Overview

overview

10

Static

static

10

c1f5a50625...18.apk

android-9-x86

7

c1f5a50625...18.apk

android-10-x64

7

muzhiwanapp.apk

android-9-x86

8

muzhiwanapp.apk

android-10-x64

7

mzw_d.apk

android-9-x86

mzw_g.apk

android-9-x86

mzw_g.apk

android-10-x64

mzw_g.apk

android-11-x64

stasdk_core.apk

android-9-x86

7

stasdk_core.apk

android-11-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    181s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    26-08-2024 00:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    muzhiwanapp.apk

  • Size

    6.7MB

  • MD5

    f166fff17a539f053550965c87c42054

  • SHA1

    8be071793576b6e324db218f02a017439fe826a3

  • SHA256

    efa8e431c5d5b3bda3cfc0da4392d14ef447643412bbea22536a155c7aae82b4

  • SHA512

    26869689b5a58e52e63d95b07cf04f560c4580e9bd408a432a61acace492201ffe93cb7e4166a360530eff8fa3827ae0df83ee43e30daa7f670010d59a8bab8a

  • SSDEEP

    98304:thCSkJBDmTuhW+7eF0JUQ4KMB6NQP4WfxRENHpxPOJHMMC1dh4Zadvtvc8Y6dtR3:nru6wUQMBj4WfOHp+HPC1z4mkKdYIx

Score
7/10
bankerdiscoveryevasionimpact

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.muzhiwan.market
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4999
  • com.muzhiwan.market:mult
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:5042
  • com.muzhiwan.market:mzwlogservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:5096
  • com.muzhiwan.market:mzwlogservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:6180

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.muzhiwan.market/data/mzw.apk
    Filesize

    17KB

    MD5

    e65188742e10046597a4c648d045699b

    SHA1

    37b2f1e3e89d3b0d8683737ccae2ee725e82a312

    SHA256

    d0990058e5204d1a1bde2eff40893cb49d1e8972ee9b7e1b03ae35ac3cd5df8b

    SHA512

    3859b177492c74ec9448f7c57cf37beb7c747dca9580125cbd7c2e1f3a7761a3736072b1ec2ee14fa1f844f13df4163aa167b5cb9010e7e7fd00b2724553d481

    Download Submit

  • /data/data/com.muzhiwan.market/databases/jpush_statistics.db
    Filesize

    16KB

    MD5

    d91f65c011be3ca7fe405b41fa7535fa

    SHA1

    4cc94987e541724d9c96a33c90ff8fa914843a1d

    SHA256

    b592cb7ad9201d2a3f11a33c599902bbdc105dac38d28a25fddfab71aa15e06b

    SHA512

    065a3a6e9b6a2b1086c01dcb3840b46292d159546fa8b5dad5db2bd84e800ca818c9ba2c153f657281cb4626106313ca5ad8c10b2fa72061fd6027353b2cc4ed

    Download Submit

  • /data/data/com.muzhiwan.market/databases/jpush_statistics.db
    Filesize

    16KB

    MD5

    43a745501accaf70c710926818f040a6

    SHA1

    884e4d4c2b08b2bab4b01b25478b7ac9976ab094

    SHA256

    25c45e26734aeb9e74d70340d764e5d304cdbbbafb4b07bf92a630ed106478b3

    SHA512

    db37d1ab8d1b6e7bd06c68f2f71a920516289b65a96f245d18f0e49b5b738c68e5ebacc76f97c65bef7c81b278d77adca4a7670e3325e3941cb0e39257dc7fe7

    Download Submit

  • /data/data/com.muzhiwan.market/databases/jpush_statistics.db-journal
    Filesize

    8KB

    MD5

    a44cdbcf5e2b9c7e3b0eeb2c3e842b14

    SHA1

    230591a2bb940bf1eb549c30c444597817e0415d

    SHA256

    22d332d184b18303e05adbd91bfd958edc44d042dd4ff342d3646eba134fbf22

    SHA512

    bf60e939d220de0909623d06b2827bfd79ab0608c78c9d2e864e33f0784400e2386954e178245467393434bb25bd1a7a83a05d7504a497dc229fe8c9752cec36

    Download Submit

  • /data/data/com.muzhiwan.market/databases/jpush_statistics.db-journal
    Filesize

    20KB

    MD5

    e840f62f20cce1ce255ee5ab95324d26

    SHA1

    79015a1f6a2b10240bd8bf0cc2282e2e8f11be33

    SHA256

    57328860795cb73eeeed0adb52524881107cc9d1d4068f2715c590e75768c616

    SHA512

    e2233197681fd0a721dc502ed2a391243ed35067b4a6dcad3f8ef4afa0e2c7173c7e348e1b2f5b380aeeac9e3559f63bc9c5c87b906eb81a07a25624e1d4cf1f

    Download Submit

  • /data/data/com.muzhiwan.market/databases/notes-db
    Filesize

    16KB

    MD5

    2667900bf3b5ab90121d0a3ff8ade390

    SHA1

    d82120444613139e2f4547f2872aa2c95ed9dbf5

    SHA256

    bddb108ff2c0d509cd953c8dfb2b7c4e838d205291a4da8ab6c65cb98986416e

    SHA512

    03db7a94d3760f47c9546e3c033647e853a984385e871d46d056509b8812422a2a3389551c30ec5a9360cebb5e1786315c6891611638c60642d3107dfd8006c3

    Download Submit

  • /data/data/com.muzhiwan.market/databases/notes-db-journal
    Filesize

    59KB

    MD5

    e58dc40885dac40ad368f5a573a01609

    SHA1

    4a9e522d1ed75c6485b0d621f93f54191e402d8e

    SHA256

    2bf6ae473297ac9f1a6256fe33d7ffd67ad380ef971d2e481a9b4a7f778fe119

    SHA512

    663d2c496a5003f644a4568eaf21d27e20e882d91d0e8cf19d82e4a7ffb15d09b360effff69d25be2c521cf03c3df3783c21ccdabf8c0266a221d23f78e7fefb

    Download Submit

  • /data/data/com.muzhiwan.market/databases/notes-db-journal
    Filesize

    42KB

    MD5

    30abf308defec31d64f22ffa578c7235

    SHA1

    7ce81072b4b66fc0036b877c73d956af98d7e9e2

    SHA256

    67cb2fc928251d360105d58e1588e6ce485afbd828159c76381a6d9fde889f69

    SHA512

    b28a853a86a5c4ce5306738fc98473e12272931f1bc2e384ff0e2fe48dcbcb9b8ba675f728813f4f67225630d001eded5ba21b629823111e4544f235d807f43f

    Download Submit

  • /data/data/com.muzhiwan.market/databases/notes-db-journal
    Filesize

    42KB

    MD5

    822bb47b10de8c8e2e4616ca3c39c49d

    SHA1

    4735f8e61f1128ded48c77df48ae196a7fa9dba2

    SHA256

    737e06bdb66e6b479a03aa141ab5df48b728501c8e262dc1d1469050831285f8

    SHA512

    cee903d34bdd211eab4c0f616e5484d8025e89c2ece295f389b81bb17e879a84713d30c4b2a15c78986aae2129ecd5af1d423ef98f09f3ca2e20189cd32c47ab

    Download Submit

  • /data/data/com.muzhiwan.market/files/install_file_dir-journal
    Filesize

    8KB

    MD5

    06ed0ef1e7f57c5b22ba956361046356

    SHA1

    649ae85c10058608f5cd460192f4c156275773c1

    SHA256

    0984b5bc4b281e73e393839f46a0ece05832f51230fccc58076bf48e01b12ce0

    SHA512

    08acddaaa6972afdb391f9d5414d7997320ae1aef35f28997056578187834ce26169422822661aa1fd8f241d6d2d5c3120f2a69c6ea38fa14e62d561ec42c03c

    Download Submit

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    12KB

    MD5

    5c007f1afab0523c221527e3c03401ef

    SHA1

    9e3f243b3ea1776ed75e568a8b8810d1c774d4b1

    SHA256

    f70df5d30e34e3b3ebde9894023a48574a4f9fb9f97c8dec93f2cf770a723c51

    SHA512

    e194940cd9fcf34cdd4b65da22cecab5f5af84229e53f8ee8c4df21290a635e9cb35d82259c17033db641601019a27a840faf62a69568cb54a27120f8aea6e8c

    Download Submit

  • /storage/emulated/0/data/.systemid
    Filesize

    5KB

    MD5

    6b59dbad0338efccf77158fabc652de4

    SHA1

    06fcce5921edcad0a029f8d25e0ea25e6df641c9

    SHA256

    fbe218920914ccb092712d350a49a96757b092480ea2ac1cf5ae0643af3897c3

    SHA512

    71e80a234601892e090366a95b9aff189b6b8e384a974a45986163ade9f607c44f3d21ebb059c56b87f8e202cdd4821525f2655cfa2f674201befb0be414c161

    Download Submit

  • /storage/emulated/0/data/.systemmac
    Filesize

    8KB

    MD5

    50be52edee442a7c2b5c9f3f96fbf831

    SHA1

    a951181d1ac5d28dbb7b5150e83ebc603fde087c

    SHA256

    3ba0a69c45f351e6d2c42f62f60141e85e3d44c5d403127fead23bd152c7bf5b

    SHA512

    d06c74402c5c614b17bd3985732b9b9f704417fdd6331b74a5b57896f8abca80ecf0a7aac56432f41557b93c4491aa54a4f97e55fe032b9f39e85cd25db5ff84

    Download Submit