cd9643be5c6736b824b03dcf50c1cae89da46b7d31813f116122f8b1d1ea3438

Analysis

max time kernel
2192858s
max time network
135s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19/12/2023, 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15cca46ed393a6f8ab1cf239995b7227.apk
Size

3.3MB
MD5

15cca46ed393a6f8ab1cf239995b7227
SHA1

8ac8647543e1d3faa24b4e4109bffcfd652e4eca
SHA256

cd9643be5c6736b824b03dcf50c1cae89da46b7d31813f116122f8b1d1ea3438
SHA512

c03f780d95ab6c24292f6557d0075d6551e6c91f70976ea26f3cd36452ca42f29cab7936264af755d279adaa01b9b4204f319f8a69ace8250d17fa9eb967f803
SSDEEP

49152:ILRDhwFUtC7cu/5oOqOJ3w/E4q12hkm5gRE+W1we/Ha3X7FeNRotMApdgf+5hmGm:ILhhw24H/5oO1em10vgm+feizfBhmNH

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.youhessp.zhangyu/.jiagu/classes.dex	4250	com.youhessp.zhangyu
/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex	4250	com.youhessp.zhangyu
/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex	4278	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.youhessp.zhangyu/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex	4250	com.youhessp.zhangyu

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.youhessp.zhangyu

com.youhessp.zhangyu
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4250
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.youhessp.zhangyu/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4278
- sh -c ps
  2⤵
  PID:4457
- ps
  2⤵
  PID:4457

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youhessp.zhangyu/.jiagu/classes.dex

Filesize
3.0MB

MD5
482a2aa6cb4a27dadfb47a248744d199

SHA1
5f8793cd1c267cc41c9f1f78980d4b333388372e

SHA256
63589dfb6dff06e4c1a1111bbd70f85474efd3d47767a9a9931554a25b829a73

SHA512
9c904207f87a49b76bc57ecc7e201bcc78f54fc7c82a456c768234c75546a401c1e7fe169b7c560285469513d5db722a3c7800bf0caecb9527b4275a41608a31

Download Submit
/data/data/com.youhessp.zhangyu/.jiagu/libjiagu.so

Filesize
497KB

MD5
e102893683a16d223c852ac584155d58

SHA1
5560d79d71fb1951d6ab0a464af87429a4933c2b

SHA256
41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8

SHA512
3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab

Download Submit
/data/data/com.youhessp.zhangyu/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.youhessp.zhangyu/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.youhessp.zhangyu/files/.jglogs/.jg.ac

Filesize
40B

MD5
c5420248dcf587747c351e76273c8a3a

SHA1
e6f60333d1018063a6896d8edf8e9ffee754fed4

SHA256
f13d79eeb5bd407adb1d0ca40e5a8a86874a96c12d6b4149189b495aff2e8b79

SHA512
08612ed945c14e4f70526aa2da7120fcbc027a69d3fe3152b2bc55cf12e358f0ae011498d121be3e75475bf7c87ff04e45bd9821e4dd273e549193f69b8495c6

Download Submit
/data/data/com.youhessp.zhangyu/files/.jglogs/.jg.di

Filesize
340B

MD5
c73169ce9b8e98469e5f9b089fde3c7a

SHA1
291c64a3b8183e030b697287ae3287d91dc6d0fd

SHA256
59b1ecf6c540ffefaf106187f455d7a392458ad6989ecf29c606bdb011638f83

SHA512
35dcd8f5a93fee2bcb33d551fcd5b309b573e0d68e8d75058fee7bd3039cb59e3f3a10a9436096a3c8aa27fcd7b760b8f64a5c655651617c28223d4ce5fe1266

Download Submit
/data/data/com.youhessp.zhangyu/files/homepage.html

Filesize
419B

MD5
bee128eb20e6a789e26db0ed1d0dad58

SHA1
cd44402a2b9cf9d1916928ef6ec296d83efaabca

SHA256
054b24b01443f96a389e39c3de7665a51dfcf5e0e908f158b46dc78f70c54f25

SHA512
be1b098373f24394a22320fd4ee638572996a40dd0d864f3b67db028a074c8b5784f320a6322fa1f8f5161f2899759677e54f70b73d45fcffc2247112e2ecfba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads