7288e2f79a3596892f049aaceed6cd7799ba30aedbacad181d59f66bb5cabf6a

Analysis

max time kernel
2276343s
max time network
148s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7288e2f79a3596892f049aaceed6cd7799ba30aedbacad181d59f66bb5cabf6a.apk
Size

4.1MB
MD5

b751deebf8a2b9c0a9547e0138710e71
SHA1

14146379fd09b8159d7b23dcde6ef8f3cc13d25c
SHA256

7288e2f79a3596892f049aaceed6cd7799ba30aedbacad181d59f66bb5cabf6a
SHA512

eabaec9415088d72991d604554d9dd4a5485cecbc64d7c2328d77476e8996c9cfc5a35551d032b84c7edc08cd8d711b55df4244d5abc3c3bb6fbac7935314541
SSDEEP

98304:oMOc4213S8HvM6eyiKETRIlJJRhknpVDWj0XLeY:oY9LHE6TiKeIWnpVDjT

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.shanghfo.renren.yuedu.best/.jiagu/classes.dex	4248	com.shanghfo.renren.yuedu.best
/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex	4248	com.shanghfo.renren.yuedu.best
/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex	4332	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.shanghfo.renren.yuedu.best/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex	4248	com.shanghfo.renren.yuedu.best

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shanghfo.renren.yuedu.best

com.shanghfo.renren.yuedu.best
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4248
- chmod 755 /data/user/0/com.shanghfo.renren.yuedu.best/.jiagu/libjiagu.so
  2⤵
  PID:4274
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.shanghfo.renren.yuedu.best/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4332
- sh -c ps
  2⤵
  PID:4448
- ps
  2⤵
  PID:4448
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4489
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shanghfo.renren.yuedu.best/.jiagu/classes.dex

Filesize
1.9MB

MD5
f13c616ab95ec0c6329df59fd0d78588

SHA1
4cfd35c33b0d0fb6d3b43f3ad2966f4f81863890

SHA256
3f26fd41d76f9971fe18f5eae28482b3437cc23936c267aed7d8363575b8ff01

SHA512
0e4f1f440b9ef5b738b81478f52a0d3e625fd039ec61fb054192a5f7b64448766b08508d1c0fb4093cdb8a1d042f57b1399f83fe4c08828516ba2d80a29b22c7

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/cache/image_manager_disk_cache/8ab290920d40c603ab5892e89d1d1bd1544578ccaa1968446b0b5aa503acef1b.0.tmp

Filesize
4KB

MD5
f36df858238f09287525e9ea82a44d57

SHA1
81621f4d13949ce38303302d858b37b1d0306005

SHA256
0b7d524ab6be02bdc9af046346072c46655a1fc701d5ba03a32a82bfff23d61f

SHA512
7d084091f01faffdfc00b58f08aa929cfe14c54f806a065730eaaffe6c1ad54918728a629a343cc63a0d248c41771bfd10551c5f647355de9f4807f7ec9bd538

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/cache/image_manager_disk_cache/journal

Filesize
178B

MD5
ce50e30fdf2db75e01b34b79bb5b55d0

SHA1
c40760d0071b9449125a0a837b738d2cf978a5d2

SHA256
9f27852cbbfdf28988ee9da122ce9971530e26c3cf5a29f81a598a9926cdea55

SHA512
2f02a899352d54a7f74c2c0c5ca1d45b3fdb637ebe08eef021ff6f021575cecd759859fec6fdb097c6e042109b8384e9b2f08490b86de511ff328291a69ae1a1

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
e1d7c53a9d74c8e5647ff583b44e4220

SHA1
ba9c1456cbb4afacaeb777f843f10c11e55cac6a

SHA256
2d97b9bcaee983fcbe959070dbba2ee09aeaee718113017397a2176955e148a3

SHA512
21ae4d0fb7bd1f105b7e8e7b8662121c26ca75ef409174abd14379d652d7c5ebc178ea49c56c82ab80d8087457a0ec76d661eb7a563c31ec264a2f2c4c415603

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/ThrowalbeLog.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
dd08b4a68d292e1a6e6166f00d829100

SHA1
14e056611c94ca0aede77d20ebb4d1c35c42e8b7

SHA256
5d4beeb26345add5c91908e5af1663ae9f268c1ad9210a91685083be849f9588

SHA512
65f8b278797671203856dfd4eb44d7ff3c63b499b2d7b905eb8e74b0b658f783743899bb109f666549296eb8e562caf24d6516826579a0d6ddc8306c3bb43610

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/cc/cc.db-journal

Filesize
512B

MD5
407b6c3264a27c80d016cad3f2fe6cde

SHA1
9427773a5891e47b3b52e67fa3bf1af97bed1dd1

SHA256
06f0c05f90f5947d70b96e0c5c259db4f8936304931bf71ab9628b76cc4f12f3

SHA512
8e7d23476b08e39b88eeab02ffdd45c8b33a34a7f17d20145348cdb5e9ad89fbc04e50a65bdc923187b9fad8ee851cabc5bfb2cc5dfd8a3ab58f2af4a336cbbf

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/cc/cc.db-wal

Filesize
48KB

MD5
02dfdc9597a835ed1c95b411d7144491

SHA1
f003e2c3c6e3dd15c497818236e206916f7eac34

SHA256
6700ca3a5f4352c0fdafb1aa938c4464e7729a71e67738973ef655e683f34ba8

SHA512
e0f4c2de6cfb9d0e1e0d3e7c0171e4be10fff76122b36663619a95ba00fb8312a3845509b2dbb369f29f6472f65cd40f71aafe0404e6a48f9a53677b8a1530f9

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/databases/cc/cc.db-wal

Filesize
16KB

MD5
ab86e7e29c533bd6429a708ffc2c97f2

SHA1
28b5d364d146939c92bf8ea8dabb74e9b76e691f

SHA256
81e4171300ff7c2961d08f21b318f349267f74dde452b5e3ea4bbb18e5dac46a

SHA512
fa2f70c1597fb80032c4dfbc043a8c22d73e89fee27dba5bf4e12d9cf26db9b49680de0bd292806b6d81ed121f385f1c92c3399233e7c80726d03ea4a26e5c32

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/.jglogs/.jg.ac

Filesize
40B

MD5
04e12dcbe685a9dffcb271eaa8dfd7e4

SHA1
1351c6841378395a6a9bea91f04d31e23a3a9c1b

SHA256
cbffa5b2ef5660dec7535cfca669a315404160a9341002938fefbe22e2792c80

SHA512
64025c3ba014a3e7a5e5921d4b20f101028a8e3df7bc402149b98baae9e7ea899248b19be39b5d9056d59927a70cb799133e1b9802036c2854b1eddc8ef84e94

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/.jglogs/.jg.di

Filesize
340B

MD5
cf8217a9cffadef73eec40065bf2c7f9

SHA1
15235fb0b59136247c92ee0bc6abdedab370ee98

SHA256
7de43e99b1656df6c4abc39c87ff23dadd5e26f51cdedbe2363b77523612006d

SHA512
c8b08388f6ab807e3500eb2273515894eef52860d7498e0cf71183fed13f909703891ea737507017de145a02da2eaf0dc51a3d660997cecdf7a7b8d967187528

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/.jglogs/.jg.di

Filesize
340B

MD5
163b0866bab6f95812f3ed1790d1f171

SHA1
2127ffb35d867f010d063b7d6df15cbc2fba9737

SHA256
5b89f657e47ac5f5400d36959d8a66ac2cecc591c649ff09cbc73423b70f9f94

SHA512
aa9974359f1a8d66650d0e0eb2ec422e433351581e9637a34dd570c1908ad735b1917995eebe643f1167ac5fb4bc2e32d8c0011adfea5c7aab309fd78ac64cb1

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/.um/um_cache_1703083333028.env

Filesize
1KB

MD5
b008864aecc0d8e955812120fdbcab1e

SHA1
b2f0af69096b942a1e193d9a55e96e6cd3b2408d

SHA256
4d08d709a7638b241460049a8e29332d14fccb27f93cdfcd1cbcc07809256bc6

SHA512
f2cd8a31c23fae9ab4d45d7ab323da21f5258662f65086cf97f3c43db084cc3850f6981b4c50ca1d4cb19dc595de4a277b24d46f897ddbd71f51e5625bce9567

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e944337f41556c988e9bb81875cca55a

SHA1
2c20a2ea777841f410c75a4612e186b7023edeea

SHA256
ee4811352f70e94f8cd623bcd17f096a2be0a7ce74ba19c5479c6c9802ee1011

SHA512
8e787b91860a7d9ae554695ae2e64077aef78edffe295646ce147bef71ec8aca4038ab0b4598307c010e36384480d9c01c2fe5fab3f2e5f535efd43f8f00e06e

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/mobclick_agent_cached_com.shanghfo.renren.yuedu.best2018042815

Filesize
2KB

MD5
a0a3ca40632307628e18219fe3dac971

SHA1
cf3d0bf918858ad61546aec481b388484663b1ec

SHA256
02fe19b868a7d46bfd0c6495dc5557252a4b529da402ada092deb308385dca74

SHA512
e994fc4114eed11bc47a245c75f8d3f9df7ee0a66fc607223071ec3ea8b1ed9c25ce94259565b939be64c4bfea98fb84fbdf10b4a05e913d59a8c47d3ddb366b

Download Submit
/data/data/com.shanghfo.renren.yuedu.best/files/umeng_it.cache

Filesize
415B

MD5
be0fc4a8131d832fb3215412917fd8e2

SHA1
74a1133682290fe753da16483e8e9c0e62ffde0d

SHA256
1f576cf59526fdbde1b581f0d6bf312fdd7c70046d693a2c48709392f499a944

SHA512
8b15d94956330814a1a42850a5f17475d1c8a164ec4f5dbc93df9975a192aef03c27cdfbb41fc2b82c6043007129306d8bf1bd9a0e9dcd4277e5b478e0418607

Download Submit
/data/user/0/com.shanghfo.renren.yuedu.best/.jiagu/classes.dex

Filesize
4.7MB

MD5
687778e3b9b4c4927369327d9f4a57ce

SHA1
8a24fee04b61eaa17251a2c41dfa6e4fc854606e

SHA256
979c261507cc0cec1dd7f951da8fe71d76e044ed2ca9789ad368b15345a8b855

SHA512
07d4f67f977fcce0977c11e44c8fade5699393ce534121099eae813b18686f14641c70e0de4b58c395332ca3e165daf41fc4d4e67d6411bc9506675f9576f5de

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
84cd3de53c7218103ee954caef113a46

SHA1
1ec2d2a7b91c1840a8bf0d3e30eb210fa59056ac

SHA256
e7bb8759eb547343819a94cd418bdcbf1810fdf7df752c706c9b23e67c990aa5

SHA512
c0770a5209fcdcb477bf91f0ad37c88b3c771603c4eca96a508f97cea39827cb2898b6d6767674a074f8788b4450040a51f2cbbc71c923bf9481807a12c8bcae

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid

Filesize
496B

MD5
f969aec46e266ef3dde898f45e3d8a6c

SHA1
0d0c78027cd69ad297975022d4293adce5e7a549

SHA256
d92216a12f074d2c62442f8444c7e6706495c93cb3e904d0abc14e0873d26b7b

SHA512
a5598aaccd663124d6e60fc34b3f17e345b689f55344a4ea4a9ad69ed8902308b98bcacbe46e19979fb7a9e98d6e95b7440f6b43d58f263f07c96b9087b937dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads