816a212420b9618f7b11d19731742b2dc40a6734df52aa2dceb2d0d1e7fff06b

Analysis

max time kernel
2431154s
max time network
136s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

816a212420b9618f7b11d19731742b2dc40a6734df52aa2dceb2d0d1e7fff06b.apk
Size

4.3MB
MD5

e1df7c29d3144c7d91701069bc6f145d
SHA1

fab74ae72481953e9dd6004d4e35cdb01ea01493
SHA256

816a212420b9618f7b11d19731742b2dc40a6734df52aa2dceb2d0d1e7fff06b
SHA512

b995cb9959573660593eddbb2e29f5cf6ee4987a7656da7913c0d6755de77278318ecfce18b16c513188d3dc860f05f37dd824cc468a8a49857e8893afba8367
SSDEEP

98304:zLUqKBHOH4cAhK+RP1EkShx4PKz10pxpn8vwD/V4ad5Y33h:zlKBu98K4PakBLTnuwzVx63R

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.happydapp/.jiagu/classes.dex	4246	com.happydapp
/data/data/com.happydapp/.jiagu/classes.dex!classes2.dex	4246	com.happydapp
/data/data/com.happydapp/.jiagu/tmp.dex	4246	com.happydapp
/data/data/com.happydapp/.jiagu/tmp.dex	4278	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.happydapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.happydapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.happydapp/.jiagu/tmp.dex	4246	com.happydapp

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.happydapp

com.happydapp
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.happydapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.happydapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4278
- sh -c ps -ef
  2⤵
  PID:4398
- ps -ef
  2⤵
  PID:4398

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.happydapp/.jiagu/classes.dex

Filesize
5.2MB

MD5
543e0c5473904f092edf496aa841d23c

SHA1
2f3d7554d4ae46af31ed031900f15225ae972589

SHA256
a45fa3afe376405f77a64fcc754f16a43d0ed5a099941449102cf420455899a6

SHA512
0342b22ce69a08fd9533268de462e714519d680ff9f17bbda0a01a7b6c1dffd2d863f4c36887f5e6a4b5833e50d432e26024c52782756f03f43c7e29cadb2bba

Download Submit
/data/data/com.happydapp/.jiagu/classes.dex!classes2.dex

Filesize
550KB

MD5
ce829fdc1f921b5f418189fd5ad01237

SHA1
07318beb93fb6805807bbbbef73d492dbf7ecd01

SHA256
ca959078c2e9635252483e1a12df91cdadc4a792bcd243a9857a768af4b44ef3

SHA512
4673bc74b6d5b0fd967522b68f83e7cde22b990ab6d60ae08c09489e33328e656811d3545134acbdb907bbc844b5a6ae833aa0823f9e8bbe37ea4dd0131c608e

Download Submit
/data/data/com.happydapp/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.happydapp/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.happydapp/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.happydapp/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.happydapp/databases/cc/cc.db-journal

Filesize
512B

MD5
a3aea81f566f0e5bd0640c434557ed96

SHA1
b731b7310616dcbde2c75cf3780200a4bfda2d0c

SHA256
a80389657b267e30e6f7aec3b1e3bc2ab22a0146f6e7ec04bde04a6f6e92fbcd

SHA512
82f94878d67be37d311558040a420be8dec39a09d07929f2b69df3c81ee2d3995c085455a73fb12b61ce8ba960ebb9727f158644919f1120e99a11a55c294c82

Download Submit
/data/data/com.happydapp/databases/cc/cc.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.happydapp/databases/cc/cc.db-wal

Filesize
48KB

MD5
b14a12d63ec642b8ef55b85ed7d1f092

SHA1
c2e64a066e1f15c07c78abe07178c37c8d4156a4

SHA256
f14dc2f96dc2549211427beb564ebeeba1202bd442f9b62faae1d3d892fe1612

SHA512
87eb94dbe4fc93b5a6601b04b389b59e7d8eab35f79665cd387fe9dec40a2ac4abb2cb630912f0bb49651ecd5166ed3fef598498bfdb4727688a47a2a7e259cd

Download Submit
/data/data/com.happydapp/databases/cc/cc.db-wal

Filesize
16KB

MD5
7f46e7e16c000761e650f0343989bd0c

SHA1
382d2573607a94470e25ea8c9a1d28bb11272d9f

SHA256
4d004fbf905d775efcc9c21b47d70ebcc6957d5f6847d764177735ba831eacc1

SHA512
feee4faf0ae83db435bdec3f93bc1315440949810b7321487a2540e8ee6509ebe4e1bd74efb31c118a2ba9befd7a8782669272bb5806e8c631bb06c4d0fb26f7

Download Submit
/data/data/com.happydapp/databases/ua.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.happydapp/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.happydapp/databases/ua.db-journal

Filesize
512B

MD5
a945d565ed227a3d09031c27f1c5327b

SHA1
59c4a817a11c84fdd38d35a391123fe5ac9c13d5

SHA256
ad0d95ee4413cbd354e2b2c4c40afb6c6e4b20dea929224187a2fe46a6580657

SHA512
65af0a6a18eb5baa85f015e3339532c0ef635b32924c064f3366c6072a2e8db8f595f6ed9dc2a9bc0d223a407344cf0840b338433a7c2a58291862f05f8a9f73

Download Submit
/data/data/com.happydapp/databases/ua.db-wal

Filesize
20KB

MD5
00dff89ab203114151e15d5c2ccd7024

SHA1
95e89d40b87da0dee2ce8995d8163820138ab38b

SHA256
0f3045dbf1c993d045992abc3136430147dff4e222cabf82469711da9273e167

SHA512
4840a6122aa382f443ead3000877fc164a69bdbc5ce782690564544f7f7629ce8fa0bb6ff65206aed88fdd2ba9edd7b28ab667fde3f497ea17fc966e7b24f680

Download Submit
/data/data/com.happydapp/databases/ua.db-wal

Filesize
8KB

MD5
ea68d4c9ce6cd6b99e902bad8561e242

SHA1
c8d3b8f18d1b98b3e1944c43c3fba93021819eb4

SHA256
e470aeba7c460cbaed4fe209780263b09cfb4822b475ec1199f59d0f1c4cf33a

SHA512
31384e844d4c6ef19d79b211f48efcb89e149a6f63547874aa27279af5dc67e03ada85e2309829c9da76d3c38009f1fe5f21e412e32b42fde9b22bca471a1e32

Download Submit
/data/data/com.happydapp/files/.um/um_cache_1703238203423.env

Filesize
1KB

MD5
37a24475a1a36400585dc88f353f033b

SHA1
e7c08dfd5048c53e6c5af957573a886ae319797e

SHA256
0dfb062f6deb21aaabbe88dc170c42407c0f2d18cc08d23aee078806e82e9d94

SHA512
16004d5c84a4345509e72c13033250d8f91346ad44eeeea0f5c2684d63c8d1d8e6bee2a7382f45e9a488ddd293a0a67441b444c3b8e5407b4c399c70f1b50836

Download Submit
/data/data/com.happydapp/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
fb0036ca577e751ea7e7ef78f4de50f9

SHA1
43a4d3789c0f4558e1f560c2fd87be1e9a952c08

SHA256
a1e51ee226eef7fe1e3117b47df95a95c3911841e8677e7de5db32c972823e7a

SHA512
98770f09fe487ad351bb93396a89e1b77675937b8514f45f3b1f3e8ac3f116a03dc181bdf8ed70c8ff64c2e2d8a9448300a59370c83a35bbd7f6dc1b4a4bc5fb

Download Submit
/data/data/com.happydapp/files/exid.dat

Filesize
60B

MD5
0048e50220ad4c6667c54ad58e1ac14f

SHA1
840d803547e9b22e1e72dffb57800106c9cf4d4a

SHA256
bb04c46e0804e9be8dbb01aa8728d37be4ddacfbe820feb233ad4bedbf282c8d

SHA512
62611351bffb605702b37defe7be3e4bf9845b956408186db357155c799c0c21f2c6221a40f05ae77734ca5c8a1d509899999e0ca7bf0e48b824c98b2b3faafe

Download Submit
/data/data/com.happydapp/files/umeng_it.cache

Filesize
413B

MD5
12e2ac1153affc009fee25d854cab78b

SHA1
c12b7ae6863382a6aa5b9eed5ae432df197fa634

SHA256
29bb63d37c2878b471260a9c5147b9a7e1ac24416d751ef1c6d019a1c1abda3e

SHA512
50b6e1d944615e6b3635fd97b38f00c16581e71af49847730b4ab984384c9ecbe02ce7614a5017dd81ca54679740d314dfce2ef6d22e72b78500e56e0514319d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads