87148020bde62020fd1cd7c8cee092c16fa3b53c2fdc455d1ddadb7178622158

Analysis

max time kernel
2473790s
max time network
150s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87148020bde62020fd1cd7c8cee092c16fa3b53c2fdc455d1ddadb7178622158.apk
Size

8.4MB
MD5

02786271851ea9941269d892a3d488fd
SHA1

c50486a1b2c37adf3bd83919f47c701cbc5cf82c
SHA256

87148020bde62020fd1cd7c8cee092c16fa3b53c2fdc455d1ddadb7178622158
SHA512

fe37fb823890a8e287412cbaa97311e4e4facca8604bd50f12d27971dc261ffb22ce92a161a1665b05fac420c03885e8441e921dbd25feddd01295499a23cbea
SSDEEP

196608:3PyyuYqCuJFbNpxeFuLGtkCgrgT0FrCybKobYBWOe9GaUYR0:Ky4CuvMFuaPk9FrSJoGaUYR0

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.yuyue.reader/.jiagu/classes.dex	4256	com.yuyue.reader
/data/data/com.yuyue.reader/.jiagu/classes.dex!classes2.dex	4256	com.yuyue.reader
/data/data/com.yuyue.reader/.jiagu/tmp.dex	4256	com.yuyue.reader
/data/data/com.yuyue.reader/.jiagu/tmp.dex	4286	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yuyue.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yuyue.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.yuyue.reader/.jiagu/tmp.dex	4256	com.yuyue.reader

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yuyue.reader

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yuyue.reader

com.yuyue.reader
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yuyue.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yuyue.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4286
- sh -c ps -ef
  2⤵
  PID:4415
- ps -ef
  2⤵
  PID:4415

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yuyue.reader/.jiagu/classes.dex

Filesize
5.9MB

MD5
fa7e2e6622ba77ea9c91f0d258283488

SHA1
8bf98bce220ae771d4af1b2aa76a5291c7cc2983

SHA256
6849ba4621ca4f2f48ed009b267f13ed47635c5c396d622b6bb2191fc150ba9d

SHA512
83cce12ff02120a5a34a2895229ae9e235b758babf8f25341e5575cdd387ca4aab260960cc7a8922f4fa880dd293e98ee7670da4bf611c058e29cc90669179a6

Download Submit
/data/data/com.yuyue.reader/.jiagu/classes.dex!classes2.dex

Filesize
1.2MB

MD5
bd7060e31e715595dfb4cdbde16c9f3b

SHA1
667b1d1d7053aafa853713902d0fb85b954b2ec1

SHA256
2deff7451df535011a7d1ce6adb8114167e1239a77eb62e8e5676831fd197686

SHA512
7bb9de1121429332951b1c036074c536a04275a4a71f634011a1c9ba0a6e6df4a9ee67690f001ea1fd3d935c475f568473718ad481603bea716b1507f324716b

Download Submit
/data/data/com.yuyue.reader/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.yuyue.reader/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.ac

Filesize
32B

MD5
e6dbbf1c4ab476770afecb02bdd49bdc

SHA1
b2f18ba8cb8c1d6f266193dac17b51fdefa76213

SHA256
b156a594f31b8479ae3ff191b75000663794f537c144e617795cbb7115764f3c

SHA512
3f3382d9eeae2973942e0ff9807a1680a559921c7c1d2b356153d9a190760a995982c2f2a0d78fe81c4c3fb226d1cb5aed73d2c1f591c0948e6c95f458ac4943

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.ic

Filesize
32B

MD5
e21128384fbef55a55f6485d67aa2a4f

SHA1
c1f938ab4c34ac057be7ef223930ebc64e5fab9a

SHA256
486c11c4213e43cf57ea02c5f8949faa4f4e4a5062e47d2e201c822d44f5d26b

SHA512
619fad644886a80cca409d3d327c2c62faba69a53d6d6cc0ae76b69e85b88ac5d440e2be059f9b02c4b5925460de26a91b95e7eb600cffddd327a9d029c21e86

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.pk

Filesize
32B

MD5
c19350be72b1309a05033202eb468df0

SHA1
eca7f75ede1383422393857451ccb8224d478d97

SHA256
6a80bc1c5096c11e9d79faf2516f5ae522d6e059e96feb875ca4e100beadabcb

SHA512
8e09ddbf3fe363d64341878602a1f29e985d7a1687b913d9210b70a2772b4d2607613522c9c767187933ddc2da3c3c17f0d2c1645c8901b9388726042fb49627

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
a868766b397783b29fdc969c56fbc229

SHA1
9e39a5b369655925d1bc338094293595374ff613

SHA256
ed6514f476335580718f3707682462bd29b0ba4836fe7a50c8b37099ce387146

SHA512
78f7c585ff12ba725acf6c267a338e976b0dc49ecaac35c35a6c24246a5d43a8088624e25b78adecdf1220ab55b68eff87f66fb6bb26bd35e7cd4a14e0f1e50c

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.rd

Filesize
32B

MD5
8b35a9aef4fb03768ac9d65f0505c4a4

SHA1
88944ff3ac19babfa5b4f66483d3cd0d7ba82cad

SHA256
a6f13364d6d874def6552eea27fd0af482a92eb91b34802f628585db2a54a186

SHA512
d1e873d61dab2b1060aba9d81ddc2a474d30fe1c2ae11ddabe8b567f8b0a9c2bf8d354417d61d768b8777d334b1f139aa6068c8911856495725807bef9825a59

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.ri

Filesize
314B

MD5
d8755a61980714dbdc5f5b6b26385d06

SHA1
e69280f722e0773b9d42d09158f25f60035c39fd

SHA256
05a3516f113a2f94213962972c9673fd4180f732e5f1046104081f8611f36a4e

SHA512
a9f0ff640f50094c05a8d88a8d959881ec0a53257a36073355b9cc01a6ed6c9a6892dcfd09c3d7e4c0a604bef6987e87b499be39c2305e31d6e0f036c8245504

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.ri

Filesize
307B

MD5
f033167d8f256ebe50c91f50c22b5615

SHA1
ed5901ec161f99b89ed0a7251172d569554711b5

SHA256
d3aa854bad8411cc1db21c8109b78beaa4c4bdba979781ad6d133b3fe3b2377d

SHA512
693a755abb76bd539d649d0b367f85b108fcc12a6f8a7416479612a100eed12c5186c4d86db5234577b2cefc3b4223bd9edb1bdbde60d3ea14140dd145e1558c

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.ri

Filesize
307B

MD5
f2cfd804eb15df237786d28acaef8772

SHA1
786626bc046f75d73c8c5fec670e63818ed2147b

SHA256
809f7a169635c4cfe7b47c56d64e0393aedf9b550551bb0d7bdb831e7da9cb36

SHA512
b8faef71df8b113581c4a3a43bd49f86ebc75b5458f37ef71ea9840b3e614f92f357b4f42f0337b7f135886d5e25631c77a7777802efe437bdaf323f6660bb52

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
3ab57f6d6a9e1fc9396f37709b1a5266

SHA1
2b747134ed7478a7a59ae66e53930324e53bcaca

SHA256
d03114964d5b538b0717f36606b317b65c9702d63fdcd4c1b8573d1488e66056

SHA512
ea374deb0c9dc5f2653b950111a3a6085941b11a695db70a916b7dc3316df79933294d7c801c0a506a27dec735c5320f7a77fc24c21ab86bc1d4bfe654c738d4

Download Submit
/data/data/com.yuyue.reader/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
e25d184758ff5cf9b20ce3b2d7046251

SHA1
046bcc0cdcc3ac4387f565c1735fa968699a7d3d

SHA256
2711fee843d81228e2feabc73679542361f41a6029f16bc4be1200f344f8ffbe

SHA512
d6d61d808f06716867eff0853de506334071d6a5d1a771120334af30b98f9fbde8f10871733e3d3b8824545a2c2e159b2d7da6bd3918982d3d7f68ad591272a5

Download Submit
/data/data/com.yuyue.reader/files/.jiagu.lock

Filesize
27B

MD5
2f1ced0a47525c2e3f75fb3ddc7c1ed9

SHA1
c9fd9a06106a6eb2c46d6579845ade6a08ac15d2

SHA256
038723ce0d3587763d48bf39e681cd6cbc4badf9a0cdbf393278e7d77a33c979

SHA512
045899cb980e692e86298825960e3e9027bab34b13e17e800b41bd6f1c5d15208232768a07d928218b9ea26bbdfe1b45be70bd9c65f84a15927f70ba3b41d9f6

Download Submit
/data/data/com.yuyue.reader/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjgwNzExMzM0

Filesize
1KB

MD5
fb242a39314f580fa0f0e8d77c9a7a45

SHA1
a7c18759936e4c0687dad22fd6108959adf9bf26

SHA256
309b76c4fb611d7875c0630a07769a0f8c6dbc24bccc59377fa30040418f805e

SHA512
054fea746e0b6956643dd25faf7872696fe243eeafdb766f41e412987a4309d3f6210df541e587e5192475bc5492541af22efa2be757f4b4d4c4f09a8df8bd69

Download Submit
/data/data/com.yuyue.reader/files/umeng_it.cache

Filesize
498B

MD5
857aa652d8c291f5c3eb5e4603fa8c07

SHA1
acd52fc9c1719ae07e737055172783da84eee866

SHA256
edc92a9420b08d5e643d94f217425ba34e6eb242ae0cdcd5fc57a994431601b5

SHA512
5daf8e0fbcaebc0981117404b07d8f7777b13840da62e49e61b8a7540ba38ad7a4512f148a3ff3eded7a6f858e5fe08cf4ed970082f5931d8f6f2b2ed202bfc5

Download Submit