a49331e419c70643364f3f6419ca171b91dbd2b7a8d4023fae620ff8d09fa2fd

Analysis

max time kernel
177s
max time network
189s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.8MB
MD5

25a12b3e3d69b621f16d6809d57e37ee
SHA1

7c3026ac9bef20aa6c274a0ae0b2894ed27a39c6
SHA256

63a4443e53422abf80dffa60c088c72921a4d839d4070613427d9165909ea7e6
SHA512

d04d3fd4fa2d0911f1831b29c5b3031cd45349f8b916a1400a1789751c341272edcdb37b20ba468f759962f1aa7da174a58ced8cfaab1ccefa27dba19b445b47
SSDEEP

196608:udfDsgl7Fo3HcMg5+knzUsd3wIm1vM4MY2oNs:eAKm3lO+kz7dg3oGs

Score

7^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.muzhiwan.marketcom.muzhiwan.market:mzwlogservice

ioc	pid	process
/data/data/com.muzhiwan.market/data/mzw.apk	4444	com.muzhiwan.market
/data/data/com.muzhiwan.market/data/mzw.d	4444	com.muzhiwan.market
/data/data/com.muzhiwan.market/data/mzw.apk	4545	com.muzhiwan.market:mzwlogservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.muzhiwan.market
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.muzhiwan.market

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.muzhiwan.marketcom.muzhiwan.market:multcom.muzhiwan.market:mzwlogservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice

Acquires the wake lock 1 IoCs

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.muzhiwan.market
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

27 alog.umeng.com

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.muzhiwan.market

flow	ioc
27	alog.umeng.com

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.muzhiwan.marketcom.muzhiwan.market:mult

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.muzhiwan.market

description ioc process

File opened for read /proc/cpuinfo com.muzhiwan.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

description	ioc	process
File opened for read	/proc/cpuinfo	com.muzhiwan.market

com.muzhiwan.market
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4444

com.muzhiwan.market:mult
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4486

com.muzhiwan.market:mzwlogservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4545

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/data/mzw.apk
Filesize
17KB

MD5
e65188742e10046597a4c648d045699b

SHA1
37b2f1e3e89d3b0d8683737ccae2ee725e82a312

SHA256
d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

SHA512
3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

Download Submit
/data/data/com.muzhiwan.market/data/mzw.d
Filesize
59KB

MD5
b2a8fd2dba92c8f75869f79c70d441da

SHA1
faaf88b3c3653fc205a3a125ccb77fbc87b76215

SHA256
2514431fe50d909ac1385e07341ed8878b5f2400df151df5a43a59b98a31ea02

SHA512
a66893a5bb935dfefdc12ea32c2407cf9d8d040ff82852b415c599beb94d002ce77ec15bbac3f78ae6758a8c7f5e83c799ad84fb8ce2e6763da88a9bb20aa7b6

Download Submit
/data/data/com.muzhiwan.market/data/mzw.d
Filesize
33KB

MD5
b29b924ea036a89d3fe128ad672b44d7

SHA1
de946ed8fa199708a925c144f816a60ce4679d50

SHA256
d9c6e60caf46fbde6806d9a435bf1cf9e75cd079e6ffdf15c7646455d1fc68e6

SHA512
f8706d824ef68815b8ca5cdc01138fbe63afe6c9832cc757d94633c4b140809fe0a5018b7bf825c630870abd35e710ddc521ba1aabae8ef3d8223037537b739f

Download Submit
/data/data/com.muzhiwan.market/data/mzw.g
Filesize
42KB

MD5
c04d422c5a4bf58a127bbf2bf014965c

SHA1
3b1f3f4ad21fe0febe567e5a56996a7e61658cf9

SHA256
7a28fd857e1283e351d37931cc6e23cd6de5ad2fd4d3d23337a6f162b07f3978

SHA512
6cb2768a8344e3da470472ea906b5be2e33a24384efe35cdc3c0b0c24351c3b34444a4d2d6a9e21c48927b85554aaa3904fb0361071c0711841565222253e0a8

Download Submit
/data/user/0/com.muzhiwan.market/databases/download
Filesize
16KB

MD5
b8390048bd31b299472e248b8a7b7afb

SHA1
711d6e64e28199649b22692ef48291974eb78ce6

SHA256
8007d95e9f9cea362d7e6c352267afaba8f8c0dc4b31395e1d49b8f2d28006f2

SHA512
812d1fa18385aa792e0befd8f0d99ebaa251103c6016eb3ee1ee4349000fdd2c9fb6e04b6c6f4fd6da2e6c525f4cd4e70834f2e450622adb151a37630a527767

Download Submit
/data/user/0/com.muzhiwan.market/databases/download-journal
Filesize
512B

MD5
d992fd6e1d9e0f8abb87afe9c33cbd34

SHA1
88b0e35e049a9b3a818887f5171a893067ff75b2

SHA256
f4555c9e37eab3e4a8a272b3622a2cab5bbc300ab91929dfaca502f160aae40b

SHA512
cbadcfda157587daffa919c0d66724b8c39b44c0130bae8ad8dfbaded999cc624797404ba7d8f5a5638ac325235d1691738f345fd53b4be2c033c30001362b05

Download Submit
/data/user/0/com.muzhiwan.market/databases/download-journal
Filesize
8KB

MD5
e31f1cc832bddd87c3e53fd34e87531e

SHA1
ff88f308a15da80cbbb5551195c1209069b3b662

SHA256
fd78daed67036371bfe47f59d173b65cd03a3c3b0ba58ff31366e89ffced29ca

SHA512
3591226dd17897c1884013f6cd1ab231bf5a561df2fe6e197d96229495599c98fa9ffb22e3f4ab057815e8c237b537ade7de1ea76fbdf575c38fcaffb0a1635b

Download Submit
/data/user/0/com.muzhiwan.market/databases/download-journal
Filesize
8KB

MD5
00d832687381e01101e88eaff784fd4b

SHA1
941b854b485184d8721cb7159fe8cd67a54032e4

SHA256
b30affca8d13c15aac249171398e6056e2b294f6207774e165ee9c7da385be00

SHA512
3ea2307af4c5926d03217620b89e8804544dc3f15d5a801695f71b5bd6e629a5522772b59e0345690064c344186a719fad57dd2d6b7510339565d2ca19bd64b1

Download Submit
/data/user/0/com.muzhiwan.market/databases/notes-db
Filesize
16KB

MD5
b7ae69e37a108d17e0ddffe65f93c366

SHA1
918abcf997e5bcf2630767d213d75c4d6857ff9b

SHA256
ddbbdfe580ccd820fefefb814ecb050efe134731aa6560eb803171ff497c73d7

SHA512
19a5f278ea743bb61b402abfd5b806656be873de3caabcc3519eea6d2481abc2a6f205c102fedacadea615755e107a623313aa9b896234d4ddb06a9d6c16ba56

Download Submit
/data/user/0/com.muzhiwan.market/databases/notes-db-journal
Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit
/data/user/0/com.muzhiwan.market/databases/notes-db-journal
Filesize
8KB

MD5
b916ded70eec29aeeadbdfef073269fc

SHA1
2e2dbd56f030e721f7ed38fea83e3c454a3b16a2

SHA256
5bb4a14f4c03d5b953da538b4907edf31f273a89b94b4fa11cff2c193cb24bbf

SHA512
607a3e930306d40e2b71d4d3cca77f4178f2856d4da439d00536fbabde759efcd0f587c9908f06dcad873effa4a1461216439af311b77ecd0dd39079d8406431

Download Submit
/data/user/0/com.muzhiwan.market/databases/notes-db-journal
Filesize
8KB

MD5
37091f6ceb115c7819eef75945856c14

SHA1
a0d83b85dfe9f8cc75ad59b5dd8c8875b523d787

SHA256
c9f272b3ecf7e667347cb75b61367c4cabb264a1ecb9f61e1fd13c4ed34714b2

SHA512
1b96965b6d016fef4b9c10549419a59cc4055c20035f8539b34993ae2419407cd6f25dbcdb785cb5ad7eecb0486cc3460f189e5a9d02daeb5265406c1ba6f996

Download Submit
/data/user/0/com.muzhiwan.market/files/.um/um_cache_1718349895612.env
Filesize
609B

MD5
7d4bc0225d727d1bbe673456aedbbd94

SHA1
f3c7c7a48103ca6e4c0eec438759f4bc998966bc

SHA256
f2bfa31ae7da87d821874f8496ccd5afa2de9a78db0031c3f892faeaffd213aa

SHA512
91958fdf44a7bab99f5d323b7c0de885539b4e108a9f94f212617194fc95073b1d4f082043195775324a9b4790a324b45f509429a674a5774dc5676b7bd181d0

Download Submit
/data/user/0/com.muzhiwan.market/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
004fe4091edf87ce0c6d57c58a373deb

SHA1
52a44d5e5361cc443fb16ee502e573179e56c10a

SHA256
8e49c25dea982520e573079767d5a5921cb0427db4bc673291fbada0d8435e70

SHA512
14faae5c0b4440d4f8d51afdc2bcf3f8705b4c13e4f37b47fe7221b62b39bc4d6ae836cd6f130291998bcb55d242ec0b742e0687a084b93e1da3a61041e3f61f

Download Submit
/data/user/0/com.muzhiwan.market/files/install_file_dir
Filesize
5KB

MD5
a09ec250f84f4417b6ed98615552c669

SHA1
18f292042e86b464d33dd72d99f34547a8bfd6a9

SHA256
2da45ce16e8ba4b4326f0b34c1de5a9f1b10c91c2a42b212688cb7d6784d2e5f

SHA512
238ce921635d02d7af87bede401cc261499542b8aea7c885e90f2cd4f5790710944c78f4e988d3cb20d024b3e5eb783f1b41821ada51c7d7167aad44b283d8c0

Download Submit
/data/user/0/com.muzhiwan.market/files/install_file_dir-journal
Filesize
1KB

MD5
d305dc6a6e1b2bde0a225387297573d8

SHA1
fa26199c191972eab02d119b208cd519e058a955

SHA256
bec01e81ef860e0b3ba10a1b25b464ec0f774b2c449bd1964145b5d231443e7e

SHA512
ebc19246298be22f73e880bd3fc69f747059624c71fe0ca86b1ef129261fb1969adf2f66e1e2601c4b12e96715ad57da2fcdd983f6480109c203d78e4267f4b3

Download Submit
/data/user/0/com.muzhiwan.market/files/install_file_dir-journal
Filesize
2KB

MD5
87747fd1490a024db71e30b44d071515

SHA1
7aaada351a28e2ccc670256cc752d14339bc0615

SHA256
d08d0617f7df3f3421a7bffee224b0e5ed8689c3ce5a63a3b9d0eed9495f29aa

SHA512
3bc563ebb8792a3885cd7d223e823a9f063d0cb8a3a29fc0059b2a4c3c02a8dc79aabb72c1c1b5ac8e9cd29585b865f07c2f09e4c594667c41b31728328f57e3

Download Submit
/data/user/0/com.muzhiwan.market/files/jpush_stat_cache.json
Filesize
139B

MD5
5c5b3be6f97d5c6b555069825c6c38f0

SHA1
a4273ede17d86862cffbf193f0ab5665167e4500

SHA256
dd53ba75e07809b1633eef7d6daf754c38c9e48295924ee372476b2382864f5a

SHA512
2d35f88cf7a612111e1512cba78d7182b694afc8c3308048032ba08ad5ed8910830d0876f38bc0e635174bdfc943a94533ce1ad463f1dfd3dfc9ac263164d9e1

Download Submit
/data/user/0/com.muzhiwan.market/files/umeng_it.cache
Filesize
245B

MD5
73ef8171bb2f859272df8fa160ac017a

SHA1
86b63380868269582d5698360c8606c383dabfe0

SHA256
b7a40dcf023c9adef1888d3ef576e716c676dc38b6b65c9ef502a65e0a30fa40

SHA512
3dbef9fd918593321a6c7af4de9175a0063214e43858d63a9864ccc815c20f6236d0f0be0274857eaa2f4572ad632e63f0e7bf4afe6089728c42325092abc8dd

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
18d66f630e964f2c8b92f5e9b81a3a83

SHA1
e83bd3a2bfa6164662675f5eb23a3c22432fe72a

SHA256
aa30ca487110b3debbbdc45f538df27da667ae4d5351b1fd6e045db835ffa753

SHA512
585638b4f9c0063bd507a67d46370aeaf1c3700e9d2f978760f8bab51361c1d5489c19f07569d8a490285a7005e32b8442a4e5ffc827d3dc98a42192a7c6e573

Download Submit
/storage/emulated/0/data/.systemid
Filesize
2KB

MD5
6540ef6a00974869bc23cbd4d4f7609f

SHA1
917b697157233fa84542041ed4c41a2804854b26

SHA256
9047ae77654abac4347b98d18f90b2d45b66dabdf5fe6d586af66a843055b35d

SHA512
7b4a040e014b1eea92426482c7152575cb3d1ec8a7aa6f23454fa065229102c0b96fb941fd1c3fde4adabf1b18dc7882deed766de9c78ca9ce3406520d3115e3

Download Submit
/storage/emulated/0/data/.systemmac
Filesize
17B

MD5
0f607264fc6318a92b9e13c65db7cd3c

SHA1
c1976429369bfe063ed8b3409db7c7e7d87196d9

SHA256
c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a

SHA512
9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Download Submit