95eee20077451ceb104ce0b355cc10c18ca9af572c4a48cba6025796cf87787c

Analysis

max time kernel
2788088s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95eee20077451ceb104ce0b355cc10c18ca9af572c4a48cba6025796cf87787c.apk
Size

14.2MB
MD5

c63d78303f96e194a6aefc87340ee8a8
SHA1

4de6b5723c7b65eaf1d675770e34c8cb301f367b
SHA256

95eee20077451ceb104ce0b355cc10c18ca9af572c4a48cba6025796cf87787c
SHA512

e405e7a5dcf6ef0a1d553e46103f79e67bbd57e80673b776fe4dc7f5bb9dc973ba011ab0f8994bed2d6861a7e86f4011053194096639532f567b325cf1104fd2
SSDEEP

393216:PBgNE1c/Ms2WXHF+hzhBiQ1xKy+Og+Ov9bi4xb2I5m:PBgNE1m9BIzviaxwVvRlnm

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 3 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.juzifenqi.app:pushcore
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.juzifenqi.app
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.juzifenqi.app:pushcore

Checks Android system properties for emulator presence. 5 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.juzifenqi.app
Accessed system property	key: ro.product.name	com.juzifenqi.app
Accessed system property	key: ro.serialno	com.juzifenqi.app
Accessed system property	key: ro.product.device	com.juzifenqi.app
Accessed system property	key: ro.hardware	com.juzifenqi.app

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.juzifenqi.app
/sys/qemu_trace	com.juzifenqi.app
/system/bin/qemu-props	com.juzifenqi.app

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.juzifenqi.app
/dev/qemu_pipe	com.juzifenqi.app

Loads dropped Dex/Jar 17 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.juzifenqi.app/.jiagu/classes.dex	4253	com.juzifenqi.app
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex	4253	com.juzifenqi.app
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex	4253	com.juzifenqi.app
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4253	com.juzifenqi.app
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4288	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.juzifenqi.app/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.juzifenqi.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4253	com.juzifenqi.app
/data/user/0/com.juzifenqi.app/cache/td_fm.jar	4253	com.juzifenqi.app
/data/data/com.juzifenqi.app/.jiagu/classes.dex	4349	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex	4349	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex	4349	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4349	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4349	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/classes.dex	4587	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex	4587	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex	4587	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4587	com.juzifenqi.app:pushcore
/data/data/com.juzifenqi.app/.jiagu/tmp.dex	4587	com.juzifenqi.app:pushcore

Queries the unique device ID (IMEI, MEID, IMSI)
Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.juzifenqi.app
Framework API call	javax.crypto.Cipher.doFinal	com.juzifenqi.app:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.juzifenqi.app:pushcore

com.juzifenqi.app
1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.juzifenqi.app/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.juzifenqi.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4288

com.juzifenqi.app:pushcore
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4349

com.juzifenqi.app:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4587

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.juzifenqi.app/.jiagu/classes.dex

Filesize
5.6MB

MD5
5a6b914c57296fad640df10e8fbaa1af

SHA1
83e6d62466292622a27a3346532a7d4f773ac779

SHA256
11e8536049438b1e5a627efe29549be46331f1e7570b0d170c40d983097fe73e

SHA512
ee804a18d0b8cefeac3d45bbacbfd3615d1bbe15e05f3976e2ec80e6ff421ffc938a3dfee7f65d3da1a373276cbd5616afd2e0a3618fdbf77b8b03239d813db4

Download Submit
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
a448c89e1d27d8729f2b37efc0cfa057

SHA1
ce8a29fffeae265336a98d1d1c63052bd2bfa40c

SHA256
d78d18bdb5aad254891b3847c7e193e375bc57ca3a7cf3090cf5ad99c0bda361

SHA512
16fb8a72e164da0a65d4e2fcef487046c7ab252ddd3d9108c7fec704c70f1e109902899253da3003a82d049a162e8d75363cb140d4952cdd017605144258ec6f

Download Submit
/data/data/com.juzifenqi.app/.jiagu/classes.dex!classes3.dex

Filesize
1.3MB

MD5
ccead5683b4a3c7e628cbc64f6be5cd2

SHA1
e171085a291d43b27f8cfdcf06fda12e05470c28

SHA256
4b95e722529260123ac269f1bbaff34843036a77d7348e48de44d9d1cb078093

SHA512
5e1201aea4bd1e6a0b8c68041399ee605d88600d8e3b5153aba62fa1fcfaab8eac8434dba9a04a18318e373c28e3b40b478d42d30a54e41d2fb39d5dbdd0d49b

