Analysis

  • max time kernel
    3s
  • max time network
    301s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    10-11-2024 02:34

General

  • Target

    base_beta (1).apk

  • Size

    385.8MB

  • MD5

    05cad727d957f7852fa201ab8a325951

  • SHA1

    71f5306093c57929849bcf26a10b3579f92cf818

  • SHA256

    f827ff2efe540ac07d2b4b38ad2142424e7a4f7fc4013a260b271d8dbf85fb91

  • SHA512

    e11b34447a9e6a83486051a59be739181cff79ade534479864b857b786bb63cd6ea021241f2f28e7834943b0227aa9681a59ba057386bee919eed259d0a0e629

  • SSDEEP

    6291456:OspSHVP2jCphUIDmnFZQteanPlvmtDZF1UW87cmT2mzHo0cYm/mh2:96VWCPEiPl+tDZOj9V0/m0

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.zhiliaoapp.musically
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4424

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.zhiliaoapp.musically/files/keva/global/keva.gxi

    Filesize

    128B

    MD5

    f09f35a5637839458e462e6350ecbce4

    SHA1

    0ae4f711ef5d6e9d26c611fd2c8c8ac45ecbf9e7

    SHA256

    38723a2e5e8a17aa7950dc008209944e898f69a7bd10a23c839d341e935fd5ca

    SHA512

    ab942f526272e456ed68a979f50202905ca903a141ed98443567b11ef0bf25a552d639051a01be58558122c58e3de07d749ee59ded36acf0c55cd91924d6ba11

  • /data/data/com.zhiliaoapp.musically/files/keva/internal_repo/aweme_ported_sp_repo/aweme_ported_sp_repo.lxi

    Filesize

    64B

    MD5

    3b5d3c7d207e37dceeedd301e35e2e58

    SHA1

    c8d7d0ef0eedfa82d2ea1aa592845b9a6d4b02b7

    SHA256

    f5a5fd42d16a20302798ef6ed309979b43003d2320d9f0e8ea9831a92759fb4b

    SHA512

    7be9fda48f4179e611c698a73cff09faf72869431efee6eaad14de0cb44bbf66503f752b7a8eb17083355f3ce6eb7d2806f236b25af96a24e22b887405c20081

  • /data/data/com.zhiliaoapp.musically/files/keva/internal_repo/aweme_ported_sp_repo/aweme_ported_sp_repo.mmb

    Filesize

    56B

    MD5

    e3c4dd21a9171fd39d208efa09bf7883

    SHA1

    9438e360f578e12c0e0e8ed28e2c125c1cefee16

    SHA256

    d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb

    SHA512

    2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b

  • /data/data/com.zhiliaoapp.musically/files/keva/repo/compliance_setting/compliance_setting.blk

    Filesize

    8KB

    MD5

    0829f71740aab1ab98b33eae21dee122

    SHA1

    0631457264ff7f8d5fb1edc2c0211992a67c73e6

    SHA256

    9f1dcbc35c350d6027f98be0f5c8b43b42ca52b7604459c0c42be3aa88913d47

    SHA512

    18790c279e0ca614c2b57a215fecc23a6c3d2d308ce77f314378cb2d1b0f413acd3a9cd353aa6da86ec9f51916925c7210f7dfabc0ef726779f8d44f227f03b1

  • /data/data/com.zhiliaoapp.musically/files/keva/repo/compliance_setting/compliance_setting.chk

    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

  • /data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1731206277050-1731206277756.allData

    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1731206277050-1731206277756.ctx2

    Filesize

    785B

    MD5

    52a9accfa979bb5170c97caa23d43c02

    SHA1

    032dca7a64129f7ea695315c2917dc22d212752c

    SHA256

    45d8cc3d5014728b798a30d8ec0176648fe067168161ecdc9d5cdba3fefe119a

    SHA512

    1393d1ffb18d2c292fe959f7128946297a1e327595c62b1de8500c5824cee3e501d990b15cab6baa2c2ee60f015bcaab25f79d95022b7f204a39f303c92ea826

  • /data/data/com.zhiliaoapp.musically/files/npth/RuntimeContext/main/1731206277050-1731206277850.ctx2

    Filesize

    785B

    MD5

    997d567bc0671c6a14f96a17ce22e63e

    SHA1

    ddc51eb2694b2bd29502d8cc6ccd5bd7e2e21959

    SHA256

    a6f721e572c99b41afa4291c322cb0a0a986784218810b14f47aa993f3a7ddba

    SHA512

    3d1d43319cdb207ed638f4074a954ba92c49d53068fa81d6dae7b9e8c77beabf8bc71bf334b6e20a137abbae4982701821566bab52ecf816bdf08e2635d3fe24

  • /data/data/com.zhiliaoapp.musically/files/npth/configCrash/configFile

    Filesize

    4KB

    MD5

    fcf3e64380052c185ca460e4c99bd743

    SHA1

    750adba009a241fcaddce38f7b92eccbf2eee0f4

    SHA256

    446750907fa8d4cb816f60abd3947bb4d0e2c3d4f74148ece2fe6b7526d58141

    SHA512

    574ab44f25ee08028efcff8f5ca1b5ef603f44e5c807b0c38b45e18abbbebac565ed70671ac3900d7a2cc1c975de6c0d70246166cf37c27b89751deb835fec33

  • /data/data/com.zhiliaoapp.musically/files/npth/configCrash/configInvalid

    Filesize

    53B

    MD5

    23af373898c300ee3b499f5ebd409c57

    SHA1

    4fc400e3ae606e68a4a9b534b98090183ff145d7

    SHA256

    043bd9cb0302c5305ef150ff3be13c4f5571733213ad56800af12eabbb5c668e

    SHA512

    44fc855b04a1c1c554f661294644f20d5f15adb248a37cea0dcac773ca4d1f1c34b725fc2cdf537608588f3456e19262bd1ddf9f8c788fbb1d93649f1eaba7b6

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/pid_tid

    Filesize

    2KB

    MD5

    c22bab0d64a16bd2f2f4f3bb45819cd2

    SHA1

    e95b0b282b4d238a881418b2d0dea8d57fef2b9b

    SHA256

    83034909f8c74cb3c8cce6e7fbaa9fbf82e4f74325b4cb0fb680667a6b2d2880

    SHA512

    837594afa91fcce1f81e4e312b73ad9dd5ce2d7297df952f602de68479a1140b02d4338543070c51eb8bf4c79e0fb93a409bcd02785a1218f505c1db9936ca2e

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4424/app_start_time

    Filesize

    13B

    MD5

    3379ca7f12540357dc2c7b936169923f

    SHA1

    cad16bd480d3f2108ed16d70ef3e5deb00e592bc

    SHA256

    bb2baacb0841d0b124ddfd97fd266c3bc4bc7aee707cfcae5b78f8462ce3bd95

    SHA512

    50128ae4fba783d4d8125b7590879f31f6a49fd1203d07a9e91fd42cadc8240483ae57ba562e48fd2baf0a29d3a1dc568c1ccc43284263be2a5afd55193f6b6f

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4424/cmd

    Filesize

    24B

    MD5

    50ef9f5a0f3fc24b6f0ffc8843167fe4

    SHA1

    cd9b2558bcf52078c64242e751017419651181d9

    SHA256

    47f7aa1df82bc1b22c8bd4f539f704ea51ca37b8260f02129c096b736f86f104

    SHA512

    351a8597cef0227e433991befcdd14bbf304964161fdbef54d74ea2ee7ffc1374ed4ac3cb5cecf7c3812eab0fe75e6270bb8d6cf790d2eb94f4043c6a1761707

  • /data/data/com.zhiliaoapp.musically/files/npth/killHistory/proc/4424/procHistory.txt

    Filesize

    42B

    MD5

    1aca308647f6caae32d565dd397c6b07

    SHA1

    d437e45039bea6172ab049e7fb7d4694763e29ae

    SHA256

    07df5a97a745ff2975058b981b06472c32dcc8043b8fb16e061610410905af38

    SHA512

    4684a2e2b0c22cf14c146cf49d2b260555ecf41ea3d12282cbc5c1b894253495871ea82fc6aa34adcac7f99f7bb186f72bb3d8f69f508e49dab35049a2698caa