ec195c6b415ce535c92a704b47dbc0a26ed7a6bf6bc7980edbc1573092dc74c1

Analysis

max time kernel
3822667s
max time network
150s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
20-05-2022 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec195c6b415ce535c92a704b47dbc0a26ed7a6bf6bc7980edbc1573092dc74c1.apk
Size

5.9MB
MD5

676d2afcc96e0c7576d36e71dd850aa9
SHA1

59bf286bfa92bfb028f6a5705cbed9eda558bcc2
SHA256

ec195c6b415ce535c92a704b47dbc0a26ed7a6bf6bc7980edbc1573092dc74c1
SHA512

302a5f28c71b69948421ab89617c6fb0517cf67a227e4bb67823af272d876afa1b5472ac5a49c5a2d982f5add1ad3bfcf5b8bec685167d8bd1ba87957cc98f39

Score

7^/10

ransomware

Malware Config

Signatures

Checks known Qemu files. 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.

Processes:

com.project.od

description ioc process

File opened for read /sys/qemu_trace com.project.od
Checks known Qemu pipes. 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.

Processes:

com.project.od

description ioc process

File opened for read /dev/socket/qemud com.project.od
File opened for read /dev/qemu_pipe com.project.od

description	ioc	process
File opened for read	/sys/qemu_trace	com.project.od

description	ioc	process
File opened for read	/dev/socket/qemud	com.project.od
File opened for read	/dev/qemu_pipe	com.project.od

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.project.od/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.project.od/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.project.od/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.project.od/.jiagu/classes.dex	5036	com.project.od
/data/data/com.project.od/.jiagu/tmp.dex	5036	com.project.od
/data/data/com.project.od/.jiagu/tmp.dex	5079	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.project.od/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.project.od/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.project.od/.jiagu/tmp.dex	5036	com.project.od

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.project.od

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.project.od

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.project.od

com.project.od
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5036

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.project.od/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.project.od/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5079

sh -c ps
2⤵
PID:5275

ps
2⤵
PID:5275

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.project.od/.jiagu/classes.dex
Filesize
4.1MB

MD5
18aafb68593a6bdf9704c40e6cfbc367

SHA1
2ae38c7b37d021fd037fa7c59141f15fff45c0ee

SHA256
0ec8a785f0d89b81fec73d6b78554211a2a613735d4f6290ae7b3956b0493500

SHA512
4fccee56362fea2d1f11a48fd791da9b1e9a597ef18793dd8810e155876fa3c490f483394c237882bb6257df8caf09740c67e50e5960227a58435d21dc45fd21

Download Submit
/data/data/com.project.od/.jiagu/libjiagu.so
Filesize
496KB

MD5
0be54d2d5fa1fbbe2969b0e1ab052a16

SHA1
327662d1f5f6625ebcc867427680c0592195179e

SHA256
737fe51ea6b3570ca3687670edd6026b2e889bbaa0dffdf0a2e1b167b3680c22

SHA512
db6c195d9fd6657a7e65caf5dfd5ab33fc076d9d2bd919b8590e7b0178f3ec9ecfb6c00d0df1d2c172a32641a3bb019374a393d62e5d678804e7757ec1c30453

Download Submit
/data/data/com.project.od/.jiagu/oat/x86/tmp.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.project.od/.jiagu/oat/x86/tmp.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.project.od/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.project.od/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.project.od/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.project.od/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.project.od/.jiagu/tmp.dex.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.ac
Filesize
72B

MD5
7546bb7bdd11910cf4e33754fa3a35ff

SHA1
fbdd6389996d633237dfc7d20a5e32facaf289e6

SHA256
367fa23f024bf88e08d081a198ae1449f1ee678b10598780a23bedb90389df18

SHA512
9515ff85c45f352cff40a5452559870bceead3edf30cb109dd3bc863140d8b8079178e98be759afe088e589086463d18bc409c403d2f82d5289fc9d231e2e541

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.di
Filesize
712B

MD5
3946fa281d2e2e7e0976e688db873210

SHA1
b527729705a9e40b396143d96dd4969e46d60aad

SHA256
069a9703842462e99832ff49b012adfc405fa1a41411f44ece4cd51be33015ba

SHA512
b7ab88a24ed4a8a9a72b5d091d080a72c25201ede6c2543dec2c13774205c415d90c30852c9261c8fee43777ec11e6f84cf3624075158eb7d64100605da6c02a

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.ic
Filesize
72B

MD5
7e5c91c6105089115e66a8e5893d058f

SHA1
8107bc0303549f4d75c40f997f49587175ce1762

SHA256
4a11e825081a52217aad7fb7c189e65732c8d7b57f1abad84e9ef74d68126206

SHA512
5345b7d9fea1685e3770a2d1e0c7322ab7043db052542bc5b92d1d35546f1273c39900a34934a41b4e09d7dc4caf27e6816aed5aa4b24698248a05c0cfcc3a6d

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.li
Filesize
64B

MD5
6302018341a5b88f4cbfd2aaacb6cab7

SHA1
ed396abf5aafdf0d98aca9fc7d74aef1fcb5aabf

SHA256
efbccbb888b1d1e892760008200df9f7b2960484810430d2fb251e4bb8a337c0

SHA512
bcb89d556747c30086667ff3c6e1e6b68cf09a05ee9ee97e7b5575e07279f4c1b0ec6654c3f70520a4e9f5191a04ae8735f232299258502a9b62469662f50b7e

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.rd
Filesize
105B

MD5
28e94fa8f08ae78bf630aeedf6f2e2dc

SHA1
c011df03bb889a83a615732f58a5224cf033bd99

SHA256
542897d457c3fb256b43fdc53fdd2287440f6e9eff1858d34bda6d54b0cb884a

SHA512
fb0c99316c546ece25fc8718f10b5ac392a16f511d321ddaaabe73f6edf02fda6bb749b3bfbd35f46aa306193ec5963c41c62f18affe9911db974d198e616328

Download Submit
/data/data/com.project.od/files/.jglogs/.jg.ri
Filesize
3KB

MD5
279e88d006191f767df7d5e711441083

SHA1
fbe558c4e24d8043211bf06265a5c0d9118b1aec

SHA256
75198eb4ca627386bb121f9cfbe1c8cda9371318578bd64efa7c886f9fe69130

SHA512
96ba3e6adb8ad44e545fed6e8411e5bb0c5fe9f75fb85ba814155608ee988d5c7a135d6026dc5a56baa82c72d05f8fd03345506d22b97bce3d013812123ef60b

Download Submit
/data/data/com.project.od/files/.jglogs/.log3
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.project.od/files/.jglogs/.log3
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.project.od/files/.jiagu.lock
Filesize
38B

MD5
d35a8c636960144b37cc952d6884c98d

SHA1
5fcc2f54a512b9014f8c5bbbb3701fac396705f8

SHA256
a09c2c604fbe47228cec96f3e39609971a304cdfcc8b6456b7020dba564931d2

SHA512
c1331dec0baec8cbb32028992c7718cdebf7d570ef8e0f4c8755bf04eaf1722ecda2d493333575e36bd7eed17e19665ee2bd32b7bedb02da9830a0bbde2f4bd3

Download Submit
/data/user/0/com.project.od/files/jpush_stat_history/active_user/nowrap/ae1a3a00-1f57-48d7-91ba-cd24ce63043b
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.project.od/shared_prefs/cn.jpush.preferences.v2.xml
Filesize
116B

MD5
0e18e34c47197fc13d2c801b9dbc0ee0

SHA1
a32aa69f9880113c8f8cfcd393cbaf73eef45df0

SHA256
2f09a7157bbb1468c57609a629ed6dc023a9dc335b7255f5be989116a9bf85b2

SHA512
9c25a92f3ad87a97af085056aa048213c80a7940e5818fc14baa2c8dac66a0012367dad66344edca5822658c51995411fa47b772952ee97cc955a8bc47e78a96

Download Submit
/sdcard/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/sdcard/360/.iddata
Filesize
32B

MD5
b0ac8f91592469a9d523c167923a89be

SHA1
a7e5cb8d7d55cc0558edce287490e2ddb0d53738

SHA256
07ddfe1eaa39889f5a60c8b6850e9e8cd7dbf8bf9e729eeccbbd7229a8f50fed

SHA512
d63aa375a8a9ab1b5c0a7e102903571f862a2f27c419abb45b2fb868b83353f5e3b2e328d48354dc4023eeaeb4d66ec21e60fc9d0bb2e7ba5d2dc6f5d1a55ea6

Download Submit
/storage/emulated/0/data/.push_deviceid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit