Analysis

  • max time kernel
    174s
  • max time network
    191s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    18-06-2024 14:06

General

  • Target

    2.apk

  • Size

    1.0MB

  • MD5

    2ba0797d94fbdcd6307612b88d5fca15

  • SHA1

    2d77b1f41d0a3231b5a1f9af1f5b2fe3750ad6c0

  • SHA256

    78cc5e34990e20571cf2885d9f6f9d624ff9b6e317e1f71cd8986c7532117c88

  • SHA512

    440fea9ca7db9d809fe5c7844c1a5038f6ae6948091d8b0a78f802914473938002d73e58a5ca44d5d9a7c27ad6ae931c37d005348cde312463a6089514e8e54d

  • SSDEEP

    24576:I2oRrJAkb//ZmyT1OWa2xZGyd54zNScnzbcYPjH:Boxqkb//wyT1OL2a0OzQcEejH

Malware Config

Signatures

Processes

  • com.goyourvafly.classcial
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5136

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.goyourvafly.classcial/databases/Notes

    Filesize

    16KB

    MD5

    11885e460d728500f999180f2c78fb3e

    SHA1

    f746a1b478b1c2ec548eeffc0255671d6367fd16

    SHA256

    c830279b57e72404b1a0a34b57c83f5ce49e372bb46c3f940033dcca6bfdd7f9

    SHA512

    ae594ff27f2e86c3fed4c20d1912eb87bf21026044a34116323325430452e96b3e6abe982e69aacf8fe52cf2ec629989dd4e6b3ecc0d5374fb635ab41f83ce3c

  • /data/data/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    512B

    MD5

    61b2c866808db971a5166790b12b99ff

    SHA1

    ce1bf2f02907639b5af322fd7d3e3e31fe54b925

    SHA256

    bdbe9fa30b93522d06197dde2835913e16b2940ca9c7f157c3dab0a315c9f445

    SHA512

    b25fb8bc6be84dd10b1dea89ff9e417a2f1d8d415d567238a7fa5c1aab82a3fd81ef32dd0df4481d3cecaa9d594ede474180bb24b9626bcb4bf2978732be11d9

  • /data/data/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    8KB

    MD5

    e4bab99f57ddd551e350d2ae94e44079

    SHA1

    57ca1af099248025d02bcf20ae71e8a6d4d24b5b

    SHA256

    12211d272df1e30e156f6f2b132b66f22861bef6bd8b1fd7b751802d04a6d6d9

    SHA512

    06331cd5ca738f7d6cc6585a9002e71d19694dfbe4115615f0423b2478fa6876c31234b344a7e8b615c7660f1910f31d2d29d2c21da80e48dd6624afe8b90051

  • /data/data/com.goyourvafly.classcial/databases/Notes-journal

    Filesize

    8KB

    MD5

    39ab25e6bfc89a066d47d8d08aa72c3e

    SHA1

    3faf84dbe7fe6164e89380c988b54007f27eb668

    SHA256

    0039890d6f9329dd6f115c0f87864ae002c97641a5bc2f040b400198481d66eb

    SHA512

    7e8b4f84dcf32b8a55ea1d7b35e94a569ed589c55405491efc75508614e53b3a3f637c50e51daf90d129b19ab9a86cd1b8228abe5c8008aa18c170394eb1641c

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    67c12933d1e0e63d9801a6aa43092ce7

    SHA1

    b6936908554e4a1986b8eb08289e2d3545e8ff74

    SHA256

    abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

    SHA512

    db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db

    Filesize

    36KB

    MD5

    0908e924aa236931dc7166fef6e00862

    SHA1

    7782648d6d8f6e835bd47058d4852932c096a467

    SHA256

    38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

    SHA512

    3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    2e28373cc293d1b885f1299cef943ba9

    SHA1

    2e96fcc2b944223931faffc43a83542b6d0f5fc7

    SHA256

    6ed66f0848804e9d4217e3283ce7e788926278a54d5acc27050f934858b1f153

    SHA512

    4de55408b127070399a385056e796789e1e01ea870d9e70c83feecbb19df4832f68f35ef6ffabec5e505455cc8d4c91f90706cbf8871476ce8e5c3037a2d8076

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    78e776f0194fad37449289196a19d05b

    SHA1

    776b5be60e2837029f5a6a3bac4195ffd25ab7d8

    SHA256

    9a790fe222049625f5de2c269e6e528b999d04e4c6d40c8f8bc31b619e23b03a

    SHA512

    3555b00ea42cc9307dc0a10f133682e319f82d370c15dde1a7c89dd74b904264ee55543ee4fdc8d533dac220c512750383a9a2da4c3403756e66c4c1f6f364ba

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    315d084e54bce2508e71f090d05c1d00

    SHA1

    7236913d6b950bb78f3c27d182796a70d1fe7ed7

    SHA256

    6277d43bb9899764d32326c39965724807342a91e87261abc637e2f3920b423c

    SHA512

    322f3216b2e14053cdc05857b0bf604938e4c969a5035f2806af0beaca41f3444e364272f0ba4b147fd332712d51a5572d14a0c323a4dce19a1e45cdbe953d25

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    0df7134d150f1aec277f129d8d1d7be3

    SHA1

    de11c0650542048fdacd975b9bb3fbb6f05946cf

    SHA256

    32686a1fd20ecd946a2b4355a3925746b0c28f47c1f399c6712babd796c3d834

    SHA512

    4883bd26ebaf1165304ac993e5735a098ce38332c133f103e4e53f58b68b28d9bcf4d34953242c450b749fb19524b0d1be2f5c10712f4d953e81fcd444bd977c

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    8KB

    MD5

    61246eeae91784042ed8d4b58d632531

    SHA1

    5c1af7242f5b778aaa39b1403c1b1d4534f25d81

    SHA256

    5d65d4c00de5171df298578be13f271c59202cafba104854066fbaf71c0c890b

    SHA512

    80bbf240c3999bf419aa9bb2711706347a0755dee6d6aec497e330aa769d9e76a55354a1a1a6177f39035bf60f05645ae8a897e8e89d0860be60946bc3a71c07

  • /data/data/com.goyourvafly.classcial/databases/cc/cc.db-journal

    Filesize

    12KB

    MD5

    4f9f11a22881f4f85696c69fb6e52572

    SHA1

    2bb24878293f896167ad58b481eef659e9ab2de7

    SHA256

    bf90655ffef527334bf4df0efd9f2c4aa6488c0be4b534684b2f848cc91a969a

    SHA512

    287fb124889163e73a28bd923d9b9cf0c00f1b7c81fcea3d674864c443f0e16edbaeb3e691e3221ff86f3a6500454263c454765ebd751c6bef9572df1278978e

  • /data/data/com.goyourvafly.classcial/databases/classInfo

    Filesize

    16KB

    MD5

    e114ac27629c9bddad3e48db258a476e

    SHA1

    5cd9df67d90dfa6324d03b1362243c79e29bf0ff

    SHA256

    d0c5449074bfa3e6e1ed59f3306d23768a7fdd71b27c071240b376f8d5b517ef

    SHA512

    e87afe99a4b7671ac4c22497edf47ee91746b087cf1108c7350917ce78e6ec16170ce3907e297773289488ea1966d32e38018239aaa5c2ce9638125a835afc29

  • /data/data/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    512B

    MD5

    5c7958909ad75c1e31c95ae2d6e7af53

    SHA1

    65f2b479610a9c08db42f987990e6c67da8de660

    SHA256

    5335355fb511bcda5a93efbb7c5d178749e7b2784bdc1cdafcda56bc368a86b9

    SHA512

    aa03b506981dc579145b03ba6a224229ef22276c764e8188d3a6f611f36ef77d0348518c4ed3c52f969179271b8ea21028121bbeaf8523cf7fc3b3e9a623311f

