0cd538267de2055801d10c4b888abe38ade85640c37a96a08c5885b1478aa9d2

Analysis

max time kernel
882576s
max time network
153s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
05-06-2022 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cd538267de2055801d10c4b888abe38ade85640c37a96a08c5885b1478aa9d2.apk
Size

13.9MB
MD5

60b83703bad5b6c6b6645b3b923963b6
SHA1

5a032611a9b65b53353c9b6f099e9c67b8cb0290
SHA256

0cd538267de2055801d10c4b888abe38ade85640c37a96a08c5885b1478aa9d2
SHA512

2c49be801eb1988cb7e0c9bd8c2a75814c480bcbb6c46be74691f1d8e772edb80e51b1dee56baa7447c6830772ea04aa93f55b3221b2ad5846c52231284ada5f

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.ldmn.plus/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldmn.plus/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldmn.plus/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.ldmn.plus/.jiagu/classes.dex	5172	com.ldmn.plus
/data/data/com.ldmn.plus/.jiagu/classes.dex!classes2.dex	5172	com.ldmn.plus
/data/data/com.ldmn.plus/.jiagu/tmp.dex	5172	com.ldmn.plus
/data/data/com.ldmn.plus/.jiagu/tmp.dex	5332	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldmn.plus/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldmn.plus/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.ldmn.plus/.jiagu/tmp.dex	5172	com.ldmn.plus

Reads information about phone network operator.

com.ldmn.plus
1⤵
- Loads dropped Dex/Jar
PID:5172

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldmn.plus/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldmn.plus/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:5332

ls /sys/class/thermal
2⤵
PID:5507

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
1⤵
PID:5556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ldmn.plus/.jiagu/classes.dex
Filesize
6.0MB

MD5
f1d31811534f872c9c3cb479be2bb354

SHA1
8d87c283c7b5e44d09b37b590a81ef86c88cb5eb

SHA256
6352cc7e8d33c010aa536ad5fb2917efcd8ad5e3107ebfc319acaa40b35cc9d2

SHA512
3f28984e2a2d90068131580615a321a7a5a96c8700ec4f701ad71a16fbc19a2c5a30a2e2cdc50c6dbbea9d1b77c95dee933b16167ca214f56f1d6b43f4c4ba3c

Download Submit
/data/data/com.ldmn.plus/.jiagu/classes.dex!classes2.dex
Filesize
2.2MB

MD5
bc434ba0d474c9d6ec806057628b694c

SHA1
4ffe9af8aa900d4bd666ae10efc74c515d1241f4

SHA256
acad7554b127f935a1cc405df0a01f398e6dcba93147cdfd53669ea846168757

SHA512
408bfde40472cbeb14c96423ca10ff87f08abc690aefac0544239dc286a310af369bdaddc90f5410d8299483019348ef915f2b1a754f197ec42a950a9fbfa7e4

Download Submit
/data/data/com.ldmn.plus/.jiagu/libjiagu.so
Filesize
477KB

MD5
39d77dcad8e2a44dd7226f442b3a6c92

SHA1
6560fa96c6b5a038abaeee5f139a16e46088d9d7

SHA256
99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0

SHA512
7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5

Download Submit
/data/data/com.ldmn.plus/.jiagu/oat/x86/tmp.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.ldmn.plus/.jiagu/oat/x86/tmp.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.ldmn.plus/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.ldmn.plus/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.ldmn.plus/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.ldmn.plus/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.ldmn.plus/.jiagu/tmp.dex.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.ac
Filesize
32B

MD5
3bde8867ac270a7332f8b9e108c5c599

SHA1
21b7936951f35bff900ac5c6add8df355d601d1d

SHA256
a32a8fe6ef44e18a9cf5120ebcff60850d5afd0375d260f9f28ef9000d7c837c

SHA512
ce244693a19073855e2198a2b6a742a316c54fdd4005b995f3d7247ce3ec83f07573e37b4582710b4d44fb0d490aa2173d7e7d2cf9d253cb11b37c4e41945325

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.ic
Filesize
32B

MD5
ba5014d903c52b80bea761559d768193

SHA1
4f432b6dc1f1aa12d94b7532e89e60c1741af3e5

SHA256
d833267c9728f2e004a3909169c2a12db4e3927a7ecbc2a49fc68d59b6a95372

SHA512
676f114b65fb22bed77aa066fbcffcaf2f8303ea0fb6470fdc16b98cf60278c6d192ca3821ed1b352824aa963f3eaa61bd9786bb8b71976120c755fb220813d8

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.pk
Filesize
32B

MD5
c613ca5e75f81edc56d7492ad80d5d86

SHA1
22372d2398d5ef3dacb7ecce6b62b595b4f0342d

SHA256
a01ee0f6dc0604258736efad0bca1d6e1113baf632230959769b1020a516d708

SHA512
25b21bd51df257d16f4d27787086b34df1549b9bc5824155334c664b91f8d958d35a8692618df9bb7b1c5f73b702d443faa085963edf740945de3ae516b5d19d

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.pk
Filesize
64B

MD5
15c8ea70227a855acb885d919f988cae

SHA1
0eae1888993fc6ea53a03c8542608d4919cae8f9

SHA256
ff1cc784b0931a06533f5e4d85d058b16110279d2ea376e9b8766fef0a6befbe

SHA512
b974e641d609132a7ae65eb60f625bc984bf693eab1a5010712aa2e8061739c290843478a1838ea1799eda8c2d3fc430a52d8c40b9cae8e6042d75f261306821

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.pk.h
Filesize
32B

MD5
c613ca5e75f81edc56d7492ad80d5d86

SHA1
22372d2398d5ef3dacb7ecce6b62b595b4f0342d

SHA256
a01ee0f6dc0604258736efad0bca1d6e1113baf632230959769b1020a516d708

SHA512
25b21bd51df257d16f4d27787086b34df1549b9bc5824155334c664b91f8d958d35a8692618df9bb7b1c5f73b702d443faa085963edf740945de3ae516b5d19d

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.pk.h
Filesize
96B

MD5
d6b96567d56a2365a8bce6b9332ad0c6

SHA1
8beff00d8fca3e0a6817ffbabaca2a04ad1cc7a2

SHA256
6988164e9c882f05ab80bc1e6668df0d498756319442f126129d0131c4f05f8a

SHA512
8f5aac84f09ed54c5a8c33e32d06f24b4d9999de9c86c681ccaa8ab97a3a9ca80817375bb8613d853f19f38137dbd67704b7e2c0ef811a8baeb33f8646b7a85d

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.rd
Filesize
105B

MD5
38d9a216fe0db5a6113f6c2c09d668c8

SHA1
30627da8dd640ed51a4e129a40849ca9566c7952

SHA256
c51966bcbacb08f1e080d412fecd7d569284d03a4d332a41d3fe99190f8f29cd

SHA512
c685e35b52396ab89212083a9d37a493d3362e2c452f2d85f3517777b19c5cf32d9fd08561a21c6a11a1103d8748c2225db0e82e1513a5838ae6ba8eee2aaaef

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.ri
Filesize
646B

MD5
ca686b23303dc8a30c7d685974068ce2

SHA1
6671a72adae72e86abc90272703e8db1cfece841

SHA256
76feb6f8da3a695d674c0f54f08cebdfc097fe4bac2aedcc59ec5edb1a83c6bc

SHA512
6f28f2041c132786384e4e0ae9c95ea1ede5395e25135f0d3f23dce1fabed6319b164447cc28050b58d7b6046659cf69ef68e096baa0872d3eb9ae9b970e9185

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
745ec50730ba459758ca021c697dba01

SHA1
5876d7a4317b3b86c9f1577826299759ac0f865f

SHA256
abe2dfce06196c37bb9965875e36e727b5bb30701c2fe903c0166b0510b901a7

SHA512
04e7087a169dff5e4c079ed796a7c786a9eceda2ba8758b4920eb219507caa83033733150740d11ace31d13f5256927b32a47da71ecc1d43b1f7beabd6a4edfd

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.log2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.ldmn.plus/files/.jglogs/.log2
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.ldmn.plus/files/.jiagu.lock
Filesize
38B

MD5
4601a320e51a1689d1814c831bb178bb

SHA1
ff86c2c1cff62b64dd5e73351a3ecb73c05987ef

SHA256
1929b1642e7ae33b69f247c1f1437979a4957b48ff3b882246f4298a3f8e0535

SHA512
3aef91a2ff13cb36974215243472e75cb46f04511845477cebe86dd329b675b6d20065a78e13dbdc0fb8a4762ec29fd467c5f048c5dea46b9f880adb43ba8ea7

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/AV_CLOUD_API_VERSION_KEY_ZONE.xml
Filesize
123B

MD5
f3e930fd6f61a69a9720c35e282db1bd

SHA1
747d9ec1e652c30d152976da101680a86f18dd33

SHA256
e0c70ec0883b85cf892440de5d4dc3b58bb192eea1ac6412e66bcaf78a4f862b

SHA512
c0d29beec0648eb2efeb88353b1576dfb40082af781d45b5027ec65630ddfb10c4f0be73d9612d2800418590c41973982b357ba9ae97c8825f36eddbd93b4a28

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/info.xml
Filesize
455B

MD5
0be1eb5cdeaa0ee065358d43a1502dd8

SHA1
25dc31b7d8d7584e12c1bd6cb54caee50721d46f

SHA256
f71aeec59a23746e321fb4f873010cfbb6625faa792b39dc03c0af3201795d12

SHA512
b4acae786c7789987c96a88b9cec596e624e4c05230ae3827dfd156ddcfbaa12c6f1dc36a225e96a0a47d01fd8e6cc5277ad505ea8bee1776b4d973e0ae172e5

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/metaRow.xml
Filesize
107B

MD5
caab9a167ba7d27c70559deeace19905

SHA1
fcacf4259cfcb1e82ec25a65d4456241b7245905

SHA256
15f2dbc35a8fbeab991ba75ad8da827f36d96a01a3057a2e954c2ae780b8c46c

SHA512
464716014f023fc202e562db94d132b1c7bebc0d3c02743afbb6cdfa3ad41de77bc26e04f465e2671b0a038bdbf87436eb0afef87e649cc58b0341a24cd8852a

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/umeng_common_config.xml
Filesize
119B

MD5
4e5871426714a983a5d802ec8cfc6825

SHA1
7850f63e286ee8f11e9b88ac4f580df4b3e8d6e6

SHA256
989c82834f498f7d4db1c46a35baddaf92af2aadfee7373e99d8e3c0e7e737bd

SHA512
759b86b9ca2db0915a3c1ec3a5eaddcbd82cbffab316bb9e66d36cdc377b49ea464f31f72121cb35e94f6ca6032edab89f86be6209943bed22a362780b1d7f6f

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/umeng_common_config.xml
Filesize
179B

MD5
3b83a8e7e09220293cec3bd6e800415b

SHA1
a7f7e862807f46a76e1208e67d2fdbff1c169bdf

SHA256
f67d1ed22258774676eff2f596125df0702b2bbb0942b4ee9c8b4b28453c46bd

SHA512
c75b611bc4f9cb64a216c6a3ca264fbe1a4f847901e72410683af0390899d97aede7c4cca2fc5b2e07d1553699a44d4a4aa1c27e61448fc563a66af5fc66c57a

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/umeng_common_config.xml
Filesize
244B

MD5
15dcbf19231bc0800d753fd152c33cb1

SHA1
8a2f7421f017d17665b14c902b23b057ad66520a

SHA256
6195832663b256dd688adfc051a5eed01011ee2c4361128575b44ae4ee38a4bb

SHA512
4820522369cbf15c0907694576056e4395fe990689e0eebb443ae084370054ecfc2bb6619a2968b7ac2a03db0aab953a38f4f712e05a7707d3cb54daf5e33268

Download Submit
/data/user/0/com.ldmn.plus/shared_prefs/umeng_general_config.xml
Filesize
102B

MD5
e3f3a1ce529535a2e3b257d722aa84ab

SHA1
ba5353c3e318d0528d843223842fd849aad4dc57

SHA256
91ab93de28e0b3c1ccf1272410934927c08329e42917621660defaa353637cdf

SHA512
f808e7106fef36146f107ff28cc204ab88499ec7a01dca44856c6889fa691ad65865511cc98e9f0aab86013f9d55bfe9d01e16031b7334ab8649f3fc7b25cd65

Download Submit