87d5a4d7cf1d13059ea0d37691a60254fa77c23e032fe14e479fbb346f37a19e

Analysis

max time kernel
2455899s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20-12-2023 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87d5a4d7cf1d13059ea0d37691a60254fa77c23e032fe14e479fbb346f37a19e.apk
Size

27.2MB
MD5

f6dbc5ed3450c6d25a905b1c5341a12a
SHA1

49b674384e8947f468b07199894823f62cf487e2
SHA256

87d5a4d7cf1d13059ea0d37691a60254fa77c23e032fe14e479fbb346f37a19e
SHA512

7fa7186e39da915282bfc20a058bb05557c95c96ccd7ca130b3442507c7bc65e6eb39f7776a4cd4635903ee43a7f72a1380b94aa88241e3997ffce01449ac8a6
SSDEEP

393216:5UCVBPeD8AewslGgMGQCOHoARnOWCIN9Lim+KpSzmKMeM:732DfmtQdtRnn9Lv+CSKKMeM

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.hh.DG11/.jiagu/classes.dex	4200	com.hh.DG11
/data/data/com.hh.DG11/.jiagu/classes.dex!classes2.dex	4200	com.hh.DG11
/data/data/com.hh.DG11/.jiagu/tmp.dex	4200	com.hh.DG11
/data/data/com.hh.DG11/.jiagu/tmp.dex	4262	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hh.DG11/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hh.DG11/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.hh.DG11/.jiagu/tmp.dex	4200	com.hh.DG11
/data/data/com.hh.DG11/.jiagu/classes.dex	4337	com.hh.DG11:core
/data/data/com.hh.DG11/.jiagu/classes.dex!classes2.dex	4337	com.hh.DG11:core
/data/data/com.hh.DG11/.jiagu/tmp.dex	4337	com.hh.DG11:core
/data/data/com.hh.DG11/.jiagu/tmp.dex	4337	com.hh.DG11:core
/data/data/com.hh.DG11/.jiagu/classes.dex	4652	com.hh.DG11:channel
/data/data/com.hh.DG11/.jiagu/classes.dex!classes2.dex	4652	com.hh.DG11:channel
/data/data/com.hh.DG11/.jiagu/tmp.dex	4652	com.hh.DG11:channel
/data/data/com.hh.DG11/.jiagu/tmp.dex	4652	com.hh.DG11:channel

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hh.DG11:core
Framework API call	javax.crypto.Cipher.doFinal	com.hh.DG11:channel

com.hh.DG11
1⤵
- Loads dropped Dex/Jar
PID:4200
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hh.DG11/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hh.DG11/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4262

com.hh.DG11:core
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4337

com.hh.DG11:channel
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hh.DG11/.jiagu/classes.dex

Filesize
6.6MB

MD5
186b453cbffb6f9f6eb4a2f411ac5639

SHA1
5df0c56048bda82d4503385407a32fc7edfb62e7

SHA256
6258bcf9b4d16a12bbceb9500ce7d441788aaa01bdfcd396b24fe67ad0a76529

SHA512
ec80a69ce5ce7d188bd7b018295feb7f696b17d552b4683ce90bd2ed91d2baf50ccf04f9eda20b90625152219efca6d9c5cb1b77d33f1508b650061bda01b1b6

Download Submit
/data/data/com.hh.DG11/.jiagu/classes.dex!classes2.dex

Filesize
5.6MB

MD5
2a2237443fc6d1e78b362567b34252d3

SHA1
ea434c1b06b7ca1b408c85374e275a950bbe974c

SHA256
a9fcd1979438444285c430b685ce7678a63324bfa4e9ca076738fbffdfc84b6c

SHA512
dccedaa81122f7f5e2737f3bba135b126866d02528cdd190b6002ea10a78aefa8ae3c6fa0f800308438870f7fd23c88abb324ea22fa9a138c33c7a5927a1bb1c

Download Submit
/data/data/com.hh.DG11/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/data/com.hh.DG11/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.hh.DG11/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hh.DG11/databases/MessageStore.db-journal

Filesize
512B

MD5
39b00472f4c4df9f261b1a34b0cb5e51

SHA1
ec9ab460ea8410422f286a29fdc628bf49596e9a

SHA256
4b37bc4001392eb0c875cc8bad5487b1e91eb868301fb22cbb2af0e04d367c84

SHA512
654b1d76af435b1148d406d7e16c457f63d798886760f66d9cc2e95dd4a3c2cf08a36c5783855c438947815a4e5d2721295553cdcd92130752ca3e96eaeabb01

Download Submit
/data/data/com.hh.DG11/databases/MessageStore.db-wal

Filesize
12KB

MD5
8a8741c085860df49c112277363ad6d4

SHA1
a77c10a915b498e369dea3126a780bc5a1fcd3d5

SHA256
b3ffbb8204f0240c8b8f40a614bc1d87b21cfbdada0afd4d5304318c8139d983

SHA512
dacdd91f28fd06be248abbd5e55c5de325fd24e27409c32eb22350b4f708578c89fc834319e228950492f74e3529331351b978a96b80863e718c244db4fc5a23

Download Submit
/data/data/com.hh.DG11/databases/accs.db-shm

Filesize
314B

MD5
535da9fe2ee95a9a79000d8cc0608463

SHA1
4e13531422d1654aa6fd69ba38f7d07bd8e40c60

SHA256
88c90d1eb62ddd8e94b285cd3ca4428e473adfd5bf4886b0df52ab2206cd0cf2

SHA512
3facbdd59ca0cd96bd8255b40aadd07f2cf2ed4ab731f6aa686fd0ac1eea745b5698234e98024595fd21aad0315f937d9a05eba8efe0a9d65830030c35808d14

Download Submit
/data/data/com.hh.DG11/databases/message_accs_db-journal

Filesize
512B

MD5
bc59e54206d4f78f3c6c2cdb963a1738

SHA1
83bad480df160c7b538d4192b03cc705aa0cf1e2

SHA256
69796f16251ca69512a07bfa409ab41ff193d9150dd95ed51a5e481d16b02492

SHA512
b9102775da010015214b986b0d334b6da8a251f779ac55e7986b0178f52e7ebb0703f91766c58035490e82aa6ddefc441c654d59b6a6c16cfd972c74fba3e67a

Download Submit
/data/data/com.hh.DG11/databases/message_accs_db-shm

Filesize
340B

MD5
5b8572eca07f79f612e1b4b5e4f087e0

SHA1
9134f2dcc986164dabcd4fdca2b9c2f0336acb11

SHA256
d67d56af10b952ba734fb1f202566e00b91ff0328acac3c4fed580fdb7cebcda

SHA512
7694cd0112f4fb1229cabdd246afaf3f90cc9efd41c9e9f70cfc87977187895fd57e31b2deaab15e469c32d6137dfe9a395fcd54c27b4de4d42da5dd40fb44e5

Download Submit
/data/data/com.hh.DG11/databases/message_accs_db-wal

Filesize
48KB

MD5
db6bdd900b6f14836a97808a4759c49e

SHA1
cbd30e7495c352e0d1710677779d907c9c5f14da

SHA256
98189f71ce4a57126aec5c4ddd060fe54cae4a88c0d28e8c621828add7d2f06a

SHA512
42bd243c56add2ff1fbe99cc9da34ae131594fffb52ec73200ad49c46bf7e3f0072161ea61277dc270c971eadf93deae64b4eb156c0743e3ec30bb01efb9a42d

Download Submit
/data/data/com.hh.DG11/files/.jglogs/.jg.di

Filesize
340B

MD5
f96d81ffef13ed50b01eef8a7e747e5d

SHA1
2effe1fc652fab8c041335c3699c11db8a7bec92

SHA256
77edcf44aa25fe9d49e1e728727685f3f2e5e7b5cc912226354de7135ae23890

SHA512
48108b114492390e08eebe946a91e6157f3bb7740311869ab640af1f6ca0e2f57cf1bc6ec0f28a045aeaaaa061589161007dd0a6f4726f7d0472b3d3049cbbb6

Download Submit
/data/data/com.hh.DG11/files/.jglogs/.jg.rd

Filesize
73B

MD5
3a0508b262131b2700fbb530a7724e50

SHA1
2926ed1fd12ad2bfdc294f00dca567e06a4ec3fe

SHA256
3513ea2cf7365a93417f7e524a85e8dda169c32eea7c9fe2cf60664a4cf8d81b

SHA512
798b4d7721433295c9b1a6ed6e97083e53311f85c83e60de2d741e123fc257d1d9fb14d8ec483ad0d64d46501e3e4e689750e61a854eb7b8261283e3460b944b

Download Submit
/data/data/com.hh.DG11/files/.jglogs/.jg.ri

Filesize
314B

MD5
babe861560f8b6bbfc9ac14cf7ac1f93

SHA1
39cbb0c20e39723c31e56a5914d25fc310b7a863

SHA256
8b1b7bdccf2aaac13f97a42858f9286c83cb87098b26b1ec61fffbb6aaac756a

SHA512
501d29737aac559131937588cc9190bb7f23d7e9f327f9d59f054601a96b529f6015ce56ef6d2d0e84c6c85c25948b481229bb5853196c6b6f712c81c353e795

Download Submit
/data/data/com.hh.DG11/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.hh.DG11/files/.jiagu.lock

Filesize
27B

MD5
c80cef2fc57fef8f31ab901b5dbb7d52

SHA1
13608030fd8c4850a33c29ad83d3d7f13bbefdc0

SHA256
da255ee90309796b3213ea6a0bb40bcae1f4d33f2d16c2c7ad84b0d2deb72ecb

SHA512
0a6742585eeaf987411f128e40e626e76cf7ab0ed03a012fbb5d10ebe5f5ee331e846477dbf0c9f6b1281faf77faed10a7dde0af947662f8305a8724c7ef724d

Download Submit
/data/data/com.hh.DG11/files/agoo.pid

Filesize
73B

MD5
22570175cb42a6cbc7fcb0e73ea675fb

SHA1
6a4f08df68b9b622168c942466c8d40f4fba0feb

SHA256
f53cd5be4c0657df9c4d3ea0153421d2e3db187fe3e8b8eff9e896838e133e8b

SHA512
fc603e74325810c3278ff144151b6611cbc405261758320b0504ec600f8adc28b699da2c86a01f18acf4f8813ae99d2603ce1bd539558bda73cc24a40b7c5568

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
430c634663e22a134187a0517fb7cd3a

SHA1
ac669aea65c8a7601e13b03dceda8c4e76bba398

SHA256
21c2ec2fc12bad1ed1ed9de90bee9058f3c0a2fe592b1ef13d646119816fc86d

SHA512
8d048357e2628f6031d043745a6b108b249b56461a3ffd906c9ddf2b9e52462391d23a51bfe17bfe5b1feb30adf8ea7f56b314d67c8bf83cfbedccb6708bdbb7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
9d288dc3c64219296b7ba6d35feba4e3

SHA1
8b1ed3aaaa8a9a6561b4e9568213565b112cc311

SHA256
c6347d1ef7434645119015dee27027a1cc4bd7d6f67927b0f93de2abdd6d9e0b

SHA512
c93264d44b31481f20e8ba3cdb89d94a025c69120234715c39a8d89ff583905c2585e8fe4ad6ce88ea21536a7512a146d89d32651774feb706babb657deb3abf

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
284B

MD5
cbcd0bca13fedd28487842f2bad0b6b4

SHA1
4557c4a9088ffe89d99021cd9e6ac5795f89573c

SHA256
da8acf8117769861847eaa4b371f78fff5acc213d15add2ef277faedbf4518ea

SHA512
7f1a220f9be6e1cd8cd3fb53e97401efca458e01decb7d72a67262ec4ba99c3476eec7544af5dae1f635d886388dbb5ac71c4bd451b457f3b5bf01685d1310b3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
6e0a8f3c54467034d7a71d15e182604f

SHA1
06cc22a9591b519a9754a6099e0ac54ecc1be92b

SHA256
05d1a3c376e7dcc3ddab7dfabdf98780fe96ca2e0e0ec09126d2a301211d6a9a

SHA512
30611aff1a95d94708b10fb4738c39e899d3f65de2b9cc5c462f29421a74ce9645e0150f6a5ef271a800a4ab7405088001f9715b9bc6698a20d5d115ce332cf1

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
c2283156f05486e8557f5c62d8aabdd2

SHA1
fb4822b53ffc28c9cddc145486f9c9d38f9ec9c4

SHA256
20d563559295d961781dbd6a72b2ba78eb6abd7724847440e4ff2f14452fbc8d

SHA512
022507754acb426d34ff831d4d61c794eb9948c07b5b79a2c8ecc65c0a2eaf0ffbd9d0bc68efdef1125289836e98719abce3929dd4875112c327de2cf4272f14

Download Submit
/storage/emulated/0/Android/data/com.hh.DG11/files/com.qiyukf.unicorn/log/tmp_c_20231222

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads