6d5ff041b3a7ac6fa3138eb1ec6f8da301eb99e1a6c19483c3e4e7cc536f3267

Analysis

max time kernel
2297385s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
19/12/2023, 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d5ff041b3a7ac6fa3138eb1ec6f8da301eb99e1a6c19483c3e4e7cc536f3267.apk
Size

16.2MB
MD5

027655ca529d377f61dd60535c9c7e69
SHA1

f7bcdce724ba214d52f761eec7f9ba7371ceda4b
SHA256

6d5ff041b3a7ac6fa3138eb1ec6f8da301eb99e1a6c19483c3e4e7cc536f3267
SHA512

a57a35dd5e63d95b8480f270dabee3e430c389a683908b593887c6ece09f81a5116e7e32a785c57acc854f1a7c7549e185abfbf435858217041aec91db6efe92
SSDEEP

393216:gAMc7JuZtO4Qcutyk+sQIDlilzVdP7y2wL4eU2LMSGOcTR2vPT:gLvtO4QcutyyQJXk0jcggvr

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex	4290	com.coupon.tjknoe
/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex!classes2.dex	4290	com.coupon.tjknoe
/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex	4572	com.coupon.tjknoe:remote
/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex!classes2.dex	4572	com.coupon.tjknoe:remote

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.coupon.tjknoe

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.coupon.tjknoe

com.coupon.tjknoe
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4290

com.coupon.tjknoe:remote
1⤵
- Loads dropped Dex/Jar
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex

Filesize
6.1MB

MD5
cfd69fa9db3cac004edc6034804c1a5b

SHA1
01ab933555ffc3c036f9d85c141986cc2a27e912

SHA256
5537270f1a59a97bceecf0afd615a3ed96308972b7d245353f645c60b7999d58

SHA512
7f1889396d5436e364b6d61f06e30b00ac1096dda2b3b21baae533cc6331cf6e1e1318401943f21b5ba4d8bfd5380a948b7a062927eddbd469a069aac91e414d

Download Submit
/data/user/0/com.coupon.tjknoe/.jiagu/classes.dex!classes2.dex

Filesize
745KB

MD5
c41fefc66f8f55b0b870049d7c9f97fd

SHA1
58c12930a70a641d191f154dcc96657506a4b7b5

SHA256
884cfab0fa5600946d7e5013640039baf659bd3340538a2204c688eb5bcbe385

SHA512
7765dcc7154bf50e8bb5dd7f4dfee8470784f4897aa08de207708b5a71645e6ce72e31d88889fc776f3a57417325121a6a7393b1dfdfdaf96c62954d452c5191

Download Submit
/data/user/0/com.coupon.tjknoe/.jiagu/libjiagu.so

Filesize
475KB

MD5
f0f9ef36b67807a253b5932f865eae7b

SHA1
6a8d66c6efa2750b54cb763f4ad044bba4154e0d

SHA256
646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75

SHA512
e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

Download Submit
/data/user/0/com.coupon.tjknoe/.jiagu/libjiagu_64.so

Filesize
510KB

MD5
c26350f8b4709f13c7adeac3c1ec791b

SHA1
0d773039deffff4f2bcab5cbc2ac04c4a2e7de9f

SHA256
947093725142dabf77b01a8c9020312dc4544403c0a86e8a55d0174e6808e87f

SHA512
56a1d1b7255a311317757850bfc7f5b4e59333c386f1b17555a2f03090a5bd5db66b6da2c59e90ed674f9bba1c991956877b95da8d2a75fcc1b8f3f6b9a979be

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.ac

Filesize
32B

MD5
7417eaa0c722c0c0d7792d4d0641c120

SHA1
08818516ecc0f803a695535ddc917d4db7b0b248

SHA256
ac33a3157b49b2039e08852ba468b0b8691edad3493e70764b8e9dbd1d7e657b

SHA512
44ddb2505dc80293583b78cae3f6bdf1d2ffaced682cec71fab5ff04728098d5987dc6fda42bd60b022d8f23c2c3b12c845370b2805123668c959b32aa22ee14

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.ic

Filesize
32B

MD5
6bad52783a45d5cfc5d85e1b60dfe43e

SHA1
bfb5ae8f6a7a30c802e242a234f4d69e3cae54b4

SHA256
68b32ae71639656dba0f04b44834fa56679bad1e05fee2f6956f473f8a32cd94

SHA512
c7625031eb96996cacdd37870df99b461ff7ad41ab81de21e052c3095c80ed1f6a622f896f624fef7282de300f3e2a2c59934a1602f233261ca46d75fac0e010

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.rd

Filesize
32B

MD5
717e61bdeb68784a9495f850dd507da4

SHA1
0ecbdfc8f029b61de1b41e36eb75a7a461eef89e

SHA256
1000dbc0f6f8f6aa08c3a4e1ec6c4c0b8cbc67a282c787d9773a0fb5353f58d1

SHA512
19c705f781a3a03b79b8e337f6a08bee397e50b9099fb9bb6cac130fc8b8df9539ff8934063cd3b86b0a8557eff430ec4fd6ff8026ff5e66274bd66081bc6206

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.ri

Filesize
307B

MD5
1337e584ae386b002d5a1f688339f7be

SHA1
491e2d07593741c9725e98f7d72cfee615738451

SHA256
4d56113b763d90879a0df22f079313a577a3aaf1c43f7c3bc9055a17a81f4ec6

SHA512
02def1be93073a2170a80ac17d5b12b99abf1791cbca1348769a94c267bcece72f4a64c7b16ba8d9661e42e5edf4f0502c5883618ee84900f757a5f0915b98a9

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.ri

Filesize
314B

MD5
bced5965752bed3d8c4413bd6c882437

SHA1
085ed06f019cca0eae3ba245b7ccf0831816918f

SHA256
531eda7e2988e311fce8fc2431afd94e274e37d08dbc8f784bb10bfe734ba4fb

SHA512
c775a2997f58ce7940b8ebd8f376e252139054929fe41cf3b5d05945aef81d8abac4b51e086f51d9fe798be168f3f3080e2d82231daef6da88cdc04dc9b8183b

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
138250a0e50ca37b67e0fb162f1569a5

SHA1
2e61347cb60b7aa3f22d2ab43abe90a053e975ae

SHA256
f4615ea13e3d2efe04069e0a75b828c436dfe787e38d99dd2b0ffa0a7dd92499

SHA512
2da3145414e3b958b131351aa0394523acd5886e2f04692feb574be42e95db756c143424360ad51df5ad620b4ead359d0877bee7be86a746b649a0aa77aa4cc8

Download Submit
/data/user/0/com.coupon.tjknoe/files/.jiagu.lock

Filesize
27B

MD5
b05f6dcac2889d4629bc09b9dcf23606

SHA1
d9028b2f392465cac7e3c9d8f6c6acc6f1cd0b1d

SHA256
fd9744156f7db65d1c43cb5f36f83e9ae14d0951aa5465a4a90480dc3682b938

SHA512
8b6874bc22ab138041045ac91d6cfe79fd60740000c2916312a496c3811e342829082795363ca5fb31277ab22566332e67111023c360d1bab97be7ecff85858c

Download Submit
/data/user/0/com.coupon.tjknoe/files/com.coupon.tjknoe.realm

Filesize
12KB

MD5
7682ff404113b86f4a53cfd14dae9e11

SHA1
4f73d11f41c1d35fb08f8b13abf9152a6b813675

SHA256
f1db4cf13e9494558f40eb04e1789b2f8e0e3d2189e2d7f5c97fe3bced7668df

SHA512
def1965bc2ef7e50dae532395f769063f213451cd37f90787ea6ad31947d91bf9b61fc0d77e76ed03aa34c87bb6a24d5acfa98dd0334f2b0b5897a1ba9d4e4a7

Download Submit
/data/user/0/com.coupon.tjknoe/files/com.coupon.tjknoe.realm.lock

Filesize
1KB

MD5
c3e4eefedd55eae4334456daa4aa0ad7

SHA1
ba9abe2d4d40bbd94530564b6eb178ec02a47204

SHA256
7081ba3d8887be22551f56b5f50da675bda7dd02f40e9fcb150ac84fccbe387f

SHA512
a302516427a81e59fe955f4316fd56b8e5207542b1abdd7eb3fc2e9dbc669849dce90d12d9160b59d45af233e63e2156f3a3f1e7807b7ae1b1225a94d472cea3

Download Submit
/data/user/0/com.coupon.tjknoe/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMTA0Mjg5MDE5

Filesize
1KB

MD5
d960af0c093edcf746f0eecfa2838b1f

SHA1
cf88f063f67d5883793d0a7288011cdb78fe255e

SHA256
8740545ad94fdba3fdf11d65a194d652f791f1f80479866858239d886c3bc093

SHA512
301fb3ea4876aa1415837d60d2672dbbd83fe8920f4bbde93847cc34206f185e32937f9916c1b13ee9c740f60644039b13621adcf7a3323c8001fd704c3d3ccd

Download Submit
/data/user/0/com.coupon.tjknoe/files/umeng_it.cache

Filesize
433B

MD5
945b3063549dec09048d18d9c5d0c423

SHA1
aa90fa918d3fc11b6e9b0b748cb5c684b2deabee

SHA256
4beaf5e89e44c8f1502e16848f47c13202854759145164aa64e392f8f27256c3

SHA512
6ceac34990590a123e9003442925da05cfbfb2246f7a7426e5aa77878d6427a55b99acb28c9d188bbe4bfd89e93757cd4a9b65fc969ef7fa8948587f8f285908

Download Submit
/data/user/0/com.coupon.tjknoe/lib-main/dso_deps

Filesize
400B

MD5
931e220da914ee7229207f7bde7c59ed

SHA1
7578f927b0378a7d70ee8ca10b15a051677b907b

SHA256
95bd03dc2ee63bdd2a3dbb67273533d79ed018bb5b9c9493b663d60cfdc1c659

SHA512
8dd6b422a388c373a5b8e19ae4da36a74f9d104262a75dce4d4ae1c6decf985136168126164221e7442d800bef58db7a5cc53bc6a79137dcacf52ab6485decd6

Download Submit
/data/user/0/com.coupon.tjknoe/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.coupon.tjknoe/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.coupon.tjknoe/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
456c879ea67f5fa38d1b9cb012c1c6a7

SHA1
83bc731ad487bd0763ad31554511841fc75a9a65

SHA256
cf134d99051809ac09e8ee6ddee93c2efb78056f26ac8750ded0c327273b7685

SHA512
ba50b4c90cb3781980f07112b4451ab34160067dd7eda192446000715acfb4c640a5fc1accd49d147dd69e55f747f23f927955cc2189a5c10c161145d67721b5

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
218a8b83d9496d25c30ba77ef0a99b97

SHA1
374246e842907074e6f2166cea75c08f2dc24698

SHA256
f53e37ed870347aae37621b1240cb56c5bd4350d1b69c8e8055ca9d6207a1aeb

SHA512
e29545647740d273d2bd3357f0f6109049cc121607a1a162446114440dea9fbaa6d84c619da2c6b2348b8ffe165e846656697a2533c1fa77fe70dad25a8038cd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
abe2fc0e4bd0130a1f7cd93333762427

SHA1
2711ddbf843ae2ccdcbe2d33bf1bf4a2c3dba456

SHA256
5c4a7448c2e5ff309f04e531b4fae6630d6fb9c801c5d16477094fd8a10eb395

SHA512
96a0a05c3b54c61943b9f7f749c119c5ab6e0d531d4e2c69e52dab3adc2fede43a2b414af806d827e4de824c0288d53a4b621c10aca0598396d4c7bb5fb2a4bb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a2fbb2427271393ff77880d402c44217

SHA1
3c75ec7e8df7aa6711edf2d02c60d99b983145a9

SHA256
6931bdf3e7c86b8ba2bea77ccb806c13778540ac1ea81ec19b7cd9478e115835

SHA512
697286a6053e9b038318be6c3bed16d636565e0a7462a75bd7dd54a949d2b6363bf990b005bd75e3344e00e0c54a73d53ac6d066b893bed4892db079b5412ece

Download Submit