Analysis

  • max time kernel
    7s
  • max time network
    646s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    15-06-2024 05:41

General

  • Target

    TikTok_31.7.3_v8a.apk

  • Size

    177.4MB

  • MD5

    3565772148017926d8f6914327ac40a7

  • SHA1

    0d6acabfb4a2fa985f68721fd421b3f5ccb4aa56

  • SHA256

    5d7384ffba61f4cc870f5629b4aff508f4a64e1fe7bbc244ed7647c1e3c66980

  • SHA512

    6c7d8c68410e20f6ab843a5dbc6bc6540a9d1418ad432de6ec6237adb108ee0c684626a091c4aa3add651e779bc88646c65599e038c2f5af4570d1b602e56fec

  • SSDEEP

    3145728:je683aNiQFcxEQNbr+lulUFNUU7maQ8IzQXP0uy3gcuUhCpFsk7vV3yK54z/JIrz:i683aNiOQNbr+sCLLQxzQXswcxhCZV3t

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.zhiliaoapp.musically
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks CPU information
    PID:4541

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zhiliaoapp.musically/files/hk

    Filesize

    1.5MB

    MD5

    ceb9bd6d645c05bff898d73aa8aceec7

    SHA1

    c469c2239bb6255fd58400e3334d38678f5ce483

    SHA256

    7c3c0a32d50ca781a68e758af5570ce9d26c8091426b1b2db9ea40d5783f1111

    SHA512

    8e4eded75dc645132ca8bda8f064bad51070edd80517a6a52da6adc6f9cc37c5f289425adbb9ccfccc5241464e43dccc4b23f0adbd5078054b7b411f787fa447

  • /data/user/0/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1718430306371-1718430307654.allData

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/user/0/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1718430306371-1718430307654.ctx2

    Filesize

    803B

    MD5

    2ee4ef11c5c1938d78369280f841b03f

    SHA1

    d22b36b54e8376c2d5ebca137079a427a594a994

    SHA256

    9402e99d3688145d0e1cc81b50d195976b47431ee4cd343e2583502646363f09

    SHA512

    0c4740839d5a7544a02bbf49de17d376b31f9fe0d5a8b24995e8204c6d328c838714b295f62501f3db773ce85db8d3f6f8e7aecb1593adbd4003349bb1f0b4ff

  • /data/user/0/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1718430306371-1718430307964.ctx2

    Filesize

    803B

    MD5

    5ac1b4ceca6557d5f26acb9fd3d9031a

    SHA1

    17c4a77422b91b4aa8cdbeefbd3d4b0ceb08d70b

    SHA256

    4afdd433b30b976bee02c4ba8af11fb239503a86f412b5c1382c55a7f74bd418

    SHA512

    fa2a6ba2572f370bd833288949d1f57cddd12997c9da74391528663fc44ce3c021f036f618de70805d0aaba40fa01f83aeb416f46a4f4ccab2923ded70b6536f

  • /data/user/0/com.zhiliaoapp.musically/files/npth/configCrash/configFile

    Filesize

    3KB

    MD5

    42e46d0bcac8ae16febcc4a37e3d833f

    SHA1

    b77a17af345712a2cac0465a8f3f1e8b30e5b6c2

    SHA256

    3121311e5cd65744e2945a13998acde6b08d9c73133f5ec37a8eadaecb8dff3a

    SHA512

    6cda8bb01e32786cb3643493ffcdcecd2c12b9b555f2647e6876fda7fc1a85bd1bcd15955c2118af008ecb5edbf7611ac936df5c9d273f743e91d1de671a743d

  • /data/user/0/com.zhiliaoapp.musically/files/npth/configCrash/configInvalid

    Filesize

    53B

    MD5

    0774663f90efe02bc29521d60c39ef23

    SHA1

    138e72975eb6523cd2a3c74474173a28afda4245

    SHA256

    d77c09e1188eecf0f0f7cb7600d1ebb8711a33aa25d3f248a612cf406a922ad4

    SHA512

    dc9aed0a72793ed5d568f71f53075581ea50c7117691e5663ce10e041e5ccdc3a0a807dedff4f74cb939dea8eb8643631b77f81ecbce89c1114fb032c9d4451b

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/app_start_time

    Filesize

    13B

    MD5

    9613817b7ffbace515c905833bdad931

    SHA1

    76784f216fbec5ce101426ce4f5df0bc47ce0e76

    SHA256

    2610dc2e89a6cffff93686068cc660b411cc4ee402a0e9af902bc95756fe92c1

    SHA512

    e3db705f8f77b6d8430558c6dc15c00df9220f522cf367048bfa5c83b05f5aee84e00c0aa706db2e21a39acb98a5add5dd24432bb1f9d032743413bf32483bb3

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/cmd

    Filesize

    24B

    MD5

    50ef9f5a0f3fc24b6f0ffc8843167fe4

    SHA1

    cd9b2558bcf52078c64242e751017419651181d9

    SHA256

    47f7aa1df82bc1b22c8bd4f539f704ea51ca37b8260f02129c096b736f86f104

    SHA512

    351a8597cef0227e433991befcdd14bbf304964161fdbef54d74ea2ee7ffc1374ed4ac3cb5cecf7c3812eab0fe75e6270bb8d6cf790d2eb94f4043c6a1761707

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/procHistory.txt

    Filesize

    55B

    MD5

    514d5b892eb973f57b33ed6769c66fd4

    SHA1

    2d465a294f295550f0007a1c20a2c3b149d4f490

    SHA256

    3beb5922f00b1d29ea1da3a4e7aa0afb4f57de272d9950dfbc7af47fddae8a48

    SHA512

    b1cbca8c027274e8ad9cfaec2401062f653546bbcf5b6e8998a0667268df531c54bea63d59c34f61ab83ff7bf31ade19e6843ac67f83c4a17e2cba47d8b65452

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/procHistory.txt

    Filesize

    120B

    MD5

    701957a7b7f7acfafb13a878990fe0e6

    SHA1

    6ab6b6edec9de409ae9246f220a4026ce9acbce3

    SHA256

    b1442a9c8a49c0fd4499bfdbf6f0d6f3d203370de9c77f0a5638d4aea86e21f6

    SHA512

    5576a5f1b3fabeeff1ab4d2b17dbf7efc71e1c4da72c453c573a3d7d4afa22e89d7e3f2bf862fd112b367d51ae1e35ae0cfa6683a23289c02dc85f062241907b

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/procHistory.txt

    Filesize

    119B

    MD5

    1a384620ed4ac750bb42458c70f4c971

    SHA1

    128717b49c563a2841709b7ccd8fc127252fb236

    SHA256

    16763f08027f85137000349cb648d933050f6db0d2fbdaab38cc6ab6b515d164

    SHA512

    a457438cdb8b77fd42e2df4612aeee0dd261d69cb4f1abecbf09303aaa94b3d3837a36367afa722da467fffcac576d29ec3a24b90ec4560c1d0c3c1d88a72bed

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/procHistory.txt

    Filesize

    120B

    MD5

    c818120b32905ae3389f2309559b1220

    SHA1

    e40f8797590aa40b24b5eac2005a2ced846f49ee

    SHA256

    45018c81dd3d97d8ed6b1dd80cd4bdf03300b484e71d4c07ca06b0cdc0b5a78b

    SHA512

    29097ab760348e0d6186e1ab59ff0704c76ea3e25d6db05a3e4c8e1bffc13a8a301606a9484190d40a28846c58e1fe0abb539974c21514b7eaddae5f6859e35b

  • /data/user/0/com.zhiliaoapp.musically/files/npth/killHistory/proc/4541/procHistory.txt

    Filesize

    42B

    MD5

    8929bb1bff3ffc803547e9aa739328c3

    SHA1

    cdfafa8b1b60bdce289aad939e23c0cdde063eef

    SHA256

    b0bbf87898e5d8671503554eaab521697a311ad624c3ac46971a073542dbbd4c

    SHA512

    59ddf0a277beb234a170810963f13a54cc23df045c3c7cfb58480e414d1b7ee65e7a8bc1aa2a523095f41461b44bee99d76fab07638fb8141c5c0c6a3738d2a7

  • /data/user/0/com.zhiliaoapp.musically/shared_prefs/CLIENT_EXPERIMENT_CACHE_TAG.xml

    Filesize

    909B

    MD5

    62ad4936055b157ebb146f0f02406be7

    SHA1

    dfc37aafde9eca2ad49523c5921e599b1e53b2fc

    SHA256

    ff8907c7bc0511e09a849fdb0fad63a6015ceb17b3530142796da19df7594d81

    SHA512

    ea2e8b7c78f5c2c2e1e3232124ff619b554bf493cf60edd3ab2661f332dcf8e2bd9951a9f364a88d2d94e18317994dde5ba64a6070682b55cd9680f04af72757

  • /data/user/0/com.zhiliaoapp.musically/shared_prefs/CLIENT_EXPERIMENT_CACHE_TAG.xml

    Filesize

    541B

    MD5

    ee1044cb1337fbbeb02af3f5a0da23a7

    SHA1

    d9177994b54e689856057c0f7396952264c1a144

    SHA256

    781f787196cfda48a72f54d1e58bb84e3c89b378c16ac43c81c418f53de25113

    SHA512

    ecef096232a0d5e8e241e1b084654daf2326f74f81af6fdd5beb19740bbd67f247445184e03cc837968b51026124a95934891fe2942dc2bac20d011f61452cfc

  • /data/user/0/com.zhiliaoapp.musically/shared_prefs/SP_EXPERIMENT_CACHE.xml

    Filesize

    136B

    MD5

    b63f0f4b33db794e21a8622e47d8ae23

    SHA1

    78a1caa4989222ad7d390be2b22b115a79869ba0

    SHA256

    70bc7085a1e1801522e300467a6ca5ced14eb16ee38ea5991fbbc209f7fba850

    SHA512

    bfca9bbff6a720bfa57620e8cf347422bf59aafa4961486273cbff9ac80e9c9204a546b7a4fdd8cfba9f5584aad1bab9b90b024f6e2cffd7d20f0d167af4a25c

  • /data/user/0/com.zhiliaoapp.musically/shared_prefs/key_language_sp_key.xml

    Filesize

    116B

    MD5

    fa22ee6bbe623af1507f03bd6d92fad3

    SHA1

    f7629ccf0ede95c044269c748a0a839d907d782e

    SHA256

    64b63ed9c08e7bc28931f6ebcaa1bb87da32a99089869a7ccf3b45408e893fb9

    SHA512

    a4f5dddcaa160763d414ac0990c33a15a2f1ac9a1713187f2f51422e8603a4fe3e1ad030a1f4c6fb5afcfd8986190f1d62f19f2550287e316c8fc42b695115f9

  • /proc/4587/timerslack_ns

    Filesize

    8B

    MD5

    d46bf94e9eb1d22281a71504685082ac

    SHA1

    e4e0629aef7425ba63e897bc471f8625de44edd3

    SHA256

    2ddb67b8a8c259ffaff61a5abdd38f5b5d6f1c6e2af4344c85b17b77af2451cc

    SHA512

    68a1a1fd4de784e3a2e0e956d0a63ac4ca540ef90e7fd9a2ddc92cf68e52e29792db64f6615054a6e5460467f0b7abe055c899136d98ce6ebab3d580bc55ec86

  • /system_ext/framework/androidx.window.sidecar.jar

    Filesize

    12KB

    MD5

    bdf3529e80318eb14e53a5bf3720c10d

    SHA1

    25c9ace4b1af6e80ebb2572345972c56505969ba

    SHA256

    bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

    SHA512

    48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

  • anon_inode:[eventfd]

    Filesize

    8B

    MD5

    33cdeccccebe80329f1fdbee7f5874cb

    SHA1

    3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

    SHA256

    7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

    SHA512

    991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20