80a20df0463f1f85d0f6b7431e66b14bcb23cfcce8dc8e5f3542cc1cf6cab4e0

Analysis

max time kernel
2360990s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80a20df0463f1f85d0f6b7431e66b14bcb23cfcce8dc8e5f3542cc1cf6cab4e0.apk
Size

10.3MB
MD5

360b70647c18ebfadefafac1728bb81c
SHA1

2cd0aba7cac03ba5024822bff380980aeff2aa8f
SHA256

80a20df0463f1f85d0f6b7431e66b14bcb23cfcce8dc8e5f3542cc1cf6cab4e0
SHA512

a863d9c0dca6600975432f00d7a0409f4fd073e89a6e2a7c2cc62bd990304f0eb731b670191561030d1b579be5ac50ca5274ce9c9b0215cde75b995ba8c8fbb7
SSDEEP

196608:BbPmyuYSCuJFbNNxeBjc4wEDQun+x/XrC2bKkbYBKet2qLPBYk0uu2tuMQ:oyMCuXMpd/9n+x/Xr2dFchZ

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zqyt.mytextbook

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.zqyt.mytextbook/.jiagu/classes.dex	4236	com.zqyt.mytextbook
/data/data/com.zqyt.mytextbook/.jiagu/classes.dex!classes2.dex	4236	com.zqyt.mytextbook
/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex	4236	com.zqyt.mytextbook
/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex	4267	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.zqyt.mytextbook/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex	4236	com.zqyt.mytextbook

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zqyt.mytextbook

com.zqyt.mytextbook
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4236
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.zqyt.mytextbook/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4267

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zqyt.mytextbook/.jiagu/classes.dex

Filesize
6.1MB

MD5
7727d21e363b733dd66a4d1cca5d90b8

SHA1
a16f8bd03811001162ed60afdf81d10520bd7b23

SHA256
2a31578883afedcc73715c061f10f6d026cfdb9f12ce3caa17531e720c94472a

SHA512
3797a7b74161ec78d889997ca996c9a77eada7b11a692adb39a90e1254cdd9d903ace895a895191ed040cd26ca7c5e74b2a73d1b68518024e9602b418c47c630

Download Submit
/data/data/com.zqyt.mytextbook/.jiagu/classes.dex!classes2.dex

Filesize
3.5MB

MD5
2347a58b6f05d1e1bf38878e373c01c7

SHA1
c77366f5c885334f1e8c50238ba37a41bb0e0a19

SHA256
d338ff7c7a16876215af987a594d4a81b91c51d29f24a0c236120feac8d3974f

SHA512
a5ba9e6b9912892dc31c8b831a377759989f0914a3a98aecccdf9292200ae2ba7860ebae11d17a969b1439ca634eaf88e5cb86910e3e54c8e1a76c8270e885ba

Download Submit
/data/data/com.zqyt.mytextbook/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.zqyt.mytextbook/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db

Filesize
92KB

MD5
9bd52e0057361e60ad56019fbe8b28d3

SHA1
4475ac5a2c3edba0ab3f8d77cfb32d2fc1108e23

SHA256
32532d76750ca47cbd5e2dc3f1b3f01ddefdcf28bcc120bc8309759b2ef2197d

SHA512
c4f138e10cb169c1cafbe855247e0b01bbf967c898412902d975bd97f7b4e0c551d4f22af4573010da702da5256966b6d39daf2e7d583f7ea24427c5ddf11536

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db

Filesize
20KB

MD5
bca53c4dbf9dd9ec47e5355b43ad5ee0

SHA1
ec0b00613fb5f925bdca246c763e5cce991211da

SHA256
f42edf80ca01c12539633ff757225204e79ff33d8e7505eb2696be28b4c94952

SHA512
fe8b953ee52482ebcb9884418d3c97414d763e9e69865987f741092800e880d3454f43c218e402426c2552f0c31bcc0da2e36c737b341daf8df690be6a4635e1

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db-journal

Filesize
512B

MD5
7b6380623418cfee6454b02f7853b002

SHA1
34b06811907e773b55c861f4e3c3ac44a0da392e

SHA256
ddaa4a82a0e5af163fba3b709846ba31b2195a0b30d25e0504dee3e3943b23b5

SHA512
a9db84560673a32a9613dd8b4055323ed4738acdcb9c37f12afb97a1438182de5e8f94d84653bd2a9c034e54746ff36b8960278cd97653848bb14e8199855537

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db-wal

Filesize
104KB

MD5
5238c1125cbd78296d41837093b1881c

SHA1
0b41ca4449757885f1ddde8a032a260117142a1c

SHA256
51eaec61e0ec9b2ef806f72fd71d0ca740d1810eef726066c7cea1ea7ec0fbd7

SHA512
2d2eea4dd171e843e173035cf11b29dd5ff0ed39a6d6166e58406f4be9ba9817e26c430d0c8b25401d086fe4776a3df25587164def7a8345bc8d1f09275837a3

Download Submit
/data/data/com.zqyt.mytextbook/databases/mytextbook.db-wal

Filesize
8KB

MD5
575f2a5fe8ca18af4832075698ba9e7b

SHA1
828ad93c1f48141316fadce4c628ac6a2271c0b6

SHA256
55db6f9555aea4fc9125f72020ce39ab8045d37820ccd621750c4ac450b47435

SHA512
0fdb22be65c3ec04a1bbbe085183ea3dc8876b0e088c843fa0af36a08b8c685a856248edf16e8b709f7a3445913ba1da846b2a749b0c5b0b7798427156433ee5

Download Submit