Download Submit
/data/data/com.juzifenqi.app/.jiagu/libjiagu.so

Filesize
485KB

MD5
1da618896802fdb4b6f17c92703424f4

SHA1
b48aa81ac014a5a7f6e95e618e4f951ee12d34c3

SHA256
2cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f

SHA512
620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6

Download Submit
/data/data/com.juzifenqi.app/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.juzifenqi.app/cache/td_fm.jar

Filesize
37KB

MD5
59a240f9a50b682069179656ca0fcb81

SHA1
9bcd5ae769a8fd99af5c4b01f1b09f3a36054aa9

SHA256
939dca355c8c6a8a114ccdbd619a79f229d22d3615e4bcf5ff2177915f307412

SHA512
23fca85588494b1effedc748cb8d1e4f35e2bc7ed4054128d5115493f63e7e33143da05c52ddb9f5d2c940adc04738cf2b5b9215f9253ad54e9d92adc2131b39

Download Submit
/data/data/com.juzifenqi.app/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.juzifenqi.app/databases/bugly_db_-journal

Filesize
512B

MD5
117789a4b538ee196b577d7caa104ca3

SHA1
83e65a9b480c904d82b6c0a8893753ed9026f6bc

SHA256
f1f6bd5ce36d50f06fe44f91726452e0f58cf151d43846a145c2de356304002c

SHA512
e5e87961dd3cb116b1dcf6fbaa2c97ff9644da4f7384baee75f1c333ef74b6f98eee08bdc1a80ed546462cec97ab974403bbfa670151d2a1b6be50bc286fc99b

Download Submit
/data/data/com.juzifenqi.app/databases/bugly_db_-wal

Filesize
4KB

MD5
94ae0ccd8bafe753897cd54ec841041e

SHA1
c25f15e23edb7fbdfa32776686be183a3dfc4e11

SHA256
ba698ed97777c481084c4be94ae1431b0f9ad223190c1f8eee029109bd552d57

SHA512
120cf0d520c1db71326b2263a7d4c69cd0a462d3a913d3458d75375bf252d119b3e808739768474a5df829ff795101898b96bf14d43475e44827f8331142575c

Download Submit
/data/data/com.juzifenqi.app/databases/bugly_db_-wal

Filesize
64KB

MD5
5dd8072d8e0e8e644db117748941c001

SHA1
8fc4462493e124527de9e2ae8d03ee8bfedbff84

SHA256
09c7da9d03727f834b06052505e8f4aa31bcf5979c20b8ad354f8dea01148207

SHA512
bca640febdc6beb240624d6387f43bf05044ecd2e0b62ffec1acd97dd3f416d3ce9d1bcde9200918a810c7b3790a3c3c3bcfccda217e6b60c8569d5c41de1649

Download Submit
/data/data/com.juzifenqi.app/databases/hmdb-wal

Filesize
16KB

MD5
3aa0f6327316e49a0c612fc2936c6b8f

SHA1
656f03a77ff68ade08966bcbe0934c122858b4f7

SHA256
40b73b4d07bd12466e60bed53203d24a638e849b0630da2be665fc2a764f7d76

SHA512
cc3b65688bb4c9e2ebb4683a3811e6e8397ca70f69c4d6a32008457084793a94ffa8f0278096b2a0f0f1ae653afcc9a971949af18ee65ee0caccef7450509733

Download Submit
/data/data/com.juzifenqi.app/databases/logdb.db-journal

Filesize
314B

MD5
f511b2c889f454afa424c8bc8b3901f7

SHA1
48726f22993be2df7d131e59a14eb0ae4bde2218

SHA256
0ccedff9deecdc18a653bb668e1d1918679b3e94ae0751415ce52dbbb28dc68d

SHA512
fde26c0bffb9379e117e91b6766fb3c0b038fc16c51cc01c8f369f937af19f508e3bbe00086d2d8fdb4c1552463abc859c135694532dfd5b0bc6dbcec403b1dd

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ac

Filesize
32B

MD5
4df49cbe37cebd0e1834b0ccf5d339bd

SHA1
b991176f392af5a71812aa1a215f58b350af56aa

SHA256
56be6457ae044692a7138e883f512b72f2dac22b62b16bca8f5531d80e6cb82b

SHA512
9447b8b84e68911c1dabc2a4569ce7b00cd6e654260a580bcafd39c4d31330d5fe3587272636252df97653e6f3dedb1e7b1aee11a66eba67736b233ff24401ac

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.di

Filesize
340B

MD5
a38a6a40c2d6bca98e421358d856e46c

SHA1
7ddd13c4f9a3cb3d30a62e16a6a20003ece123e9

SHA256
16022e48f3437ae8225a0d1fff340e5e86e74fb3931a3b7faa19f583d1d4222b

SHA512
0925bf4abcd83887ff9513e2eaf6b7ac49759ca84957a559ffe641c171b4073852a1b911dee30313e154aa649b8f910e0ee3e6601d1551507bff1515049f8f36

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ic

Filesize
32B

MD5
4b78741dc345afc7e466c5728abdce9a

SHA1
d06c402a0008a6316d102748d1c1f8301193ce34

SHA256
5d41673550c497d21f3fb62d80e24a4cb3009b41ec325954dcba1a6d77d8d0e8

SHA512
959ada9efc8e97956e570e40bf07bd3c42306819ecaa9a4503a49491388d7eb00d0e8f1481ea3954ed54842a42d21540aff4e35c8caeb89cd235e215ffc99bbe

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.rd

Filesize
73B

MD5
ee357da4c7a50222d0b77ad1547e2b84

SHA1
7d8190e9d7fccd3941f0afb90eb26443bab6a182

SHA256
801d2b87407ba2d6df5ceebfa3933117c22a56716d9a01c8a7db13c66964f423

SHA512
020a7195ec28626351e61b9e9d6ebe1b158f7405f51dfaa53f979bf19a9a965b9a21f953865190d11d5d6a9f1dbc9955b9c7c2ad3b1bb0e3276ff65397514b67

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.ri

Filesize
314B

MD5
914bdb1cced6835b3b3e9db8db44f64d

SHA1
9978e725de05d386905ac7fbe5fb4eb289174d3e

SHA256
d862b86e8d852b628cdd9bad8730d2d57034b12a847f393ced66e5def75a05ab

SHA512
4e416d5072c368e59bced8106b55c0973c75e01a7a2b784d72380c885e5140adb268dcee4593e9ac146d1276770ccc3cec0feb3681f4a11f5b51f2cf29877459

Download Submit
/data/data/com.juzifenqi.app/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.juzifenqi.app/files/.jiagu.lock

Filesize
27B

MD5
00d882a840e8bb8e45f10c645646c09f

SHA1
5d5e95faf6b4d83cc6d2f41f37945a0c7229303b

SHA256
1fec699a8eedec154b77183a3bed03bbc9135f5593d02b0ca8b6aaac349fab56

SHA512
7bd9e8192c355c81b6c55ce3b875e2139d525eadfa868a40252cd18aef7e91380ff72c5822e324e0446fe52901024ac5596c8fa52eabbb97cd21d95c3927b046

Download Submit
/data/user/0/com.juzifenqi.app/cache/td_fm.jar

Filesize
84KB

MD5
b94b2179695252d2d9220e97d14e2557

SHA1
3a0278afd368d25a40670745171a1248590e92a5

SHA256
a165fd6c0ae33cc8162e164a63b5e5abfafea84a4ef69b3a2845dec716046448

SHA512
0ca17f898c9fe03cbd1cefd19a021b351a7f7432a8520f7527900b9b553dadc305ec2e8ae51ac6eba6deacaa1472ccbb01bafae98646158234ba29213da1c1e5

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
55346e3623a0dbf238c56983a534ca5f

SHA1
5c38497764a54abaaf8ce86d6a823f1a14db7124

SHA256
92804fd7ddb98c207cfa2fccd313b1be3e926c6b80067bc82923abc0580bd191

SHA512
32b279a983da4812cc8bfb36cb05e35f24a4df62fcf86954cdb3baefa0a8339488d9026e2d6268789200e01b52c1887129ea8ed4cf18aa50120a67a130116c81

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
129B

MD5
63d65d98d87750390b6375c6841bac90

SHA1
c8a36fde936840a9601685e9e2caa3bad99ebc8d

SHA256
a0d9db6c6c2579068afe1eabc2ca24ef1db47031734223851c93d838d7e3544c

SHA512
8cccb09b46914a31d12cfa42e852908e268a1f3b4496311bbd04465db1bd6b5d3f38df6bb13a4e93aa5eaa5fc2c389d16204c07d8bf61dd1b022d8a7e77ad269

Download Submit