Analysis

  • max time kernel
    7s
  • max time network
    346s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10-11-2024 02:34

General

  • Target

    base_beta (1).apk

  • Size

    385.8MB

  • MD5

    05cad727d957f7852fa201ab8a325951

  • SHA1

    71f5306093c57929849bcf26a10b3579f92cf818

  • SHA256

    f827ff2efe540ac07d2b4b38ad2142424e7a4f7fc4013a260b271d8dbf85fb91

  • SHA512

    e11b34447a9e6a83486051a59be739181cff79ade534479864b857b786bb63cd6ea021241f2f28e7834943b0227aa9681a59ba057386bee919eed259d0a0e629

  • SSDEEP

    6291456:OspSHVP2jCphUIDmnFZQteanPlvmtDZF1UW87cmT2mzHo0cYm/mh2:96VWCPEiPl+tDZOj9V0/m0

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.zhiliaoapp.musically
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks CPU information
    PID:4679

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1731206298919-1731206299658.allData

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1731206298919-1731206299658.ctx2

    Filesize

    486B

    MD5

    1166576e034164e06bb6d90be8825e50

    SHA1

    eb098713c6c43c2f8161884c12d0d6dc88ffb2d8

    SHA256

    2f4721912525c0fd0c1692c2232ad385e4b0f367e501f66321bacf3c3220d4cc

    SHA512

    e8e997315ca68b52d9dcd536f09faa354f9ad98d10478cbf48e96a286007ffb8c3e5fa8705386af9f4746e7fdf7bd81d68c7daab5d8f111ae437d90738148e41

  • /data/data/com.zhiliaoapp.musically/files/npth/configCrash/configFile

    Filesize

    4KB

    MD5

    fcf3e64380052c185ca460e4c99bd743

    SHA1

    750adba009a241fcaddce38f7b92eccbf2eee0f4

    SHA256

    446750907fa8d4cb816f60abd3947bb4d0e2c3d4f74148ece2fe6b7526d58141

    SHA512

    574ab44f25ee08028efcff8f5ca1b5ef603f44e5c807b0c38b45e18abbbebac565ed70671ac3900d7a2cc1c975de6c0d70246166cf37c27b89751deb835fec33

  • /data/data/com.zhiliaoapp.musically/files/npth/configCrash/configInvalid

    Filesize

    53B

    MD5

    381f99746004599fcdc5a9a3e8c7e4d8

    SHA1

    46865551a889a898911147a95c645eed3fb4468b

    SHA256

    5879e2b1885704129f90285ea94c9435c446459bd3377741431c1eeb91e2f03d

    SHA512

    4eab5dcb74a6001eb8d9ce771f39516fb784cc4c0c672228193854e87ff54ecde42751f1b937ce96b8b2b1775a4a45c28fa2fc0bba5b8db5694afca3d239a33e

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4679/app_start_time

    Filesize

    13B

    MD5

    d22c49d23f8149c8e8ef631a420e20e9

    SHA1

    4fdd53f31a1722a006c2c4897ac65066d6c2b3e5

    SHA256

    bd2708c2791515c7d431d53574e88b8396617f5ae96c9ad75360e36668fd9ae7

    SHA512

    5f8fdcdd140aed3a8a4bb1125e28405bcd3f7257549784559e20d4a8d3c5e5cd4368573d53cd4a39c9d50b272f43cc7933c9c5b5c8759b2f64fef587f502076f

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4679/cmd

    Filesize

    24B

    MD5

    50ef9f5a0f3fc24b6f0ffc8843167fe4

    SHA1

    cd9b2558bcf52078c64242e751017419651181d9

    SHA256

    47f7aa1df82bc1b22c8bd4f539f704ea51ca37b8260f02129c096b736f86f104

    SHA512

    351a8597cef0227e433991befcdd14bbf304964161fdbef54d74ea2ee7ffc1374ed4ac3cb5cecf7c3812eab0fe75e6270bb8d6cf790d2eb94f4043c6a1761707

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4679/procHistory.txt

    Filesize

    42B

    MD5

    05eb2ba2f527ce8695725b0966e84e97

    SHA1

    57028c8fc80638f3fea05a958f886a8d224e9924

    SHA256

    7f3f890e7eca829b402fb0d58d673ee4598f56a9813f37d72fea08b4ea9258db

    SHA512

    d7181cbc04b5593663a854ea3692fd57a34453779e2be589ce276c0676f4d45c14a47f3cc1859f805a4eb3f16cf82eeb4110dcf52bfdaf7f10c5208a7e749a4d

  • /data/data/com.zhiliaoapp.musically/shared_prefs/CLIENT_EXPERIMENT_CACHE_TAG.xml

    Filesize

    836B

    MD5

    d425d7eeaf35a1019f7a0993fd345cfc

    SHA1

    4dbe5bfbd2f8e6de4a422f43171d9cc40ba693a4

    SHA256

    a0e9921f28a40ec9502c67e592f1177e69c000ca3947bf0804b9d69099ed394e

    SHA512

    9b0bfec45ef9bd1d0dce3ba1bb2024f757eaddf13bed41b349aa44b905b361ddf5992be6e8b122ae37fabbbdae0a4f33edd960623f68d31947331aa8c0096fa2

  • /data/data/com.zhiliaoapp.musically/shared_prefs/CLIENT_EXPERIMENT_CACHE_TAG.xml

    Filesize

    923B

    MD5

    b6ed0901101b4bd2b386543b7a9bcfcc

    SHA1

    c301a706aff933f8a494a740bd34dddbb9b7f635

    SHA256

    ba0107f1af2b0a4c8f949cec96ff044b939e46af6deea576fc3a244e65feec31

    SHA512

    c549f4864d5dbc956ad1f0b8ccc013cbab1e7a023fea5675d0750bf70c2a7451953da55bed56b76a2f7c380d39d337ed5df3a13d9617d8abdadb08e323e2f12a

  • /data/data/com.zhiliaoapp.musically/shared_prefs/key_language_sp_key.xml

    Filesize

    116B

    MD5

    fa22ee6bbe623af1507f03bd6d92fad3

    SHA1

    f7629ccf0ede95c044269c748a0a839d907d782e

    SHA256

    64b63ed9c08e7bc28931f6ebcaa1bb87da32a99089869a7ccf3b45408e893fb9

    SHA512

    a4f5dddcaa160763d414ac0990c33a15a2f1ac9a1713187f2f51422e8603a4fe3e1ad030a1f4c6fb5afcfd8986190f1d62f19f2550287e316c8fc42b695115f9

  • /proc/4726/timerslack_ns

    Filesize

    8B

    MD5

    d46bf94e9eb1d22281a71504685082ac

    SHA1

    e4e0629aef7425ba63e897bc471f8625de44edd3

    SHA256

    2ddb67b8a8c259ffaff61a5abdd38f5b5d6f1c6e2af4344c85b17b77af2451cc

    SHA512

    68a1a1fd4de784e3a2e0e956d0a63ac4ca540ef90e7fd9a2ddc92cf68e52e29792db64f6615054a6e5460467f0b7abe055c899136d98ce6ebab3d580bc55ec86

  • /system_ext/framework/androidx.window.sidecar.jar

    Filesize

    12KB

    MD5

    bdf3529e80318eb14e53a5bf3720c10d

    SHA1

    25c9ace4b1af6e80ebb2572345972c56505969ba

    SHA256

    bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

    SHA512

    48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

  • anon_inode:[eventfd]

    Filesize

    8B

    MD5

    33cdeccccebe80329f1fdbee7f5874cb

    SHA1

    3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe

    SHA256

    7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8

    SHA512

    991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20

  • socket:[75329]

    Filesize

    46B

    MD5

    f9b7c32a9efaf166a301db1baa991248

    SHA1

    b0030c1dd14b6f2b5b9fed4a4958780d82486959

    SHA256

    3b98db52e6cdccf92dd4af7729fdd808d70f7dd763e35fb7f92dd90a3def6c7b

    SHA512

    917567706bed0bbd3bff5b6b7b9a775dfe78e758439649383827e1ad97c99060b03e8cbd5c5beb77cee8cf9216dbb13b73d36bf13837c1a70d57dc7b06857f60