982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b

Analysis

max time kernel
2792457s
max time network
138s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b.apk
Size

25.8MB
MD5

ad67b3f9e5b85a8a21d60f82a641a0e3
SHA1

4f26d768e6e988c65b0dfaf5c88f2a785b44ab8a
SHA256

982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b
SHA512

e691e10c0af1b6c86cddca4b69c4fee1fde809b458e349c31afa9ae1f58cdd6fe36fa24a37c23cc2edff355feddd2f1f416072d960be0d1109f2c9488086ae71
SSDEEP

786432:pymr3WJkybY76irrh8zkFzDsa5nVAu0qWLr4:pfraTriPho6DsaGbtY

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 8 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.remennovel/.jiagu/classes.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/classes.dex!classes2.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/classes.dex!classes3.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/classes.dex!classes4.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/classes.dex!classes5.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/tmp.dex	4228	com.remennovel
/data/data/com.remennovel/.jiagu/tmp.dex	4271	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.remennovel/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=43 --oat-location=/data/data/com.remennovel/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.remennovel/.jiagu/tmp.dex	4228	com.remennovel

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.remennovel

com.remennovel
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4228
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.remennovel/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=43 --oat-location=/data/data/com.remennovel/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4271

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.remennovel/.jiagu/classes.dex

Filesize
6.2MB

MD5
0b8d9826346de8b366c0ff97199d3c3c

SHA1
e0961ee731a46bfa29d844a254ac70cbea011bd4

SHA256
1383e115a292475d450ee16e54f97bc6d169cbc7faec39518385d5ffbcf201d2

SHA512
533cdce83e65547ec2de37dada534d09699cd0b9c1da1d4463ef5d99695892a821fcc25759d1f2572a75b3cba5b33c47b6441ea8155551585f0c5bcc611552eb

Download Submit
/data/data/com.remennovel/.jiagu/classes.dex!classes2.dex

Filesize
6.3MB

MD5
b9fba0bf46b4ab88243f11c7e3ef1085

SHA1
51da37abb3e02e30ed01f4c8b71100c317ac853d

SHA256
fcb9edc1c0fcb7b871185ee0e78889db131c1b69e705211c648ae8372afbc7d8

SHA512
f62e913fe592c5a9aa24ffc93ad33836c784df14e580bba53d545a689868ac10c3a27aac8722bc63839a9b12afa9068d54fe39b7082440094193a038a6f38d2e

Download Submit
/data/data/com.remennovel/.jiagu/classes.dex!classes3.dex

Filesize
6.7MB

MD5
bcd690f483e9ebbb8748685741485d56

SHA1
f9a0f694e5a0170d09f92c32eb4d35808188d092

SHA256
2e2aded6a10e2171ea9ab11f8f6a467995f689e21ae326a19fed49593174c441

SHA512
3a8c5fb9d0ffdce4af26231bf863ef972753686155ef48b1afbbdc818de6d68a49eba2155636b512ffed6544b6f5952410e7d9d11227f532c8b315675b65e99b

Download Submit
/data/data/com.remennovel/.jiagu/classes.dex!classes4.dex

Filesize
6.2MB

MD5
a09cf42a8df941ece04ab7768f573c92

SHA1
67e0b273d01fde77499b187946869c8eda5259fd

SHA256
b3c4c63aa4dbd036cf125cb1ea106710b4c6376a0caee38065a47a29a7712424

SHA512
111f5f2bc1e62419c1d71cebc5c6237fa6555ef269f37007dcf2d901a44115dc10f851e02f1ddf58e718d7c5cfc339502800c4c05edd8b6390174d3d10e22eff

Download Submit
/data/data/com.remennovel/.jiagu/classes.dex!classes5.dex

Filesize
3.7MB

MD5
64926778920a2c9239e52d79ebdac677

SHA1
2d46470898d2812631f41c2ab7e457330de2c2a7

SHA256
929705e50d39b3338583b0c3d6d42be77a1ea9945efc96fb4cb9cd8b074b542c

SHA512
df3020e0d2aebb4d1b699e7300cec6a7eda4ac33bef3182659d3ac2db02ce2f0e3e2d2f84a5b7a78b45c6e6052366b523e557117953f1e56d15b085368065c03

Download Submit
/data/data/com.remennovel/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.remennovel/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.remennovel/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.remennovel/databases/MessageStore.db-journal

Filesize
512B

MD5
b9aef883313a49da9dc8ade616f91ef5

SHA1
95167fa52d8800032b72cd41452cb16c59a35f1b

SHA256
e1d500a0ecf21f0c95001e793e66d29e37c0c88c4bccff511df1fb699449f91b

SHA512
dacea7a64408861378d63d110a8b36faaf25d6fdeb23440f365f97820c0c9638f67e947a56a7cd2b52a00ca6672847baa49ce32db34331d171fa040141987a64

Download Submit
/data/data/com.remennovel/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.remennovel/databases/MessageStore.db-wal

Filesize
48KB

MD5
9b45712f27788111beedec1d29a5f3db

SHA1
43a01bf48db36caa7aa126e33e64c8d2fc8cdffe

SHA256
22c8d3b6bb547de32755073aa40ea7627b8073066b73af8587c781952ac2afd2

SHA512
b72fc4288f2be163fa761535dea0c6115318a3fa0bd27b8ac169b2dac7efa0b10387c6dbdf8d658f9ba27b6f934570d33b108e5540429302e5268140572253af

Download Submit
/data/data/com.remennovel/databases/MsgLogStore.db-journal

Filesize
512B

MD5
5b90d2bb1ee3693a79514646893c1fed

SHA1
b3573fa25108edb193f7ccbbc8f20980498455d4

SHA256
8403a35994612d46718886701aeca15d46d725f07bedafa646b25e1db7177a11

SHA512
c4b5472ecec9e5536d0e96c0cfe8524cbcb706ce75ac8ba302bf8f66523a00668fb05c62be1286d6eb191260426ca4cf3e6ab8bded90cfc2370b027cc9e76f61

Download Submit
/data/data/com.remennovel/databases/MsgLogStore.db-wal

Filesize
16KB

MD5
7170fb5ed30e99666101ee6b2cadff78

SHA1
547405c6db14bd2a99a9ef60fc228a179d061aca

SHA256
eb9a9bb27eefecc8438b1eee71a9cd7a086d8ff379d3010fb3896eb95946eab3

SHA512
20ec1ba054710ee01fa821cccbe17d44d1e9de08c663475f8418ad713c2b399b4494ec74ba6d30efcf38b6f426e163cf3edf59b4058655bd86c5419e2e97e52f

Download Submit
/data/data/com.remennovel/databases/log.db-journal

Filesize
512B

MD5
ec3a7afc06d135c740d52c606371ffc8

SHA1
d6b06ab1908874bbf393e321047d970781040a87

SHA256
818c198593e726cbf7aedcbf503454cc0b8fb8b54efaf07785223d04d0908875

SHA512
8adaf9a99fda11d7cf3ba29612c4726774a6bad213663a2126846ee5ce8fffec17924aec85355ad88d1af93e71e9c195d6a89d944f8ca6b9ea3365fa0258cca0

Download Submit
/data/data/com.remennovel/databases/log.db-wal

Filesize
16KB

MD5
5685b5ab4d9ea029444253979af4fa85

SHA1
3535098c2018b5b5c22f39c0b3a67a0930387ec7

SHA256
bb5f9ef760edbc4a1f18a53a5e2a0da74f375f534ca5891946a09c724aee8aeb

SHA512
0278958268b26a969cf8936f65bf00a153a55567ee5ef957520ea94c07ab53d6451a5cbd1f183c26fb2214fa6414fc52f6cc77bddc3215a03e0982284834efd8

Download Submit
/data/data/com.remennovel/databases/log.db-wal

Filesize
40KB

MD5
3565cc38a0b84b216a7378ae2653172d

SHA1
5100e7c5f5c8e3e3aaeacd121d3aa66a71cbf717

SHA256
df8763c8a95c2062f77be2c91a327c2d230f44537a30d6ad9a15bfa9cf9484a4

SHA512
a778ad3a9f79ba9c6ae3749eccac174c4ce791d026c596ec8876e28da33e058b9b547964914daf8c0c11e4877e192dc4de1ac550d2aaaaab86012031b5c61759

Download Submit
/data/data/com.remennovel/databases/novel.db-journal

Filesize
512B

MD5
69d323d5718d21b3fe7e8c76a6610ea9

SHA1
ea19dc1fa691a7e81a757bf2c1cc907692a63ebc

SHA256
9c02e4c53a173615c22f317770897c51d972aa45205ddd1185a295076fd591e5

SHA512
9ee6997144f4c4f2d759240a86e187a3452eb1f97bdbc358d1f106956d122b2b57efecf77e3927dddc9f61d0184beaab4df967ea8ebaa454a92aaec6b32c584a

Download Submit
/data/data/com.remennovel/databases/novel.db-wal

Filesize
16KB

MD5
eb0d32ba578dc3ae51a0de73f5fbadac

SHA1
63ca9d984b662faa8ee013518d942e50afdd2ade

SHA256
5fe6cf11dea844129afe23ac53913fce336f720f280d8543aee02ee8e9c864cc

SHA512
2bfa208408b0fd91cf53156727120c1dd3900cc3d4de78a6edd097dcd8c3fe619f688b658ae23af8bc2387d98d8f451bfc717b076a23da2b41f17b8926b618c3

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.ac

Filesize
32B

MD5
6888acfa6e15277f24db22de89b48da2

SHA1
8502f372a618ee18daab660a88b7230fd637167b

SHA256
436b2e4757de530304419b34fa732fc97db5a8679179c00899257fcf8a90dd65

SHA512
58ec1b76269066ada3b9064ec94352224641eb581f1bffb83b5a783ce09284f648b6e1f84814e10594519f4daa8469ac417a93c2391d00d97df0036a84fbe4c0

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.ic

Filesize
32B

MD5
0ae7d5dea6685a91848d93d3dbfa0055

SHA1
a926cb2f60fe1da69c8abda334f813f72ab6b600

SHA256
4c1117fe7dbf8777d610909cc229eb473d9194c4abaa8a1a7e88f8545a26402f

SHA512
8c73c212f14779d6aefa1c3b6e7d48ce15bc359d32254e9c8d97c35d9ca1368b725d43ab2fccc6e58437489ab574d642071b631238c3fd256d4f579605a6cab8

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.rd

Filesize
73B

MD5
0fd7e63179d7631a255bfacc5147b255

SHA1
d167fc466cc142680815a8ac90e6ba27c47b0c42

SHA256
55fbb0c1f7a18bb055242c61e0faa709e45a8c780f2d4e7ec3a9c8d75ea2b90c

SHA512
1058d18caa923fea9eea8e53c86a9b50dbf91f95aa398314bb600a506df3d3627af635051e57df9369e16e01f19209a751f2b17e4b0b7cda3958b7297c0d23ee

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.ri

Filesize
307B

MD5
0d8f8cbc7f5ce1e211da04fc05f616ca

SHA1
2f461060da8e12b01330cf385e7db91849e0f894

SHA256
6d155fdb875b1a12ddfcfda8071fb6ed687f1d234981a44b25bc5bb7b23985d2

SHA512
ac74528532fe81e644e62b38e17b6a61bdf2f8097845bca3894c2f22f879a940c5ce1d2ae35f99d53c2d789034d99532bc41d8302b5dba0febb056e22a0ee28a

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.ri

Filesize
314B

MD5
1cad4dd8beff4f093b1a07e4a19e491a

SHA1
ef1412c26d8a5931f0450fc2c97800584f98d312

SHA256
c77c6953d85d58ef8b7dd8f20e2d4280521792a5c870f83c28de14fb50a69ce6

SHA512
db705b160373205b50845da13681a5b33493f2bd3063c13ae77cf5d2529685357edc51049d4ff9640e7ad3d8080185fec62193205c6def0d391b9beb556dd16d

Download Submit
/data/data/com.remennovel/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
ca4d2c95383888df137d78d50732df03

SHA1
e09067276007cd1b60e8a7fcc6f0e8e538562296

SHA256
b98dfeea656c8acb7d72b4505a81ab55278f8aed09d42820f37615274c151fb8

SHA512
1403933675a358d99267b1515fc82fffa591054fa02dd6cf9def5b6c7e69ae09923202d87c06339ffcff9fc16b2a63557d5f465327c1ba1268264afaad8582aa

Download Submit
/data/data/com.remennovel/files/.jiagu.lock

Filesize
27B

MD5
0db426c8c6f47354f00b70c3a655b110

SHA1
78531ed3a257f40f6f6880ce1ed636710f323f9e

SHA256
5bc1fbaf125921329aaccf282e8e6240fd37b7b55e741f2913a116ca41a88147

SHA512
82d4e3c0ad334886d9ed11923a41f6e765ba35f6d7ba92c75d92543a93e995b7f04ef7d91b99dad687bd8fcc699f19926cc39184807d28f03b876ad1110c1847

Download Submit
/data/data/com.remennovel/files/libcuid.so

Filesize
129B

MD5
8f89e7f92836c4356f0d5ae49cb122a9

SHA1
e8cc214a36529630be703f22e6d6ef655670dc6c

SHA256
936b32ed6c633bab033ce11027c4432bfe61c29772c080fec613b4a7e2093a67

SHA512
b6feeb61033068fd0e2a4d023873de6a47d9ff3bbfea7b468e5bb482eb225117cf42022f85aef6aac651149b40cad5db73bb066bf77b85b5fe65d81875af006f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
5882e76c306d6884380b2f325e57b8d2

SHA1
7ef53b3442cbd378afde784919de860169f258a3

SHA256
ce4a7e0777cac1543bdb74b1e0bba2e6eb6a808afca78d8e80e74d2d54381f06

SHA512
b0d1c889d4b8b78946bed58d5f3915637d99805b646a64f18a98e7e2ba4fd62bf9f3e137d477789f0a0acd44616b3c91c801f21ecc883acaee437c80bea14f19

Download Submit
/storage/emulated/0/.idf/.IDF

Filesize
32B

MD5
b5400a0da64dabbdc593406a596ede58

SHA1
f957d656e940b782fef1766cb3a1169116aa3c6b

SHA256
6523e0ec4eeb29e2ef1848ebd7d9cf6a5657108bc0db75172c1796f41259bce5

SHA512
d1e0be39424473db27e4a94ba6186f93d4f67d2770ef2ccd82fe9e0a8c66f9e2bfecd3b2bc4aed0340470f3ede684c75e876b4093f866e1db08d52eca7746a9f

Download Submit
/storage/emulated/0/quanben/cache/uuid.text

Filesize
32B

MD5
f0d6d9efe3c8a9986881d7227db4c3b8

SHA1
83f0110f00b97b60ec9c41866c2df37c68332ee1

SHA256
e3fd2c79cee7e492986e7ab9b756c4e31b8acbe66ee1d96c5aa8f2c631d63b65

SHA512
b4229b395510f97512eb4e948873fb404ccf22f910f48458c41362e49c65d06c9d31d269297b4fd322785d4d507ccd7038690f602d32423f39b291c282fadd89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads