0bbfa6c51a4c8a89efac80b50896b3438c32ee931bf6b6e578ed7ef9e00d1b29

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
14/08/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NP MANAGER [LZ7]_.apk
Size

33.3MB
MD5

23d39cfbc0f27ff90922ded7c8aeccc0
SHA1

725b088fa7ed678be8be341ab124ff19fe74eccc
SHA256

0bbfa6c51a4c8a89efac80b50896b3438c32ee931bf6b6e578ed7ef9e00d1b29
SHA512

747b4e56f19cf8693c84fa436874de42d907217282025d42c080e15e8351ae1e40ccb049087e6c58766b51741b3ffb82b4814a2070b4dd80057bf06675d17395
SSDEEP

786432:q0w1LFHiRPXqGC6204ShYWsPQB/uaUThQjDOKJm+pihxPI4kNY+6fmPM:IL9OPXvC620zPBB/uzTMDOmm+piTI43r

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	player.normal.np
/system/xbin/su	player.normal.np

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	player.normal.np

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	player.normal.np

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	player.normal.np

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	player.normal.np

player.normal.np
1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4642

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/player.normal.np/app_UApm/5fcd03d319bda368eb48436f/ready/4642/wa_none_1_1_4642_6007_1723604053360

Filesize
731B

MD5
d83ef691ffaa458af729ac7a689e45a6

SHA1
222f9fd7b25c60b626a489435c6547f792d31a4b

SHA256
fa8a44592ba00dcca18408b748ac6343222cfb6ae12bdd4a7c70cb6d3f97978b

SHA512
5ab0faa99143dc0ab3d1948002dd6b519d5c74af697c5319a9e7ffa825b4f3235d96c2483fb073a9bc439d909f0639d6033378d343f236a3278e5af2156766af

Download Submit
/data/user/0/player.normal.np/app_UApm/efsid4642

Filesize
36B

MD5
4a6ea89f60253e1d8af10a35101dcd83

SHA1
02debff493d9e42da9fbd55e740287dbc339ceaa

SHA256
8cf336dd5ad2f41d18346cacc0892bd5f782afccc02895584827532789fcf000

SHA512
adeff5626c92b107951f532ed007f877171782eece0218d69b818bb137b411e2ee8304c969c713275f1cadc712d500a44b83d57d497a8aeaff600223b4c0feae

Download Submit
/data/user/0/player.normal.np/crashsdk/logs/5fcd03d319bda368eb48436f_3.0.33_afe10e7e_Pixel-2_11_172360405303535641_20240814025413_bg_ucebujni.log.gz

Filesize
163B

MD5
d7bb73796ebea2b6fbbf7e66a79d5d9e

SHA1
effa393ab2822c888de56acc70b5e74b41cbedf2

SHA256
57d59f399c6938db80d875c4adf4e44cbc5fe0716621e94a2e7988c589dceb22

SHA512
91bfbf1fe9474a4af10e6a9c4e34b1310860b753ede1f0e638b0028bb71d928acaccc1c75cb6ddf183751b35d84314a90fe0c627297ce4713732096c104b0565

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/PN0LAMRON0REYALP.ss

Filesize
1B

MD5
92eb5ffee6ae2fec3ad71c777531578f

SHA1
e9d71f5ee7c92d6dc9e92ffdad17b8bd49418f98

SHA256
3e23e8160039594a33894f6564e1b1348bbd7a0088d42c4acb73eeaed59c009d

SHA512
5267768822ee624d48fce15ec5ca79cbd602cb7f4c2157a516556991f22ef8c7b5ef7b18d1ff41c59370efb0858651d44a936c11b7b144c48fe04df3c6a3e8da

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/PN0LAMRON0REYALP.st

Filesize
30B

MD5
2f397dfbaf1fa827a4dfc3bc55ccf18e

SHA1
0499cabdbacda0436087b84f82b9813f096e7bc5

SHA256
81223dd5742c32b280759ee584c615b5b7c8326608e38d0c9b8c90ab4c449da9

SHA512
0455830b5e64e4292592fc0acfd47efdac96a0350d05b5cf22538810eb63d2f2f9a6d4d25ab79bbc908eef132d7c998fde72d693f8691f9e3f37350d5e52cdce

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/PN0LAMRON0REYALP.st

Filesize
30B

MD5
de112c67aeb34a80208176bdef07b8df

SHA1
992217f5e3d3ef469e4036bd733e703dbb58b72a

SHA256
deb50415c631dec82543271b134cd69bfa8248ebdd9c66ae62f2fe2c493a59a0

SHA512
237e2fe6196c255935953efeef97e911efe030f49075fae7d8675ee5f9a8ed660595b07deffa5bd67d1796b9b89c7aa5554df03f2af6231e1802ea57e8bbe76f

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/PN0LAMRON0REYALP.st

Filesize
44B

MD5
89688f75ab27a2773a658367fab51dff

SHA1
af21a80a41328fa0fdc9843493ec916622e06789

SHA256
ae21f944f1b4c7dd7d66252201f782fcb01ee9815e525b48a0b121de409a7626

SHA512
19f7f61eaec2f474e5487238d563b15529b3bd9943f476002adf541d5d96068bdaee59e6ddfc5a3054afc20cb07153a8aa10d79cba2855e3f8112ad4265cd2a4

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/PN0LAMRON0REYALP.st

Filesize
57B

MD5
ea50dd1a3751c724c1fa9a50c87c694f

SHA1
98c8af44958ec6653cdc5e2ac02a90c246b1b84f

SHA256
9cf79a97dbc41451ebd3eb4a2fcefc0fe2031dd1cdc5919fd93d22b87d330c1d

SHA512
89caa5809da672b05fad1f27c176fb28babe8814bbfd17598fc7af02a1c642cb4affd7c7b002b6f1d934f27fe51a2c34c5a8ff09b743586119bc27da5a8e1413

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/cr.wa

Filesize
46B

MD5
18107ac0a8f26a8e55d825ec24003374

SHA1
18cd566a83c3c1e1aa6cfba7e700a280e6f132e1

SHA256
d9dad6b450db54df4ff7a86d0f386167b5ced68de0613aa618587d1096066b1e

SHA512
fbe2fb90ca2f6e28bf59d2ec5e3e5a187931014ecb0a58454a3d4013241a1ead2d5ede6d97235c34833440ba3784df541808b383e4306c427abaa8415065d8ec

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/dt.wa

Filesize
34B

MD5
2978d030efd14dfb9fafff8126157f60

SHA1
344e30082ff7f540e34aade1d76ff6d1122ee917

SHA256
55bb59697fabfea6c28cf97998e7845736d7fb217f216a8630096e24b7ba644c

SHA512
dfb16a1fd2235da52f939a03e2cae559fffb3f137209c35235c7fb808d056e4a4dc0dd4ee72a033934756d9767c3a7103da489b34abef4a017861d4defb8e744

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/unique

Filesize
36B

MD5
c300e4ea46d1ccbc104bfd7ed99744f7

SHA1
e98685ccbf245b14333c57063d1b019696d45050

SHA256
384d07585aee2fd38bd260beca34107b64c6a9a0c07f609f4f5e005e8ace183d

SHA512
539357c8b4b16145fd0968252a1f93699160c45dcea0d2d31baf0acf4a96cc5c685b963f410c0b1b5e71e5ed9fd75eb5e6cdcc6285a6e2961208ce816c515e75

Download Submit
/data/user/0/player.normal.np/crashsdk/tags/ver

Filesize
25B

MD5
19ec79df70ecf4f2c9ca1c0e7055fd41

SHA1
13d5d02d0e20fb214d9c842dd19cb8f938b622d8

SHA256
7ad5a41c30e31a5e44720ed9eaf24dfc6a4b9209ea74e630e782deb7b337bd4e

SHA512
6c195bacf65b5ffa19e2ee87334bb4c1814684ec0f7625ec29772c4304f2d3d61412b0474b4188c4b85356266d424dc89a5087758b771decf9ce53b9e1654fe3

Download Submit
/data/user/0/player.normal.np/files/.envelope/z==1.2.0&&3.0.33_1723604053275_emNmZw== .log

Filesize
301B

MD5
fa5fbcad0dbe044035e0ea1f14eb4714

SHA1
6799bff81684dc46409a961ee1e98c186fa2481a

SHA256
a5bb113d4d062fff81362b61882f895c048fcee93cbe3874ee2465bb58bd966a

SHA512
697389a8741d796e1c92dd2a0dac6836fb8dc335bd043eef09e14675f6d518112b344e4719c0c11f5ac5a27586d05c383e11db1f758cb5e7d72ecdd1ff594922

Download Submit
/data/user/0/player.normal.np/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ebd6fed32ec5a35a80af31b2e8bf8cdf

SHA1
e12f10f25687108ec50cf7d40645ca6052381272

SHA256
ad17359f352eb1b8c366ef9ec1c2a6b08cd31af916de9bc377f52c47f1b9a1ef

SHA512
d72a53f96b7fd925604c77ec7d657a9ef29429d01e3c912644bca03dcf613e2fd8743c738238af7199e73798da03ea02035bbfc7b2bfebe646ec1fcc9b3c245f

Download Submit
/data/user/0/player.normal.np/files/exid.dat

Filesize
63B

MD5
73c58176ad6891e5b24a4d936abb75dd

SHA1
82cc53a243e929c92c4ffb50d690d4df73af2478

SHA256
239ecc426578501f43e836421859b03dce124c5d86c3a56c6df871bde263a5ab

SHA512
5a833e487f071741ba26c6a33310a71975297ef46802b8a1e8a5c003066e296c55811caa2d19ce6f121986ac4bd961b9c7f78b7bcb3a3631af9849bec5ee5ba1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads