4ce498dfefeb83ed62364e76171343750c44bf1ee9b0626ba4ff0a7e6443948d

Analysis

max time kernel
28s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
21-11-2024 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

增强-小黄人.apk
Size

4.9MB
MD5

cc18899e6067c6f5310cf0556bf67d5c
SHA1

5a0738b65765d9f6c34544377ad0ded3d935d8b1
SHA256

4ce498dfefeb83ed62364e76171343750c44bf1ee9b0626ba4ff0a7e6443948d
SHA512

6aa3f081f893d554855a19f1843e1591261ad58b83c8943ecd98633f1c00b574856fcfc61d53c52f5842419ed9b790c63b4aba82da4ca8b66f31a72f95b21ed9
SSDEEP

98304:KXT+BxGtLuLaZkn8VYo6vbdoWaHO5RWEqgEVY+IDAlQxXv1PYRgR:KXT+CtLuLnIYZdvaHF1gXv1KgR

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.nfc.cardscanner

ioc	pid	process
Anonymous-DexFile@0xd3243000-0xd325e810	4255	com.nfc.cardscanner
Anonymous-DexFile@0xd2d87000-0xd2db65b8	4255	com.nfc.cardscanner
Anonymous-DexFile@0xd2d26000-0xd2d56100	4255	com.nfc.cardscanner

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.nfc.cardscanner

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.nfc.cardscanner
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.nfc.cardscanner

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.nfc.cardscanner
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.nfc.cardscanner

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.nfc.cardscanner
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.nfc.cardscanner

description ioc process

File opened for read /proc/meminfo com.nfc.cardscanner

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.nfc.cardscanner

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.nfc.cardscanner

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.nfc.cardscanner

description	ioc	process
File opened for read	/proc/meminfo	com.nfc.cardscanner

com.nfc.cardscanner
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4255
- getenforce
  2⤵
  PID:4297

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nfc.cardscanner/.1/.suuid

Filesize
628B

MD5
7feb2ea07392c81cc181946c687b8efb

SHA1
3d365a08ac9f506743fba2ff8963256e0ce0bd6c

SHA256
7a8c17fc13d85759d7e4253f4befc4b97594a226335c8b34334495523bf1979c

SHA512
66bcbbecdbb237a6ff93c5144993b3678ded15e949a0e0ba6fe5ed9838143c2899392d9cde293523bf6ed90c4aebc56b313fef0e680ceeda3c19da95eb734476

Download Submit
/data/data/com.nfc.cardscanner/cache/com.nfc.cardscanner_rpt_cache

Filesize
1KB

MD5
5783c796554c637c1e913f61c7ce5a22

SHA1
e6f453ff4385b4db9427954d12f7e1bd7442ae8b

SHA256
f4e652b576d865bdca6089052e71bcb804651c2ff3f751a638d579c0d40310ea

SHA512
0cec7530bacc6109040c4aa20a1aaf6cb558358b3849a91067b3f200b5b9480ff9cf6dacd3fd142aacf1812eae4eaf5e2ffdf0a656e48cbf1c2f2b7d3a51fa6e

Download Submit
/data/data/com.nfc.cardscanner/cache/com.nfc.cardscanner_rpt_cache

Filesize
685B

MD5
db905ce785ad2e9f04ff6c66fd3f69f3

SHA1
0634817d14be56193eb2b900a23812ab91248320

SHA256
bdb2e12990b7b3b6eb334412d0e9c1ca23dee15b346f95298f5b5b7c4c254087

SHA512
44a256c931c2eb3ef479b0c2bb86a0bfeb11dd7274159334d8ebe683645992d6c38746cc8b83ca28a795ddd1f017262425069b26a00fcae0ef1c866871b570ae

Download Submit
/data/data/com.nfc.cardscanner/files/tiny/uuid

Filesize
36B

MD5
2076aee9af835afdaac6abcd83dfebe3

SHA1
df8891753ffeae1b930a9229a4a02ef80ba7a897

SHA256
501ec9666c79523730a0418205fa42e34071c3112698de6616edfbbc5d09f65b

SHA512
3bde5e13bdf711b0fea2986a1d8a4372d4123f351a8c246f9188e427f4d31e3c8dbf9e39222c33b063281070cac6c26b45249a62bcf7ab9da4d426192258bbaa

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
55B

MD5
b5abac6f2006b3f6bb004ddb41bbd2d4

SHA1
2441835b748008e7285ab34d3d577f9f162b992d

SHA256
d10b6b7b7b29763699b5575dbac8fc24a10d9a99cdf5d37bdddcded79718c52f

SHA512
b1e04b51fbff59213160e43bfb4b2ad0fb75badfdd3421808dc8cee9fb319cca0636f5d840f74e727115a5bf2da9a7c7a051d298df834eeec056cb2ac20aa894

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
65B

MD5
ee0a65c0c65227989ff86128ea719b45

SHA1
d351661668b20aed124563b38e5537acec4968df

SHA256
14e03be017593eac24dae7f9619eb0fee1ae3bda70f17096a6135ebe1ea7bd54

SHA512
71cd3e044c962b799eae004c3b97b1e41adcb8a8c63f13985b88f2c16f9d5ce649713c86baa42e65de5513bf40c621f506bb3854b23aa99b8cd73fc5ba9b9f1f

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
66B

MD5
bc974baccfc18e7f328f9c35fbd9cfe0

SHA1
908e9ede37f59f7174e69872d090fe13a5122a8e

SHA256
550429245422152a12df910206a89331a80ec8bf3831d15346b4d42162d33865

SHA512
88907566a5785149d308362282fd76300eaa3641167d515d7500ffd799e8b4be33100477a1222af8db048a4457289da656a05033771d5453d5a9d59ac5f363f7

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/plugin

Filesize
31B

MD5
9b2b0cc3758e23bb6549f110a29cb218

SHA1
8e61a2c5c334ae62e67e9b1e68a46659769e50b0

SHA256
58d588d009346cbe98ef3e7e42aa4c8e22df3915c2e83ed7d5c52edeb68ad265

SHA512
e35654b9401ce3adbce65e417b9b924707dfc82bb56033d0c35e4802f6d37677c00cad9e376ade43d064f7765b53d538bec2953c0c55f972bd8f801e0f4de56b

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/roo_report_sp

Filesize
22B

MD5
669ce65e6b000344400de071ae47b328

SHA1
5f83a24074c5af2fa199ae2b477439ae0d35a13d

SHA256
4b39488a139f158175f138659c1dddcaa0d5b14e2ac24b85ece7639bd141d2d4

SHA512
c9abff6f4b524290530f9fefd1a53a145bfe3e9488d1574e0f9b2a894cd1717b3c440a5cb589a3f7cc056ef8feb9fc5d9b0a3870af6294a94b52dd8b382a573d

Download Submit
/data/data/com.nfc.cardscanner/tvsafe/roo_report_sp

Filesize
62B

MD5
833fd770b8214f5568f75f4d666a0e21

SHA1
a3468002bdc9de8967b26833e52d165a68bbc9bf

SHA256
e78771c69dd3db5b17a0effa4d4a45d0fc063cff99e27d34e9aa5b65c5eaa704

SHA512
1c26aa29b3739a80cdce9a49e52ac90dca9ad996c5a258f47f308f3427522add06cedf833bca3db7dbb5f70d1fedc961a24de01ca725f88b50361f5c6f1ff2dc

Download Submit
Anonymous-DexFile@0xd2d26000-0xd2d56100

Filesize
192KB

MD5
a4357e310fad387f3dc81e668567fd2e

SHA1
f566df93709fe272ec9f8bcc5cecce616888e45a

SHA256
89096d65c2925d1451d5151b9c70168cee798cba7b1a68fe460035e2b2711c61

SHA512
c147cd04c86d2a143deda4ec4bd31229f3dbad8223db04c31599ff70b25b251c4e3fc7bc3c8826e6ce1766e804ea328c7dd522cb68cfcdd2f690934a8b4cb3f7

Download Submit
Anonymous-DexFile@0xd2d87000-0xd2db65b8

Filesize
189KB

MD5
033e8ccfaf763a773312ef167afe3200

SHA1
c91d3efb6fd2e245ace4dd8dbc251e9ae6e56e08

SHA256
4319dbf2d774aa4838f75c368d6e3700850f5741f06f9ae9cc2612d48890d07e

SHA512
8bf700cc9531c0687d74bb669377c260339d9533e0ebdce3fa24d3f145161f3e05509a2269d48df640b576197ea024a0c0cfd2177af4e3ca1d0c176015054ea5

Download Submit
Anonymous-DexFile@0xd3243000-0xd325e810

Filesize
110KB

MD5
d7a65b5377fe64ff0a113feb58bae027

SHA1
1f4a89b8e1589cd81b72c0776afb781a2d379cec

SHA256
a4bc753b6a1e28c2b3df213ab4a050645a8a2089c5d281064acc8a131d8cf17e

SHA512
56c515967863843439ee5c31265a1c1c0a0e7dcb47d729163dd8e115c72154b4caae16f55270b967b61373dc209f8d0f148a4c20b413551cada84fe4cb794383

Download Submit