3d2e8bd0b83a48c89e44c6e9dea76f803460484517d193bfc114f20170e4baba

Analysis

max time kernel
9s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/07/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d2e8bd0b83a48c89e44c6e9dea76f803460484517d193bfc114f20170e4baba.apk
Size

3.3MB
MD5

41450833c1eb6512843b2beb27e121c1
SHA1

634ff3c0a3346935b1ec4d0fe32fedd7fa0c4b5e
SHA256

3d2e8bd0b83a48c89e44c6e9dea76f803460484517d193bfc114f20170e4baba
SHA512

31b98d9506cb8d9e5667d4c7c81c85ebf7a254f2fb077ba586bac5c7dc32f4f1c316ee13494885efea785da4afa7eb47141ef0ee39d0ac4a0ed2658aa5ebe548
SSDEEP

98304:3AgdTzuAlEK4z7vzS87KEoIwDX6WDBqap043k:33B9lbivRebIwzDuB

Score

6^/10

discovery evasion persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lijyutuportal.android

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lijyutuportal.android

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lijyutuportal.android

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lijyutuportal.android

com.lijyutuportal.android
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4253

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lijyutuportal.android/files/profileInstalled

Filesize
24B

MD5
c0cdf72cc8a4e78b8b2120a59e39b6b3

SHA1
a23cd9a58f0b52d257a472c536a813a2f2123175

SHA256
e968265bb13c9818d0ec9aa36848ee3cc512278916312b0d0c9e0a1eddde6bb5

SHA512
8aeff388c2694be00e24ae24a40f62391843f44683bbbca07846459f9cfcc7c97f64303a4ffba4cb4f2a34e4793dee1712e55651b9140571a852efe8f534b8f2

Download Submit
/data/data/com.lijyutuportal.android/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
2b0728452755f6623d41d8c23163bd88

SHA1
4cfcbcf68d5c017294747972504ca00422f62f80

SHA256
df4a02f45070e63238edb9b414127b6c756940deecdfa6cfb1d6801e6dd994f5

SHA512
379879167e06a94ba8385826851a9eae8f256dca7dfeb1631829227bb2c52303ea30809c1e6e4a2f739730f8a3785a3718ac3dbf7b6b659a9419f38aaa7ca904

Download Submit
/data/misc/profiles/cur/0/com.lijyutuportal.android/primary.prof

Filesize
2KB

MD5
a6a00e27c25303a7a132fccf5b8c1297

SHA1
b6e7b91825752f76b3830c712701e8b650172a18

SHA256
5b6b5a1bc7529a209a856cfc4dbfec1047b431ddb1358288d74f2f7704c4222f

SHA512
dd6ea31d7a4deb23dc251ffdd11562b2745c6d3b83923cbf3dd8535e545692fd1ef5b9e8199f20af1b2266d3991baf2416fa9de9358c0cf3d88c62582ff080a0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads