f88c5b042800387a576bf4e409cdd3a1c2856f95653f6a527fdc4b64d9562154

Analysis

max time kernel
146s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28-09-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccplaymerket.apk
Size

4.8MB
MD5

1c36c043536a78ce8751f85e47b30e46
SHA1

48f50de5a315ef85b5d08530dce857c59cb82633
SHA256

12ed220844272ad227251986b5de2a75146a70c21d8d2827402f2b7c77a30e57
SHA512

27584d5c44c66a9e4710cc4b01d279772203685ac130a47b5a6681cd86c85a8811b659fe47287a73bc16c04365d0e2149db59ab6005595fbc59e3b26a250103d
SSDEEP

98304:PVONhlsYaJE6AtyBl2bPgkZO9FY2YBNakTShyvLbV6+9kMro0xB2Sfjr5+ZQNshn:Shlfn3t+BsHvXGMB24jtgXhhuQ

Score

7^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lion.market

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lion.market

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lion.market

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lion.market

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.lion.market

com.lion.market
1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lion.market/databases/com.lion.market.db

Filesize
44KB

MD5
02327657a730a78c4faa124c6d717fdd

SHA1
c5bf4d6f4b741aba085fdab0bf9f9f092456fe19

SHA256
1a25e6116b84f6b3a55df0e0104dbb697094d0e195cb8fd37f6141b3ed485953

SHA512
6b63ab8d4cb5438f4f88846e059b043082004a860abcb729f98fccc88b969272ab1b44b2da93b37c5b454b1c5471e78cf3f8faf987d23c79bc1ff39fe59fc975

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
512B

MD5
9951533cc1ac0224b99c82b0dcc73614

SHA1
dc49cfcd672ec426be7557acfa0e985bcc232fb6

SHA256
8ed6b85c3e45279b718ab38c9d3efe1f637389e01593ef32e8c295a0be1de5f0

SHA512
577022cf4e40f511a60f1ba0cd1f276eb17a98765bf942c146c505ae117c5f05ce3aa81914d8f091ea2cdad9fa42ceb9269d2ceed7c2a1a27492c475433fbf98

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
8KB

MD5
ca2ee29cf58c1e92747cebf71becdc5b

SHA1
a98e2ebabd724a543886536f3f25c3c275009750

SHA256
9b70952a470f99e7b3703ac0ef1df096f0e315bb26af153c5e308f561ea28125

SHA512
9c88f925818a475b6d57ae4d811b01e3a04cdaa5864c15e512f81b2cbcac1dc61ac6106f2839f2c3ea54cf3f1f99da59321b377bb48c0d9d3c9ebeb5f678bfb9

Download Submit
/data/user/0/com.lion.market/databases/com.lion.market.db-journal

Filesize
8KB

MD5
74e4e72a18d29b320ecc2f950ed1b3c1

SHA1
f69dee869f5e0bd195aae1e3915b7642ce4ca88b

SHA256
74eec69e818160e5f59dde93cce92ba935265924351a73679066c43e106e3f8c

SHA512
d6054d065754455f638e5dcf2e3afb31e86ef9af2130e828a44c23ad6f0a53a64630ae462ab7b02331b064cbfbebd7b99e24b9349a31c5156661d4840614a890

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
20KB

MD5
7bf2e9c27194f197c7191db72066f17d

SHA1
e121a05a8d3083de7c9a50162686a4440dddc0e3

SHA256
f6615bbce8013af1e6b02e90bf253a9d8a480c7bbcad369697d658d8b7f25e16

SHA512
8ec83714216c98d421f8593b59daa4ba07e8a939c67d30ad4126342a365e6d641e3912ce2e9d2c299e2e305a97449343eb000070ea92c06684671194137a5346

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
24KB

MD5
44a32b6e802c4ba59d955b076ce95b11

SHA1
65a162e086602806eb2252c3c450454675d56a23

SHA256
bdb4eefe33a16714a5ec88316f2447f4abcc0b9d69f837b6bae0025fcb45de02

SHA512
06deb4e2192159d8da3094aceab0f5610055d9738b206d021e84dcdbdfaca31b09d635303b77a9648adaaf2075644499811448dae6c6c92807ed9f20946e7777

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
24KB

MD5
09971ec7a30d6514b9756aa48078afcd

SHA1
b49fadd57286e5a3411c8c7cbed9a6be15950853

SHA256
53e1c31efa4fe634ec166577364099060c0aee3cdeb34b40f582455c8ddd1756

SHA512
93ed6dc4c5a713e33b397bd79878c4f91ff4f93cdb9f60df7ce2ebce4ab55e9f85b2cf30f1e3d82cbb4582321edf652cea171a4835df5d8d0505b81a71c2f67a

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
28KB

MD5
92c28edde91bb1df15c5911d3de78cdb

SHA1
fc9ed5b0d7e9681a30707bbe74392a097d4ce6c4

SHA256
6b723a789fe1234069e69a5369459eb1499bd9f1ea092c3a2f160ae56f9bc588

SHA512
f6e8b3aeb4901f4ae5b8d3aeac5d955b6bf4fd84f5d3aec0f72a1e49be183b4eb8261c257270c3a3ebdb245cb1db1cec6b72d7a83a9ba723b6429919001ab2f2

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
48KB

MD5
dd606852ef806b66205ea04e3bc366f3

SHA1
20f234dafefe81cac0327f0e1bde277f6a3bf4da

SHA256
d50a8641c9baedcc8977a8349c649bc15f1b3c0d82394b5b33549ccafb682bb4

SHA512
bff50deb98647a10ec6849468ba116a72b0832ffefc7ab91f1880050f465c40b703ffd62df8eb1cdf0ddb71ec92781de275c24d9cffb7fefba557541cca448e9

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db

Filesize
32KB

MD5
d710d1d5c3360dabdbf10310ae7f67d6

SHA1
5255a96e4df23d99e1110f19f3bc89392f09f66f

SHA256
4e596e1c353c0a4168ec5a393fd881e3b539b33d584adac18146c331b92db9a9

SHA512
3f0c67c8990b95655e1668974ac8958b75c18b6a4cc47751c5a2edeb21514f7caf865d5a08449897614e931f6585d5e33257a60ec57ca48058aab2db22d8b2a7

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
4KB

MD5
3a6e988f6171333fea0f3951d29cf4ae

SHA1
6adfe7b196d01a1e4081b0d6706631601b89e82c

SHA256
d6cbb97b950b8cd171f7374a4995529d0ff975670b987840fb8a176c44290d9f

SHA512
93b10bd1fc73fcf0e9e644119776b8e79df6d4ba2eaa3cf25bcfdc852af23178f670a14ec0360299697f349310f103995190ab0319b5b83859831d9a5a260ff2

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
8KB

MD5
176c4933d5c085c6730927e26ce94b7f

SHA1
ad6d23b318f23020f0140843afee544d67c7ea21

SHA256
233ffa6c6401b70de4b9882831950bd5474d848c737cdb868965001327bb2eb4

SHA512
6b9cd50b9c3054e77f55ea26b93f70cc5aa7ab65ad926df4af23e77c96e8fb7d74017c08d6989af3c603429be6b56a724a411f48fd2ccd473c66f421d370c1d9

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
8KB

MD5
a42a41c2b7fa8878167d2dd2c89eea41

SHA1
ae05f3cdba1fdee0ee8cffc461f34a774ae4bd42

SHA256
a82334e644098ffd0b0af3c5b09062d92a7ffd5cea8f8d816db916e8aefcbecd

SHA512
6e8b7afb4a6eec1d58f29459eac9c2955332f2d5d303e20660a4e4e779653850dae6b14da588a90839d635483fb756169b3213db38a4f36400809cacc5749f33

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
16KB

MD5
c30d1208bdee71e444bb1d0638f7f66a

SHA1
6d50ceaf3a75473d331c1ac2365911f984adef35

SHA256
b4c8a7526636296db90086d75c1f778657eedbb06ed7f8fbd63464d6ddaa12ed

SHA512
8fcaf9559cce78634b29fa4cb63041aab88488bc295cfb269db5581b78846432539e136fbe1e616626b8ee6205c582db4ca975dfd75db4263aa7dcba10a5fb59

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
512B

MD5
72490eff7fa3a233d652f77e23cff685

SHA1
66ff29a5e2ba3be84fe5b38e941b854b7eff1bda

SHA256
ab9c4214ca482c9c090a1f83dad92047eda7de37b928bdc0b0023f340a80f4ef

SHA512
e58c13e820bc6de07d89238d6ddeb000f99205cfb245c3f54561e59208e3b3ae2ca3ebdb694286786571e0b8d05be734e45e6f4e4e96a083d5c43f7206dc20d8

Download Submit
/data/user/0/com.lion.market/files/TDtcagent.db-journal

Filesize
8KB

MD5
9dcf6ed16ddc265a264183ebec6f201c

SHA1
fa7d9ece4c1f3b6436bd1e0a810cf082f2d1cec1

SHA256
1ded5f4c30f216661cf5560bdc8fc245c96eb652a7ef5e120d28b6e20b2930c5

SHA512
78b49ff37f9fa5b3ea59ed6a5a33c3f0788ec9abd91ff4425270cb9d219528735f108c1ae6b2746bbac7486b65d74d32f326fd9ed1948721152f9e2a24b2ff45

Download Submit
/data/user/0/com.lion.market/files/jpush_stat_cache.json

Filesize
132B

MD5
ecc86e2717d1443fdb03b2e7fd11da8c

SHA1
a030aea308db82e5910bdc700cc083b73ee8fdbd

SHA256
15cc2f00c82d807d6ca72543330d6b0bc6fdfaaf228a7570ccce6899ce93ea63

SHA512
62fdf66c341bedf1d3a40441d7482f915f3fa19b5b93dc856e96d3ecfb2859eeb002fc444ef31ed4f628b2719ea244fc0baa781aeaa18dd23143ec80bd5edb03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads