Analysis

  • max time kernel
    174s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    18-06-2024 14:06

General

  • Target

    2.apk

  • Size

    1.0MB

  • MD5

    2ba0797d94fbdcd6307612b88d5fca15

  • SHA1

    2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0

  • SHA256

    78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88

  • SHA512

    440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d

  • SSDEEP

    24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH

Malware Config

Signatures

Processes

  • com.goyourvafly.classcial
    1⤵
    • Loads dropped Dex/Jar
    • Requests cell location
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4441

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    86752a4be6564d8370f2f0e403995003

    SHA1

    29f7d50675f6e59f3b808eb6dcc8619384412115

    SHA256

    50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

    SHA512

    79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    4cfe777c9f6e7859f5efe2197401d8e5

    SHA1

    bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

    SHA256

    c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

    SHA512

    6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    66306f13c30c9892f3d7e95b2590e52a

    SHA1

    4898e6b75e3a6151919b0c31e2e508ad101b65cd

    SHA256

    5419988155606fd58b46525726e0fffb166ea90fd79bcd4c0a9b0617eb3e9e72

    SHA512

    dd0889d0223b1230b7e860700c1c2d1441c5254f8e7ea2a5c64c02d54dc0a2ea1ea48d28cce73a69af89a2c08a50b0d9d6f3d3fad483589c251f10173c88600d

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    7ed0c96e68eaa006520451415438f51b

    SHA1

    ceaedf265c69edbc5823380c7cddb5e8858b33f9

    SHA256

    accdf798281fc2b9769330cf4ab6c8a66b0eddbfc2be47915026fc216930e067

    SHA512

    6ec90d96f2283c0577fbf3bf22a6a69fa541d92b85de6a3f343a3ae6c0e5cb718e8d1015d6a78104ad60734a9c8cb916775cb01fe8cfae9c2453f69a94cc7d03

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    4d5a34c5c707b7bfc895ccb150c44acd

    SHA1

    ff1eb122e3a43d30b48c1abee40b02587a657ca9

    SHA256

    9055406336819823160dc757c41a53f3a6d286d2a9fe267f841e37325721faec

    SHA512

    9b5ef97ecf6abc127f8bed763146da07542171c787f0ed25d3d0d1149c1303f8e6177224316736b3bb0a03f3ee7fca9d8433f602fcccd9be97bab8d0f03bc341

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    cfe80b443f8d77a0482e3c6651cd6684

    SHA1

    e331d77787b180ea8f4e64a76675aa54b0bc47a7

    SHA256

    36975d28bab6eb081984822d411c95410f15937eaefb04462ce3bbe2e4a5c5ea

    SHA512

    18b8dcc8089eb5715d97ece82cead57b4a48d3ba03e383d66b963f928defba6ae16e0d7678b848d7062fb44e2fd2856049f9c8fb50f22bdaad95818556aa6fb2

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    ffd0b478378554145b613f5561fd17bf

    SHA1

    b37c0e8feb4b39f6f9725a32181123b2829d3f90

    SHA256

    287f6b41a399bde1c8b32e5f53976534d2beb2b2ef51095eed5ac88fe3704377

    SHA512

    8bbbfefbaf470ea067d4fbf45af4d1a6b83477ffbab7de88051085eccc006366b4d521074317acc8a3a2a78cf6af11e606fc901a15f8803db9387e58e26adad3

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    12KB

    MD5

    f09f02f6764764341dad947748b3d277

    SHA1

    e6ab96ab333d65a7d757b7d6d40b660444d83c68

    SHA256

    294adf42ff41ce100fd06a95bbb077dcd22c07fb89d8e4074d8bdc62d569fb79

    SHA512

    3e241e6fb5f9ff80b040b9dbe2f574e08089f99b68cec74f1ae9333bb5e4fc567c62d889d02d16062a003133c8590edc60cc5b3ab2c50044ae913e9abc5034b7

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    f9b800b7f1320838675f73d3b3bdde87

    SHA1

    2124bfc176a56aea91ec7e20d28517a17691f9af

    SHA256

    87717de0ca7418bdcd749eb497a45b2285abb283298e3da3eeb03f267ebeb41e

    SHA512

    1ab088bc6fb70c6b43e7b9f1bcb61b82f9b487f8eb593e594efdf25bfe2541db2c4275e17596a311fa3f5552b08f59e363d949bc4d53919b3a7fced869e5f051

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    16KB

    MD5

    647aa4427bfe804ebd68bfbb76428e59

    SHA1

    7f30d0dd0017a6a95c47090eaab12dcdcbb4236d

    SHA256

    25df9afb804fc1680242a0a397398d3813a4d310a0e92c22ef26703a4ca0957c

    SHA512

    517cecf7a86e5bc651e71fa2c9508ee1fa141031db65b7bdc9e54175db39bf63692c140c8eb0c5bd40d8d71d373b3cf8a56e4762a55ce22d18e6a60f1ebfea24

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    4cd141af5f5f1ff6416e42d1aa8fd169

    SHA1

    121bf46cb4857e644ebf1d78fbda4c226cc9d028

    SHA256

    0d025277ecc531093a863bbbf75b61f5c22997f1e70fd5f8d70f3c0ec66630cb

    SHA512

    c2362199eb6452beb82042280a58c7cf60143881673120f7029e461bbfeccf0c3f0b668b40cd93c5fb4b0dd2eb9a3fa41307bb19f276fe3729ccfa4db12c03b6

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    512B

    MD5

    557e07442e0cd50aa59cc5fcf5c2e4e4

    SHA1

    df0222b6a34550c4883475e8e8ce0b215a5b2ff9

    SHA256

    f66c1c2b44dbf80ba911e17206bb4f8b04e970733782fbb0dbe5be5719d55ff8

    SHA512

    e66c855d43f25a408113f058a28a550819fdf450924e2d90ab93dab41de3c90baf09029398cf650a7ceebdec6f0ebdb06a689d7a67b34abc1147d75594eb811f

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    c59e90431bfb0813988d022b25bf4627

    SHA1

    90dd63b9db11596686fee91fcae686be8407240e

    SHA256

    460e999adbbd5d8851e178ff99ac0ee6f85c7509bc5010876b5229a4b825c542

    SHA512

    6ffe46e7eb802d3e918933cb138863426347b31f5c4d67d2cf51bfc73b9b4717f71e3e9a2b619f970d71265ca9f5d5284686d6d423fc6e30b2df0abc1fc336d7

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    94b0ca1b85a6c3513e89887d81530276

    SHA1

    fec72e2d2a09e639eb48d9989e17a7b0c3a0ddab

    SHA256

    7ac1d464bcb5b5e9cfad141e4975c2b519d17e635b23f1a9df0144e7837cd218

    SHA512

    61987f16fe8eef2d7c8194aa2ca62fd4614c4f31c0eeb456d3b5fdb8cdee8a7a69b3e8b9200be807deb78886c98de1c4e73c38e90736a1244e1f830f941f72dc

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    16KB

    MD5

    367d94156083872c77a44d69d4a02a96

    SHA1

    b3061698a7d2ac6772ee0db666bd175d27cc3c41

    SHA256

    574394c8d4fa73a23c0bd3b23e218d157238d52e8121f517721335e2749f003e

    SHA512

    d8f97aff7dd7c4e0c854be27bd80487464204234e038c79d6d3fadd52eeaed28cc0e8e5e19c9240c63b3341665ba554f8f72dd03236c1aa97328c68411ba4059

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    c3b5372a99c00bf561433dad99bd055e

    SHA1

    766e3138fae68efa2f7937881cfe30b3e1e9c6b4

    SHA256

    dc1c76505bb7c8ff142ba55e62ce005e98915f8058a83ce7a9ca672be0c769da

    SHA512

    6ec0751a5115b0a7af2f24141f975bbc408f1b450ff0c7d9953a45da088a75b220d5b88a2ef4d9b5bd9e56b1215c9190dd7a83f20fb6ae55b56e7a12c05cc64e

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    12KB

    MD5

    265f50e9d41958dfe3e9c70c2aed1344

    SHA1

    fadf616ec629abaab767bcd6907de28b5b167d9e

    SHA256

    e289e63eb429d2d61384eb7c5ff9545f874ac512dc99c2e3065ad346562d23f7

    SHA512

    22ff2959118ca6d0c3a2fe6e34ac7baeb823f5524e2485f5b85ee49878151e33621399b4266231d35430dda820cf0d4a7711082392f4c7fea37d808e1c18fafd

  • /data/user/0/com.goyourvafly.classcial/databases/Notes

    Filesize

    16KB

    MD5

    7b6ffb2df85bd49ba7b861595eba398d

    SHA1

    49b82d7aaf9fa381811f6bda6251a61132497169

    SHA256

    fc6008a0920c66e7831bba43e06f50f1239d383039734ae76fbdf1c06d57f579

    SHA512

    56184bc1c1068b7dbc8b08c2856f878ef6872814d6f64d4b30618ecdf02d299406efc32cd9f152b269f30fefa5f817fbf113c1602aa36200c1efed827b498053

