2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb

Analysis

max time kernel
9s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-08-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

muzhiwanapp.apk
Size

6.7MB
MD5

f166fff17a539f053550965c87c42054
SHA1

8be071793576b6e324db218f02a017439fe826a3
SHA256

efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4
SHA512

26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a
SSDEEP

98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

shsh

ioc process

/sbin/su sh
/sbin/su sh

ioc	process
/sbin/su	sh
/sbin/su	sh

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.muzhiwan.marketcom.muzhiwan.market:multcom.muzhiwan.market:mzwlogservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mult
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.market:mzwlogservice

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.muzhiwan.market:multcom.muzhiwan.market

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market:mult
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.market

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.muzhiwan.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.muzhiwan.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.market

com.muzhiwan.market
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4257
- sh
  2⤵
  - Checks if the Android device is rooted.
  PID:4320

com.muzhiwan.market:mult
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4293

com.muzhiwan.market:mzwlogservice
1⤵
- Queries information about running processes on the device
PID:4367
- sh
  2⤵
  - Checks if the Android device is rooted.
  PID:4583
- su
  2⤵
  PID:4604

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.market/databases/notes-db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-journal

Filesize
512B

MD5
901a8f499f5dc0b5b155af1fb3802ddd

SHA1
d7d136d21e8376ae3c6c30353d4b6263eccf287b

SHA256
c12be0da3ce36fae172de610d5921ebd0eeea45367822b6510f18b09fc63a0d9

SHA512
088a156899fc6391125a8213b06bac45a493e1a6e87ba444e935297c7b3a1c19580742f44a6a48aa73f6bb308a2021eea41e89d7190ed5e60f297c11a40a6f23

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-shm

Filesize
59KB

MD5
1f78dbf021cc63edaf467200d58d07d0

SHA1
83311b2365856ded1844d9cef2b9b1c4addc58ed

SHA256
fea09ae5bbfb387d5ce84e49acf6ddd7ebc25cf643359f897844c7e9abfa2648

SHA512
2a59cb4fed707d6b5d78c789216bde76ab86cb76d7abfa6c7a4a4fdb7272d099eb3137a98b42a6c55bee4dc85ba664ccffe6ae05218b72eed39fa08739c57d54

Download Submit
/data/data/com.muzhiwan.market/databases/notes-db-wal

Filesize
28KB

MD5
c10a7d66266b8e3bbc8b408181e6ea88

SHA1
964ee0332d4c6f4fe6562728d5d8db2cd672243a

SHA256
e0abeddfa997dd05e46f9cd1d7a66b46e358b5c01b5c9444eea797573afadcb0

SHA512
8450097a56f034aebfc6c3fca7480d2cc78be7feb74df60d0bf6d2efaf006f61f0521ef6c6f88a99184d846218eb4a6a2241903f8566fe5837dc6d36c4bb9cf8

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir

Filesize
4KB

MD5
bf6db0a59d073d18dfb2068f782766a1

SHA1
611fa9851319079f894f43b8bf7fe73ba56ec351

SHA256
6f52c259754bae5b5a83167c3cd69516f1d2c5addbe08a8fe5de1f6a62e5061d

SHA512
ec433f267b62da599975d03028391e0162b33ad19f333297005c189c45ce88a41a53865e869609da0b63641bc418763c0056a8d8490dae3b0b624a0f014fc4bd

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-journal

Filesize
32KB

MD5
0d1256f21c9e337086102120f0763d91

SHA1
62540919fe0f556731ebeb709f4a7017eea062a9

SHA256
c3aaa0e68e285aca1860a88f48ed8b779fbb705d30e726bcecf13f6b57b85b4d

SHA512
a93a3fa38d160fcfe2842eb6d509418c7442a70e4ebf0ed3400e1120734dc74e07b978df6db890c304d756234446f8bcd34e9113e9eea99f4eeaee318cac04b8

Download Submit
/data/data/com.muzhiwan.market/files/install_file_dir-wal

Filesize
3KB

MD5
517afd0d657f0a9f85fa9c8248396189

SHA1
3123a7e4a13e3b6e6b7054636376d6b155a4dc53

SHA256
203edbd4b103b1032f72102c8d8798760e3ce37276e4e3ed2069af9aa2c387ef

SHA512
eb172754f75ee434b1237041d927fb2007575a33487abb05b29d1e1f51585aaa7ede7a2a79745ec75eac5c26cd9e67fd21903f2938819bfd81464458142a2634

Download Submit
/storage/emulated/0/data/.systemid

Filesize
42KB

MD5
9f0e2d895f552c9b96e177b0230aeae3

SHA1
4a973bbb69d50b94ad77b18b57c748e3f1c8eacc

SHA256
45d40c00aa4745344d362b5f88fa779162818650ba20b8ca2a3e77e1e27c7997

SHA512
37aab4849fd3637fa1158cd89c7218d6245e90deac47caa435cfe93732271f315cfc5f8749ad50642222e0be7f15eb13542fa68d99339617aad29b853ca95ed3

Download Submit
/storage/emulated/0/data/.systemmac

Filesize
42KB

MD5
7bc525aa5cfd71cd4d2ad570fd72a906

SHA1
b411e1b345b5e9e4a0e4f603b46277278981e921

SHA256
14b68457395896d3ffe12b777f52fe2cc4182a6c9ba383555b12522c93657b00

SHA512
5f1973360665bdeb536d8dc2a9c5d2077990fbc6fd3653747de9d54c7032a776151f39986792ab57773623a143b2d65cfbb585aa53c823197485eba9e75c8e2f

Download Submit