5e0c30d7ea7ac3dbb13c0c6640876d23fa5a031d52d59bcbaa398c3744036a74

Analysis

max time kernel
19s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25/07/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tiktok-revanced-v32.5.3-all.apk
Size

274.4MB
MD5

b8cf4a7f03021eb2ccfefcbb3464f87a
SHA1

ffcea049c04793ea2b3c02778355d0457ae800ee
SHA256

5e0c30d7ea7ac3dbb13c0c6640876d23fa5a031d52d59bcbaa398c3744036a74
SHA512

c7786af1fee8b611eff6006a569d148be3ed45b8ab4c13b23b1ae58db11b1c2c64907c741a5da3ff904bb52f584c84ead226034b504abfc6e275d81fbeac525d
SSDEEP

6291456:ng1wZ4lcSoh7+EEg7M9DnwFj7PMPwB7Hugg0tVS:g1gmQh7+Vg7Mpkj4PwrgJ

Score

7^/10

discovery persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhiliaoapp.musically

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhiliaoapp.musically

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhiliaoapp.musically

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zhiliaoapp.musically

com.zhiliaoapp.musically
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4422

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhiliaoapp.musically/files/keva/global/keva.gxi

Filesize
128B

MD5
f09f35a5637839458e462e6350ecbce4

SHA1
0ae4f711ef5d6e9d26c611fd2c8c8ac45ecbf9e7

SHA256
38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca

SHA512
ab942f526272e456ed68a979f50202905ca903a141ed98443567b11ef0bf25a552d639051a01be58558122c58e3de07d749ee59ded36acf0c55cd91924d6ba11

Download Submit
/data/data/com.zhiliaoapp.musically/files/keva/repo/ab_repo_cold_boot_muti/ab_repo_cold_boot_muti.blk

Filesize
8KB

MD5
0829f71740aab1ab98b33eae21dee122

SHA1
0631457264ff7f8d5fb1edc2c0211992a67c73e6

SHA256
9f1dcbc35c350d6027f98be0f5c8b43b42ca52b7604459c0c42be3aa88913d47

SHA512
18790c279e0ca614c2b57a215fecc23a6c3d2d308ce77f314378cb2d1b0f413acd3a9cd353aa6da86ec9f51916925c7210f7dfabc0ef726779f8d44f227f03b1

Download Submit
/data/data/com.zhiliaoapp.musically/files/keva/repo/ab_repo_cold_boot_muti/ab_repo_cold_boot_muti.chk

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit
/data/data/com.zhiliaoapp.musically/files/keva/repo/ab_repo_cold_boot_muti/ab_repo_cold_boot_muti.lxi

Filesize
64B

MD5
3b5d3c7d207e37dceeedd301e35e2e58

SHA1
c8d7d0ef0eedfa82d2ea1aa592845b9a6d4b02b7

SHA256
f5a5fd42d16a20302798ef6ed309979b43003d2320d9f0e8ea9831a92759fb4b

SHA512
7be9fda48f4179e611c698a73cff09faf72869431efee6eaad14de0cb44bbf66503f752b7a8eb17083355f3ce6eb7d2806f236b25af96a24e22b887405c20081

Download Submit
/data/data/com.zhiliaoapp.musically/files/keva/repo/ab_repo_cold_boot_muti/ab_repo_cold_boot_muti.mmb

Filesize
56B

MD5
e3c4dd21a9171fd39d208efa09bf7883

SHA1
9438e360f578e12c0e0e8ed28e2c125c1cefee16

SHA256
d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb

SHA512
2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1721917245511-1721917250950.allData

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1721917245511-1721917250950.ctx2

Filesize
802B

MD5
edce16fa6efb565a7163b5a4caeb46cb

SHA1
7d50ad99de168f0f2a5e23d518ec4afb03b0a687

SHA256
26ac5407f2923cb47c895c59c8b8f88e593a44e81d2116d34c660783e569c5d3

SHA512
6ff9fc5392929c0ad7b971d8b48187b8061046331cce60784db69cea7db81cb99438d489b120ba7e0adf0989edd27c48ac0ab2e38ed3d73ba8f1e0bfa82f66bb

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1721917245511-1721917252062.ctx2

Filesize
802B

MD5
432a702f9da0ede34bc5c325194c44dd

SHA1
c9f1524ba3b8f00db3748a71bb7e07f45b4ec43c

SHA256
b182ff4be964e3e0b5eceb4fca65e810f43f6197c8c5891fd144026d4a7627c7

SHA512
1fae6295c464e7b59ab263728d4e2c985d79fb0c914f6f85ae40c3b521e023cfefd1e19b07a28919650d7723a139215aa61f4d225e048ce70e84804c9a1f3378

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/configCrash/configFile

Filesize
3KB

MD5
42e46d0bcac8ae16febcc4a37e3d833f

SHA1
b77a17af345712a2cac0465a8f3f1e8b30e5b6c2

SHA256
3121311e5cd65744e2945a13998acde6b08d9c73133f5ec37a8eadaecb8dff3a

SHA512
6cda8bb01e32786cb3643493ffcdcecd2c12b9b555f2647e6876fda7fc1a85bd1bcd15955c2118af008ecb5edbf7611ac936df5c9d273f743e91d1de671a743d

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/configCrash/configInvalid

Filesize
53B

MD5
89a399abe9c715bbe6ab114e472d6be3

SHA1
0e96db49dec95afb67bd5ccf3dc548fd94eb00e7

SHA256
d5b71eab39980f12a507fc257aef36d25656b756494acb7584bf4e4bc9f89743

SHA512
3b28c5e27415fe0dd80ad77829f964cc6b3e55931bdb8d6ce85fc56ef991f3705de355c53b4a18d8badfc844180cfb6c28ce1fb799c800b12195077a47bc4866

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/pid_tid

Filesize
2KB

MD5
be14716fb9e532f088332fcb27298e3b

SHA1
69a2b240bdaae91c14dcc984c36738bb42fc5ef0

SHA256
05fbd2bf700aa252a4b1841f8043d6fbbeb64df0cd09fceb01e2bf0f7a3f1adb

SHA512
d35a62241c8d4090e2a4fa192b74d0336f304be4f5680e291b9ba75f7906ae70cfc57b284499c4ec93cf1e585b70d93eb95c65354596f86c0196f81227f0bf7b

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/app_start_time

Filesize
13B

MD5
c7656b1f184d88b30b37d46b57d2414a

SHA1
c1961dc962a256f7692ceeadff75ec85893d322f

SHA256
fe23cb9cf25a7eb769a9019e653b2e93799d6f1132844536bc528eb71cf6e293

SHA512
a264f0585df6b7fbf2bec4c0d41cd12c2d083d599a0c0341d9738731a63fa2273f9e86455c0e14c58125f8c327100c734ab62d2cb7a38e0377699bf5dfa69cb7

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/cmd

Filesize
24B

MD5
50ef9f5a0f3fc24b6f0ffc8843167fe4

SHA1
cd9b2558bcf52078c64242e751017419651181d9

SHA256
47f7aa1df82bc1b22c8bd4f539f704ea51ca37b8260f02129c096b736f86f104

SHA512
351a8597cef0227e433991befcdd14bbf304964161fdbef54d74ea2ee7ffc1374ed4ac3cb5cecf7c3812eab0fe75e6270bb8d6cf790d2eb94f4043c6a1761707

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/procHistory.txt

Filesize
120B

MD5
b29fa54afaa3a1e74ea85e9adb760f73

SHA1
b79d2e8e026fef33b8696a5218b287231ad8b955

SHA256
25e411936d471a60d7dbcbeca01dbdf1bad6c861c718945b73a7bef49d1bc579

SHA512
f465cdf1ab00d6e30ecb20c8bd7b5596ba2e2bf32e4a5d042ed07cc88c0b90e4d296ef01d39f6ce041638b608a9635f7675d9d2a19b8825aa0257c591702b9bf

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/procHistory.txt

Filesize
119B

MD5
07acad00b47c30d7cf0b609cf8e69f49

SHA1
03ae49fc2a5256b78ccecdd71b5de7c680a95681

SHA256
a1e8869dc604e1e6cbdc0f2537f1e8b048ed3215827d64f695ab9b4e7bbeb0d4

SHA512
2ae3660c7226d512cf5fed15246075fd89c8d20fc52cfa1c6636575910762152e335eb1d266ab92b643916847523a61b14a06930c91ed811b7bdf97020355002

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/procHistory.txt

Filesize
120B

MD5
af0ef17a293768a4d3400d0d8e025fd0

SHA1
b30c694a18b53e52e3fc14eb30607e23b67c8320

SHA256
4d8d760b037a1588792b454899fd872d2c4ecab5ae1250b0737a2605eb99a692

SHA512
e9a8e86e18c19cb43e16a2b854b8564806a5873ec42432576a328f9582d611feff62c693404b1d69981393d02ade9e2fce7cf61ab36a229050bd45f6b27017d7

Download Submit
/data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4422/procHistory.txt

Filesize
42B

MD5
ec15c4ad6f514540beb9900b94607ef3

SHA1
cff61132f3d6608668c3db164ef561ab3dc13671

SHA256
508251501f8f36249862ffb8ed8d94ad4138c73ba69125f12383894744fac8d3

SHA512
fc3f935224963262ddce8541a77ce1f45c2a872aff4902f12a09d28017990fddaef4b937ea9f1636c6048673470ace3c96ae93f3b29f7cb55a3691910c402272

Download Submit