8caaab71842caf51d9636229fcfbca8eef9e058d44e8121fea5aa632c47e2935

Analysis

max time kernel
2489782s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8caaab71842caf51d9636229fcfbca8eef9e058d44e8121fea5aa632c47e2935.apk
Size

15.7MB
MD5

775daee2a3ae34b833461d775afb7aa7
SHA1

37cab6e82db136d167b3f6e31d325b8dcfee5619
SHA256

8caaab71842caf51d9636229fcfbca8eef9e058d44e8121fea5aa632c47e2935
SHA512

b103570e35919adfc3879a2538c149c3826e391b2dd373fb2cd831845e5192b8ad2cccc32a9f2c0f4ed68d6aec21888f8814d9a5fed6ccd3b7b6cee9b8450301
SSDEEP

393216:ejQn/vu+zTgGwh8qHGf8/XlWrgZtK0QhwW:bvR4Gwh8lfoXm01W

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.manhua.cn

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.manhua.cn/.jiagu/classes.dex	4200	com.manhua.cn
/data/data/com.manhua.cn/.jiagu/classes.dex!classes2.dex	4200	com.manhua.cn
/data/data/com.manhua.cn/.jiagu/tmp.dex	4200	com.manhua.cn
/data/data/com.manhua.cn/.jiagu/tmp.dex	4258	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.manhua.cn/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.manhua.cn/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.manhua.cn/.jiagu/tmp.dex	4200	com.manhua.cn

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.manhua.cn

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.manhua.cn

com.manhua.cn
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4200
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.manhua.cn/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.manhua.cn/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4258
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4492
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4513
- sh -c ps
  2⤵
  PID:4537
- ps
  2⤵
  PID:4537
- ps
  2⤵
  PID:4573

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.manhua.cn/.jiagu/classes.dex

Filesize
6.2MB

MD5
90a2706afe6424a0910fbc264f9a4a16

SHA1
ad30279d98d941b99cf0e517ca43889c79cc3f70

SHA256
dd1f3e05bf64f0a8176814d08f3dfb0252916ce116c99ad2555ae1624a7598f2

SHA512
9efeacb8d37fd1a43d37cb8abe9a30198125c61bab7beaf7010698f2098570d213e2710af2da726f5e57f97951557af693f20bd756793ef4ea48a44968d311b5

Download Submit
/data/data/com.manhua.cn/.jiagu/classes.dex!classes2.dex

Filesize
1.7MB

MD5
aad925e146fcb154abf46257e0d08515

SHA1
e3ac8064c20b929240f56185f574dfc817f06666

SHA256
73cef0da6fffc14e9f29795a1c79cc92b1792755c6d3620fab70b1feacd4c410

SHA512
fddb28cce8e9f7087956a7926b199895fcaae5cc7bd04d076d9d0acbdc2a66b5d3f5337355f9aeafda6a38b66722e0d3133bbbcdd2b31ba51d9b05a745f85c05

Download Submit
/data/data/com.manhua.cn/.jiagu/libjiagu.so

Filesize
485KB

MD5
2c1a490890ff15348d2fc3815b2cfb3d

SHA1
922e1e5539c40ad5bed578a9cea9f076df02eaee

SHA256
4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

SHA512
3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

Download Submit
/data/data/com.manhua.cn/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.manhua.cn/databases/ua.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.manhua.cn/databases/ua.db

Filesize
24KB

MD5
5c0895462bcc050a13c3482a409cd0ae

SHA1
e526da9198aa0f21ca11001353766ba2162a63c9

SHA256
42c273a3ee2eb75a57733c92177c728c2aff3a6438fff30af1bc9496cea19c52

SHA512
623f6ffb9c951dde9f91c51b36ef77bde10fd8b745ad7d3be154a2ce5c751352866821b7ce759bb71cca6921ce9b776e44f2a36cd1ff85b0e7421e47feb080b3

Download Submit
/data/data/com.manhua.cn/databases/ua.db

Filesize
32KB

MD5
bfe0d29b05ac2e2f1c7da88f867ad6b2

SHA1
54134e49ee8509e881a069ff7c1463b855c3a1c2

SHA256
047e5efbe313f8cedb0d91bb5656d31a7b45343fed73fc7a108ce4a0570cf108

SHA512
ceadb4298039a85f7037c64aca8f569e8dd25a3d6c02cab697f3d9b3f2c1c75911d6b2d12d3ce5e7cf8dd8cf9acc37ed2646e9edd9413f062915ecf4d03499c9

Download Submit
/data/data/com.manhua.cn/databases/ua.db

Filesize
32KB

MD5
9fea302f8fb1e7e8fa260888d01bc2b2

SHA1
ab7b36f50c80eac34468f32e191c3674d8ddcc57

SHA256
e45f6a75056cea7594129e69bf705a27b0f5c9225848f13c21512cfe27ca25e8

SHA512
a5ff2e2953c2675f6aafe9ce27010a1fcfb0268e7c16f46b62e5e9bfce6b81874d83524da5482211beaeb757e537d67011bbcd5495fb6983e7c58ec98d694b89

Download Submit
/data/data/com.manhua.cn/databases/ua.db

Filesize
16KB

MD5
3e7fba993156fff0cfcdf8d105840b3e

SHA1
3e7d7f9b7e9c11ca79e03e8cedbb0e995639f049

SHA256
27a39f8213ee8e8e3879b267c3fbf6930f7797e83316f0914cba0715cb26c78d

SHA512
cce9fd67ce911e823bd7e8a72115bd58e369b839679dedb5f77a027bf827881cd1ea4ca5a10a687c56b94524ef5496301fbff6363eb7810375738e1646c359e7

Download Submit
/data/data/com.manhua.cn/databases/ua.db-journal

Filesize
512B

MD5
2da3ce9eb08ad5a4f52f6b24e48123bc

SHA1
09498ff33ca711e2611d1db3b609c36c510bc78e

SHA256
f99681a7a86a945c10b0dd1e87c0dfe41363c66d4dff6c133e1951cc5cb9c447

SHA512
2fe9a708f026122cd5a0be46ba61404914aa589b3acdc438d88b1c45688c355641bc9bd252ce06e0b08e676cd38ac4e62ecb832ba7b4c2036a71ff3a7102a34c

Download Submit
/data/data/com.manhua.cn/databases/ua.db-wal

Filesize
52KB

MD5
c20741e5fcf5ae138d7f906018fccfa7

SHA1
608df13ce6cb525650c7a6db180e7390d97f7f94

SHA256
9c6717d16f83341f269983550a4839bbea8fc921a6ba2a77320e4539c4414eb9

SHA512
b775262e8226ba0926e5a59b55386036698ca744828e6249ddfe7bbe67d3ac9b347b36aa8fb39d451897bcef135f8ae940b7f62bdc3013ffde588f5686fe1d6b

Download Submit
/data/data/com.manhua.cn/databases/ua.db-wal

Filesize
12KB

MD5
589016db57e0078f8d01a3382e33ea46

SHA1
25c7d3200052329b6573ff8e73f161b415ed8bb4

SHA256
470f277f16c528fe834518e9cc4eae7126f3ea8e31994b25e608ecd61288dd16

SHA512
a883f10dd18f4f025bb8099412f1497a5ff2621e59870b767d930cc29c4ca9f6119557aa14f1ec187cb141d6b46d47934c8be97f7cc999a283773f6d7e80da7a

Download Submit
/data/data/com.manhua.cn/databases/ua.db-wal

Filesize
12KB

MD5
fcd891802df90c19d151cc13f8ac4e22

SHA1
1e659261e73103f89988c282b6a1344cd70a2816

SHA256
2c3763788df95d4c3df5a412fd2a1a06535fe5010958fc2da388fb2d41b7ca67

SHA512
4f6d7ddf86403322ac148dd7b48150e2b69c3a5537e3a715cdc7dd6039396f265bdfbd22b6aa0cf55936bd5c3186716a7477f598d92fa5a4440f000ae5f05540

Download Submit
/data/data/com.manhua.cn/databases/ua.db-wal

Filesize
8KB

MD5
529de507aeafdc5889b898e34aea120e

SHA1
e3a1f4201c71a4c4111b49b4a823c550c29e3653

SHA256
1c7c41233f01210fce4f57ce2498ea8f5a0a4dba2aeb7170404589715b47b3d0

SHA512
a770b2f25c7dd7574bfc598b24d2b4466d173deec92ddf79c3b9f3c21bf903a743bfac9511efb40fa6bee224e911c6f4f4c3937849645b012d5265c05a3b3cb0

Download Submit
/data/data/com.manhua.cn/databases/ua.db-wal

Filesize
4KB

MD5
fadd51ef6ae93b30dfb656df64855255

SHA1
618294e53d3ee7e3422bcce99e446d3ed57c9746

SHA256
d8d058ee711e1a17849f1b35efb989b6a0e2e87ca373ef316d2da6d3dddcb430

SHA512
dc6dfee0f283068d5f928abe54b1a1e175cd3fd70fac746abb5003c08d6402658711ed449f7cd952b276e096aab3f7960b7cff266cc9319b6f7dff1b1e55677b

Download Submit
/data/data/com.manhua.cn/files/.envelope/i==1.2.0&&1.1_1703296728440_envelope.log

Filesize
2KB

MD5
0d4e80ae85dcd9eb1a2b8d086370ebaf

SHA1
ae9f177a51e8d52c4354b2d43d2397e57426c949

SHA256
6e49b0c96c69e0103cc3cbf6bec14160e3682e7b2a63b7b6111b92e3c83bd816

SHA512
9a6995775eb41a830a6a15bd8899732beb791b01abb43b25896f3b67c0d5c641ad09973b874d9112b8d33df3dff89f9be700952913941e1dcad3a43e768faab5

Download Submit
/data/data/com.manhua.cn/files/.envelope/t==8.0.0&&1.1_1703296730663_envelope.log

Filesize
1KB

MD5
847d08aab9138b73ee63b0e7127a67e3

SHA1
18b33604ca5c0cae3e9be9a9b78e003d3c3fee32

SHA256
89aa453c3fd46f848fac931e3c56bfc6365b0166aa3ada8511f7143384c9af7d

SHA512
50f8c300da93fc675ce7a786aec39f46cbe9c8f0e3f9752680e18e57b42fea7d7460c6664ba306fd69e2a8a7f1acaede8ef2a9ca33ca373ad2cc3a90adbe7f85

Download Submit
/data/data/com.manhua.cn/files/.jglogs/.jg.ac

Filesize
40B

MD5
79682460494f3275d41da3f108d328d6

SHA1
7b5c78a30066b1a6a624f5ceafa04302000c47c7

SHA256
08c72f96fc4437e2ad82880deb958a35eecec5df653a6bddb553679398e88c5d

SHA512
907f97cdc2bf6381f28d69b5943f7932d2f3d526fb5919dad57dff4f37b6ca6591f09a92694e3907ef263f9b2a67b916a3a838904525748ce4299e2b1090be70

Download Submit
/data/data/com.manhua.cn/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
9c0436c930f74e73dcf8f38a9ad5f51c

SHA1
dc0cbd0e98da2e01cd02cf5bbf50c1bd45aff6c0

SHA256
8ed9b1ed32b390b6f8b09f5ac248719d614af2ea06a923eac60f9ba578c165f7

SHA512
c3b36bf01fb7418ea1859563f86914485ac5a276897eef0e1305c0227ded2f7f26f5f2fa17280ca181385312fdf06c1fa151c8d32473c2d6ff3db5b2d8d83fa9

Download Submit
/data/data/com.manhua.cn/files/exid.dat

Filesize
59B

MD5
11f048e2dbba67b7135ed3b260e85385

SHA1
6d8533f39bd8cc4c37637f853754fa61bb68956f

SHA256
4d3ad9012e3285f6a644cd19a3306a532a82bc09e6f18808d1a896f5c18d2138

SHA512
bf321b8bb058fd119e8c9585042e84ddd316cda81aab1c1c756039c61d17fd0b9af4400040615f19af37d3703b78d0e30bfd45dbafbec3ff91013eb725ca1296

Download Submit
/data/data/com.manhua.cn/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjk2NzE4NDc1

Filesize
1KB

MD5
51ad98948e27b21d1540665bd3425230

SHA1
da66269f6241ea90ea1f90a4d5bf7186ded894e4

SHA256
b25b3e25f67400cddae3f357b1837a559404745e0e7f5ec51abdf5b5d042e95f

SHA512
4607a9a4cf96aa129b0e31ddbd7995419572dd832e16392f683d3ed64f46c7b0ba1e8ec14daa7b8cd56f13e3d9a22a0938fef6970fed1b019b572411e0566c95

Download Submit
/data/data/com.manhua.cn/files/umeng_it.cache

Filesize
415B

MD5
89328e3e839c7cd1a400c86416c92408

SHA1
d2b19f8f98437b4c02bf0e34aa29407fbbf747a4

SHA256
3f0796e75fa880d49e26e8c8e9f3ba406dbecb9e9b429b6d899344269abf3ed9

SHA512
4872f440644ade86e5656d18b6eed00195968d1fe2efd056465b1aa595989ae649d781b0a9c45175540199909c4b9b48c4ae3c1a4e6165d5701f4314ba14da35

Download Submit