  • /data/user/0/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    512B

    MD5

    9343483535c2c7b396ddbd4629f1c9bf

    SHA1

    d929f27e75b83d0ef06a5ccd7fefbeaf5b807ee1

    SHA256

    33f901685d88a74c1cadf5b552d456308b2cbb038a1f98dbda3154cfe9141a0f

    SHA512

    b3b205b9446cf72efe2d9a36b7a5e28a6c9881ce869acb229098400cae6b3a4bf7c49c0755ff26b9f4d01af141669d4018b0814b85c01ee98bf3ea0dd8b5daf7

  • /data/user/0/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    8KB

    MD5

    598582816b80f34c6f3e1dbe72d7f0d7

    SHA1

    8080146ef826de7bcf3bcbf7aacc6be3e2ff828b

    SHA256

    b98351f24a08898c96cd9653ee62ec9f5ffcc18b219b55567b98e8bbd3b6dc89

    SHA512

    b802a570dcd2a264139c0b256614f56148cddf49bc9a073e4d9c9f3d9d8df40d8de857d5ccdfafcd9d969c450591b6458e0d361373398a460084d2d9927f8091

  • /data/user/0/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    8KB

    MD5

    a010a4135eb1418fa82258eb6e13c0a0

    SHA1

    c79940b332a66497d5011f8ce1cd930b17274809

    SHA256

    205677ac9b829d2e522282d35a313e155c752c064577fc7e642e506055ac417b

    SHA512

    f60d128a362823a8c9372abf4771a1e4b8dde35bff00ab0c02b79456f85e4ca55de4edf9f8b37d5c7b9917a7f436b302fd50f4b895216e4fa1b461fb49ebde92

  • /data/user/0/com.goyourvafly.classcial/databases/classInfo

    Filesize

    16KB

    MD5

    00adf6dbb36b9512d1901ffd6ae2c614

    SHA1

    0edf17a38b06b029100f46a606aa6361846920dd

    SHA256

    70ce8bdadc7a2746c2a7f4f8f37a4ba8527b9149e4891ab9a8b446b69a9117b1

    SHA512

    4e1c5660224faedcdc7194d80a0218c5d367aa49b21f3b6914dde05658058399789368ffccb529a986dd4e8af75c5540b893f93c9539521ad26292c6fa1117fe

  • /data/user/0/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    512B

    MD5

    54bbb0bdd94f2fcf57e5ba3c36d44759

    SHA1

    bc908fa76bf77ab9a7d69f0753622ed3ee7edbaf

    SHA256

    bb0b3d1849ba0e254f2e538bcba7abb8a4552d4eb7edb88ce180c143e1824872

    SHA512

    028ae799254bb403daf06e64a889b49a00405ab44c162beb6bb9c726cac8cfcb81288e44facfc89fb9e5c691bb4250641624ca6f871ba2b59b10aba7c6b61ec1

  • /data/user/0/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    8KB

    MD5

    13e3233874f879800058367a1ac0e831

    SHA1

    85fc9f6a3bb180ab015029138d9b53d7f96b67a1

    SHA256

    fe73859b477464dba9d16f7031ba9e11d2c507f56591246fa1335ee9a7350f47

    SHA512

    c2e1ea6c7d0f7772c4c27888421a24b3c0926bd4151046678694f79510df0bc125d4c64e6748257d87f817298aa53b8746a3d2a227cc496bf69db528e2f9452e

  • /data/user/0/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    8KB

    MD5

    8ffdb43981c45c7bcf2eb7220e376249

    SHA1

    f50f780a43f62fb72b59c7ba939d633ce2d60cce

    SHA256

    da3bf234a104f01b1f37025fa3b4d988f37e0ae8bb5ffc0fed6bb8f6bd105c20

    SHA512

    37dbc423d8d3cc0dd26fcc9cec676e441be2cd21445dc303bc1f3c97079260a91a6d103486363ec5f906962c905f6719290a70061c022d0d0faeb9ddaf00b352

  • /data/user/0/com.goyourvafly.classcial/files/.um/um_cache_1718719753983.env

    Filesize

    1KB

    MD5

    b50b28d07d922a2b1f5655e89427a387

    SHA1

    92889a0aa01a95539151a988f00936d1f15b0ee0

    SHA256

    8b211a9c0753c1a06915c8151f561927273699364063a18c88eda608fedcff1e

    SHA512

    e33413ebfa648950971752117c1b5b88abcbcf19d61808443724976348717bc179554930ff48187e6698ad2ca201d27a0e4a682fbe3829c6ccb4e55223aa543a

