea519566e80fe0e42810fa0c745248f46ca53b97e20ced38e810dc2269d5232e04f73ddc7629c4980798575

Download Submit
/data/data/com.shopee.ph/files/.com.google.firebase.crashlytics.files.v2:com.shopee.ph/open-sessions/666B847E03B20001108DAB6098C7DB68/keys
Filesize
301B

MD5
4583e580e27cb4db5855bd9a95396fb3

SHA1
121942ad5b41f382a23b12253a40ff27ee01978a

SHA256
d2e101d89caca1885741b34817f423ff7f6ffa8ed53a04364f19c13cb6ae360b

SHA512
1d71fbb937b0ac5ea68d1f9175e756604e5a7b486a554cd6fd06446a5d69861b838efb279f8919a9147676f4023ba54913c54cd87b4274abc411acbe70cb500e

Download Submit
/data/data/com.shopee.ph/files/.com.google.firebase.crashlytics.files.v2:com.shopee.ph/open-sessions/666B847E03B20001108DAB6098C7DB68/keys
Filesize
323B

MD5
cf66afbc3b4d2025771a8e7914bae760

SHA1
d15f875a5d77c08fd0cfae7b25b5ac42df84cdf8

SHA256
1fc70f541b77389bef346141afc9882a51931dabe2d81fd90ce5dbec9d80c5cb

SHA512
52b5d3253ed164a79756bd1219756098e3dd6059c112abdaa9dd083b6d650cf05dfe1a3d1db046d1f91129989eb5e7c072f2cbe87446dbfe076ba7d707f89ff9

Download Submit
/data/data/com.shopee.ph/files/.com.google.firebase.crashlytics.files.v2:com.shopee.ph/open-sessions/666B847E03B20001108DAB6098C7DB68/report
Filesize
777B

MD5
75ccad1e1e95bbeab6d3acd1fecfb2cb

SHA1
9e83f0096d63ff1f04a0d5d236d9b72d66ceddcf

SHA256
947267f9284fcebebe6c761064471be59b527eecfad8fd4a6b7ceaa2b94199e4

SHA512
ab06d26b07fac919a4c8ad93d39eafa507cc38ecbad35bf21b07176a8ffcb6f431c5460c508dbcaedd3a02abc5e120e9297d3ffa9ce6753505fdd5ab82920246

Download Submit
/data/data/com.shopee.ph/files/PersistedInstallation4158837902810629062tmp
Filesize
90B

MD5
52f8402ec66ea1e34c6390994624db90

SHA1
40de6bf48c004624761d2540267bd0875b10da34

SHA256
ee79a27437ad6660d3cc1edfb5d1881c44ec76307e96f42ef92c2e06b1aaed3c

SHA512
2639e0e99ab1be9266e29521ac781cecf52fe04e69cd69f9fbc129dda0f2ea1a0de12d4a9a5d80f4e8869347ebd1408bb143a19f0c56ddfd5acacccdff252aba

Download Submit
/data/data/com.shopee.ph/files/mmkv/alpha_launch_config
Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.shopee.ph/files/shopeePH/com.shopee.app.application.ShopeeApplication/sp_xlogs-cache/shopee.mmap3
Filesize
150KB

MD5
06ae8a01d80da962c7987c264af64cec

SHA1
63a497994321f254b535a846ce89f076d4e378ee

SHA256
0c5cc90b079d0d9c1ded1376357d23a9782a704a83e01731f50ccd162e246492

SHA512
8720928fbe7cf8351c9dc45cb1a9c8243939c7e3c9c6957d24dbe18c0819d05ea7475e3953018f0365461fb2987ad68d8ec9f59b03aef3adbd3e4ae8ebbd0427

Download Submit
/data/data/com.shopee.ph/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
6b27cc80a507d90d2a1d9db65d215307

SHA1
8913a7708c4fa30267fcc4edb3defc1b5db6dd48

SHA256
ec2e6c1bff19c1af6d338f928c013403f879963c75102ae8b81dcf3b3e1bad95

SHA512
f25a49c4b5009e0653d042f70363b65a2215be3d794939aba1f3d2df798234a2d9db21bbb474bdca122a797c112fcdc658b4126dd1172ac884bc462981f81ad0

Download Submit
/data/data/com.shopee.ph/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
1bb093d8d2b7c8a8fa0bc2ea015efb30

SHA1
d576a08ae8df8937a1adc2e9751a2f2c048a4246

SHA256
2ce8c572f64db8f836f1d91a876180a3e097dab5680b94d9f0d5ab628d46af14

SHA512
3241c3c8a35095cb6e794e1d607314586298ba603151e4604c908ede9d5c43a1d4b0ffafe86b6cbe9789a85030929ed9d5004cd80c31bc0dffd9a8d64b7a16b2

Download Submit
/data/data/com.shopee.ph/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
712c115c15f5b42f32ad33c1c882bffb

SHA1
c15d53d206551474e75896ac4962d4f2e24d8d68

SHA256
7976c75e5ca65a6e9b4d6d4a7cc53cbdfa456125f98585ddc2de6e68a299027f

SHA512
5ae096d97b7bf6f6383449a44a58147ee65700b5004362d4226950a0b6bc70a358fb05abc052fb463f70506d0e7bbc62dbf3081bec38eaed190641d0c08451a4

Download Submit
/storage/emulated/0/Android/data/com.shopee.ph/files/anr/portal_info_stub.txt
Filesize
86KB

MD5
a279f64af5dcfcf317fb487f228c75dc

SHA1
01917b4ebf68c07ed8f09da9c1315a002c4d099a

SHA256
d0e7b6ea4a526898dabb9f0f4c0cef65e98f24713974614f475457c3de8eea3c

SHA512
ce5de375f01d761aee102c12dbde6bcb1c1734f9fe5c4952280f22fa166cc4be4dcfcf98dcbf1d10f4c8b51f81ec181322b315926212255158caa7f334a5655a

Download Submit
/storage/emulated/0/Android/data/com.shopee.ph/files/szlog/logs_sz_20240613.csv
Filesize
4KB

MD5
45af7795a2fc550f9cdab3dc2c2a51f6

SHA1
c1da811f516de9796d3ee8212722946f8f68269a

SHA256
39031dcb1c9109b59dfda318adbc0d7778c5bcd4ce18b38c761bcf8b0af09c91

SHA512
7e37fc07c2bf9719ec48037ad50a4ad082889a008ff521ac2f8b59f8b15db545305209cbc7800866c5385f868c30636e5784d9c1c6637aa3774ef9f8b62e59c6

Download Submit
/storage/emulated/0/shopeePH/web/cache/journal.tmp
Filesize
31B

MD5
d6ac8c8db0504502d7f0e057a78c5ce3

SHA1
8f4cf91a262b24ec9c1a6e7c41fd6d16b6623bb4

SHA256
8f22a32cd8de58916041d1097976f2b9c80f7e9a18593d5a6b058bcaed17e22a

SHA512
100e74f0c65b51a17de6eeff96d5c38bd6d40e3c8ee00094fd906ba5794088fe1ad6f3a15be196480384cf01399ea26665a05471404f1eeebb0c82ae6fb104bb

Download Submit
/storage/emulated/0/shopeePH/web/dfdata
Filesize
33B

MD5
010e304f6d3343c7d3557e8acea9ad9e

SHA1
9af4d9e9096df9ba66490b00b16e8bbd4c915a2c

SHA256
9d86af5565946b7bbf509fd558ce7663a0c83bfbd9ef8d7f25b7c4e897b8d293

SHA512
68a98052047057c01db9ec212167e06f952f5f05f51cce59d259fcd8df2a9f9d000c927b31d24dbef081aedb32e37aa8fe710988a7a9c002d6d1f1b75e679ae7

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads