2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997

Analysis

max time kernel
2938418s
max time network
16s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
25-11-2022 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997.apk
Size

9.5MB
MD5

f414edfd28b02d6a80f7549476e441da
SHA1

af028d184599515b31c92fcc7ea87f19b6cee735
SHA256

2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997
SHA512

0566871e0b82902d885944ad1e93d5ae15415531433f77e1788c445e4013ff2254b1f98d80bae71e6949e45b6f3aaaf346b1b661b47bf43ddd0bfc9bda0026cc
SSDEEP

196608:WyrlwzhEmYpbfGJhdOxwtIonuhgFT+fL+qdcRj2R3hZn6zsHr8M1e:WyrlEWmYJGJh0wWRgFKL+qdcRj25Ear+

Score

7^/10

ransomware

Malware Config

Signatures

Checks Android system properties for emulator presence. 5 IoCs

Processes:

com.huolea.bull

description	ioc	process
Accessed system property	key: ro.hardware	com.huolea.bull
Accessed system property	key: ro.product.model	com.huolea.bull
Accessed system property	key: ro.product.name	com.huolea.bull
Accessed system property	key: ro.bootloader	com.huolea.bull
Accessed system property	key: ro.product.device	com.huolea.bull

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.huolea.bull

ioc	pid	process
/data/data/com.huolea.bull/.jiagu/classes.dex	4012	com.huolea.bull
/data/data/com.huolea.bull/.jiagu/classes.dex!classes2.dex	4012	com.huolea.bull
/data/data/com.huolea.bull/.jiagu/classes.dex!classes3.dex	4012	com.huolea.bull

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.huolea.bull

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.huolea.bull

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.huolea.bull

com.huolea.bull
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4012

chmod 755 /data/user/0/com.huolea.bull/.jiagu/libjiagu.so
2⤵
PID:4062

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huolea.bull/.jiagu/.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex
Filesize
5.6MB

MD5
677c28a318b6c12b5f1b1b70fe9ca3e4

SHA1
58082e9f5f4bed79716ff5eed8adf38a7529ed0e

SHA256
c88aec4cf76c3f11342bb1cd34346d7d6c226094a033d48be1fb06bedde586bb

SHA512
d6e2c13becb0d6e9e322959af0401b3ac4f33ddc873ac9781926fb29fe5da2a1ad607b981e926e868e66215949552a7b56e6f358a3f99440a71d186ba4559e1d

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex
Filesize
7.8MB

MD5
8dfc96daa9e75c7b19eb89e215b5c367

SHA1
13d241cfb5d6543425fde35d08775d9e7e927428

SHA256
e899df4598a551f90906d9cb2126091f3657e757c811c17a434d3840fb093306

SHA512
5c491d08936bb85b0bdf68b3ca4ef49b80bb0bcb4218db33a013bf07f0c3f26b4006cfa8d11fcefdb3c2f80059b83e70309cd96b025fa5b11e0c92bcfb1f0430

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes2.dex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes2.dex
Filesize
2.3MB

MD5
480e3acd15ec44b5b46f13dc67f608f7

SHA1
18d4c49f3d0cf5d3f66925b95ace58c5ad7431b0

SHA256
f1eaf618f0e9a315281b1f27a0666bac62e8cac60fcdf9c564b9b886d1da5f96

SHA512
afb95d9e96e4637f2faccdfd01e29e97d49e015a569b2ae7d31e10e184ba7410acb5bdc40d37fdc7444e6b5cdc728891d93a98a4fd136d83f6665e94eeca0138

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes3.dex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes3.dex
Filesize
63KB

MD5
152075c93ef5954234ee8dca12f820a7

SHA1
45d6e878e4d08eb1c84a055f7095e34c5d93d1f0

SHA256
3e3f30e10b34b1c4a3a25fa0bed28cfe2c1afd09474c267faf7ce6e4b27a6e0b

SHA512
2035a05c27f6001675b62a9b2423996b9d3face9317d6b8da719d315da33612e3fe369ce9606d094d6e35f3573c3e04c8b5a4606570e3155e59a385d8234ffa9

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ac
Filesize
32B

MD5
4ce5f537559be3322f162c22e866f7d2

SHA1
89318d4dd70ad6345f54b82d1ccb98f11ce8a742

SHA256
9916f2ee2611dc871850f2d98474f9614c6ec4cfc07e1a7b364d0b8af14899e1

SHA512
bdf28dc320c2633c8c7328459d60195e707a5dd05a0fa983479b8b066f546a95a7046e2dc6acca041e39d322e5020565f43a2c7a2760704c000d7ea640050947

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.di
Filesize
712B

MD5
98bc7b306559a9fbbf76444d2082841d

SHA1
742ee751827ced98dc8eee6aa269a4c0874028b8

SHA256
adafca4a589684a2223057058836a8b6b246a8d379d2ff23a18a4bde61a2b37a

SHA512
7ddb66f02bae79e9af833f8e3dc3fd2978919655cd78dc2829dfe93b693e3ac72e529444cdb2da97c2d9524eebb0901d770762ad8f2667483d461fb780379286

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ic
Filesize
32B

MD5
0e83b1efb5a404433d4b34a18c387a1c

SHA1
56f525c4e7e82b641deabe57f9afa407a46df108

SHA256
2e15b8a5616bf27b1ff52880a4935d1a03df9bcb916f126b7b614a3f47a5a49f

SHA512
1693423e0fe69ae3be8c1c5c32a80921cef007734c397cf28434363380350708ca9b6a87bac84eeaed2a8f441e4e104e64782a9513e09475c9ef91b8dd455e1b

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ri
Filesize
2KB

MD5
d8f78a72950c299485ec752667a75749

SHA1
5a20ce2462fabfb15028248d2fb20e3e2ed842b9

SHA256
fc736f18d96d7c70e4f5451ad34b5b2b1cbac28e2057e2744e4fc649d977bf2c

SHA512
daea7bd4c9fc63b398c89026fe2f77502387ed9f25e0cf90ac7d460a04c3e841ae11bd32e4cad34931c47ee4ba6ed788edfaf52a9293e2bec7b27da8c4553833

Download Submit
/data/data/com.huolea.bull/files/.jiagu.lock
Filesize
38B

MD5
254ae3dc56fcb58f48ca30e6ef006d25

SHA1
217b03a96e2131a3b4bb394497d023e1705b4b8f

SHA256
618092b759be7cdbb5141ca859d2223c367cc4e9cf192e879776771cc2bb1040

SHA512
eaeeec6b2f987c2dc7f83bc6dcc024cc1c16404baf67fce2ab5b16788277c0a1f16866d1b5da6027c2ed2d21ebf43b7fcf99df3fd0196c309ca291b937fa24d3

Download Submit
/data/data/com.huolea.bull/files/umSocialStateLog/1669385729169.log
Filesize
513B

MD5
e97ad880877ec73749a6766de407e1f6

SHA1
dba616e5bf3ad11ce51f1e43c95cd6ea39f56b6c

SHA256
1b506646d3250d0dcd0a168de46c2f11e7c74eb6ddad1b5772391f8256338855

SHA512
24f208a95c8a8b49a0da32e57ca7879ce9b0ae65fe89bd4dbdc6b29df92ef63dde146a4d4e19eb5e0165800b5403fcafa40bbbea101916b58ced01eca66da119

Download Submit
/data/user/0/com.huolea.bull/.jiagu/libjiagu.so
Filesize
363KB

MD5
f7f5e960db0c8a6f3b5b8d1a0427a042

SHA1
a8b623f9f87a6e785508befe07314da2fa903bfa

SHA256
17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

SHA512
ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

Download Submit
/data/user/0/com.huolea.bull/files/focusName/private_file_storage_config
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.huolea.bull/files/jpush_uncaughtexception_file
Filesize
2KB

MD5
fbd1a251a9fb1f87b94197ad8fca9b7a

SHA1
b5c8d555875ee54f3b46941c493f6c0bf0e4cefe

SHA256
0011066e7c8f75843e0b7ad2cd3502822e6fceac4c50c52a2e2542fe13ccd690

SHA512
ffc204915f23aca08b687dd10ef5476e62262029560636fbd10cc05081e43010af28760600056abd1cf0d236138506c8237b5db11c82fab4ff8ba4862e286b01

Download Submit
/data/user/0/com.huolea.bull/files/private_file_storage_config
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/cn.jpush.preferences.v2.xml
Filesize
116B

MD5
ba20339bd856cb1fa534f4af49af1fa3

SHA1
4765865a35206017a0a0edef8dec122ffe0da137

SHA256
9ce6218cae3eb1e90a5529a6ce0207512d8bf7e3fae11d48eb2a902c120ea742

SHA512
fce85e31a0ad787ca397df5f2ddbe07ff9b6e74344834ffa7416f0d8d9b6f1e4a86771edb79f0141b402957d70826eb794a3218bb5bd2f130aa42eedff864729

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/dianrui_cache.xml
Filesize
138B

MD5
25cc4f11ecff7fb0e91b38c9df08d409

SHA1
b76b6aeb5e6c067d77a14d0543f9f01d084ac38d

SHA256
7243e659acf396b05d05de4a4f7f1974d3147194f49118c42bedf0e612465c31

SHA512
1eadbeea6ed70d2d89364ade00d204456daf2ade1506438d1c2a0c968453cbff06886c3522cee77f16b96d3c8094cb5a20a76457d2403846a418cb63c11214ca

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/juwo_cache.xml
Filesize
138B

MD5
0a9c26e5ec008a2aeebee832ee73d217

SHA1
ad33b970d8cd2dd77c0fa4a6db279c6ff53d672b

SHA256
205330e80b451ad67c94f8539b0e0496a35bffad76ad9dbcc874356940ecea0b

SHA512
93edf19fc4af03c1420b87fa074a23d6409f123ebee86bc536f77343c1a7ed1dbc1c98a89dbb1166a16f01fe1b84717571bde275ae9d67e046711240a546a2be

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/umeng_socialize.xml
Filesize
120B

MD5
e32cca8c0ca96024e24170e59a26fa83

SHA1
21ea9858e39b9ce4035428b488f6f22454e6bc73

SHA256
5ad2b66fa4acba46751deb0274ddb24f0be805f7973734957cffa0d75eb68b89

SHA512
ea43869d605d7e338977c8e4bf855058ebf8b6373fcf6285711c5238cda01993ab7ed92c69e64b80a6bac7b483f4ada51ee1c307140483de5ca7b46af0b7bc51

Download Submit
/sdcard/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/sdcard/360/.iddata
Filesize
32B

MD5
50737d7071e585a3fe25e7fd633c470c

SHA1
f6e20983422412e8fe8941ecb2865e0fa9a4d976

SHA256
0639e9a7bc0fe8fc2b8d1d519d98349cb28af0c59b5851771977fbda43b0db47

SHA512
028dacdeed74d3078d7fe54050e446e392aef503de0a75bf86da867a0f4713adc8d8b7f56600368172615696ae39e1b24ba9c65f09be935f23d9b882778a7378

Download Submit
/sdcard/bull/crash/CrashLog_20221125151529_4012.log
Filesize
3KB

MD5
23e084c6ea24131899b700e93e45e7ae

SHA1
3af28a3723c8038c09434355aba868fd269c16d4

SHA256
97f667091afe299e7706b9d28781ebfcb54f40f3f27579cd9d822c576b0874f1

SHA512
eb1d3f0760b7e510fc6a523f9ed47d38dac4b8c3960d3a09304790f0104790d8ac8226838de8beefcca4a54876d074dd4c61481300ec094bb8e47f5c7d44bb80

Download Submit