Analysis

  • max time kernel
    175s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 14:06

General

  • Target

    2.apk

  • Size

    1.0MB

  • MD5

    2ba0797d94fbdcd6307612b88d5fca15

  • SHA1

    2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0

  • SHA256

    78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88

  • SHA512

    440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d

  • SSDEEP

    24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.goyourvafly.classcial
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4317
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.goyourvafly.classcial/files/sdk.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/user/0/com.goyourvafly.classcial/files/oat/x86/sdk.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4383

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.goyourvafly.classcial/databases/Notes

    Filesize

    16KB

    MD5

    1685ebbbaba07b2ce6e4c5285484eca8

    SHA1

    71c1a9a25146e816933ba6f5b52417b32b5643de

    SHA256

    0c72774d8a6a9c9323d215419551d225d21aaf73afc250ec853220507cb27e0a

    SHA512

    9306742681b53f830b859765e35d892333e78d6010aabe0c9f6331a36dd87c78f28d2cefbd408452fbca6329b2718ca2d3e42499a87cf6a0394b45aea408284b

  • /data/data/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    512B

    MD5

    23f3c613c086b87ac3ffe932cf943cdf

    SHA1

    867be0541aebb68f477830f25813311168bc03f2

    SHA256

    9321843754c7c8e5d9535137634dcfa023c9cab2582ae9d72a782c971edf3446

    SHA512

    55647a73ba21e305a091bc9bf045905cdba4a2b46302469671c9f953b6714abf074d1bec1cc1aa5fb129995351e72bfa05c73e570bf9955898470fcfb9701b75

  • /data/data/com.goyourvafly.classcial/databases/Notes-wal

    Filesize

    28KB

    MD5

    f1d0d3fbf7dd72dd8e2802cf9f3088d0

    SHA1

    0a09ad2ec3b1c33a8d9d3d6f97004551dedad7b4

    SHA256

    dcf2b2c7d21c4ff10747b03aa874c7a621155968b013ba5ffcd71c10a75a3418

    SHA512

    9f1112423fdf3ece2b8a2f143aeb6786dc5cb1a615be1ccf172928be35b3314cb43c811bc36ccb11b98f3b526261784efd96552c664dd820ebfb86333561eaf5

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    26a37c2df126c8ee8a68dba2a5559fed

    SHA1

    2c56c8c0a2dab27d2af0d0ed07f9e71b29ea8edc

    SHA256

    6c79c167053f766d1674cf9c41d7b9863091064246916492749922e03be80bfd

    SHA512

    5b4130a26695857b8662121bbed3e0fc6f612b3e4eb185c581e4e00440742a423f411d18a2704482b0563c9b241d7172c89013cfdd1e3d4c3767affab81f32f7

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-wal

    Filesize

    48KB

    MD5

    aa446e07a0190f6efa09cc782734764c

    SHA1

    ecc35c0c3bfc3b2dc3e5d8eb224aa48343ddf225

    SHA256

    6632672b9997cac01665513311ad84414338297d3071549d4f7a07fd3a05a6a4

    SHA512

    24b2dd6d5c7ba18f5265c760a643d68797a6cdbcafcc8dc45a0b44febe66d87800d0cd68d16bd7fd2f3e54dfa845ed3ab132209f24be5b9e8a7bac5af401cd18

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-wal

    Filesize

    16KB

    MD5

    b3374053a3add2c5845c7bcb5d70f0de

    SHA1

    102f3255cbec5bed63a2cd3ae15dc4e9642a48c0

    SHA256

    a0bec2dbe5230be100f8eeba95b96ab17fd479289f112a6d32aeaf46f025b948

    SHA512

    aba248c235d301aa166226c10f337ae320e93f66cd952986bc2231351b94b9377e51dde8ab2ddf61b76ad82f52ddb2cafa1beb73c983bf8274a9be42b71ac0c6

  • /data/data/com.goyourvafly.classcial/databases/classInfo

    Filesize

    16KB

    MD5

    5713265f216e44e95dbf7bab00f903c7

    SHA1

    f53c88ec4be513808469dc8769d769dc4372c2e7

    SHA256

    68c56ac305205828c6519a5b7b1a81e147c608e2f01f7650eb54e0a6d725f23e

    SHA512

    511aa9b22a9091f0d4f9926abfd1464ae8e354211a4a85f0d57fb2f0ab82ccbfdb283e9038cfaa07558040f26a4ec8b3c42244caa51a5b81589fc46cdcf716f5

  • /data/data/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    512B

    MD5

    ec2682bc8adf0cfd2381314d3f0615ab

    SHA1

    edc90cb93b80ae9e2a2512871f282b070aa4acb3

    SHA256

    3a87bdf0cdf824cf3313fb440be2d6b89ec31943d7334c0e3265122ab46088bb

    SHA512

    192a3655aec157234b8e558ebc26e6bcedcf8d7a8b755e15fee6a67554108ed33058c560a4af0d51403936fc5ef2e894ea665e9eb20f9c6f16975ddd47db6432

  • /data/data/com.goyourvafly.classcial/databases/classInfo-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.goyourvafly.classcial/databases/classInfo-wal

    Filesize

    28KB

    MD5

    d2352444620d94f2b607b237a51de0a4

    SHA1

    1adfa325d3cb96f51fe5a5902160cee022b78cfc

    SHA256

    8f55875de90f9b0e88b9abc6d350d0cb857db0817649122ac4024be5422e002e

    SHA512

    655a92cf4b1b13ab9ef008e85d01aad0e359f0537aead622787399cace5c7518989bd8b1a848dbe09bb01d87027eb180db4f8557a16f1ca4b02e625bd86316d9

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    b9f1d4d352a7a2d4d0eabc4da77b576f

    SHA1

    fe9b865b43239764e0f720eab82a1a4d1a91ef37

    SHA256

    6b2f2238d0579d223d9bfc87726e33d86e619193edf62032f507faa952061095

    SHA512

    cb284764948b03cfd3cbced684c918571c4c18c402bd4818f6db1e8b58ff0b57effb0c3b94f85c97de7b35cf90e54f163f61b47982c4a9181829ed071a585481

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    16KB

    MD5

    c5d1f74c6e74cbf22547ec7eb4909c90

    SHA1

    6113218a25d8490923a1cade998d42491f4065c1

    SHA256

    3b64a0949048f630c52c49e8e20d99f8be7d15da0d7fc56bbb53921951f86086

    SHA512

    1e5bdb35460380dd6814f9c572a7b486f0100edb94ea7453cde3414b1ec14003e36110dfb62f6064fba5d67096eb8f203c927ffab7f275e0b195c3c8173844dc

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    d604a3bf1f8d992cc320ea5b1f7609bd

    SHA1

    247f88df0b55c7d523ea5398637711a0e4a483a4

    SHA256

    329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

    SHA512

    67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    512B

    MD5

    2d58f6466f6db00aa199230ae0b83406

    SHA1

    eaf2deddfeee57d12a888a0c849239ab41da72e2

    SHA256

    8094c40707e1f3f1f84679c6c35e7ab93dce7ae5df300908191518db74dcac4f

    SHA512

    fb8078ce94fa70b7dd2e949462aec2b2d3d1774b5206455b75fe2d05a26afe323097267dbcd6d5eb6b3278128f0261eb89b69eded05ae910ef39666f378150fc

  • /data/data/com.goyourvafly.classcial/databases/ua.db-wal

    Filesize

    56KB

    MD5

    2e9397ac8ceedb8acc5bd7dfe4ed73f1

    SHA1

    5e234202137efc1fe4e1d3cd13e803ccb7265d63

    SHA256

    9f887c5a847be63866f408de29dcb5c3a0009005ec6563360c07919d50d97e43

    SHA512

    58edae88af1f506797d145691963b43c231caaec3840c58f70d9114e978c41e267c6d0a9d315b86781975569f32c9ab3538803834b081f5186cd2fd0f268f0b0

  • /data/data/com.goyourvafly.classcial/databases/ua.db-wal

    Filesize

    8KB

    MD5

    ca0cad7c86e083cb39cd7b00d5ac6436

    SHA1

    e0375b798440c09fbcab1b0d961e69f74c690dc7

    SHA256

    93449c0d66055c72a43618ecca7dd37c4ffcd43d3e89f8c406c3811c4ff85243

    SHA512

    1d6f1f37bf0464207c2311ee9fa60f18b6c4f076e1a40759b48a8830bcc84c36f2bd19876fa19d32d680a52f12a2f6e6e346369bce0f0450b808d8426c00ae44

  • /data/data/com.goyourvafly.classcial/databases/ua.db-wal

    Filesize

    8KB

    MD5

    2a3d88b316422aff3ac59a41c3f621d2

    SHA1

    f3e25a2dd9fa15cc223df459e6d3208b58dae328

    SHA256

    d1a927da14c56bd9638e3bdfefb2eebbc2ba7079ccc7558bc70d54f09cb70898

    SHA512

    34e3e2bcec8e806a827dc3fbd9e7d2006df6510a9df5ccaa0ed9c5335696de30e8b67e5b08c2b94b4a91eb45147814f4562abfecb62d349595c858d2902cd22e

  • /data/data/com.goyourvafly.classcial/files/.um/um_cache_1718719750341.env

    Filesize

    1KB

    MD5

    6c1b3d5820107ee6a6351dcf6baeb3f7

    SHA1

    6fba15437a3cbedf131883c13c6221051f2c7049

    SHA256

    dcf3ddba0e1df578a7f3cd1ec1e9acc4ea15bf0b0c55302948e5b76825eda539

    SHA512

    5a31983c7fd3670989a9fe31b9bf038d14a84ad33aa3e8c61b0b7f403bc7308ca6f3a13b67c27dd75d7f6b28fb505dadc521d0c00a812f7484dfdc0a6e016c19

  • /data/data/com.goyourvafly.classcial/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    4c842115f455d1ab5f2490613c0dde76

    SHA1

    f5735c664467fc3a5132dfef0c0712870b11dd15

    SHA256

    e61a3ec6577d8144604c4eb481d321411c04194a7b3a4f2efa61b01666485c14

    SHA512

    bf36abaa6f5c80b141427220f1d463d0d33d9e744b5fc2c7786fc56abf91a87abfa6a3efe8c8ff222efb4a4366437ea6a25eca7de24b456aa27484cd6780bd9a

  • /data/data/com.goyourvafly.classcial/files/__local_last_session.json

    Filesize

    113B

    MD5

    3b39a4c3091af151c956d55a675ed55e

    SHA1

    6b90059a054d440571a5605e54ec5b77d09db588

    SHA256

    53369c6427c5d8c1b8b6b01c72a51f80e0988f984cd348350621ac8a7fa79bbc

    SHA512

    0ba7636780c529573dfbae212d1487dfbf8e117752a773e98d6ba35811d4d0290478d807cd8691197a71fb3d76e01f93ec6f08b466a0f5e0c3053f560fd0d65b

