75853099f78cb092186db90055cc3eb473e2d0d319391126c9b5d1b3687f30a7

Analysis

max time kernel
2347206s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75853099f78cb092186db90055cc3eb473e2d0d319391126c9b5d1b3687f30a7.apk
Size

16.9MB
MD5

659929ea8f3c388dc127df42fb8603cb
SHA1

8a8c76d5cbd3a99fc71e118c9edfa0c94534cd80
SHA256

75853099f78cb092186db90055cc3eb473e2d0d319391126c9b5d1b3687f30a7
SHA512

79eba74661512b4da5da3ef1f59b166e4ba18789688f2b123b3f4d93183590e45546d5e9d6331cf3e8632e9fb16f421ecf90276033f723c206a098c74de56138
SSDEEP

393216:y6ieQtNGdmypcNhcSQyTeBEDaXffmwc+W5QxLdHUSwjPcgy5:Zipr2m8cwSzeogewc+KVy

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 16 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.mobile.cashpoint/.jiagu/classes.dex	4242	com.mobile.cashpoint
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes2.dex	4242	com.mobile.cashpoint
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes3.dex	4242	com.mobile.cashpoint
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4242	com.mobile.cashpoint
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4281	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mobile.cashpoint/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.mobile.cashpoint/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4242	com.mobile.cashpoint
/data/data/com.mobile.cashpoint/.jiagu/classes.dex	4339	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes2.dex	4339	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes3.dex	4339	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4339	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4339	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/classes.dex	4512	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes2.dex	4512	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes3.dex	4512	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4512	com.mobile.cashpoint:mobservice
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex	4512	com.mobile.cashpoint:mobservice

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mobile.cashpoint
Framework API call	javax.crypto.Cipher.doFinal	com.mobile.cashpoint:mobservice
Framework API call	javax.crypto.Cipher.doFinal	com.mobile.cashpoint:mobservice

com.mobile.cashpoint
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4242
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mobile.cashpoint/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.mobile.cashpoint/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4281

com.mobile.cashpoint:mobservice
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4339
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4466

com.mobile.cashpoint:mobservice
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobile.cashpoint/.jiagu/classes.dex

Filesize
5.7MB

MD5
25abceb7cf2b7d31fc2315b84e4caa5c

SHA1
4661038959392f1640488b93da2d52dc89b785a3

SHA256
65248e55f74c1782889153c700d6d2b6b54d35cef5a5827f4b734590d554923b

SHA512
f6ce5ee40ff9e40569507139cac31f5d553e023f4c4c70693f730f20e7979ebd87f814b82408fdd5d07f192113546486aff4d5d18a995c6da8d3a12a2daa4b63

Download Submit
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes2.dex

Filesize
6.3MB

MD5
f2fabe049e88f963ef166f8ff348af04

SHA1
6229593b1e486066dd02747ff228b8c4dcaba0be

SHA256
7bffe0631c6dd1935d355bb836b22296998ac29df025450d90de3c162ae22310

SHA512
c873f8d45ff1cdfb923cf02c184940eb37f2ac42cc14459abd52202a503e7dca8c7d801c0622d747327f1063b5db8426e37cb458e705cf304c3e4fc4eb6ee66b

Download Submit
/data/data/com.mobile.cashpoint/.jiagu/classes.dex!classes3.dex

Filesize
3.8MB

MD5
6222e9c279a16e9e64cb0abec7a312f3

SHA1
fd5f351b3094176eca8769dde1e8a32fae7f50bc

SHA256
6faab9749e596fcfbda1af999ba612e3f662c5af6bf77b475eb0e00c4b7d14c4

SHA512
f780ff85eaa876b3cb2833e84f58df6e7838b7c102f429ea8a0be55c3f0499ea3dc57c3a6afe45f4380bcf804e08f6ee1d1a497d3d91c1c00e3f734ef1786d01

Download Submit
/data/data/com.mobile.cashpoint/.jiagu/libjiagu.so

Filesize
562KB

MD5
d141f6661f27d70822c7021d752d8af6

SHA1
e545f7442dca4490cb67b745f6f13ed782b1971c

SHA256
e0313c66404c4fb7d023824265ae5a922079d422509d4b59c6fe45632c60146a

SHA512
0b2a4c540c077ed93561f249baa75a65344e75dbfaefdb3a68c0d653d79bb5152fcd42c13f34a87b09583f33f1a40231b4f31416b73c323859885374ca0667f6

Download Submit
/data/data/com.mobile.cashpoint/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.mobile.cashpoint/app_tbs/core_private/download_upload

Filesize
56B

MD5
4da0e036f3b04388adce5a8df2c5511d

SHA1
6bc98a7868a19bbe9087b217678a9635ef5240d4

SHA256
e60c4dc58fb7258b01dd67d939422b1829afcc7856b8a10240c7563eb89577b7

SHA512
724a3641850c07dd5bb947424d8dd22ae35856125f330db3fbd89f78d4d362464a3d335c8a7c573cf47e1ed61604d2e4f4c448aa2fb728a4c34c9121714c7a38

Download Submit
/data/data/com.mobile.cashpoint/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mobile.cashpoint/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
dff5b959ec3092b619fdb3d0ff20dd3e

SHA1
9195ecc3a542db7ae3aed7a1c381261ef6831cea

SHA256
146b5a97014c050d1bd78b7e5bed3faeb68c35306a9c0341f1606aa6845e55df

SHA512
ac23f2431e71afdb973f1eb137d43ca7d2d35f4dbde138abe4438ea856b2f7c0a658c3c82b8dedbc4b1bc6cb6fd9d15d38cb48e55f69dacb233faf3c32723876

Download Submit
/data/data/com.mobile.cashpoint/databases/ThrowalbeLog.db-shm

Filesize
28KB

MD5
93842c595693a0225a5971bab7359098

SHA1
40abcfff6d0eba20266ab14161aa96406c55bd85

SHA256
bacd00fbcd4fa4387bf44ea02ed66e6d46c09ae5c62f4175d13f053d227a4bb9

SHA512
f3b9d160c2f74d23cd926732f31d7b01d5138e65e25856c6e3e1de28458e4fb328642161d2e9c68c5d9f88d43f88b3afebe2240f90e39bc7f0a1c9e5afff6227

Download Submit
/data/data/com.mobile.cashpoint/databases/ThrowalbeLog.db-wal

Filesize
16KB

MD5
c173f297970430b708479bb15c69801f

SHA1
2473a0feac64bdd1015742e3d3603d8d3af1b3a0

SHA256
cbdce39c58baf2b988afba39928ed0c3f591a8632abb113631050392a6fb6e6f

SHA512
6e46d18be8a87adc2968512a5e3e6df8d274bbbdc2a434a05269a129d818c9db900132088e9fa30bb8c9eea75cbf8855f3ab33571392753f4781480149ddb038

Download Submit
/data/data/com.mobile.cashpoint/files/40805.dat

Filesize
412B

MD5
8e1f0c6659342cd8c01b2fb6fe7a281a

SHA1
49490c05fb22b587b33e8452a800a40912cb5df2

SHA256
718d2e82d8578718d1bcbf5fcf2d8b63bc0787b04f384624c0e84cdb4269a3de

SHA512
b35509987233310850f66223b23af590b21e68eaac20af852f2fa783b5d1fd86b9595a75d60ccd78d7ce90bc84f5df0c08825199c41a09fa98a441bb25ad312a

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/PUSH_SDK_RECEIVED_MSG_1

Filesize
314B

MD5
ad8765b0e2f3842e7bafd8a551fa1a85

SHA1
e871fead7d217a2f4046571c9bf31e0b06ebb8ee

SHA256
2436ff4cd54eea0be7499952991b645e9ea2379ebf004604e5b32386e02d7e3a

SHA512
a8ab34bf2d21a095635c49affc02c406d24e33fafb9beae937ce6cd9403118d5326a8fa0602f72ae9aa47eff7667dc8f294ccec0f506df676e0b16ce702502fa

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/PUSH_SDK_RECEIVED_MSG_1

Filesize
314B

MD5
526176bbb5ce1dd3dab4a02504cea9b0

SHA1
1a27ceb257eb6c26ea0ba6333647e66ff44f864d

SHA256
64219383521eae849849ab8d71386f86a40c1aabe7bcdceb7b2fa1b677f5eda8

SHA512
18b2585b2dba6f1cd5bbee8e6fd001cd5015f078e8fbdb6112467bc9c44efe90c7977c7c63806f31e1c28f13b24efe6b36ca942ec2ce7fdee5bd622daf2e0260

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/PUSH_SDK_RECEIVED_MSG_1

Filesize
100B

MD5
91993c4fc35d4f93c774167b25cf4e24

SHA1
3aae0176924f49c5ad99bda612356b0885faac73

SHA256
28637cb725c489a550eb3f02171bfd42c7ddb68b0b27092a2fe113a842bfc8af

SHA512
eb2fc6a77c751ae6aac1fb51c9148de851aa92a5428453c5cdf61ec9a58efaf2dc94991555fdc725f392f67619ebd5e45b1ca736dd8e5063916b20a77107ed84

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/mob_commons_1

Filesize
82B

MD5
cd868907d3332a857af3409004bfb24e

SHA1
030816b0a0773cc31d49699632e52b2fe556d396

SHA256
6921d90a6ef1a679906d1fa11dc9b44c5db3292e0a00ca423dcff991395142f8

SHA512
19e5cca980c7de8af505b80ddf8a15d1a1909c9d047189ac1f1d73325ea2a21ec994e15e4de432b522248a463a5b0b42c8c08e8264eed4b6a8e98975626bc0b8

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/mob_commons_1

Filesize
146B

MD5
bb8dcc18c6a7014e6c18343ddba98444

SHA1
27cebef5bcf0bf3be87c2e0c85d8a2dde87b63c6

SHA256
dce8be52a680ac19e823693ff24081edb2e5270ed5abcab9c6e73b7905a8ec8e

SHA512
85205f7ee6fe86d49b3e97e73b31ad518305883a767c5da78ae84cad1f88ae3d9b09effef2de9b3e91b6e905c1b4cc5ed6edf84eec367fc5994cce0e4cbd7922

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/mob_commons_1

Filesize
39B

MD5
8a08316ea3d99cf08ed0f8af96bf2144

SHA1
aa394f89fe6d89ad550b3cefca82bb127da6d838

SHA256
cda0033c88485c5806e31026befdc2c6729600b1d8231bd320a1e979ee08168c

SHA512
cf2dc5d5603a031175d25f29c48041547c57e593e053bf688c2fa28af196374d7df5470507a3de738a54e45c9f85e56b2d91224d91e81ff1f763a96a09b4825b

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/mob_commons_1

Filesize
100B

MD5
0656380c04c3f403eabccacc272e1030

SHA1
7ff3636977184e5e92973afa234dd539bfdd512b

SHA256
ff28dc8df6b11b483f731865b55345a2c05698d8c981c171de6956e5c19cf443

SHA512
13452907ce7fac33e23e6fe6e0e9a605810ddacbc1438c89943e8fa92d0db44645479c0e82b7504d7db57e34541b34e644ecca4851230a9e636529a01fa171a8

Download Submit
/data/data/com.mobile.cashpoint/files/Mob/mob_commons_1

Filesize
4KB

MD5
f046e65195afe493ebdc8241ad18f9d3

SHA1
f091a9f7c9762bc9e5bdb28289713a31e75bef55

SHA256
88f433ee3cd904b69aaed2256ebf13d69e805210c6eaa54558ff040ec3c55691

SHA512
cb4a16ce879aead42ea04eed5b8dbacd20a17e93153640aac3b56f5ae2d15983e4685eda9a4a07aab055db48573d27d17d5865935651f07b50a180ad8c6f1494

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
32B

MD5
beb76310323a4f44cfd0bbdfaea030cd

SHA1
ae84843aa0eaba945e1b24a3a5cdb063dc63b22d

SHA256
9589832f0e7e1776514312cd2a47dfbbeabd67b9d5d740dd0cb2e41ea1133af8

SHA512
37323e10552e18d5909d5c4967e245265e6a9fa1dbb33b7bdfa61d7b0df8e9b7ecd78116a101fa5f021acd890df7364f5baf489d261ec027cb1c9efbc982b1c4

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
194B

MD5
7a602e3c3b6e16ece7f6ef59523816fb

SHA1
bc14215152e3441065b140bd122a6ed0550e26a1

SHA256
ae7219c83d9ae47f4122a9626c32745aedc8c4b820cb57cde4602e585307c9cf

SHA512
bfaec8e2aa4fc2a7610823a6545dc49f80fbc3eebd8c838a4b1a64a8bb29b6371031f9b02d9a8e851f2d2772410c3bc6c277883d1808205448e9f7ef538b416d

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
130B

MD5
f321656a466363e5192773d92000e401

SHA1
3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

SHA256
53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

SHA512
fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
32B

MD5
fda7dc1ab6dd3c69e8d16b0475943508

SHA1
06446e85e61ddb07a67b6df62ec7413c2a5b2b7d

SHA256
7351fb5708f53004d65549cfb3e96105f0455f5c6feebbe45e0d0343ccc7e26a

SHA512
27ed3b74aaa77348def3515dd47c447c36dc96d90629fc42a1fd76f0bf1eb77a3ecaa323523a742e6004568c7e339a09c8746d277cb7a89e33febd2ac9223e23

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads