9acc65a7288cfce5d83b9a82c8bbfeac6f9d0d6472f69a35f81a30a75607d422

Analysis

max time kernel
2470036s
max time network
170s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20/12/2023, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9acc65a7288cfce5d83b9a82c8bbfeac6f9d0d6472f69a35f81a30a75607d422.apk
Size

7.5MB
MD5

d71857e8a471d32fcc21b356a27f6980
SHA1

a630538243c0a64ccfcb4df819156bd458ae93ad
SHA256

9acc65a7288cfce5d83b9a82c8bbfeac6f9d0d6472f69a35f81a30a75607d422
SHA512

c9cca42cdc164d65c068300d74d6eb8f4a75922b76872f6f7b3147a7fe0144b559973e2bec59edd56835ac7634fc0be825f6c85c3151295d9362b1e8448fbb39
SSDEEP

196608:MC8ANRfMGD8sgQallg964FIdBTzoNfAJFIAUzfSB:38kRfb8svalacTBINfAJFIdzM

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.chip.notv/.jiagu/classes.dex	4474	com.chip.notv
/data/user/0/com.chip.notv/.jiagu/classes.dex!classes2.dex	4474	com.chip.notv

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.chip.notv

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.chip.notv

com.chip.notv
1⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.chip.notv/files/.jglogs/.jg.ac

Filesize
40B

MD5
44b43d2106ed92a913e637282a615765

SHA1
5dcc6989d7d5e9d24489789711c45adece13f942

SHA256
222c241a7a96ca31f5b9d3b648e21a8e6c68786e0ecd42d20f36c7b75f902a1e

SHA512
76a4ec5fc2cdfb9a9ec5299fa54a3e8849a2ad9bbc7f6dbd28d44820fbd7ce66b4a7a24682214d0a5bc20bae46d1b4b6254f4bf6dda0e5a8652c3917b647a720

Download Submit
/data/data/com.chip.notv/files/.jglogs/.jg.ic

Filesize
32B

MD5
61fb2bf0dfd07f975627e2d93e9de879

SHA1
e50be8f03ae522b77e44e3475e15f32f16fb0159

SHA256
09e695ef3dd718212ccba828b7b32b43e0af68d909d8474ec4db41aeb542c436

SHA512
00836d2bc69bef3e76a6d84a6a209d83ee9ad120af3fc221b3c6fc78f04c6ba844bbdb598e153996b7c93c44429d25dbe8b8a920e6ed123e997142cf340ec488

Download Submit
/data/data/com.chip.notv/files/.jglogs/.jg.ri

Filesize
307B

MD5
b7b495d0b93376850f653b50857f4fb5

SHA1
dc3e125753e81f356f6be37218efe5b133ce3edc

SHA256
4eadbcd63205970a7284d80287c91b7db7f53c9679eb6d1762537b420ff419b1

SHA512
81a882aef77d8de639211f549a3d851e36e1ecbd073bc0e7b6e70d8f1590f2e1967386f368a85e025fc8a6498ff69175914638db917cdbfb2f83bad346fab78b

Download Submit
/data/data/com.chip.notv/files/.jglogs/.jg.store.report_cf

Filesize
54B

MD5
e276fabc8e5f1c6af711c8e540e4e2b8

SHA1
901d189412c4f01d2e16ea2685e8ef8c8aeda7be

SHA256
6585e24dcc391e4a4a50fc119b04b2f55df12b8c22c36c60bb8b2cac71953518

SHA512
09bc7e153634c5e985d02b20caa67e262e9af501da3c963adb57fa8dbe19b13c6c711d189fae65dfa565d7133734da60c8de88469e6a09856a6981b6adde503c

Download Submit
/data/data/com.chip.notv/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
fa31c799e8ddefe96b43132d143d606c

SHA1
57551d29d5d383f3bfb6ee79621ef489fc9cb21c

SHA256
dd7a3c474f6f32599cd8def1feefc62d7e3e995fbf846faff690e4614b29d2b4

SHA512
9e1a89749a138dea46493f9844d02a70cac6b8c757c6459ba9b757f118b01a2de117437955c870df956567edcb42446a12bfdffc389c5fcb602dda1fbc076748

Download Submit
/data/data/com.chip.notv/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
3e370b1c40d3d4822ece08ca99f06002

SHA1
1e4ef0eccd535fba607e5006efa8f9e60e7e5053

SHA256
52127e2c3bac02650a707804646a0b3f1e65262721c7eb60ea734fd2a903fb3d

SHA512
07c53695570549d007b91f7d6ca444142a1ddcdb3d4651262f0e1115e2579ff284011ad7d42d850b8e59b372107dbe42b7f522958e139927de294902afbcb499

Download Submit
/data/data/com.chip.notv/files/.jiagu.lock

Filesize
27B

MD5
b27c4fcc13c7b3c219d56747edbd3d2d

SHA1
3f118f80cac235152f5a88d0faf6b3969cd4c0e9

SHA256
58d9d23cadd1ca5172c9d5443257cfd5f8f77a6257f9540fde35efc30335ddf3

SHA512
0df8e596625cfd6a502dfe2ed6e1b34d9803b8f34db374a660dfe65738cf7525bbc5d301f3c7a55cf8134abc413db3ed3aee58077e16da3288765c05accf6c12

Download Submit
/data/user/0/com.chip.notv/.jiagu/classes.dex

Filesize
6.1MB

MD5
3337a1fc4fe47d09eaafaecac7f2ed88

SHA1
da76290496a47449ed9d942ff6bd430a556846f3

SHA256
94eeddb32e1bcd9d87a4819b81fde672dc389efe692188f4fa92b046316892a4

SHA512
49add87b8dc9ad0670cb13c1d8c6446ed619141bf42531ddc36553cdfa1dd00dbc0e24473ef0edabbdf794def683d8d6a41bf75be16aeef4477ec12b8be07374

Download Submit
/data/user/0/com.chip.notv/.jiagu/classes.dex!classes2.dex

Filesize
806KB

MD5
8606e86e8729e1a6ae4950551225b024

SHA1
f0a43f5402bd29aac703c1c2290c4ba6bd1fff94

SHA256
b7766a826e10295bb28a5446a7e20213f0374d25705727e2eef86269b5656485

SHA512
84c929920b9995867cdcd83bad701fbed3c5423af580da9ec0d7c5e3f9a9664ada5c498ce34c7e5b1d13dd09cfe152c4a9a1faf1e37c684aef0388b2c38e7d53

Download Submit
/data/user/0/com.chip.notv/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/user/0/com.chip.notv/cache/http-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/com.chip.notv/databases/MessageStore.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.chip.notv/databases/MessageStore.db-journal

Filesize
512B

MD5
344415fe4c57dc153158d7ab319121dd

SHA1
aea346db538cbc80e0196f6d2e677ff7cba63811

SHA256
58dde1c5c6040484d7f5702517d0de079f3ae823e2017dfd70b1c32d32fcd3ba

SHA512
652c5666fdb4244bc9ff62d0c1a4ec918cf8242cb9d99131cc24b56323e3e9378d9deba5b68a6ebd880e1837124a99bb5934128f8242feeaf6962a642da1fcb9

Download Submit
/data/user/0/com.chip.notv/databases/MessageStore.db-journal

Filesize
8KB

MD5
a43810f887e7d9a1a4c3eca9143b513a

SHA1
a3097938d168fdce7d710da5cbfd27c235883a16

SHA256
e9e158d61eac780ca61556121dd1f5c349eee27e99f57e6a70451d0cc33f311b

SHA512
91403f1cfa8793732d2c72b705c54d6aaa36d0a2ee55faff0375980fc65d0fcbba68bddb7dc6697bb98da42e63dfbacdb038230ef85cb1096197068fb094f523

Download Submit
/data/user/0/com.chip.notv/databases/MessageStore.db-journal

Filesize
8KB

MD5
1d5902d2dcec77fdbce01517c76896e2

SHA1
b451f5c9414cdd2900fdeecb89c0d79d43bb7c29

SHA256
741008395b6c6dbbc8fe446e8cb3121d4fd556025a76fd1d848c73b3a46b9add

SHA512
dd4786b6089d01e6a9f50247174ba95e2f289fb28a6d0aea67f5f3af262e60d33ae22902058a2758d5bdd03c386b1c957ebf78e81cfb84c04542232846e6ce72

Download Submit
/data/user/0/com.chip.notv/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjc2OTM4NTk3

Filesize
1KB

MD5
e4847397336708bbbaac6ff21053f783

SHA1
9e4cc8462d40378693a8df93edd27ddad0c33f2f

SHA256
c4eb3ff77688b41ccda86d6f544b3a10811cdc4595e2d607009b4aa765084f08

SHA512
69cd7b92a8a94d939843964e5c72fd1d702d64d16502c2072e7f598f924f190fa782f0405a06d925a0d13873d6002490c65990dd83669ecbab2a706419f56169

Download Submit
/data/user/0/com.chip.notv/files/umeng_it.cache

Filesize
433B

MD5
c96d55bdba70bbc7713aeaa3b6785e41

SHA1
eb46aa5b7a773f389f6047b349af3202a2eb9eb8

SHA256
dd22dcc9be42597645354958e9f756a8558ba3d38aaba4ad55b8392bfaf2b52e

SHA512
31c5271ba19b942abff95ef2d47ab988066e40d9e301231d0735fc1108d46bd088010a7a2a69bb5c22aea9a10d69046363e4dadcfbc6b35391b024c6b0974c8f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
0120dd5865c0a989d084dc5d6d56f9fd

SHA1
9f7a2018afd738424bcef93eaadc60c03c215cd7

SHA256
bd218fc1a68885d83964d4694a1f8eeeabecc0de16845414190de3c051087247

SHA512
0834a800211fe77218eeba13626c9c0c8e38fd41cc6bca26eca067bacf49fed64dbbbb6afea3bf9dc937d568cdcfe9100b7ea911b2857f7e8053e54fe554834d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
222B

MD5
960c99de1cd7c350678b79c1c8e6f3ed

SHA1
db4fa689fa537f98c897e39b244fa4d6a40f4a84

SHA256
d8b7f7b63ae4462f39ab81fca4690b636a40664117c677ab8195b91747d659c4

SHA512
f4b450817208b32be395e72b461ceab02695ccccdd5e3d51c76ffebafe7866cd3c82fb0dc6c63420e56faec207afab117e51f9224231b8474d456f6463c3524a

Download Submit