2b62153c7b521049da195360f2b1669aa05d3a3f0ab1223de5ca539476e77d1d

Analysis

max time kernel
61s
max time network
154s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
05-09-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b62153c7b521049da195360f2b1669aa05d3a3f0ab1223de5ca539476e77d1d.apk
Size

53.2MB
MD5

7f4e489b50228cabb03a30f180957b98
SHA1

20c8153d59d167e9cfbca63560daa29c3e24222b
SHA256

2b62153c7b521049da195360f2b1669aa05d3a3f0ab1223de5ca539476e77d1d
SHA512

c7591db0338fcb1de4822aa14427bef88f2712f2d19a7b2dac8d4af6b7b6737069ef180650d9ee48f75359441368307080a5a8a54d9beeaedc39770b4e5277c4
SSDEEP

1572864:0CssSAeIYH2xWJCCsXd+f8imh70Yb2ajg:0CssSAG+dYTC2aU

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	mmii.tssst.appof
Framework service call	android.app.IActivityManager.getRunningAppProcesses	mmii.tssst.appof:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	mmii.tssst.appof:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	mmii.tssst.appof

Reads the content of photos stored on the user's device. 1 TTPs 2 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://media/external/images/media	mmii.tssst.appof
URI accessed for read	content://media/external/images/media	mmii.tssst.appof:remote

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mmii.tssst.appof
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mmii.tssst.appof:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	mmii.tssst.appof:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	mmii.tssst.appof

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	mmii.tssst.appof
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	mmii.tssst.appof:remote

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	mmii.tssst.appof:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	mmii.tssst.appof
Framework service call	android.app.IActivityManager.registerReceiver	mmii.tssst.appof:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	mmii.tssst.appof
Framework API call	javax.crypto.Cipher.doFinal	mmii.tssst.appof:remote

mmii.tssst.appof
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Reads the content of photos stored on the user's device.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4450

mmii.tssst.appof:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Reads the content of photos stored on the user's device.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4506

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mmii.tssst.appof/databases/shiku.db

Filesize
4KB

MD5
887c8e9557731775a46e74ab3dae4952

SHA1
92f512815ed95860227255984151e884d660eff9

SHA256
b189f451ec54550ec423f94446d94f3ff6c8dfdb66005b1d1949247309a6ef3a

SHA512
98ff4b7ed1094c96819f62462e1e4f295b373954884175ffd15c9fb9a54397c4942e5d1c5c59ee66346815e8782e6947601bd94d05e5733468341481d4c53635

Download Submit
/data/data/mmii.tssst.appof/databases/shiku.db-journal

Filesize
4KB

MD5
ebc514a041ced4e28c75af4c47bed960

SHA1
c3c6739b73ed35de24db0dcbe26ecbef761623e7

SHA256
fed93de6eddce38f11913889c50cb37ca26c53bfb24224650fb3c6bc00cc1830

SHA512
ec8c2422312c53f8e8f915820c559a99f82562c5a6f790cf407b1242f8151170b1092ca84570dd5c72d9d27859de01bb301d09ddd0836b6c52da1be2cc516576

Download Submit
/data/data/mmii.tssst.appof/databases/shiku.db-shm

Filesize
36KB

MD5
0cc0d42963e31da6e664783af319870c

SHA1
f504bd911494997c858101b50c8ef30ea3ff4813

SHA256
c19e7789fd09bf871c2542764676c48909935eae5afd0e48c7a37c41e3f7fd36

SHA512
8e244263d7a89f3adf51878e3b688253fa8bbc04c0d69ce95d2221c0670fa67398da130f9b5a7e409f2ebe048d34fac34f78af7fa46abca174663b1b93ac3e26

Download Submit
/data/data/mmii.tssst.appof/databases/shiku.db-wal

Filesize
181KB

MD5
c169cb2d52b3dea47a67ac14ba8aabfc

SHA1
20ebd5155572f56649637e7401a4f3b2eabc3c6f

SHA256
ec5a82582ebc019ddbae125b1d533e89878130567cfebceab2186a7719e54830

SHA512
70c254a051b9fc82cf2fc4575bf00eed6af92d9a905080e684587a124df0646320955e1501be2612d08a3fc0c31646696ddedfcbd5472413ad163aa282565c12

Download Submit
/data/data/mmii.tssst.appof/files/lldt/firll.dat

Filesize
76B

MD5
6c9e7039a3a3996b25ccba5179b4fd28

SHA1
68aea135715be1ad5523b60858eed1ae2f485c8e

SHA256
73cd5d8a344d7a7adf5e81a05d635fa504e678854ceadddf3b5acba0cbf11708

SHA512
e33026e1f21cc75ad3fed95afd1b1c5b940a9f49ca3206b6eb0edd412560c022547e11877ac84f9af186cd6d26b51c33054953416d1dd9c676dd3e6ab6125bb1

Download Submit
/data/data/mmii.tssst.appof/files/lldt/firll.dat

Filesize
16B

MD5
fd2cd9af24ffd5a533608fcac55ecb36

SHA1
e79ba9135f04bc33aed8d401d2ce93753c19d26d

SHA256
2433e43c9c958c3900ab586b55c130dd48960e4068f286afec6178f913f35e34

SHA512
1f4ccefe045e2805e085859ab3fb7be037dee4782fa5f2c09673262e46b55f517ffa120e71ba62704ccc36cc3722ea6d5a582e90d0ead3d6f4d7b32840ff12ca

Download Submit
/data/data/mmii.tssst.appof/files/lldt/firll.dat

Filesize
16B

MD5
698db058ef881fdb45f53b63b5052951

SHA1
bc65bf6d32cc0b9bbfb1cca5c7385746c7639a1f

SHA256
57de33b55c8dbfbf164ec1c35a785e0d12af9a7d25fb9047c7b8f98084472b45

SHA512
7e06a54ad2d2dbcbe322a8b846230c3ebba9f6a62a5233fdb7370847143f0bb53b2662734062dae60eeeb8fce2ec85d5d8bbd19aa9dcbd8aa40b17dff62472e0

Download Submit
/data/data/mmii.tssst.appof/files/lldt/gal.db

Filesize
20KB

MD5
d28bff742fd555a00513316b7919466e

SHA1
32bf03b5a5964f08d01e024a5e1e369ae8ff1ea3

SHA256
783622879994bf599fc7bf3335c8074d6cc6fece0d3c4cce479fb2b073d275a2

SHA512
12bd63ec198453ee7161574b3b319e9cb919b10c2939f8e1407c3f27b2ec2bd08b3834e94cbae417790dcacba2e1a66b688f688446dfabf24453ec2a4d26d137

Download Submit
/data/data/mmii.tssst.appof/files/lldt/gal.db-journal

Filesize
512B

MD5
91ac4e88ab792897cb2ba2589e2b6036

SHA1
a382eb47e5db07c9dfa4678dc149c295dd80e613

SHA256
ad7e72eeb3168ebb4f49dc66aa2ade5995bf813f6367021f23cddbdd91959fe5

SHA512
04dd5f82d94441f3ca4658b99e26c47519ab52d6ac04428af096f7a221caf7a8e85dca151bb49cc922d3d5c045553765eafa3f0fb2ebcd3b1fc0654e29288aa2

Download Submit
/data/data/mmii.tssst.appof/files/lldt/gal.db-wal

Filesize
36KB

MD5
fb0cea24869e175ffd2d8ccb4cab80ce

SHA1
be97e08d2ae1ab237c03f75f8df1a5ad24385f3a

SHA256
48b8022c47f45438ab74b1ce7ab2cb6bfbab1ef18ec937d2f976101d8c4b8bda

SHA512
62bd0e6c9cb230ea443e0fdc2d0e338a81aa2b331fc999ae00462e65cd229da4cfa5f329baf72cdf5e2ec47160b02c87e2bb902f85d4562b4111d0b4f3b99724

Download Submit
/data/data/mmii.tssst.appof/files/lldt/grtcfrsa.dat

Filesize
801B

MD5
7c366ea8f849e91e3f0f3093867b5c33

SHA1
88bb005e5643134f8719895233047017afe39800

SHA256
d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9

SHA512
4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Download Submit
/data/data/mmii.tssst.appof/files/lldt/grtcfrsa.dat

Filesize
206B

MD5
6d613136def26031e18f3f404299bb7e

SHA1
14a7a4a3309b932512dad59dbdb35503845e60c0

SHA256
58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

SHA512
89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

Download Submit
/data/data/mmii.tssst.appof/files/lldt/hst.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/mmii.tssst.appof/files/ofld/ofl_location.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/mmii.tssst.appof/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
0c80ae9ff54b58c5dbde28f32173d838

SHA1
3eeac1f4f02b36e8ee071fb4941d537ffea821e4

SHA256
e8e2880edff16516ed64ed6e3d12e6fed856f012f04c47bcd3dd66772118cb06

SHA512
565f8d1d6cc5f55b5bc4caeb1cca2d9005b9234d9dc77e807534af21cc9fbb21f5a2726e640cfbfc5442721122b6554a8ff05894590bd0cf4a47169837026d3f

Download Submit
/data/data/mmii.tssst.appof/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
11ea9d1cb36ba9fb67e19bed94b6cfde

SHA1
084f297b29bf5cb2e19de5f60eee804b5e92db62

SHA256
4ec4b6ff23eb6709eeb73922524d2b1bb7b274e1fa9f8c6966c01f92be685318

SHA512
536e1a204c3cc3581deb817440a65e11e8511eaa9cfb8f03665bd84a638bcc9270d721c2ef8f54475844fe319dacbdc67b8f1a0a2f0a507b8b6bcd8012bbe4ca

Download Submit
/data/data/mmii.tssst.appof/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
f62071f1beb40635597c3a5135ff5dd3

SHA1
69b75428b60ef49241d87522a4ce523a8837ad38

SHA256
2972bb9246254c2fa30d1f0d374c64208220d1e54cc7e2c7ea78f826af955d68

SHA512
9f76a0cd3e8d4fc17c1361523eb80988544d1d237a2f5fe1e4d3ab29e7ddfb24cdb7c13c0d5d290baf7b89d2e46e7d561fddba2afcb9e73910c406389cc77a49

Download Submit
/data/data/mmii.tssst.appof/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
cfd5b77901249819e2b67d29ce83fe23

SHA1
d707231dbc7fb0c1c6dc3060b9b0e4f75ba4023c

SHA256
541e5035f663064147a0687eb25dd1547b6b327f045d1432c6b2efcc8ce38990

SHA512
1f72ecf373c1e97c36a0044223b853e96f6d513d7debb3ca6230d85fdb913010e416bf718ba18439490595958e82c87328107b4b75898771a5b6a9d813fa50b1

Download Submit
/storage/emulated/0/Android/data/mmii.tssst.appof/files/tbslog/tbslog.txt

Filesize
22KB

MD5
b4eb60bab83dda3d5ccc8ad7357a0877

SHA1
48ce2c4acd99ea7939abc905600851ad38fb63b9

SHA256
b8e790c8c76bd76a6cf767c4db691886ca6e7ead8ae33c80d8e4adeebfd28349

SHA512
01dc8897727d3b7fcfd2a05a8848fa4d39224945cbec3d0d346cd3ea1a06943e048046277d1fd7298ae3bb05fc068f9e02594ecb6dd770f25dd9421f5cc002fa

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
153B

MD5
233e45eddf145d6aad78b9d5ed0c4c32

SHA1
02b8dad49422e112612c203c16c24379096edadd

SHA256
8a8c3c2b879206fd52da7f34d3966d7fc991ae9bfcce76828e3196e13a4f9d76

SHA512
9f8ff97c10893ca9a520d2529be1847eafca78eccad2b66697632e835d56d41311fc9978e3a426ff4e1a1ea2a46dc5ed6249e8179245bdd756e5a0d2220e5053

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
7cec6c60c90f44cae04dc3d8afe13528

SHA1
208087af6fe976f664bc74da925d90a41ef61555

SHA256
5b1c7b30299d195ea0e15cde1b0ac3d8119c351ae6cc351cf10693f5694cf4a2

SHA512
d8a8fb720209fd2b0aea1826a642abd27b76d1d2b5ad2963fddc901a663ba2b9a9d53302fa8bf7a8da22fcc24c8449b848d9683038725d2e9700b426d4ee4fcd

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
a1491614064d16ffd64f6efcd2e293e5

SHA1
b1b87bd40d133c4424a3723e5234da87bfb3996f

SHA256
eb536f1ed54447eebedee6bece7a9a70723213ad7e112998c299adf8ed9881da

SHA512
f5af21ebd8910482b7669105fac41b6b2f1b5c8d96089672382cc19e06c45bbb102dfc7ee2554890911ec13d8bf83e67cf9b97b536e7ff2efe3d2c8514aa4770

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
4dc813c84371fa9e062750b86224b06e

SHA1
5c416a2980328ef817f0f8cad8fb02fd8718538b

SHA256
5e0a875284469fd44e3924e50fe351e39dfbec24e716a9f79ee8ecf4ce2ee6ce

SHA512
99d0858c9548ae215ce7b41178748af91ce56edbe6bafe23b7669d513efeec4a58710fa3f614820ac4e42f00e49b5209edaf44665c0299e2f3e3081255489a16

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
42313ff3c055ad46576b382c5ec0671f

SHA1
55e7e1957ca7c2d36a723774ca474dc4050b7bcd

SHA256
bb380d09f8f79b67aeb6bbf9dcad7472faebf46fce834b89a8fdda12ac23f079

SHA512
08d9e6c617a13d2d0d0ee8ff7898450ca69b48792fa6fdedb468a2f11568a7029957909e4661d2b42f42698d590a6167348e80294a897e6dee5d7761902792a9

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
09683841d65ab4bffe7df304e81c73bc

SHA1
7a270f51b843b07ab62557bec51ff1d16b10e701

SHA256
720572a529d0212f9c52dbf807cfd5feb3891bbd9bedf37aaa8f949714ab8ec4

SHA512
5b3e6fed581974f3051231ffb1ef6cfe8666c0965a04e1f44b2023bf7a1bbe8d38dc0b9429e76449b0c43320dcbf9d9a7bcc1a016a7092f99d41724d252747bf

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads