Analysis

  • max time kernel
    139s
  • max time network
    188s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 06:29

General

  • Target

    com.nd.hilauncherdev.plugin.navigation_V_15_M_f9116e80f80655ce754d9e54d0da57ca.apk

  • Size

    771KB

  • MD5

    a435c9750bcfc45844495839fe48788d

  • SHA1

    1cd299bb6c3de10d88024337bad42a9384ade401

  • SHA256

    48a86092acb220b35bf26a8bce521243470130fc27ed04e8a2441e8f78872545

  • SHA512

    1b18fe3f946d90e1fd03c965d31b210454338ea0fa1d181cceaef027e08837c9be26e897f5ad15aad587e00a4b9b31675388691ef5c806f24898c781b7959f7d

  • SSDEEP

    12288:Cu2F5fdMgUnub0ls4b5Y1z6AzpXPtVoMWVh0TgdFyTuIAwLa61uz4KAA+aAU:dejM5a0ls4EdT7WVRwyIvm611VPU

Malware Config

Signatures

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.nd.hilauncherdev.plugin.navigation
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4249

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db

    Filesize

    20KB

    MD5

    3eaace755f26ecde173968e6d01712a0

    SHA1

    ca0f5b55c980bdd4a826bcc44bc908a29b062a49

    SHA256

    8e106e1b973c0ee0455b2a9b2944b52e84c33565e1a65b48cdccc00fa37f0f06

    SHA512

    e793668d6d7f43939780c031110f11d47d4ed7d8ecf533c5625704bf40484c3efaf5a46bba343bca1ba85acddc1e0a51ccaff0065af1452e21e620cc9103525f

  • /data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-journal

    Filesize

    512B

    MD5

    98c20dbeb979a43f6c5313ac646e4586

    SHA1

    ed60ab0f5341e94b528205a2de4b9b251f3755fb

    SHA256

    f788bc8d4311fd3d831c5fd0750a0b8c5304da1b3058e3f0f705f03a4581404b

    SHA512

    c654de48f49419651b64d7eb1fa067c3798d5c407080a6b48a98928982828eb166acfdc0085bfce0b2b8cae8bdfbccf62225f97f62e54a000431589a4dc9fd95

  • /data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.nd.hilauncherdev.plugin.navigation/databases/taobaoapi.db-wal

    Filesize

    32KB

    MD5

    411611d12d95f8217bb4ad9a6e0e07b9

    SHA1

    c7ac44f386ee10f41db1142f2a395db79eb3e570

    SHA256

    0143e1a5af3e21138c7cd3e3d49db86754aab9fc2ffccf8c7176f45a3a604cb7

    SHA512

    ee236b11c8c6068d3a6733ac86a9abb576b420308d417e1a7956bc34849add2e12b6e50591bfdde60b82826deb63c02f6c3ef2320794370faa1985d49a0f191b

  • /storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

    Filesize

    3KB

    MD5

    14adace71e0e91482a993c6bf1698756

    SHA1

    614e2892a8a77076e935d1813c4b8c9ccf16289e

    SHA256

    eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf

    SHA512

    b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

  • /storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

    Filesize

    2KB

    MD5

    75762b1d4cf1f49bd6b036b4a4d3d6ed

    SHA1

    65ebf30194b63374e40d81b40839bc694a6c8a91

    SHA256

    046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43

    SHA512

    b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b