  • /data/data/com.goyourvafly.classcial/files/__local_stat_cache.json

    Filesize

    25B

    MD5

    2d805b13f2f28dc3ca9bbcc000f49bb5

    SHA1

    9eac165b4d81258fd3967cde5cc53b53b1dabcb1

    SHA256

    c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

    SHA512

    5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

  • /data/data/com.goyourvafly.classcial/files/exid.dat

    Filesize

    61B

    MD5

    3d919c18fe9a2770f48bd99153a75cd8

    SHA1

    47542cd22f2b21e5a7378a4de83dd6f4a3872878

    SHA256

    82e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9

    SHA512

    62f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96

  • /data/data/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    85KB

    MD5

    1987b208f452541244146779edf99b53

    SHA1

    d4863f60abf5c03c46fd22ca97b8556291ba94f3

    SHA256

    90d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9

    SHA512

    f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785

  • /data/data/com.goyourvafly.classcial/files/umeng_it.cache

    Filesize

    498B

    MD5

    7b35252babfb93f9aa73da80fc375e4a

    SHA1

    852edb2190f476836fc9c710ed2cfbca9250fd05

    SHA256

    88286b79fbe4c9b3ecc4a1b4ae05185a1a240fbcd99b04ee5e3fd6c5bf48a1b6

    SHA512

    6a307fee9ee0aac821873394c10d3dc5fde3fb07e8e2aa56b58a89284e6d745e4fe06a94b2b0e3531a186f308fee9cd0c96cdfa07c63ed24ced48598d9e59bee

  • /data/user/0/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    197KB

    MD5

    2328a8d12ed110c06e3abfdf65953250

    SHA1

    791fcdce9a83c436420d70f4bbb56cb36c32a203

    SHA256

    be696ae19b4acadc2f61bc7af2ca621405d37014fff82d495c083f31f9dd727f

    SHA512

    5e42d1b99238a0292cf5417f3bd014e81368d69610dfef746ee15dd16a391c85db9147703c866e45b1fbf5556eddb1738245ed65a5979959bfd7a0553fd36910

  • /data/user/0/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    197KB

    MD5

    e60221130803590b5e75f1efa6a9933e

    SHA1

    cc527fec395bf0996934b5a92eb8827038ba890f

    SHA256

    46242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9

    SHA512

    603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    a79aba56c56523ac521079f818327658

    SHA1

    168aa2400d877bd56388869229ef9de861514c06

    SHA256

    fdcbe9d8f430c6172b38c6855b38437404bd8b5464b90be3eda47f9c153c1dfd

    SHA512

    927281cf8535ab50fc61a9cada02ff91fef0f82559b6283a51e02173ea3e5919bda055f6af533c6c398643abe01f25712b0cf75753fbc36804bec252277c6a54

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    cb77d4574b7e5988c9c9f0726f945b30

    SHA1

    ab992c7eed1d6091be0ce009b29a406ee03f3773

    SHA256

    f40b010e6d63445b3241466095d58ba74409e0e79b30a30b1d838d2d83739b45

    SHA512

    d8bf39fb99770e3e0e4f0e8ab57910aef0fcce9381c3e005fddc7af4499e1fd89db1bf1ad35c1416416611b4e346efbf9a1b001c5d5fe58a40a9d6fbf04a4367

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    381B

    MD5

    c6b00761c410dd01a878ecfb895c8d30

    SHA1

    ebe8719cadf2f0cd82fb7394e0058ec7d72a8014

    SHA256

    a16ec9a1bc4218f3e5a3722c291b4afc3d41b38bf58d9e24bf66408ebeb93d37

    SHA512

    621c80391679105ebe2a479dfdedbfcc05b4fede5e274f3c88e1668c4086c5227a376f5dca29a95233204a37702fdff0e3af556ec94a9546c6e3996fcef15561

  • /storage/emulated/0/baidu/.cuid

    Filesize

    89B

    MD5

    a1d984fdbd7df5f56899ae1b85888e4c

    SHA1

    df0717352ee5313fc6bf6bbfc1ae64325d7311f3

    SHA256

    60c1f13c5c9de8b2e0c70caf1fe0d350ae4f1d1d042ad1073877706065b4bf04

    SHA512

    cf80ef656469c72087af751a457df1c828cb17cc95cda908e11edf1b18b1657af98a46aaab9cafd4f32fb63eb0e54f62d621f23ed07acdae9992afa8348c6d6c