a49331e419c70643364f3f6419ca171b91dbd2b7a8d4023fae620ff8d09fa2fd

Analysis

max time kernel
20s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.8MB
MD5

25a12b3e3d69b621f16d6809d57e37ee
SHA1

7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6
SHA256

63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6
SHA512

d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47
SSDEEP

196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

shsh

ioc process

/sbin/su sh
/sbin/su sh

ioc	process
/sbin/su	sh
/sbin/su	sh

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=49 --oat-fd=61 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&com.muzhiwan.market:multcom.muzhiwan.market:mzwlogservice

ioc	pid	process
/data/data/com.muzhiwan.market/data/mzw.apk	4686	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=49 --oat-fd=61 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.muzhiwan.market/data/mzw.apk	4363	com.muzhiwan.market:mult
/data/data/com.muzhiwan.market/data/mzw.apk	4418	com.muzhiwan.market:mzwlogservice

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.muzhiwan.market:multcom.muzhiwan.market:mzwlogservicecom.muzhiwan.market

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.muzhiwan.marketcom.muzhiwan.market:mult

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

com.muzhiwan.market
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4327

getprop ro.board.platform
2⤵
PID:4452

com.muzhiwan.market:mult
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
PID:4363

sh
2⤵
- Checks if the Android device is rooted.
PID:4548

su
2⤵
PID:4591

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.muzhiwan.market/data/mzw.apk --output-vdex-fd=49 --oat-fd=61 --oat-location=/data/data/com.muzhiwan.market/data/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4686

com.muzhiwan.market:mzwlogservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4418

sh
2⤵
- Checks if the Android device is rooted.
PID:4615

su
2⤵
PID:4641

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
42KB

MD5
85d09558a30b56872ec4df7909292387

SHA1
799259262e84952063d2013b843285d4b9865c5e

SHA256
abffa567da8045874417654e8a98ef889f729455aa0e48b11a89b95e386e0ef8

SHA512
3a97ecb531586f8b4d85877a2bfd5878c0b63c99ca12a6adb06d143fc676f67a5ee060e25a730c36eaa9693ab15048782f1810e818f5fd8005c60dd9465fe755

Download Submit
/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
17KB

MD5
d1a020921eff5f91e5900a64bc558eeb

SHA1
f03fec1fb79a3b528aced885a8e95fb0a7eb01ef

SHA256
de8599fe345c0cf878b2887a98d921051edd36de036b5c1d8595a2c8f3738aa6

SHA512
17f62c1182f869511ef89424cbc51140eddfb0e84a8999a5a4da94a6d398ccd92839a2d8a2705b976ecb59efbac90ede5122d3de8470dfbb75ce606a263b8d4e

Download Submit
/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
17KB

MD5
e65188742e10046597a4c648d045699b

SHA1
37b2f1e3e89d3b0d8683737ccae2ee725e82a312

SHA256
d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

SHA512
3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

Download Submit
/data/data/com.muzhiwan.market/data/mzw.d
Filesize
59KB

MD5
b2a8fd2dba92c8f75869f79c70d441da

SHA1
faaf88b3c3653fc205a3a125ccb77fbc87b76215

SHA256
2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

SHA512
a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

Download Submit
/data/data/com.muzhiwan.market/data/mzw.g
Filesize
42KB

MD5
b2371d8d54b7f546277566fa1e650faa

SHA1
6d67805df7cedc3ee0e88d5d9fbdd3d646e557a3

SHA256
aef316a30a5ebfeba719b2d91b2c05aa7d412ec4eb2797b24c88ac8fc1aabb34

SHA512
2f9a16b440652da40755ba347d395b29a77e42461c4c71d43dc1a3e24cae85524329401e113424bdc968b86c7f266caaf5545cf0a238cb0526ce08314014d1ca

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal
Filesize
512B

MD5
c8e99f2d0e3ddf61b9aa8206e39650b4

SHA1
4c2801b9e6a9d382f1ce72e874663b2529b3c31e

SHA256
8c865e0c9032d485e3a8bce399170b6dbc9965c8855b668f43b929336411e1c7

SHA512
a3027bd4c328a05edccca03f731032eb086e6e97f103e4e89c35c1f23d36bef56b6d4877f7398855b013c892faeee73aa358940d4c1fb813822010f9f4f4c6ec

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-shm
Filesize
42KB

MD5
43cabe6ff77bbdd04224e0cd9e776f8e

SHA1
c45f26220707f42a3a02d3915f82e775bdad9352

SHA256
bdd2cf9b9e5dcc988da4210c7af4e11e158b35394135ece9d6b587ff34079148

SHA512
18decf6885c9191a3d141b470c6e8d5176ea8fa2388f5a11641a9dee3bdb4a6e11ffc41be2d305ff074def103451f5945bfa02c342899c7bf02dcc6f36744edc

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-wal
Filesize
28KB

MD5
1500605e7cbeb41516ba21f6ac58c94d

SHA1
470060803486513cff11d2039aa0c18b1fd23eb6

SHA256
701c0850382af917be9fa09f959f6802f66dd4ae7f23b09e08d7fd8cc78e082c

SHA512
ebcb8cfa9e317388ee430377ba1aa6edcaaa4c4430a9b86c524ef829f2c9838a1de0b3e5f28f9614185d68f5bf2dfbb0119d4208fcfc66fe68ac2da7a975cbc4

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir
Filesize
5KB

MD5
72a239b77072f4a325001408279d8756

SHA1
779ff775879ecb0b2f0778ff8311de79b67eadd7

SHA256
17adadfbe797cc54277c3236e9a84568c102dfc63c54ed64d073d02b6424e885

SHA512
9087ecc8d32faf66d91b1f10cddcc7c8cd7d28d28de9014f08413cad8904683d3b81cd75b25892f5342ff4b8f013fb46edf97bde91648ac1dd48d44db7584c7c

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal
Filesize
1KB

MD5
652bbaadf45a6bda1cc7f80336af8542

SHA1
1e10da3785ab32ffa638a84d8f6b7a95c98af464

SHA256
0d5438a9d7bc34db5770882f0002e215280c1c5185c1e00cf477f526ee425b2f

SHA512
0ed283ab88cc1607f0c867cf351003def4b2e62295d7246af74f16d8f6c398a107779f2660d5a2f7aceaf4b40425b02bd8ae99d7438aefac86dfbb9243dda1e3

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-wal
Filesize
3KB

MD5
cc2eefc1076b8bbb1969e6bd73531cf7

SHA1
deee6199ffeca356c42c513f99c4d697058b9a3c

SHA256
77c11d88dc7cae57744b2678bf155171e441185811036bcc329f36f35baa8b5e

SHA512
7e6da3f51de72ce2a22827a00eb7d2bd05f39bb5ba53de1cd086db412e2570df6410dfd919180d7b01bc83740be4006c65eea6e2bb7f9e46e77aacce68b8d57d

Download Submit
/storage/emulated/0/data/.systemid
Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit
/storage/emulated/0/data/.systemmac
Filesize
1KB

MD5
8d789fd59be365c94cc20900b826c0d9

SHA1
a7b436f374066126c210d70ee245d0c82f5b9df2

SHA256
e3a169b7878e215798e23ba7b886bf6364a6476942f0104dbcd2fab6a59c7750

SHA512
f220140085d383cf61975cd48f870437e2c6c30cd45f685f373c14419cf3a0d8a822750651db79f10568a4247b6d017d64c959b5a4c78c67a38236d7c6f1c6dd

Download Submit