7f3ada8753cd9449035dbc3bc51e76ed7b6e4f97990e559fda872a1969b3e3a8

Analysis

max time kernel
2201255s
max time network
136s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
19-12-2023 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

370e059e07ee5de2eb51c361d4c798ac.apk
Size

10.4MB
MD5

370e059e07ee5de2eb51c361d4c798ac
SHA1

9efdf9f1d182c24706d247078537f15815e57a97
SHA256

7f3ada8753cd9449035dbc3bc51e76ed7b6e4f97990e559fda872a1969b3e3a8
SHA512

264965231e2cd9857af1f2b2628e9344abcb0004db24cc8c99499f829e0a9eb9d8bec640475cb827addadcd568fa6570f97a00a8efad946a721694dd5c5c2be4
SSDEEP

196608:Q2CUvSALMT6sRkt3C9BrVNk565hLqsqcbUvsZa97AtURRrv5quFb3/CbDK:j1qApt0m67L+N8a97qIRrv5qut/CS

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/cn.wejuan.reader/.jiagu/classes.dex	4475	cn.wejuan.reader
/data/data/cn.wejuan.reader/.jiagu/classes.dex!classes2.dex	4475	cn.wejuan.reader
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4475	cn.wejuan.reader
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4535	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.wejuan.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.wejuan.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4475	cn.wejuan.reader
/data/data/cn.wejuan.reader/.jiagu/classes.dex	4564	cn.wejuan.reader:GuardService
/data/data/cn.wejuan.reader/.jiagu/classes.dex!classes2.dex	4564	cn.wejuan.reader:GuardService
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4564	cn.wejuan.reader:GuardService
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4564	cn.wejuan.reader:GuardService
/data/data/cn.wejuan.reader/.jiagu/classes.dex	4604	cn.wejuan.reader:monitorService
/data/data/cn.wejuan.reader/.jiagu/classes.dex!classes2.dex	4604	cn.wejuan.reader:monitorService
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4604	cn.wejuan.reader:monitorService
/data/data/cn.wejuan.reader/.jiagu/tmp.dex	4604	cn.wejuan.reader:monitorService

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.wejuan.reader

cn.wejuan.reader
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4475
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.wejuan.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.wejuan.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4535
- getprop ro.build.version.emui
  2⤵
  PID:4731
- getprop ro.vivo.os.version
  2⤵
  PID:4749

cn.wejuan.reader:GuardService
1⤵
- Loads dropped Dex/Jar
PID:4564

cn.wejuan.reader:monitorService
1⤵
- Loads dropped Dex/Jar
PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.wejuan.reader/.jiagu/classes.dex

Filesize
6.1MB

MD5
ea2c505cb40a635a2109346c9ae95a78

SHA1
2cfb6e78b1e7d934df848069d3544244a68b7819

SHA256
0d400a1d7e3f15e1327218b696a0f44635f75db2333b8d254f2188a010e04c8e

SHA512
783a5a949b480932fbd4a11d09081d8fddefd2d339dc56e550cb33697ea0e925ad123b49c4477b3ed0e089a2a46df84349e81b5cd62512425e211931a25abc6d

Download Submit
/data/data/cn.wejuan.reader/.jiagu/classes.dex!classes2.dex

Filesize
6.8MB

MD5
524d44f0131f134871abf0c858a8d3f2

SHA1
7d16203b72125c5cf28fb0981a350cd86de0b6ed

SHA256
6d5a2317c0ce4db39ef82479c43cfc66aba4d22c7f1d0e10b6bddd6eddd3f30d

SHA512
3fed6efe8ec3f6ead7e9dd8f65a444f499476c1842f71781611b7ad819b0b178d428169f805525750e750b483fd01f34f7dd5cd049490a70376529007a281798

Download Submit
/data/data/cn.wejuan.reader/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/data/cn.wejuan.reader/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/cn.wejuan.reader/databases/btechainh.db-journal

Filesize
512B

MD5
f24fb8d6fbbcb3161fca28a69ecfface

SHA1
ced42adc6f55c5ef9a2d9cb973c8bfd11f880170

SHA256
c6625ff6d5584e9fd37b80cbc85a49063ecf208e36d9849e046ef7b0793e6c5e

SHA512
474c9cb227b229fe358fa95d334629065aaa1036f0fbc78c34546b6e0893b802d29f39eb3cf6b34fa653a5b5062134a36c07a0a5116f41f676ad1e9eeff5bf6c

Download Submit
/data/data/cn.wejuan.reader/databases/btechainh.db-wal

Filesize
32KB

MD5
17859fdd250107978ad64e549d6b0b30

SHA1
a15e52f5046e1e694993ec4b6a06ab78e4cad774

SHA256
14218f6524e826ae2a0fa22827fb55a1a20aeca4d399310a2efa4f7aa0f20700

SHA512
ad03cc6ff1ddc0a70b246fa0b337a3c0a9899502e131a948b9db86386ad301efc5e403fa54bd2e8e6246822c81b341cb2f39985acec84211a1088f5256ec9bdb

Download Submit
/data/data/cn.wejuan.reader/databases/easouBook.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.wejuan.reader/databases/easouBook.db-journal

Filesize
512B

MD5
dad6d53204236b076ae67d265e15fa47

SHA1
70bd8286eb7ea0147fd2c200c0053fc1898c474d

SHA256
be1ae067dd7085e33eeb5df9f289877c056232cf84175ff736d9b696732470a7

SHA512
966246600c4974dfdeed2f495aaae2a2ce471518dbdf14aaf3d1bade2ce3ba450fe86fad2330d7aba069128ff021b23f9b0b183252b02dd588356f64f6824102

Download Submit
/data/data/cn.wejuan.reader/databases/easouBook.db-wal

Filesize
16KB

MD5
1cd84d2e1bde5e908af5f9036e02350d

SHA1
f54fc0768f25712a84cce1ea1ce1825004d17c47

SHA256
b7d16e4ed5ca8a37e0bd591a60fe73e76dcf9e1d222a91972d5260afdf1a98f3

SHA512
df742a929d5ec25261cb3b4bc03b4ff2780141024d5cdf7dfd2a0323fe09d657ea16f14ac2de237d29f2a5d55afe273768d14aaaff0675d242de07c6ff9f57ce

Download Submit
/data/data/cn.wejuan.reader/databases/localEasouBook.db-wal

Filesize
36KB

MD5
6b8575b49bdb34679c805b67b3b6dfa3

SHA1
401fb5ef007eda2d6e620275a4849f1548ec4e7d

SHA256
bb56018aafef3ee212f4526e05cdbbcd6d44dabfef4a812c34230ea401005e1a

SHA512
48dc3e2aff698a9a8d2eab9a3398262d848dc5b7aedc25178e9c4daa913b1dd2dd291867162b177339e4606541150c2ddad47135838068ad5d4937cf8b266e66

Download Submit
/data/data/cn.wejuan.reader/files/__send_data_1703008304207

Filesize
3KB

MD5
ca846f49c7e0a603b124b562311c0163

SHA1
406515a4bc99db704435ecbd4c202b2fc1cb3d71

SHA256
0f8a4fc90cf55cb281cc76ef6256f81aba982048e33b05b59b6888b2fc5893bd

SHA512
f1ee2e7ffa6c7f89248c10147fc3e5133165dcd24668d7edde285d33ce350f83c842eeba5672dc4fd4acdd0fd95a96870c2c631da9a9a85014e248fff74b137f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads