Overview

overview

7

Static

static

6

775d1ccbf1...28.apk

android-9-x86

7

775d1ccbf1...28.apk

android-10-x64

7

775d1ccbf1...28.apk

android-11-x64

7

libsells.apk

android-9-x86

7

libsells.apk

android-10-x64

7

libsells.apk

android-11-x64

7

Analysis

  • max time kernel
    2306408s
  • max time network
    135s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 01:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    libsells.apk

  • Size

    2.9MB

  • MD5

    0b00ea196a4dd979294a2549f378caca

  • SHA1

    23c7dc6a736d84ad05d23680a8c6c550bc95a2a7

  • SHA256

    48999deb82d0cb648d29a602103fab316e726d2c0ce2544dc25aac45379cc2fa

  • SHA512

    830ec37967885a36249c3bc55294d4c82c8fcebd6a4b607c1c57476036bfb782f36d18da8d15f5eb3359118af2945c2d7b472e59b613e40e6ba02965492d2b99

  • SSDEEP

    49152:Gcy+jF+xrTzQjGDZAvpn8yxk5KX7H0dkCHZ/6fJ6qrKy1HNrZKa8BrzO38eWFH9A:CVxrPv+8yuYnCuJFh9NrgRxeITaQe5

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.wnmh
    1⤵
    • Loads dropped Dex/Jar
    PID:4478
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wnmh/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.wnmh/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4534

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.wnmh/.jiagu/classes.dex
          Filesize

          1.5MB

          MD5

          5a139da1b981575c306eb28b5781729f

          SHA1

          7d038621e26af7636f62e5c490fea5a3f8f89e5e

          SHA256

          e88f373033e0b5df4cdf4f473a0dd5ba3ccadcb7cb774dfe062727effe4e0e2d

          SHA512

          2f0a2406669ad480ce3602c43fa6a0475123d85595e6fcc9d3547c27692f81b030098f2015c9947713771df24c03b96ca9ac19154bcb6aca9d0ced661ced0d45

          Download Submit

        • /data/data/com.wnmh/.jiagu/libjiagu.so
          Filesize

          495KB

          MD5

          de685970891708f6edfd18f03c6557ba

          SHA1

          ac50f88327652a72df73d43e9260faf169283c34

          SHA256

          b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

          SHA512

          cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

          Download Submit

        • /data/data/com.wnmh/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.ac
          Filesize

          32B

          MD5

          4ca1e6ed68c7eed5aa6166c52ada84c2

          SHA1

          e9ae7fc386ba5bf18ace88a36c0f6f0eb365a1d1

          SHA256

          21df1d4fe731024584e3f8c124c0a2646b9e8b32a6c3623a50bcebd439bd5641

          SHA512

          5d9f1e34ff4731b9a77b7c3cffe1c4bf92f164f9016205bd912443c243cf92066391dfa27a33cf769abf3108d5fd343501273b33750d664d7976e7d649a87fb2

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.ic
          Filesize

          32B

          MD5

          a9bc456fa1854956c2cb660c4169bc88

          SHA1

          17587823026403a7d2e4f36e325026a92b00710f

          SHA256

          e20591c7a45b4e01e29ca2348a1192b4ae944251fbb5a175f2dde8366f86b3b2

          SHA512

          81503f94a2d7c45fec21facc1909034a1c51e7ad81c9e1d074878f48f3937ded111f7c7c2ab4872ff80f2fb85cdeb026e8383145503bd8ed1b60209cdbea755f

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.rd
          Filesize

          32B

          MD5

          cd63d2251e2f92cf2806c127a1132477

          SHA1

          19620e3ef9bb01e2727862600a62f0cf5bca46fa

          SHA256

          2cc1727767f79b0d48e8de738b411b3fbe5cbbb900324496992da2fb97208d61

          SHA512

          f7fd998e7c0fff8d07d5abcede27df4bfaf5530abe1f4e8d0124e8701b1f96234ae0463a004d3812cdfbc7dc4eee9ea6a1b8341caa9ef529c4c360d69d7e3965

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.ri
          Filesize

          314B

          MD5

          cc0d07d26d916427b42f8038873d5f5d

          SHA1

          96bba76ac54c9d38dd111d592fabe1d709e7c917

          SHA256

          d810939a797f93e023485d99de31b16b7c992e2bd95557848959ff87af169ba7

          SHA512

          3ce06bb5d563b7adb29fe4aa83be75da6cee340c1d8daf4ebcfa45c1d37e3e942db06e56ca50a234094079485d2373cd8118d5eb85f9df894c891da69bbbfbb1

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.ri
          Filesize

          307B

          MD5

          4d93d40b7497bc803d34da182edf821f

          SHA1

          4dc44894d92099c151cd7337af5a448b3ced5c7b

          SHA256

          b091e77121331d8267dbb60ab32319c659d3d6c6d53a7462c83f211ba16c69c6

          SHA512

          2078b1252076e2972225634c0249719ffee4418bf57bb8928011480a7a753d64f2a2700e3a43d9ecb1408cc9d0908942ed11d6b82086d5be046e7761b531674b

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.ri
          Filesize

          307B

          MD5

          949c680a4ac59deb412bb7e9fb5b4186

          SHA1

          5ad5b796a0dd68d3fae5c7dbc1f770e4b52661ed

          SHA256

          b5d287343aafd635d6708aa4a79d4b923f5f431c084abbd7e81271ead4253b57

          SHA512

          8d6b81d7281227256d294ccddbfbca3976daa95e6d53c38ab9d3bade749a9f337972ee4902c3d93423ed8e96f716ea3489a541cdade78de39854e8da618cf77b

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.store.report_cf
          Filesize

          32B

          MD5

          b0a1276f7f0f2840d656d3576c01588d

          SHA1

          c2d7f28810ac7e7a4967d2e338b3c70eddca6e2f

          SHA256

          e76d5db00a7ae71deb7153d1b24041e49fb70757734320369d1a41f1434ddd76

          SHA512

          d60b2e48ef3e3241de19ebe30cb390ee84d6e8c5ff1520440dfb68b4a2aac3b2c9c59f478015ea4129b2c48061c631bb93ccc0ac0ebf69febb409044442a5dc3

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.store.report_cf
          Filesize

          57B

          MD5

          bf8a199df2dadde85702ae1fd75fd817

          SHA1

          a85d8c07aaa81aba672595fda629857e1e4cc643

          SHA256

          6d75f2f537ea4738d395033ccaf5363ddcc680370fc4432338ff36665564f54a

          SHA512

          8d6be0fa76513e17d1d077a35cf94ba3ee45c292ecd47426c7aea24202c69206e3501a122ed8cec605914f2b35a602c4d9f6026667482fdde098bfe7564f1e0f

          Download Submit

        • /data/data/com.wnmh/files/.jglogs/.jg.store.report_pid
          Filesize

          32B

          MD5

          d8acc4ded6a920d7636baf39e4826a0a

          SHA1

          be3ca16f8830f9c6da1b02ec73bfa64b02271b57

          SHA256

          1e7df286cf342abc4058174a25de26f7c4637d301ea8a6eb2144497c36d6583d

          SHA512

          633ffec6ae4a0b27bc9896f9e58830ccca6c0a61b6f6091dc15b73148bf882a248544a924fae9622d4eee99e2c91eb095383d92d6ebe7d6551650389c0490df7

          Download Submit

        • /data/data/com.wnmh/files/.jiagu.lock
          Filesize

          27B

          MD5

          befc74a126aefd2fb037a721222692bc

          SHA1

          f97e67eeb21cf8693dd7cb981dc7537049bc0d02

          SHA256

          ae67c2b9d7a5e26a66f03ec9fab85c44eda41d20d6eeeef4658ca0ffd42782a8

          SHA512

          12e8c9e73a6041bbdfe512385965d49df0ab9acaf553cc132741415adb5272988823292a4e5735fff996dfc59603670f0e7b79bdf2f42ea3d3c898530958fa5c

          Download Submit