Analysis
-
max time kernel
177s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 02:01
Static task
static1
Behavioral task
behavioral1
Sample
9fa43fd208db904f12d5026d4b748c0c.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
9fa43fd208db904f12d5026d4b748c0c.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
9fa43fd208db904f12d5026d4b748c0c.apk
-
Size
16.4MB
-
MD5
9fa43fd208db904f12d5026d4b748c0c
-
SHA1
b3df0451225dbd1e048919a99a16f44b56095434
-
SHA256
7b6be6b7aa437aab2814a34f8a680b83f316f93d533d6ba504d03f3aa43d01cc
-
SHA512
e2e2b7a5df687388e9e873d17a9df1bc70142b915e8c288e2b8d6f91f77ac3f2313265ac7dfb259b1c4f8eafa7ce2f634234aaa117df085b08148cd72fbd4017
-
SSDEEP
393216:R7rv7ESFC3vBp4U3it1cmE9dl2uFPV2TTVPEgkbQUhM0mDdp7XrWtsvHPMWAd3:R3v7EOQT81cnPTFPQV8gwQeLQPMWAZ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.wps.excellentclassioc process /system/app/Superuser.apk com.wps.excellentclass /sbin/su com.wps.excellentclass -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.wps.excellentclassdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wps.excellentclass -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.wps.excellentclassdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wps.excellentclass -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wps.excellentclassdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wps.excellentclass -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.wps.excellentclassdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.wps.excellentclass -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.wps.excellentclassdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.wps.excellentclass -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.wps.excellentclassdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.wps.excellentclass -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.wps.excellentclass1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wps.excellentclass/app_tbs/core_private/download_uploadFilesize
56B
MD5c3849cf2c0f5beba615294a0b52244e0
SHA11e8dee590a8ad56a248a7fbc5e22f8124eaf62ca
SHA256b3e5f2e97e0375ad043df5e7d703b583a73f805c70f230408d3fd9e37a56bb7f
SHA5121d8560f8c92ce0cf7487fef172aaaad844b10f26b41da26c9ec5214336fceb7f1597d2c431928db403e5b8a4b675f303b5a53e0bf07c51f30ea574ddd2329db7
-
/data/data/com.wps.excellentclass/app_tbs/core_private/download_uploadFilesize
56B
MD590a7964f4898299aa159985daff8e6e1
SHA1a189e4e42f0c2f7c8b0e506617ddd440eda58390
SHA256587edfbdfdb3304661a669473ebbac6a387b8da525ddeeaa12c4af9050669339
SHA5120a868c37a6056e58e539a58aa57c8d6113bdb5a7c31e74d73dfea2bab74de0f0f89dccf0eda13e8cf3fc78280435306a733d25558780efd60fdd701ea15be80a
-
/data/data/com.wps.excellentclass/app_tbs/core_private/download_uploadFilesize
84B
MD565d213d26e38314cf2268d123f69d2b6
SHA1e7687584e9ceec005b772eaa5a45270919722c8c
SHA256593394433f18fa73e38ea26296a006f10ae1e32baa8286677e11f15a71e1cfa2
SHA5122987de4b1662ffc762d25d8cceed33a35f8fc5aeaab100e399086d45530c69a4141b142aca3f2b4739eabe0f20a51a03c9b60db89b5fe39e29d48e9db3c8d4de
-
/data/data/com.wps.excellentclass/databases/StatSupport.db-journalFilesize
512B
MD556237f72d3d155d50f9058e00a8c005b
SHA19b33eddadc87c44156eaa800b8d8a117dde9656c
SHA25612b7e59b06244c23d9ad4860c6312c9f4cf00ac75d74c032c55a94b8af429369
SHA512dfb89828e749a24f6c22d2de2d2b18d9300513a53e459e947ef00413f7ac7e438f56e862a3f5e22891e107c3d1423c10ad049d8c5957acbd46b20179e1a43d25
-
/data/data/com.wps.excellentclass/databases/StatSupport.db-walFilesize
48KB
MD53012328a65477466d15f7ac91d9ffbec
SHA13d10ef99cd9454756c0ddd25d9462db2498c4d66
SHA256ec60497a80913de2892ed52509b0cdc97297b8465bfc61edce85ca285b527816
SHA5125542b834d714493024d751c58bc823655e0b128e2073eaf0e741d93f5e98b382af629703a0ec49dd65ffde68fc7202c175bb55f7c628fabf6bbb3f5a344d7ea9
-
/data/data/com.wps.excellentclass/databases/gis.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.wps.excellentclass/databases/gis.db-journalFilesize
512B
MD581341d83401bfa40e2dd6ece2494f76f
SHA19de7b42a6c6b7aabf29811db28202fe174523b05
SHA256e562fb04fdd188c18e54a4db1ec260ce4201f78f5d49151be679ee9fb88fe799
SHA5125cd68c5810da232d916e3756438964a3f60660ac710a45bc8db8493ce5a3b38ea6bafbbf20651c46a2211b3720e348dd3fbf792886f114299f4c5b17cfb79b45
-
/data/data/com.wps.excellentclass/databases/gis.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.wps.excellentclass/databases/gis.db-walFilesize
36KB
MD5e0b5557be8d9fa7f269faca08772c893
SHA135cdbdff0eba08ce7b798edf5029602cb4c32d6a
SHA2564cfd8ce4e880fe286d8173b47424399bffdfb33d9ab91e401b56ed406c1ab6fc
SHA5122005dd41a0ca6d2777e1be0cfc5a68000e56517ab1c64751509e06e6f0924265f4236a0f3d4c75309122b0bc9458e64aee79c32264963375ff7af91e2362bdff
-
/data/data/com.wps.excellentclass/databases/gtc.db-journalFilesize
512B
MD5b5ff06a40c4b00b7136a74503e932fb8
SHA1eea4c00c937a67f1fd89e7cbb02f432be6b71e82
SHA2560aad1030937a067903932f4e465b88e9fbab20554b6b3b29c4de962ea776c056
SHA5125afcefae2dcfafb5c4df73aa359425924fc3a6a1b3805907697d4065787e49f768c8bab7cfe38640010f6bec54842374fc651f1f0dc74309deb59414acb08f3c
-
/data/data/com.wps.excellentclass/databases/gtc.db-walFilesize
132KB
MD523f913b0b6fcb83befd9515787a20758
SHA1fdaaeee4650c75cee3986972f523155cf962106e
SHA2562eb7e8197a67a1ca9e8b86f40e3ad047d181dcaec43554b441eda448b735ac6c
SHA512a95fcb303a692c4df97b42a04c7a7e4e86c10250815325feaa198940cc83cc079319042189f5a9c0c91406867e47137dea680cbe22b0f69d9b5cb7f07c1808f6
-
/data/data/com.wps.excellentclass/databases/gy.db-journalFilesize
512B
MD58279cc851041eaf85f4fa644b9f22b50
SHA125dc6d4b860226330bcbaa2f291d2e65375d13e0
SHA2564568437e447260bfc7e0182d408d57b75eafca090331b68430522562401b3b1f
SHA512625b251f9a9c08c6b12185ddef71d2d2b744e2a82270c525831d02b12562efaf328d68cc27c8b7c00af97ac0858d2cfb6c7e3fbd25778e1883a0c24fe9ab6ec8
-
/data/data/com.wps.excellentclass/databases/gy.db-walFilesize
88KB
MD5665205e3f1c232afe1923ad053ec0e46
SHA1782642aad54119eeb06d8739750e6de66a6862be
SHA25677eed2e2343a01529ea9fdf93cc3d15f1fd1af60d3e27101fdfd49d2b2550da0
SHA5125ea6d8bf6a2d19c23160a4d3047bcaec64aee03d394bc706f69b8f36bbc140e9a6bfb61d0fb225adbafebfd0694660dd07cfa6aa3ff190fddb34c3d97fffa847
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD54087502305dd866a58b4aa84a43ff511
SHA1f43bb5e317279b34b06a156ece89ea4594326026
SHA256c1cd626a3cdd0bbe6897f994df936acd0b7089dacb47c4c60fdd434642bfad09
SHA512adcdf26c1e26e90d4cf382a1109ba08ba6089d8ccad77175f83e2fb63fd11e5f896b9157f936a3fd59f09d00f3c7030b776d54d19f5fc122ca640eec77828a2b
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD5498b6749504f30b24f0b38aab36eb085
SHA1469323dc87fcc08a7b11aecd714089519d5debba
SHA25687c5dac626cb2b536c47d0352fa080b46813a487d7904dd7fc00630327a1e4c9
SHA512b98975ca078a7a6b3242f745df99b81e8110d49911d6a419eb4f8d0dd6b2d4c14d51bc54a64b5d0f36ce1c2876f29d4917a3a547369764d09e879959e0236b8c
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD5acd2ac888f30f6562b94d2f3d6feec2e
SHA186803dc6291b00334ef8169d290f039405f0126d
SHA256c943cfc34500c28fa4741bd24e0e71c1c203607e629abbff1c8063c62b7408f6
SHA512bbc1a0e7a19b6400a297ffb9f4737795f1bd7710f2ddf93da6c691efbf84a871643172a72ed4792a0839703dbc66c37f0e63c9cb50710fab774af6d61caa0514
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD543a1c50fea573e4a653f56b5177666d8
SHA13559c5702e1f8a67d7b96d2c9386180317b315ec
SHA256027b30d3a3392cc34beb89ad37810eaa38aab2d21123b705e3af39f5edb8f4da
SHA5127e87376f0088a67bffed741f86c02e0d2a08d0e6dd8a279f1467bc9879befaf94d82e6b5dad6676f8d2ff68aeaccb6e32c4ab2da0aaee38b98dd55e9ee5956c1
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD5259de726ac50f1dd83ca641eb50e784d
SHA17cd1e863dd7fac3cb1b3ed86f3c7dbe04fa4d639
SHA25659624d313fb65b909c1bf300971f34146088126d37b0e435596a3897c802ace4
SHA5127dc689066b5f99f2732620d4fbfcbe1902862dc86d7eea4ed3231c17e86187acc8487af86b34475f3f60e5bf9b9ed039fcdc0396b9585f80069d820ed744d033
-
/data/data/com.wps.excellentclass/databases/mistat.dbFilesize
20KB
MD57d92808936141f564166685f036323b5
SHA1cfdc9baa8dd7c514e0f437e3ee6dedc8f4294b46
SHA2567535b15795f677faf55346f1bee00e3bd6c3c66b3778dd35db30bdd1c7b9b340
SHA512eb2108510f0d835f8df52e38c4b20c06c744008d1cb4943735112d2606a48076d0bec6f2c39a924631f9232cd678af14956a77e92202e9b5ce346cda9262f732
-
/data/data/com.wps.excellentclass/databases/mistat.db-journalFilesize
512B
MD561f68090d51e78b0c51d9f3d892e6551
SHA135544fa55bb7f068101ff704c7249698982cecca
SHA2568653263978eba125389a0c9ed4e9c032648246e0e7da83145a3eac52d8aa1802
SHA51284cd11c2f114055fc1abc8a5168703679114270be7943fa6928bf3b58e7eea6a613d649cd94d7c53f9fd81a797944716104c2823913bdd493f1ddfd500d2f276
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
40KB
MD5f85a9b5b785529212767b22c35127f0f
SHA14453294871a0a1f5c7e44f15dd532c0c35d28f6c
SHA25682ec74fcd2d410ed13e313b8a55a1ba2a878122290abbc46cd72423ea69f6dc5
SHA5121378eb4bb9148f23c9da69365d2f6ce9752dbcc233c078d1b8f00e891d72b4cb98c307a957cd77afc418ab85d7f84218ddc44a2a410171e3fa0af70c717dd09a
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
8KB
MD5f1fde240ae9df5e0b3ef71925b7b1fb4
SHA126aecf3eb1978799664cb57531f8cbe2b552fd78
SHA25673145c678425cc84ada858f0d0ba9eb30c01f1c1ca140d2591a46f9b96b55016
SHA51252b4748443b396e9950d404b340008588f666e88d04760eb98153ec27d8cd5e7e3cfeb2089f469298bbe3e9938ab56cf983e38ea4a351e619bdcd59cc16e2954
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
8KB
MD5d8984d15f47d74c4d239b2e8bac3860e
SHA15a47f223dfb70d1e8b1e2e2a31b49faefcd78033
SHA25649dac186e8ee6e528850564d863746b05f13b89d30758a3f9ed78c15177c19f2
SHA512c168a8dd523ad9c54bc52d35d1ee31cc02d479e5f25cdca2e79af20b606d851f94dc9c5e7540a870f07333cbf63d7a11265bce037a8da11753e84b2eb6989def
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
8KB
MD505efe3c97b9597479954c5eca4a23ead
SHA185bcc7ecc8d863e71e759d5a35067cdd8fe0f267
SHA256a0d64fe54917cd755db50712b5572f1bdfeac115410855bc986aad3dde8fa75f
SHA51272fc96282a419a48bc6abdcc099a4372f203f1f1e801505e010bce4557dfcf9c1e4ba66e939b882de458baec5a0f64f47f316c5cc5bee9dd77051d729ead7aa6
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
8KB
MD50250303ec1ad78ac459d9e2be7ff45e3
SHA1a60872f8a61f7aef879e7dbe689032c377e00894
SHA256925db9684b2a6304ab623a5abf3b334a133d3ab1e124bd740179b379c051b3e5
SHA512f6c9c7b8adc896802096c3e2280fd13f87d137037f0a88ec6e367ccdf544987f8ebb2a3a3c2bf52cf954a2be1ad1f7b43353f65c34207e47c4106c7722f4134a
-
/data/data/com.wps.excellentclass/databases/mistat.db-walFilesize
8KB
MD5753ba5b85e7024e834855d8d7046e57e
SHA138a9071fc67886c18dc75e00757c5ffafad6c911
SHA2561102bdba7f1cb70ae1c5698247a8c9bda858cfe626168f7b240965e2deff449b
SHA51254ea47217b5e2711de22d9b37011db7192c0b115850ecf2c2007b1464bf088d1270881948df2f4c66e78915c69ca1e0ca95d3ede5a107d28dcbb6cc2e7791c26
-
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.dbFilesize
56KB
MD5ca6d25305d248b23c221033c9ff82a71
SHA156bf08d1b57097686e52764fc9ce2b49ea4d5cc8
SHA256363032039f499836dfcd8fd60df645764dee0086a8e2dabaf8df700bb45dd96e
SHA512509bbf28be291472e4e4f84f79c5de10d3d26f8a7cf101a4bce1bb960967fa163f25474ca5f02f5c489b078e84a208a55338099b7a4e8b7ead6d4018fedc699f
-
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-journalFilesize
512B
MD5c58974732ae9453794531ba9f0136357
SHA16161d63fcdf82e504cdf98f2bd83ab54be1c8c6f
SHA256ef43d59956b32a0d136d3b181d53d7a41f51961e1f36686755c71eef427e5912
SHA5124ebc6e265de287a98705d0ad47ce5a320d1d9188538d784e6d5064b47fb6a1e0a7fdbb905228e69559a44024a9e789bd78e2a0230bc89c7983005440226ca74c
-
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-walFilesize
68KB
MD5e4e011fd9fca41018a49d7c70c804767
SHA137e62275df206fd979d3429a39dd059ef2ef2358
SHA256d054d8241067164a0a8af5837024d33ccde844adabd5247c2e922f1b7ce8b9da
SHA512e168af4c7d28d07879524d38d394a2d0b2332a5bb9e5047b1b406e36a9e9639ea472ea9d77daa5e9b36d9cf96d54ca7d462a72f41680352b57c5b72bd43dd12d
-
/storage/emulated/0/.GidConfig/gtdid.dbFilesize
115B
MD580f006d87f424c116bda92821329932f
SHA1c39bb79596a68901aec28ca085c31c981d62e408
SHA256f19eb05217b692c7bca608f2033f82c5bce843c732d258277b6b23994e295e82
SHA5122ac85cacb6b444b66a92e64cc1ce54941d3a3cd02740562d4097c9de91b7ffcfe642d7ca0d581c4e5dd05daf82f02a0975c782b9a43221395ae872fd93aaf402
-
/storage/emulated/0/.GidConfig/gtdid.dbFilesize
264B
MD5399fd699b80aece8a2c1a8449e43a8aa
SHA14ba40c3962fca3f3bbb1216c3fc4f98baf017206
SHA256529407dfaa4846c3861b960a885bbc6e57826f3e16e0da62378add0c2f6a0b4a
SHA512ad1b62ebaed48ceb2778d5237d4282cd75af9387fbbcd504eb31eb5424047e81c57b80f138901d31406535745cd65764520ffd967759317cf69644615ea28e0e
-
/storage/emulated/0/Android/data/com.wps.excellentclass/files/tbslog/tbslog.txtFilesize
2KB
MD55ba66f89e1fd5802d181b574b89acd15
SHA176010fae9f997a1f2de5cf4bffcb75c0a050cf91
SHA256685790ad786d05b56007a1d3adac9df290234b2615e2b4f70c0be19ddfc41203
SHA512c70b36e28afce2d48c8ff3337c1fb098b6118fd53b8cfd9763a0a63cf8e2762ee2f765cfad43facc82f2af26f5e3f130904cfdbad69f2ad33968b13fe52c7e11
-
/storage/emulated/0/libs/com.wps.excellentclass_.dbFilesize
68B
MD55eeb0bf588b5465ce0f66952d056a5a4
SHA1346f78a8aa308bdddf037acaeaafe159f625bad8
SHA256aa6edc8a51a00e7ce84d6dfb15d87eb746ce9677aef37edb56d904db2040486f
SHA5120abee2e59ef80403240c1d9ba0ad56aa088ef8d11a7e16b5a40e5c72baac16c1a3cdd485088cffffee87578538cef6c39bf75c9f91187ab431f3f555fe936601