93e8e574a34c44910b2a686df7a033f24fd785d894038cd5cccec4c98e5b6806

Analysis

max time kernel
2783222s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93e8e574a34c44910b2a686df7a033f24fd785d894038cd5cccec4c98e5b6806.apk
Size

19.2MB
MD5

5982f34fe469803f0dbce18287c49995
SHA1

ab8cefcf5c21bbab502b1a6364dff2b6138d9858
SHA256

93e8e574a34c44910b2a686df7a033f24fd785d894038cd5cccec4c98e5b6806
SHA512

f2c6e5bab5fd033e2022cf25400cfca49884395631bd594a7a0ba9ca9ae5213e5e29fee1285e8b2b7f99ca6c0d6b4995ad5f564d642313e607ffab278336333c
SSDEEP

393216:ojjQ9Zy1joIBB1uHRiNkr8scj+r2tF9Ymud3j7gfPdgZ7iiTrx5w:ojjQW1oQ2PY9F96TcGZeiT1q

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xgbuy.xg

Loads dropped Dex/Jar 11 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4246	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4246	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4246	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4246	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4295	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4246	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4380	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4380	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4380	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4380	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4380	com.xgbuy.xg:pushcore

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.xgbuy.xg

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg

com.xgbuy.xg
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4246
- chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
  2⤵
  PID:4270
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4295

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
8.2MB

MD5
2f7c2a545fabc42357818c4d35052eb0

SHA1
de52edb45f76a000f2be429ef0e7daf7245c35a8

SHA256
7dcc68dd4f94a23b6beffb924eca54ea4a9093534b34fb377d6b9ab5fbeffe78

SHA512
40b6cbbcbfe0771469f025a1a798c4bff6dbbf55426220486ecbe7654506d7a240aba9b4d76db29e54bc468e44b996bb324091315cf7b1702bc0fc0573879f34

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.5MB

MD5
3607e9bc414a499b1da47aeee45672f2

SHA1
04b39c1fad9bd8b87eb58520ef98c649b4864a26

SHA256
80b924b9cb646f78b355227c8c265a0e694c3b1b2b17bce5c992fc8399e475fa

SHA512
0b3733811437cc28a57930c5cf57aa692e8e18e55c1dd3ba534de00cc374b3d1618a40dd0bea185d369816e96c67fe5d6ba981a51142f5f436997f0bcd574771

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
2edb8333947a3cbbf4f2ad35404817fb

SHA1
22ae5219b5a313b13dc9d65590507fa01cb63b77

SHA256
c9f2509cab8c706548fa84a52ec17f7477666cc5d216e2751023c13c783658a8

SHA512
f90cb78128e059c587698697d88a20a101d08965c05b845382316dde2015a9674b975d68fea7f4a457cfb333c741248e2d84a39f4ce6db60f5497eb431f86026

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
2.4MB

MD5
26cfde3ec0e689982b8c2c01e0313830

SHA1
e79bfad35416572ed90b33106b0e4353f609d742

SHA256
450570e28912a1267aca4a1f0c7f28571da0a6c83cb711bf6c35f6a8b228b4b4

SHA512
431268d92e22fb0a819384434ac2bcf1a59d18cd3300e13524baaa517641ed6cb2eb0d8a8747b75d2aceb73fa9b026005fe6cff339a47c8a119329f198f7972e

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
1b6c43b4f7db8c4c6675cddb457e13bd

SHA1
b3e984d4dc4a95030f3502ebb85d487a450f65ee

SHA256
bec8ca98440f89aef82b14d8727fbf771d23b3259e76e3a7370b7a85908f49a2

SHA512
52cb2a528097558cba0679cde1c3eb42b75aad7bcc15a83d857adbb297ca9d940d659aa55c0742427b4e9534a75edafac3a56e6b645c60f0b6e21fa7102e6de4

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
20b55bd582b20ac84420a878ca5d5681

SHA1
f0ffa7899c8a3b0c2507f9328faf4d73fe4278c9

SHA256
3832c39b119e5a0bdd2865a98a59d1bba2e34c144844fdd3deb8550f0cd89c2e

SHA512
2d365f9627b43bfa3b744b9c93c4147218f4c61b790b3be885c4033057e5c64a5ad2d5422a1de0281070397d700f7d73911a8be2aa25b3bc2ef4ee9f19aa9d57

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal

Filesize
512B

MD5
10ce4be9acfa528e8197ce34ee47e043

SHA1
c1d924c55f1d9218c9862494d3de10ed426770cf

SHA256
e6dc0c75dcd1a986330ca112b46f44b85e97d2dcc60e37c569087f708d68c03a

SHA512
8ea817d55128a0e73d36d172cab0350800682b05342318c20b8271117900f7c7c1e7eec8e7a5d9a89e55b5391690d72799969f37f94f1413fae8db9ec4f5345c

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-wal

Filesize
72KB

MD5
e97278d80ff459a0f17ffba976f3333f

SHA1
103b75f2f10abee06ee5e48c4dc568c02a48f65b

SHA256
5664e9d618d100eec6819d84fcb2b738f105c07bb691cf8c4ecb075ed79cc5a2

SHA512
d5909b888d0e9211d05536927a7ca5e5726df31a1d679e3142f8a7ef54a14c0d35dc080463ea8c90619a51cc6dbbbfb49b21999945addf259fe0a7d76ead957e

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
267981f7994d1d532dce4b637f0683f3

SHA1
ba6ea2117a1d3a29c41fd09e4aa4a4f01a24e876

SHA256
1d85505f3b3096db2de1c0578f02d2434d7e4eb6ce981735a793bfd14557b929

SHA512
75b1bfb34acf8116cfe30ec64aa56fc85e734e01d27c23b9ac0c2a12cddd4870cbdc4699bc7827728a05067a1533c26b10e0dd4e145f7793c5ec25359a13b6c1

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
314B

MD5
6166acbd6e5f0b9eb8a62005ba2cd75b

SHA1
1fa5ab57340903f4f579eb9fc630f98ef87e8e0d

SHA256
28a2871fdbaed98ad519526edbaaa43ee4d8d6d3faea4ef0f7b6f7c64409dd30

SHA512
905b6fa9b3019cf30e519b332fb278f265cde9615405503e19cb13405c1c1576d02731824579c2ec33028b85091349b5ddfd347970bf57dcd2eacdd8b13191a8

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
363d0ed2cd2573f5af38b59b5e316cc8

SHA1
e99cd419e432a9b81f81a74f55187ed7ff2d38e4

SHA256
1a2b54fdc37c2150ed46cab6a034ee4afaad6d656cfc64f0855c6d22761ae9ce

SHA512
7312cef0671d3c5b21c9a1549cdd9f4f818ac95adedad152b2a7fdc9e9d1af26190b18df5738c13fa8131c17ce5ca3071b0176a53869397ab2202074f757dd1d

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
57B

MD5
acc2a2f5cb76c41d2e97e0d409b53bdd

SHA1
ed06f22ff10e0912f50d53bc775ed2ae70f85d5a

SHA256
12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448

SHA512
faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
201B

MD5
d6631bcbc21eb3eb13b10b64a7ec50a3

SHA1
243455258b4489ff3e3ea033f54c2286f52ce457

SHA256
02bc651f869bb655eeecf0065b350ac1e3cc5dd66d14cf150114e7f149fd8da4

SHA512
68ce64ed086aa2f0aa8851ce285bd7129eedec89a17f58ceda93525184425205b7f80e8142421649b5b5a40a0df00862386eb8d0c9eba03eaf995d7b90f1d0c3

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20231226_log.txt

Filesize
201B

MD5
44843f9b73e83ec547f149d6e66932a9

SHA1
03af7ef8f3f0b57718eba6499f530feef2c1ea7a

SHA256
f11928b5f9e1761e203c105c8756cf8cd34456de067708bc9c77cc8379d56189

SHA512
e7d5745cd65fc22612ec8ecdea457d2f89d1243dbef004967c6a46834af6833fa89ec30cb485619ed04283fd4edea44fedf8c7fe7f18d557431d3859c0aba53e

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
75bc1c5fc446d0d39b42ab0dcddcd87a

SHA1
a946d232747836340e9e3de5e3e4dac985fc04da

SHA256
022ee48574ae3615bd5d2bb14f2b1cffa77104ff6390f47f9ab0bbdc1c84cafc

SHA512
7d131367b15bf3d351460637a55ad72cfd87834c1e865f470b0d22127d3f14814a12367d607227e215a8f29bb5cabe345e9914fe07d4f7c8b274d80cfba2a57c

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
314B

MD5
3339fb67e595d8400c9559a35e142d94

SHA1
7a9fd80b4b2294fdde65c668fbec84128361b784

SHA256
2f8840247880c21b14109690b3e8c0d0785011464127d1a88f6297f301878658

SHA512
a498f978dbbcd53387ba94f329db17e400051341a730764a4e2c021e1a01b5ac3f9475a3cecfeb9882b035cf230bf2519edc9b662ec8f60dc6537b98c5f21fdd

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
b0a6b0b60add5a1b0c874bf7e9efb3c8

SHA1
a032b30c52ffb0d46ac0ce610cf4519d1fc33322

SHA256
969c40e57f21b59f61dc805ba3fb60c919394a82b0de4a7e39006d0b583774cb

SHA512
ae227d9fe41099bb28e5414c95ffbe1afd64edfd338758d7e3849a39e7422c8a3fb842f3607f2b8881d6105cc717deff7528d1eadcaf5d9ca0ae13ee629df613

Download Submit