  • /data/data/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    8KB

    MD5

    9d86b30b6808cd52ded30b4601b6801d

    SHA1

    cecc220a105dc4d7aed8ba77195fb26e1ab562a4

    SHA256

    d16d60cf79425b85b10ce32286f74ba4d1a60fd9339d5f394f92f0d2cb7ddf4a

    SHA512

    1a4b7e68cf06812ef9af350f9b34376358b8f62bb231b51e928c717966f0b46dbdb66c4028d444fb79f34f6537d9e26ec5cc4de77dd7e601820041a82651645b

  • /data/data/com.goyourvafly.classcial/databases/classInfo-journal

    Filesize

    8KB

    MD5

    9562b898c4b8cd52bedf916c82d967f9

    SHA1

    093d32034bc8a1f61fd9141b845a7f88d5e517c2

    SHA256

    810bf5d2737c5fc67a62ca4a050f5a8fe60e421040326a79385bdd07e8393dca

    SHA512

    28672b282f8f6e7991e695ac12ce6844d8198fde42aa8bc659005bb585cfc1e98aeee8f3394914ed9245657bfbdd6120c8a91402392da97b699aa3ad28d59f7d

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    84eeedd680bf12d0739c2e34d5d88ed0

    SHA1

    84e68c6cda552e18399605cb27bc5cedb2fea1a3

    SHA256

    383e6ce4a1dee901691e25ab71c6aebbd6dcbccb32066deb1435f1df234d8bf3

    SHA512

    54003ff00ca592464894ccf95e65dc84641fd40daf1cbfcf16921d5e36bcc1a3c6a7972698210aa79577ddffa802b61029ff6a1690b1f17418c12a7018091f22

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    16KB

    MD5

    894a65f8a6ab62f3c7c86ac70ea96d7b

    SHA1

    90bbb1cd66e1e3ea5df46205f36529dc00940cd3

    SHA256

    61fbd71474b37eef11c2160dd1e87d9a3d1acddcbaea76337c9514417a5cd519

    SHA512

    d2658af1ec3ac4f803c7dd5e26d523f3a6bda162aa22584ccd40d3e9f844e3966267c804bd3f3482cc9f5df297cc4a092d36de27c7085da92123374fceb06cf7

  • /data/data/com.goyourvafly.classcial/databases/ua.db

    Filesize

    32KB

    MD5

    d4aa9ece6328579081b1e15d1987d3fd

    SHA1

    a2b5afe9c0ee7967336d55116f5d23335c453878

    SHA256

    fa5140568beb67357c0a441eb4decc9b64a015c2d7c4ea441d1cdc32057dc6d4

    SHA512

    e018c93d36712de842cdd381fc58fd16acf8e975e89338080fae903b67a2224a8081e77318a89d906e9a5f3b3c596d66c9824ec4f5f169e8eaa52fa74d587a97

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    512B

    MD5

    b39cca80274ebfef5195bfcd79b307ef

    SHA1

    2355bc49a02fc3d5d99d72c2f5fb6ab98545bdd1

    SHA256

    32c508851a383650bbaa81ab533bfae6d9b3f8d5931f8b40651c86346d50152b

    SHA512

    7019984af6e09d92bf1321dccfe05772469f32edf9c2fb3342a32870b3ef2e20cad51a7c963335f9f049b0d3997da646908482e18bedd49e31aacb39b67f26ae

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    e975b38f4a31e9fcd15cc2575ac5241f

    SHA1

    96f7a25683d5389c157b29698262a60374f92e20

    SHA256

    496b62109390056bf869699c0af6aa35117cb1b7841091f419cffc4d40681d7b

    SHA512

    d85d04125c965bc1dfd0be8884d25d95252852b92b9c308c615b4eb7dbc1bf95fec90fae5b117a272e3998ae4d36488fabd5e94c84d654eae9b15c53b3db9340

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    511d0ece3f411dfac7b9c6f86ef25700

    SHA1

    4fbc910f4399ebb2b9242f9c3f93d0524ed96ebb

    SHA256

    6235d8cc7cf8b5e004b845c7f800ab024492f97122fe436b5382935202d9548f

    SHA512

    ee6cc90666c898b0bc19fbc1ffb38ccf72613c392e99fdbfb4ae84f28668c0244f0dda093d1eaaa4b788d7ae45a1d85dc479e7d71001c24a4e1f8f2a685d6308

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    16KB

    MD5

    395e9ff37c2b59467c59a55445056ca3

    SHA1

    ea12d3881c53a8a346fca0d24b892c6e3e763a95

    SHA256

    9fc6128bd2447eaf4f89c806368000fd977b657b8636214c8bc4ed34e2feea3f

    SHA512

    cbc5f4f5b74b4358817f084299215ae175911941644cebeca677281845c4d844f7b05629b1162ae75884a882af91fde2b55ed1f1841b40b1172b1377e7b75b36

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    8KB

    MD5

    6d796c4dd619cd531a1ada30bfb467da

    SHA1

    2133acb8e280e938a5e1bc00272b08f5cc9815f2

    SHA256

    06bd1262026e3cdb3dcc2b0bb5e5c3faee18b5d2f504cbaa49e29a2bf329b132

    SHA512

    99422d5eb51fa7b96133cb28a970d8d4356fc8402d3330effd373ae8e462fe83c9ae82ea558657cd4dcfc3c8031f83cd389fca37a53d44ecd4a63ed21adf9614

  • /data/data/com.goyourvafly.classcial/databases/ua.db-journal

    Filesize

    12KB

    MD5

    94b0b44ca6c89fef0b7829089660e73b

    SHA1

    f8d10564d26b81252acc3f026d224ff15680ada4

    SHA256

    0693db8b9d2d342366b4bb34dcc310072c707346f24e8e53f06f0d80418e5c33

    SHA512

    74d9c5c6c6c575efc1885f9d5ee8f98c5da36d22d6d550b0ea210c86b7a01263972f6177b4446f18a8494367864fdd19952892c5114b2af11ec89fd406a00009

  • /data/data/com.goyourvafly.classcial/files/.um/um_cache_1718719752786.env

    Filesize

    1KB

    MD5

    51ef8f24c5289eff038ec279d8e3af6f

    SHA1

    2cb3f5a05580d2309a3be91871f25932db40042d

    SHA256

    8942b6e8309a6b2226b4387d49577484987fe1f3e0bbdbdb0af3dc2d4b9d5638

    SHA512

    f68c1fdc197c9a7641dbd40a625cb7bf1d1464fb3319be0635eae027b9f659a17d312bb9799ce4a7af1f04dff29794d2cc1b8f597e89357d66d71c6b9192125e

  • /data/data/com.goyourvafly.classcial/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    18c0154d3e70e3df7bad3fecdc8b91f4

    SHA1

    5b1bea4edbf5c6db386c6f57e7a48774a2e1cf86

    SHA256

    b58c58cfa9b9925559534e1b76939b8eb0b8a155c643803e31e8e0dabba83cfb

    SHA512

    1e409b9bab93f22908e5bfdf8691abb74b49a3ef175c42a583957ac327c3e05af267e07f508203db7f0f3d6386a1dc5d526ac2b6a357bcdf38ad7c4dcb14090a

  • /data/data/com.goyourvafly.classcial/files/__local_last_session.json

    Filesize

    114B

    MD5

    5df31b255632726344b5f3c2b1fdbb31

    SHA1

    1c30f18b7eb7f002f6be8a43140628cd4f1954ee

    SHA256

    de770614995f1d5b7fed62a4b05a7dbe1546d1a211ce77ae05f6081176c12e18

    SHA512

    aebd070d66df0a963705be3409c182d4f332f91779e96af2b2efacef89ea38003eed2b1499813884d78f53dbeef208c416f1c827383296e56b5c4957cb2bb7d2

  • /data/data/com.goyourvafly.classcial/files/__local_stat_cache.json

    Filesize

    25B

    MD5

    2d805b13f2f28dc3ca9bbcc000f49bb5

    SHA1

    9eac165b4d81258fd3967cde5cc53b53b1dabcb1

    SHA256

    c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19

    SHA512

    5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0

  • /data/data/com.goyourvafly.classcial/files/exid.dat

    Filesize

    61B

    MD5

    3d919c18fe9a2770f48bd99153a75cd8

    SHA1

    47542cd22f2b21e5a7378a4de83dd6f4a3872878

    SHA256

    82e70ef64007805905abbf9656362a0913bf0b38673268ef867291408f7cd2d9

    SHA512

    62f67ece2829265c250ccfe479c5121cc4badace7637a35186377c3f2632dd2f617e77749ab1b78abf22012ed8d2e1a7e008c5b969554ff4cbe50efb2e6a0b96

  • /data/data/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    85KB

    MD5

    1987b208f452541244146779edf99b53

    SHA1

    d4863f60abf5c03c46fd22ca97b8556291ba94f3

    SHA256

    90d8451f78c1f810ec6b9376fcb8047af6f2dfe89dd8320dc02486353d0833b9

    SHA512

    f0eb1279363a73375069d30197a368907f2cf8bf9dca25c1d43889fce738cfb1da16e3d856dcc321e1dd0d3601e2e24121446927cc53b96b032577c889cac785

  • /data/data/com.goyourvafly.classcial/files/umeng_it.cache

    Filesize

    433B

    MD5

    8f896ca2856773e28f2dbae3949ad812

    SHA1

    95f34d61dab393d3e8f061d8cf58d441ef5ec57a

    SHA256

    cf85dfeb0b87c60412ed75b1a53d47d13589ed11e753a7d558d7926110f59cf1

    SHA512

    9913d41f535de7f6f9370d5da51339251a78ed89ef3d1ffa638fae3ce435d5aa4c2b4fcd40fbca813ea7eee07ecef26cb9908598ebc1b1107fb7ab4120bd9f53

  • /data/user/0/com.goyourvafly.classcial/files/sdk.jar

    Filesize

    197KB

    MD5

    e60221130803590b5e75f1efa6a9933e

    SHA1

    cc527fec395bf0996934b5a92eb8827038ba890f

    SHA256

    46242170af1980a3ebf9440b1d5b6ab52c868cb7fea9e2f3486cf5c2d31c41c9

    SHA512

    603b4aa4e04a44c9415e1129415064cc3ebdbcd571c8ff35ae021a462fc7f7854f9e78a78a2015f9359b9add4ccb97d38970d6bd54df69872b91595e9ac32826

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    cfc8f53f512dd98b7a056c28683b0585

    SHA1

    177ac3c2e88d750587935b485a7da7be59d3fca6

    SHA256

    5bf6f9899d0244d63d679d11ca8c5376d13cce120f267a77618f71d9b758f82f

    SHA512

    a64ac49665c88adc25469859c349f7148d1559977ec0c539012e8218d2576386701783a80d45f46c22220a70676caddcef619959f1cda5be926a2b1c90bf1760

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    9e7782755a348facd8a61a4d40f567da

    SHA1

    8584928340b773f82b47af2e91240a6bf43e93a7

    SHA256

    5ad90231ab3d76ce6824e140b741499691484853af3ae7bc6cb750d65b885c19

    SHA512

    e581166b6a2bd28c8958e27b8c5bfd33ad1be8adde3ea3def2f5e02f47e9572fc0e0f5c073953b4b92b8740969353627e969470e638551fa3972e6f679098ad3

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    408B

    MD5

    0f455246238b9455c7f726ccc22941c8

    SHA1

    fba733a05ccfd23f661e5a52ae752482e15f7478

    SHA256

    32022a73cb4ed73e470ce44f759778bef16e48d421be36deffd6d424b62368a2

    SHA512

    9f9bf3c1eb0902fc3286d102998c645f5726e7f0c9ccc65f4d84bd315d4b084c3a93cf3f0e418c43f8ed9d06ec74d424599bc38155f388224f7faa6eeea0d1c6