  • /data/user/0/com.goyourvafly.classcial/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    dd1ab55a2d2e9434fbed61b1f7c01ec8

    SHA1

    83e7cedf5dc8e83341985b3235665b58e10c3b77

    SHA256

    365e53e36489b302083da248759f60ac904399bb3228325657418f8e3e24ed8e

    SHA512

    717e272789033989b3f3e9230f88699fabf38eae49dcacad7ddc6edd58727bedc98fa5f354dc02554e1c03e7fb2336d473a125ac3e4f2171fde7c8ee1e5a9bab

  • /data/user/0/com.goyourvafly.classcial/files/__local_last_session.json

    Filesize

    113B

    MD5

    5ddb03011f2ad3706329fa5d9c70a814

    SHA1

    44acaa450f7161beabab98f62edd606a5116b9d8

    SHA256

    7c7a6510d517ae95054acbd00b8906179a030d71dd46664580c574def9e440ba

    SHA512

    cb54671495393ff4688b8e35c680435edcb3801cc4e587be413fe11c78524a3ea30c923b83370f7cfbb7ed958ebe5c6ef4bb9b068c25e0085112035ba5562a4e

  • /data/user/0/com.goyourvafly.classcial/files/__local_stat_cache.json

    Filesize

    25B

    MD5

    2d805b13f2f28dc3ca9bbcc000f49bb5

    SHA1

    9eac165b4d81258fd3967cde5cc53b53b1dabcb1

    SHA256

    c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

    SHA512

    5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

  • /data/user/0/com.goyourvafly.classcial/files/exid.dat

    Filesize

    61B

    MD5

    3d919c18fe9a2770f48bd99153a75cd8

    SHA1

    47542cd22f2b21e5a7378a4de83dd6f4a3872878

    SHA256

    82e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9

    SHA512

    62f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96

  • /data/user/0/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    85KB

    MD5

    1987b208f452541244146779edf99b53

    SHA1

    d4863f60abf5c03c46fd22ca97b8556291ba94f3

    SHA256

    90d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9

    SHA512

    f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785

  • /data/user/0/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    197KB

    MD5

    e60221130803590b5e75f1efa6a9933e

    SHA1

    cc527fec395bf0996934b5a92eb8827038ba890f

    SHA256

    46242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9

    SHA512

    603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826

  • /data/user/0/com.goyourvafly.classcial/files/umeng_it.cache

    Filesize

    433B

    MD5

    b65019101a03867cbe6fb18f2deb6757

    SHA1

    651da21c46f3d954f817f7a18432563b8a0eb0fd

    SHA256

    92723ce0104c85020f25efee0e7ddd2023dcebd8d157218d9e244a2152306f18

    SHA512

    0f1278c929639c5ced10e02d64eb3cef8caac9d697bc116a94ac2ac1b3030c9d659ec5d1a59b4f212c694beb580cec9e75e3ab5f2473b6fb4684f66db309b9e4

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    d31e0a3af7397909e514939d6678ddfd

    SHA1

    cdacc0f8abd83fe83204555395b1e27151d47d15

    SHA256

    ef820ea98d4077da1e78ec99583b348817a3e524c210110448c85157248d8125

    SHA512

    1f0bef298412f8b0db687b8a587cbd5b305af419ae9ca0dbbdbeaabc622124e1cb13b4058415de1896e399d5a70a47eeb40638594527a2e5e56c621eb05b9d1a

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    41e79839cf0ff4018cda48cd33171180

    SHA1

    86769a2e31bcb96107f08358912bf585636f731a

    SHA256

    0879b94789c62b0b9b89d7c0a35fca7b948b59edca23d6d38b4927deb597f56c

    SHA512

    ebcc46d39eab8c90ca060f7fa21c99d7d23c4dc6fecf6ecc09fc01f65703161c11821c8606b4214817e8a041e28c8a542de38f5f642024930aa49845a79be65b

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    408B

    MD5

    995655556fba683c47d065612d815cdc

    SHA1

    6a6509620889174617d39eb550100b5aece7c47c

    SHA256

    717d4e8ae07d173ea5ffeca8fb270a80cf334adc616397ab269d05a74f2eae48

    SHA512

    83d7267de3e38eb7ab735a162a629f6e7db247e3784a512b0576bf3412a1bd30f6511b24d489c7e34f4e71c5d9e9462a7c0b6f83002cb02d654d4c6d8b5a0da0