2d405c4fd7b9d77f59dc0038773fe90b73ab4773ccb682d180b100e35b4e3a1f

Analysis

max time kernel
65s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vivounionapk.apk
Size

5.3MB
MD5

745f33bfe95948c772dd8f546b997fe2
SHA1

d1745d2686d422d73f9f59430538814c1f27497c
SHA256

a9d25bc305575b722f679670cc37e15a94e84fa224eadc47fa51292064048c0c
SHA512

4eeb93f6f7f578d2a281311a1cfc05a315c019fb625b3747f1f4bdc1ca2090a7594b7b82986f58dd753a89275dda73b98b0783183fb784085bdd5fac044f4309
SSDEEP

98304:JQnf69L91Pqefs8he9EIOOX03JnJjnU15rhZIjD0e+ilK4YGNZ:JQ2fqiC+HOE3J5UJi+ilH3

Score

7^/10

discovery persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.vivo.sdkplugin

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.vivo.sdkplugin

com.vivo.sdkplugin
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4305

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-journal

Filesize
512B

MD5
0d246bc6da96dea9c4d45ff5be391f9c

SHA1
0728011e0ae980cd6c7e21cee19b973b93caf0a0

SHA256
b335f5e514eaf15ac726a26d9f862632bfbea213e89f0c38d70c9beffbdebba0

SHA512
b516b04edea38aa53e09366525f45f88bdad7030965cb3c7b8c71e4fbfef9fd61be0e544dd02c483e645bcc37983a0e9a3749806edddd97432b5c24c193ae8e1

Download Submit
/data/data/com.vivo.sdkplugin/databases/unionuserinfo.db-wal

Filesize
32KB

MD5
7373026107e17ef5cb78814a6c7e3907

SHA1
4fae035659528f39f371d1f1a7ab91de9fcb5cad

SHA256
7e47c72e6f8a8d4495e138466bda5100284e21636b20e0f7dca6b3ee81b92d6e

SHA512
867f2e322139f5e3ffb4a0413236fffafea6b2a34fc234164337af6c50310e7940ff96431f7913eb4d69dbc89c51a576e337e4321e985707d697f6a05ca35a73

Download Submit
/data/data/com.vivo.sdkplugin/databases/vivo_union.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-journal

Filesize
512B

MD5
793efa94e5594eecf2c1bc3b86ec5c88

SHA1
2f2299b47074cf62f23a895126e684655aad0fd9

SHA256
7fa98d03f1ca8c295096516b796d8859cfecd059b99513b9b3bf5b9e04b0b761

SHA512
e12ca1b3dc608af8f681757ca141cf0096f4fa15f266c86b1527944908a9f7b72098fbda4b7e42d14abe2f641c5a7a021b723f0a1bdffe5c7e950e537570b986

Download Submit
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.vivo.sdkplugin/databases/vivo_union.db-wal

Filesize
28KB

MD5
82f54132a754eac95232c646d1d7e714

SHA1
f1ffbc2387467be007609ce1604e143855c3d430

SHA256
7bf68973aadbe114115860d4ebb03cc10fe4a4b12f2e7870aca5e8b0ddc8d612

SHA512
43789eefda7230340541327633b632789aeb13bacacbc6dddf4f73e1b6550effe9d66dab86694621ee696cc56df5d0f1b073f0a401ffe704975f05b86379582f

Download Submit
/data/data/com.vivo.sdkplugin/files/vivo.crash

Filesize
558B

MD5
0e1835a166d8e67b51217c8688cc1444

SHA1
043948449b2aafb2b44cc3b0d2151a2039c7088b

SHA256
80a3659ed5d30675a9bcf62caf886113bc02d57093842483ee54e426d8749fc0

SHA512
811438fba5fe68b9eb437bcd86737a06449f3c3d723e07d4e3fc38996d7eab3d070c528f919456043bc57d1fd4741876d4f4b20dc018bff9f302ff0b563d368d

Download Submit
/storage/emulated/0/.vivocrash/com.vivo.sdkplugin/timestamp

Filesize
82B

MD5
83abef49ae0975e7a5fc34bcf39a1752

SHA1
4c37b316ed212f3c0f3cef1c2a7f29a116165a63

SHA256
d115cb16f6cab304711115476a7f6796471ac8eb3842a849f36b67fa55bf244b

SHA512
c275f4784eb1c1a38a642fc6a9173778401fcf2c1d948d9465b313a3361c1c9f08354bde4b2dba1a2d88aa5c1cca0529487fd15d6541d273586377a53b8d6b66

Download Submit