8a6486c5895eda9a75f3bb09eeeb1d0d46b25939bb191b3be8d9d319e2e57efa

Analysis

max time kernel
2190093s
max time network
154s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19/12/2023, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fa2123c662af5f3da5b2a3a11f47ae5.apk
Size

13.5MB
MD5

0fa2123c662af5f3da5b2a3a11f47ae5
SHA1

60ecd865c5e5d9bc9bab6d0515878cf793e83f1c
SHA256

8a6486c5895eda9a75f3bb09eeeb1d0d46b25939bb191b3be8d9d319e2e57efa
SHA512

bfe7b2a4ddf69e296a4df7ed14498b21a16a1bca5b48c8c9ad38c556ede184f9cfb87725166bdc3e57d5a66dd13817910a193e0d2e8dffd60338010527ce6433
SSDEEP

393216:iXgo7SmuC8+q/ZM9MVCcEy3iX3suhj7BM:kuC8D/ZtgcEy3iX3sWK

Score

8^/10

banker

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.yudada.main

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.yudada.main/.jiagu/classes.dex	4255	com.yudada.main
/data/user/0/com.yudada.main/.jiagu/classes.dex!classes2.dex	4255	com.yudada.main
/data/data/com.yudada.main/.jiagu/tmp.dex	4255	com.yudada.main
/data/data/com.yudada.main/.jiagu/tmp.dex	4306	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yudada.main/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.yudada.main/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.yudada.main/.jiagu/tmp.dex	4255	com.yudada.main
/data/user/0/com.yudada.main/.jiagu/classes.dex	4340	com.yudada.main:pushcore
/data/user/0/com.yudada.main/.jiagu/classes.dex!classes2.dex	4340	com.yudada.main:pushcore
/data/data/com.yudada.main/.jiagu/tmp.dex	4340	com.yudada.main:pushcore
/data/data/com.yudada.main/.jiagu/tmp.dex	4340	com.yudada.main:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yudada.main

com.yudada.main
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- chmod 755 /data/user/0/com.yudada.main/.jiagu/libjiagu.so
  2⤵
  PID:4281
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yudada.main/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.yudada.main/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4306
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4376
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/user/0/com.yudada.main/.jiagu/classes.dex --dex-file=/data/user/0/com.yudada.main/.jiagu/classes.dex!classes2.dex --oat-file=/data/user/0/com.yudada.main/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4522
- sh -c ps
  2⤵
  PID:4567
- ps
  2⤵
  PID:4567

com.yudada.main:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4340
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4458
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yudada.main/.jiagu/classes.dex

Filesize
4.0MB

MD5
a70ceb9edabcd95275d200ac737baf1e

SHA1
e5bbdf2db1bfb828670fff13e1da4c59511c61d3

SHA256
7f0ccbb277cd989800f3644e735f84157b1d1bb4d76eeb1ca40c3b7e312adf0e

SHA512
324cfb1582b7f0f6f5564e045fd2f9767f35c58ab2c9a229ddb224a0e8acc1d1d2bfeba45c4f94d78b061751b18d15abede756e3bf3eec13d73f397316c651db

Download Submit
/data/data/com.yudada.main/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.yudada.main/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.yudada.main/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.yudada.main/databases/cc/cc.db-journal

Filesize
512B

MD5
9ada384ddbf86a3dda5607f98415d3a1

SHA1
cb21db32239efeaacc44b4ea41afa580e23a8139

SHA256
a0fd882ea8dcfc8f32bea3335ede30f71d3243541ecef24f7f9174951b80e4c9

SHA512
fc2380ff3be251af5d4c387da57f598ad1d3457c2070219ba84952d2666127c893b60432265d95f9c38898e9d4adab43cbc328e783838efa266f89ab1e7a2d47

Download Submit
/data/data/com.yudada.main/databases/cc/cc.db-wal

Filesize
16KB

MD5
28a00d35b251641834cbfab729fe71b5

SHA1
35b5835196724bafce1ba91f31d9d6cca05c4802

SHA256
9827fff565afa12aa2195bc8e5bd458ee7a9df082edb1fb5e272f956db73ddc6

SHA512
e441ed588e4601bbaf184cae34db11969b2c1b4ec01e12201e6c83abaaeacc4972a08e9000d9288d5161b6f92ecf7628058bba34b7390005a8ab0f3144c7362f

Download Submit
/data/data/com.yudada.main/databases/cc/cc.db-wal

Filesize
16KB

MD5
8fd5e9e6a5aacfd4753acc6ddcfa6c5d

SHA1
d593e11366fc6e1ea0edeff06a14e3ceacb7df66

SHA256
d78f28a96463017f21bc098bc6bf0e661f742b1e4393e01785aa74c27f1e5300

SHA512
8efb27818b6d55d23241b51542297977d9afacd2891215e8c6e938badea443e155187f595917acae942fde909be71b1e02c11289509a93c54638df301fcf7715

Download Submit
/data/data/com.yudada.main/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
da5ef425d932cb6bc5d99753aafff363

SHA1
8c48048684054b7581ab9e2952984af0811eb357

SHA256
c558d23bd9ce6c14b3b935f32e7e51378a46f3137e8cd8bbe2cfcf6ef289e480

SHA512
73fe2a3ef5a6456e24529aec9931f45b6e1ef26fe1705c0be5e65fa6b5703595d00ee00bff5d50da9a68659e41637cd572d765a180e7d25b77bc0bdbf65bbbb6

Download Submit
/data/data/com.yudada.main/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
2b218be2b5e1945e7bd4e134a59284cd

SHA1
b1f5cdf5685c7a952e01ce947cf277090fdf730e

SHA256
de30a87f26952b5c1481bd196b6adde2a8d5d62143351884b8d68c5e0220aa45

SHA512
4df055c663f1e478d3ae9bca9436b94f72b66a110daa9aaa7a2c04e89918b6f25541d82702f48ba47612a77841e5fb0d5b3624716938f3dc6ece99957318d40a

Download Submit
/data/data/com.yudada.main/databases/tencent_analysis.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yudada.main/databases/tencent_analysis.db-journal

Filesize
512B

MD5
f25480ed732b941c63ac14ffde981490

SHA1
3f355debe73a8dc2153d73edf6911f65d5de7d8b

SHA256
47ad2528228d09306b31d8fce2bec28ffc5ae2905d88d72468ed9159b2fcea27

SHA512
70aece284f2e4a93f91dbf75a4d8583c2395928365ce6358dec3a3e598d626433f2c21f972916d99849b4690be2cb0eff69734727c7380fcd4b60901968b887e

Download Submit
/data/data/com.yudada.main/databases/tencent_analysis.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.yudada.main/databases/tencent_analysis.db-wal

Filesize
72KB

MD5
165b650bcc5e7e703c4e0114d36ca261

SHA1
809ed61df986f3aa1cf51eff6629b31374ebe89a

SHA256
368ac1682ce7497dba03b3b9a80e8d51a7e0826bc09ba976f4f6ccc59afe775f

SHA512
2f83667c6fdeab69c9167dc1965754c016a0f0e331e2f7736076b43d4ebd7a73008ff546e5836b75ef29c8a83709d5f768c569d566eaa3cc93db0a13625b3cb1

Download Submit
/data/data/com.yudada.main/databases/tencent_analysis.db-wal

Filesize
84KB

MD5
6068f69454197d960d2c9eb8edb68dd0

SHA1
39804555350c1ddbb6873c43b94459da1f4952e8

SHA256
867e4acb78c56778e37dd394975231d30a919fb9c4dbcdd62caa5cae85b37a57

SHA512
e7618d74be23a0b79a40906c52c10f99d5350d6e3c7132f9a0e6e38bd7a727f262da8bb6cf13906e6b9841eb289882d5f0fffd7596ca6a7b94e24c12ef278171

Download Submit
/data/data/com.yudada.main/files/.jglogs/.jg.ac

Filesize
32B

MD5
73c050db05224d1493c2817624912d9e

SHA1
a3b0afa71fee8f77059b2bcd224ee7cd1abd247a

SHA256
b26385aadc7f5091013ad06451e2fb2761177cfdf822622d8f73fa0ff07ff2d2

SHA512
50aeb0c3726b45d7356bd981f74c9c681712f23de71f2d5acb71a562e4ce18f4fa10bef07eb51f581190ddf540c7587a4ed0eddf34895faca82b1e055576180a

Download Submit
/data/data/com.yudada.main/files/.jglogs/.jg.ac

Filesize
40B

MD5
4362b1eb48d4d799d00bb6c9dee2fa10

SHA1
231483aa47c7dbb362f996d16c0cda2b277a99bd

SHA256
ca6296bdf5524744def09ccfd3b4c4e71b61997ca7b41a22da3bb93b67ae9d32

SHA512
fc96aa5d90fa15380bf2cf35c0841f670b821cbbfc5c9ae20ce6ad16ca2bb4e4a5aef5f7881d8b1792ba29b3ad90be57a91d34aabffdb6d263c37801a5af30a4

Download Submit
/data/data/com.yudada.main/files/.jglogs/.jg.di

Filesize
340B

MD5
9b528ca55c403ddcdafe86be2ca2aca5

SHA1
88442c0e1b3398e1354d1c9bff2d88444dbea3c6

SHA256
fa9737857d68b29a663516a427af94c194a15926b26029fe13799f0b9d53974b

SHA512
7b3932247aa6ef1a9aae8f14775fdd52fd71ec5f1610c166d700ff16a5e824eaaca5a0c5c3705e20ca2a12a1b9117c547f06e13b7d3deb1c4b94329d684faf91

Download Submit
/data/data/com.yudada.main/files/.jglogs/.jg.di

Filesize
340B

MD5
7b0a233e2a2e9f758b30583be167cfc3

SHA1
023046a17c67031c08a1d6acf944434055e71902

SHA256
6c19480dccbb841772217d3d0b332e8f17b54b667522c7272792087f6fd798f9

SHA512
547cc2faf585d27e47db894adba83d5b135ca405c9c0da264498d8a57848dab90d8895b677d83c163764b6f6321af719c19afe7ed2b341e86cf17078af99f18c

Download Submit
/data/data/com.yudada.main/files/.jglogs/.jg.ic

Filesize
32B

MD5
ff0fcdb410e68baf5953d58c257cc249

SHA1
8147014b15557e13c20d35e9fa1c4a53e93a79c6

SHA256
ea0d2e2e061daab1a5f3759067c0c48b5d9dbb3d2f2a8bca57e4f4032b552e90

SHA512
009767eab1bf117847896fd381a666b8c9d9aec87c0b7373db0891d9ed033a8a48d63814aef6233c5a41a6b2bf9eb984ca8e2a061a05af5b2a5184002763d31b

Download Submit
/data/data/com.yudada.main/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
9ab0fd08d6be14d676ce8432c958ebff

SHA1
b8b550b9e29b780eb54d67f4c4a89ced64243f7e

SHA256
0c0af68e00e9279f71d183ae3dc8a0cc85ddda1f422b40fae2c71093f8261f4c

SHA512
191c62ae0d13936c1ea403cd8dcc769ec070a1534dcfc3d4953c65d67d00e1fbc90038d528e3a4e68cfaf258e7f5034e5fa47a9f9c6e58bf973f233fbfa423d9

Download Submit
/data/data/com.yudada.main/files/com.tencent.open.config.json.1105537305

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.yudada.main/files/mobclick_agent_cached_com.yudada.main19

Filesize
2KB

MD5
42448443c26a2c66c766259f8739e7dc

SHA1
89de7f90b6ac676caca8e21c73127f8d688b8946

SHA256
a5dbb493f77075995993e891926f5ce94b058fd5e0ea5d42cc5820c77640a166

SHA512
91037848a1a8cc78ff8f5d26be98b735e8799b847568c81e45a09e4e8d3aa866bb20f3452b2f72d41a58ae7f1daa129747850c2caaec175d725315f2d1ad1baf

Download Submit
/data/data/com.yudada.main/files/umeng_it.cache

Filesize
498B

MD5
1c341a0faba6582a865ea1ac14e8453f

SHA1
62a63030fc39d07b8c62080f7ecd117d34b15f2a

SHA256
661460da64c029ebe181fd1db5378d0036fd34caed47e26ef3e2fba53a17fd9b

SHA512
de02594b71e93d72b3a1302363b9bf5b40a57bb3a06e1431e2e2819a477f31923f926b8e6f900291ec4795bf21dea015256ece60dee7c2fbcc63d6f5640e7e23

Download Submit
/data/user/0/com.yudada.main/.jiagu/classes.dex

Filesize
5.9MB

MD5
52454326536c8b71d39f004d1aa33d6d

SHA1
912e3a70fa6d278f6aad085fedf4134bdda4f587

SHA256
cd30865436151bb509b3ca31957d2bb162f513ce8d1ea1ec33799b745b8ec85f

SHA512
270cacd6471ae55c789d8577d6df9b05dd15abc45b65362ff13890afe7b8f29a599005a164efc6e63514591c9be207e64409750894972801ab5e634cdc2721db

Download Submit
/data/user/0/com.yudada.main/.jiagu/classes.dex!classes2.dex

Filesize
3.6MB

MD5
8cce6e84895df859a91d55f48d39c679

SHA1
bfdb8f3b171521aa40147f6d80b52512388070a8

SHA256
ff782c11ed4f63ad78f3f4132b1506ddf04ee4ab79da14fb5f1542a022f7703d

SHA512
6444f319d1bf0deaa5f98df791e5b58286bbcb326b02b765e75d8a262b9dbfb619df0e72361db0389038ba3e684c80c324a8847f2ab983de9449c76e893ed939

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c25a8932f31bb3bd2155a20e1655fdee

SHA1
f8ee6304f5a6e3db0715f1dc37798a14c80690c8

SHA256
6e1745eda76d1a7962f2ac62da67c46f52aa39a51de6d925c371964b6cf909de

SHA512
cadf8b86f4a9b2a6133a0bcf204aba10304f561f0ce1457f300ebbd364685536d10b3f30be9ea6081ab00a90d3cd11d415aa192b13d5d016a8117f741072d9ca

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
32728b95820bbd2bb41399e73151cfbd

SHA1
cbc7eea660dbcc03e46305a11319ccaf14dd2702

SHA256
916824f59c537be53f8220689fb163a14a82f8819ad200440592dfe10dda309e

SHA512
f0e34f7ce3ecc820a1d37ac2a4f10964162b72c946f2193d31fb44afedc91562f4cad59d79a622dc410bffa204d7c326c9ea37196156b08f3636ce7ea6967ee2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
492689eb964092e12bbc3ac17d9bd624

SHA1
b32542e18fcf278d869a6eb184a85ffda0809465

SHA256
700365bf61bb76bc4549c38ddf66cf07213c500c76d92185f6e52b060b2fa8a5

SHA512
bd51bc8bda337614b281ab76890e0d04c0cb1d7bec2675a83d494359673dcd0e36283e8f017c5da253083224f9c97f5683119c1a621caf2c0ff77006d7ad5001

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
1bdc5deffb0f386b1abaf8893f2dbe72

SHA1
1bfa3738c1bfbac228cc3df95823fa6fb1ec5d45

SHA256
e4bb9f9e1c834d14b83cda80438128fbe5ab4da7c76f1c046b3d21abbf60688c

SHA512
7a864a0ebbdec8589749aeb42be8ca4ceed000b525e9e7d1bbc78a2d638eb9b818c232b4102aa1f1e6dbcc962a50abdbf6ed80db523fc70b7a500d46dd609056

Download Submit