9fafdb5108701305af1ccf1efd42fc17af1ce263528a9d983cd8f35883f6ec3d

Analysis

max time kernel
2470799s
max time network
174s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
20/12/2023, 10:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9fafdb5108701305af1ccf1efd42fc17af1ce263528a9d983cd8f35883f6ec3d.apk
Size

9.1MB
MD5

b86b5b10cac5327236eb9e4a07e1fcbd
SHA1

93f1c0b769ed9a180ad8855db36dde9d649d94bf
SHA256

9fafdb5108701305af1ccf1efd42fc17af1ce263528a9d983cd8f35883f6ec3d
SHA512

afb7404135c72c742921b8fc03894f7f3ded9e446be0dd862d8abcf7f8dd066120be863f44593924c681eec3b819cb74aa7b84e1ded83156612212c4247399d6
SSDEEP

196608:YC8Czf1ONR6Oat0zlmwjccANm35tg+wkgbYoO3ZU8GcNZCAz7vaWajj:j8Czf1eRHzlm6ccp5tg+wzbYoO3ZDGcq

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shemen365.shemen

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.shemen365.shemen/.jiagu/classes.dex	4236	com.shemen365.shemen
/data/user/0/com.shemen365.shemen/.jiagu/classes.dex!classes2.dex	4236	com.shemen365.shemen
/data/user/0/com.shemen365.shemen/.jiagu/classes.dex	4430	com.shemen365.shemen:pushcore

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.shemen365.shemen

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shemen365.shemen

com.shemen365.shemen
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4236

com.shemen365.shemen:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4430

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.shemen365.shemen/.jiagu/classes.dex

Filesize
6.3MB

MD5
f7933804e0cb128d51bc3d90bfd9c08d

SHA1
4380b07446054be0749fbc520711d342a4f4c1b2

SHA256
eb2763d0e12fb6b945c585d432ea0aca0d8a66c67f3d63330db534b0973bfb95

SHA512
642edb46a5ad09ebf554e8efa9d39134a31751502398303f988e34f420d27610e63d037f2d24af348cde317b4e4136cd2e79037906a1d027308031182b39d66c

Download Submit
/data/user/0/com.shemen365.shemen/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
c28cbdfa5f353d168a38ba0a992855ed

SHA1
a998f179ead9a9d54f6111894f8ced063104c12c

SHA256
bbdcb7441f9747099ca972f920a070f42117dea6979252fa0e64b60e6f65f668

SHA512
b4c84e9c0f52845910e01ff9c63cd42768c36d13b94d5e14873a8dacabbc1ad19ef03ba9d37baf87e7c996f82a6a7e3a2424da6b8bbb0320cd5820205c0ba6de

Download Submit
/data/user/0/com.shemen365.shemen/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/user/0/com.shemen365.shemen/.jiagu/libjiagu_64.so

Filesize
525KB

MD5
198e8f0e9b0d80997fde430f9973c1a1

SHA1
dec0b84b06072ad07d44b445d7e23587c0bc7f02

SHA256
dc9d0faf8652513f0a1eed698b9559e0bbfaefe12c203d239f551ff557abbe5a

SHA512
2868fc26e0bbc32e6f7c7d6e56ed6e9517d0ea4a7d8021a5f50af5945d6ac27fe87f500e32eed5143f37d484ba95fef481c9d5c11b652bac2a26d267358252ea

Download Submit
/data/user/0/com.shemen365.shemen/databases/_nohttp_cache_db.db-journal

Filesize
512B

MD5
9c0cf25fc8874e760968a5f781f8a7a6

SHA1
6fcf4fa078e42d22b684ff609da057429e37e277

SHA256
731affd5432dc073b0696237493d66e6c38a62d12dd2f159b3eb910e8b4b585d

SHA512
d00edd19c814490729f44fa54ed779eb3cb929a6825c30108388e8de015556123e64ef30c7afa0bab8e2944f6bcaba624d91ed7426031c51ca06e0014eba620d

Download Submit
/data/user/0/com.shemen365.shemen/databases/_nohttp_cookies_db.db

Filesize
24KB

MD5
b45cfe8351c569f89491081a1c5a26b0

SHA1
9d3302d833e8ddf1d06e478360b99a031ef9a6dc

SHA256
a9909227ac558e62993e535e0c70f02a37a5f2147c9de5c938b56385d9421e49

SHA512
787dd3fce829d4b23f7473f72780255a03955f0dbef8743cf17d919b3e760fe80e26ca43ac0332027cbb590466643fa5b47b96391b20f7803d3b06fd6cfff34a

Download Submit
/data/user/0/com.shemen365.shemen/databases/_nohttp_cookies_db.db-journal

Filesize
512B

MD5
4621d4c3fc5be01b33308e23a4f95bab

SHA1
f0e2e39baef712d26ab34c5944318a0aae527659

SHA256
4e53e0a0e9378884859d0a75d716d66e4e787547a82c0f95e5878da736ba2d38

SHA512
f6a295fe7ea6a89c11df2f36d4cd07fe3f5b2130b7e359774e4d9c4fe82085adfe76ac7a0e2061186ce855cf8f4317372f8eecc61498aa710ac69d07d3d9b869

Download Submit
/data/user/0/com.shemen365.shemen/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
ec33808f2f2f50692ee9c8df64b67bbd

SHA1
1415745f4629757d54c41c3f3bdf1592cc2e67be

SHA256
38b99a4d0fa1f1b3ec18b79b1c4d61617e492f4d127362d35b505a3fcfc6d7ee

SHA512
0c9cc9c66ed68ab6b3ab1df9160b0973851f5153c015e723822183884824d7f51440528315ca8a9e1e525845a2471a9f7191dd6c46d0e23024748699892824f3

Download Submit
/data/user/0/com.shemen365.shemen/databases/_nohttp_cookies_db.db-journal

Filesize
8KB

MD5
369370fe22891b0b7273393d4ac36044

SHA1
84080f7d55987c63f6a10aae60f5ebd895773db7

SHA256
b66446abfa4db4b5c4a033816cffe1478b311c1cd64a4bd1550e5255cd3e3096

SHA512
3159f756c973309ac4f4b91c3437ed36108d8bed48e84a2293134efcd8ce738538ccc22252a313fcdcbc57a034c4cff254fd87182e75eebb8902fd9eff01a7d8

Download Submit
/data/user/0/com.shemen365.shemen/files/.jglogs/.jg.ac

Filesize
40B

MD5
1d2a62cdc8220541089a49aea5e628c8

SHA1
fee2ae0d11d4cf7243e1b243c906a71115f4d0e8

SHA256
127336ebb0e1f82a4bf76500216fc8593f298f9b99f9bc448d534a14613b3d73

SHA512
ad541b94e2769d902e3d330933f32e13c5b4cfff9d83e5934e51b69dfe217efd75d7edfea4fed464f8a128763ddd94b5df00abb79a5f95f25f29cdd609bbabd4

Download Submit
/data/user/0/com.shemen365.shemen/files/.jglogs/.jg.ri

Filesize
307B

MD5
73550c24dbc1f5b2ea26f1d5d0119159

SHA1
80dc2639c5a41fed1c06acce55cb517a67f975bf

SHA256
136104b15fd2ab7db695940fcd45d2cc5b9aa9ff58c53be33faf656b3302f53a

SHA512
a1bf7120257f16325f0b789f997813f840202480ab8213f142baa48822483782512e6b494f183a3d38bf822942c1530ac10c15600d82ba4ce35ba276a86373c4

Download Submit
/data/user/0/com.shemen365.shemen/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
07014ca449e3e733bee284eb7dc375c3

SHA1
4775637171086f6f72e86b46944697e85b0c5ba1

SHA256
9d450bf07b9a2f4538f06b9d8d205d6757560859ead790c7fab5993c48de52a5

SHA512
71984c4c7f0880306bd8ff192bfdf7785be92eaa81c13e096cdf0aa442546db7b18b8dc5fff7a66e785d65b86002ea06ba477a66e6a04a3d38c2cb3baed322b6

Download Submit
/data/user/0/com.shemen365.shemen/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
db837a671077a15530a253a56cac2fe2

SHA1
08798533101f9a1da97a181e2bd26747f5f3e25b

SHA256
22141c2cdf2f89e1d54e0ae349d1c8daa7e063a328f18bc444ad83a31e35d258

SHA512
fee6fa47b082e5ffff466d18c75cdcdab7ef1fea4123e405454fe527fa0552983c8e42aac4b420eb2417481bdbee28be328dfefcd69d66134dc065a387eb1f8d

Download Submit
/data/user/0/com.shemen365.shemen/files/push_stat_cache.json

Filesize
119B

MD5
567a59db17b36b5d26cd733e1f6263f5

SHA1
329f81ad58cbd684f0e6e8e26597f489e7f119ba

SHA256
125fb6b12bdf2bd58ef5d62e6190a544f0f9eddd13097aa69bc721617c1f975c

SHA512
f519f0903428d144b21c696b511c827595cc0f0a8edd0145c7fc5cac40a478c1be33e72fab753c3bdc742a2be10ec1c62de939efcd0004e003caf0b86fe69f0f

Download Submit
/data/user/0/com.shemen365.shemen/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMjc3ODQyODg3

Filesize
1KB

MD5
a129712ae8128c01537bfd863187b9ee

SHA1
e700591c4b1a9b65709bb89f76f4eb5d915a6d63

SHA256
7e594502640db309d0ac3d269ba86a963b9179ce78983f73e39e16833e557e9b

SHA512
6f9d5629bb04c3ec167bf092d027a86e2a1685db807af15b3f3fad59734a33a0c502db2ae6eda28987d44f9723327863ddff0294f255570ec40f187e5f569b11

Download Submit
/data/user/0/com.shemen365.shemen/files/umeng_it.cache

Filesize
350B

MD5
730e27424ed5abe97a544359ed9e4571

SHA1
6a68e810a089ae50deaa783c5ac13d60db5ac23e

SHA256
7eeaada4ea5448c4ea0aadbfc909fe53c89149a6d98ec08cbdaea99276b5a64c

SHA512
16fe25fe4dfe9b70734289d446226e62cce22d4996f9c94007e0166667ebd8e2198e28185f6b16264d16baf295139c026003ef57f52d209fbba045ded75f8e91

Download Submit
/data/user/0/com.shemen365.shemen/lib-main/dso_deps

Filesize
408B

MD5
6ada072c40a89b03cc3c579faebd7787

SHA1
0c7e618006baf85268bd2b0eac454fa09757f65b

SHA256
321b6a95b0d60fdd3264875bdd61f6d684c1bcb6ad0d65f4dd35b0d634868b0c

SHA512
f0b8155c5e1677e9319fe4ce2e5df3f0c01f3d0b762629f85fd63fc01bf8c65d18d6b949c693985da5d131e5d49496ba888d066c7d86d89d6feb749382a2237d

Download Submit
/data/user/0/com.shemen365.shemen/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.shemen365.shemen/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.shemen365.shemen/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit