Overview

overview

8

Static

static

6

88fd6bb392...d0.apk

android-9-x86

8

88fd6bb392...d0.apk

android-13-x64

Analysis

  • max time kernel
    2484507s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88fd6bb39216fc9eedc595daac4e8b88b4ff8797e9b1846a3c67d58433b0bbd0.apk

  • Size

    12.8MB

  • MD5

    8dd0e634920d54385312806ebdf5a69a

  • SHA1

    ee0a104cd314155804c03d923dc82939c7a5cc51

  • SHA256

    88fd6bb39216fc9eedc595daac4e8b88b4ff8797e9b1846a3c67d58433b0bbd0

  • SHA512

    56b3113756474b050c8b5a98c2ccf25f01caa5b75be06e2c88cec046522bc113e429136e143240d9e7a370bd4ce8f94d213dac12350ed6f3bf1ae57588e9cb11

  • SSDEEP

    196608:izitj2Ha/a30g2IHVRMTYzDuk7e4lf0Y9Ga14QuSYBMwo39l5+gk84Fp9ywxitb9:ietjk0g2IITYzZCw0vI4QeUtlw/899

Score
8/10
evasion

Malware Config

Signatures

  • Requests cell location 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion

Processes

  • com.securities.tycoon
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4248
    • chmod 755 /data/data/com.securities.tycoon/.jiagu/libjiagu.so
      2⤵
        PID:4273
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.securities.tycoon/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.securities.tycoon/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4298

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.securities.tycoon/.jiagu/classes.dex
      Filesize

      3.5MB

      MD5

      0d3e36cf78d7c8108b657a06d8b78bbb

      SHA1

      a4d0e275329aae9f69bf229fc6531a03d9d8a8bc

      SHA256

      7e9b27afa4286c5889966b2602ca070d1d3807796429d1006cfff978168537a6

      SHA512

      4aab2566bee08b96e84c3c6972c8b089e038b536185a15324d4df9f7754a675ba093be6cbd777dbaf3635c8f9ecc229338f2ffe947a57bdbb8ff061ce831aba2

      Download Submit

    • /data/data/com.securities.tycoon/.jiagu/classes.dex
      Filesize

      6.4MB

      MD5

      983d1fb58973deef7e3cf4ee9a47b23a

      SHA1

      36e37b046f905e5bac95c52d57db7afdb23c0f4a

      SHA256

      c73913b8e715a56692f77adb474290ee16dfe12c7f1c0dd1f0b19522ddc58978

      SHA512

      ea32190f0b0af454d732e75a6e47855b555da5d85763d1ce2820a0e00044aba8b11ce4231e9f84a5def34b177b9caf77b2082f81aa5cb9241a99c16049c70ca6

      Download Submit

    • /data/data/com.securities.tycoon/.jiagu/libjiagu.so
      Filesize

      455KB

      MD5

      e5a53000766ebc433b27d6a66ec4f555

      SHA1

      2c8f53f1c03aec2005bcad67d731f07261dabde0

      SHA256

      78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

      SHA512

      370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

      Download Submit

    • /data/data/com.securities.tycoon/.jiagu/tmp.dex
      Filesize

      284B

      MD5

      f1771b68f5f9b168b79ff59ae2daabe4

      SHA1

      0df6a835559f5c99670214a12700e7d8c28e5a42

      SHA256

      9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

      SHA512

      dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

      Download Submit

    • /data/data/com.securities.tycoon/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjkxNTQ0Njk2

      Filesize

      1KB

      MD5

      e2defc27272df8afeb704fd75d120234

      SHA1

      eca98f3cf4556c02ec5ea82599b75181e941c19a

      SHA256

      c9e05394fa78d3eb3321e9f545baff5ac1d9ed101efa3fcba806a4f9112c0752

      SHA512

      34c3b33231359e5dc57775cff92f7101dcf107ce49e640cd19698d1c0d8d0468bcdcca0915f85d60fd59b6c682c61d03db23d4efecd91b004c585dbf6d5c7ced

      Download Submit

    • /data/data/com.securities.tycoon/files/umeng_it.cache
      Filesize

      415B

      MD5

      23ecbfe69e875b7b248c510e87c60825

      SHA1

      a86b1ece563b8d62ad01e2e22516868c0255d439

      SHA256

      98cf64cc09aae1a1b4baff6eca8d6419452876b144519f83c1df1b076ca05630

      SHA512

      c5ec712f6edefb63efa8e3f44a4935421c13509f49df90d57d9c34262b61ada57a7b895148baf8ae7f4a3a2171c615889a708d03b302ff3462cbcb330b6471ca

      Download Submit

    • /data/data/com.securities.tycoon/lib-main/dso_deps
      Filesize

      148B

      MD5

      47b86bb34f1b929d7491c5d1df5ca837

      SHA1

      8b36ce28f1852f5e2ea5d9b56666d814cab8b32b

      SHA256

      8b69f0f02b05061ce93466645441a11a87527c74dac20e800aa588e7aeb0a764

      SHA512

      3d10475ef562f899996d960872bee28c5f9b13c33597e02b9580ef80d4f836cdfc4a720fb121125536b76d91f711bc7996a63ac8f6d71c9dcd7d82f7cd7a694c

      Download Submit

    • /data/data/com.securities.tycoon/lib-main/dso_manifest
      Filesize

      5B

      MD5

      c06857e9ea338f3f3a24bb78f8fbdf6f

      SHA1

      c5a0a2529d2deb60fec041b4fbd722a2ebe31702

      SHA256

      957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

      SHA512

      29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

      Download Submit

    • /data/data/com.securities.tycoon/lib-main/dso_state
      Filesize

      1B

      MD5

      55a54008ad1ba589aa210d2629c1df41

      SHA1

      bf8b4530d8d246dd74ac53a13471bba17941dff7

      SHA256

      4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

      SHA512

      7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

      Download Submit