982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b

Analysis

max time kernel
2664293s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b.apk
Size

25.8MB
MD5

ad67b3f9e5b85a8a21d60f82a641a0e3
SHA1

4f26d768e6e988c65b0dfaf5c88f2a785b44ab8a
SHA256

982b78f8885d93e581f988810748bd907e7809ab942041189fa3c80d65b6801b
SHA512

e691e10c0af1b6c86cddca4b69c4fee1fde809b458e349c31afa9ae1f58cdd6fe36fa24a37c23cc2edff355feddd2f1f416072d960be0d1109f2c9488086ae71
SSDEEP

786432:pymr3WJkybY76irrh8zkFzDsa5nVAu0qWLr4:pfraTriPho6DsaGbtY

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 10 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.remennovel/.jiagu/classes.dex	4474	com.remennovel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes2.dex	4474	com.remennovel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes3.dex	4474	com.remennovel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes4.dex	4474	com.remennovel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes5.dex	4474	com.remennovel
/data/user/0/com.remennovel/.jiagu/classes.dex	4813	com.remennovel:channel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes2.dex	4813	com.remennovel:channel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes3.dex	4813	com.remennovel:channel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes4.dex	4813	com.remennovel:channel
/data/user/0/com.remennovel/.jiagu/classes.dex!classes5.dex	4813	com.remennovel:channel

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.remennovel
Framework API call	javax.crypto.Cipher.doFinal	com.remennovel:channel

com.remennovel
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474

com.remennovel:channel
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4813

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.remennovel/.jiagu/classes.dex

Filesize
6.2MB

MD5
0b8d9826346de8b366c0ff97199d3c3c

SHA1
e0961ee731a46bfa29d844a254ac70cbea011bd4

SHA256
1383e115a292475d450ee16e54f97bc6d169cbc7faec39518385d5ffbcf201d2

SHA512
533cdce83e65547ec2de37dada534d09699cd0b9c1da1d4463ef5d99695892a821fcc25759d1f2572a75b3cba5b33c47b6441ea8155551585f0c5bcc611552eb

Download Submit
/data/user/0/com.remennovel/.jiagu/classes.dex!classes2.dex

Filesize
6.3MB

MD5
b9fba0bf46b4ab88243f11c7e3ef1085

SHA1
51da37abb3e02e30ed01f4c8b71100c317ac853d

SHA256
fcb9edc1c0fcb7b871185ee0e78889db131c1b69e705211c648ae8372afbc7d8

SHA512
f62e913fe592c5a9aa24ffc93ad33836c784df14e580bba53d545a689868ac10c3a27aac8722bc63839a9b12afa9068d54fe39b7082440094193a038a6f38d2e

Download Submit
/data/user/0/com.remennovel/.jiagu/classes.dex!classes3.dex

Filesize
6.7MB

MD5
bcd690f483e9ebbb8748685741485d56

SHA1
f9a0f694e5a0170d09f92c32eb4d35808188d092

SHA256
2e2aded6a10e2171ea9ab11f8f6a467995f689e21ae326a19fed49593174c441

SHA512
3a8c5fb9d0ffdce4af26231bf863ef972753686155ef48b1afbbdc818de6d68a49eba2155636b512ffed6544b6f5952410e7d9d11227f532c8b315675b65e99b

Download Submit
/data/user/0/com.remennovel/.jiagu/classes.dex!classes4.dex

Filesize
6.2MB

MD5
a09cf42a8df941ece04ab7768f573c92

SHA1
67e0b273d01fde77499b187946869c8eda5259fd

SHA256
b3c4c63aa4dbd036cf125cb1ea106710b4c6376a0caee38065a47a29a7712424

SHA512
111f5f2bc1e62419c1d71cebc5c6237fa6555ef269f37007dcf2d901a44115dc10f851e02f1ddf58e718d7c5cfc339502800c4c05edd8b6390174d3d10e22eff

Download Submit
/data/user/0/com.remennovel/.jiagu/classes.dex!classes5.dex

Filesize
3.7MB

MD5
64926778920a2c9239e52d79ebdac677

SHA1
2d46470898d2812631f41c2ab7e457330de2c2a7

SHA256
929705e50d39b3338583b0c3d6d42be77a1ea9945efc96fb4cb9cd8b074b542c

SHA512
df3020e0d2aebb4d1b699e7300cec6a7eda4ac33bef3182659d3ac2db02ce2f0e3e2d2f84a5b7a78b45c6e6052366b523e557117953f1e56d15b085368065c03

Download Submit
/data/user/0/com.remennovel/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/user/0/com.remennovel/.jiagu/libjiagu_64.so

Filesize
509KB

MD5
289fb443987b114ee4237b4dd97672bc

SHA1
9b898410845dfaeae3af212b5df41177ba9b8f34

SHA256
a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210

SHA512
debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508

Download Submit
/data/user/0/com.remennovel/databases/log.db-wal

Filesize
40KB

MD5
b267b00c479ce3876e4b8abf2790e388

SHA1
862cac8b561f92b653402fab477c76c23e1a8c8b

SHA256
56098bb067b26c3eca527e6a3e832ef874881f10f31a352ea63307c6e9d93207

SHA512
fcae19b56c1f80f0e016498ec1e21f5468c5e6a1b81221130b1f461f4d718d36a922c6de3ec9e7ecaad69ef26c358cbe1c229877401030db355265144d9a9e60

Download Submit
/data/user/0/com.remennovel/databases/message_accs_db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.remennovel/databases/message_accs_db-journal

Filesize
512B

MD5
89882ecf7eea34ca3942b56a6bb81d8a

SHA1
71f92338abd26c01533ba975537e9103f80c6f4c

SHA256
6c690445a526b384f955ba4628db9430f5931e57aea3cc45cb6dfc751f840a10

SHA512
a15fed89781695867cca280b22abbb9afc1721ae0b49c5d912db3a60b1a8aa70cde79c61781a31382a3b14581e6ad2f4ab21e9bbfad43967c90a28c877e81f6d

Download Submit
/data/user/0/com.remennovel/databases/message_accs_db-journal

Filesize
36KB

MD5
15e734822be94d3c5a72195a7e948667

SHA1
362a65d36e98b254ed64f47990a51724c1f60101

SHA256
5c4a33845ca88a25410d20fd1cb93f084c51e25d9245bc34021012656dd9042c

SHA512
84626140e997b06dea5d2e91a71489a4960bcdd73f71dbb2f76c5c8521ab013773a6a0c91f1e9538a8fe0f333b469f392ad1f1e251d1aaa6ab9f8647ec95ca41

Download Submit
/data/user/0/com.remennovel/databases/message_accs_db-journal

Filesize
8KB

MD5
110e35c0debdeb15422639c6daec9316

SHA1
91fdb54d8d9893751c0f11e58753ae9e0872ebfa

SHA256
3ea0361bb78b4e7662b7ed1e99c80ebc22f5906ef845c31a1f2d39126e4a2349

SHA512
34fe73fa8e10b72c0bb824355694df9a97844d35f6ea0543eecec2aa1b5f81029e803232452165694f04c917604f6ff89dbbeef67ac969a78a0ffeff4dc4ff61

Download Submit
/data/user/0/com.remennovel/files/agoo.pid

Filesize
27B

MD5
67fd09f565f2151fa4a05269892cbe75

SHA1
6f7c5054911cf956a095b5469e5ed7da454122d3

SHA256
e085cb4e3600172bf9569658c00d6521a033cc0ebb88fbfc90374c1395ccc90c

SHA512
95cf48faa596a9ec0ac5823f74470bd38f33a278e9824fadf3b94b0540f875d521e46075ddcb20a185a11aa19943d24bc6d24a53018015fbd94c41186f17b8ef

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
509KB

MD5
bde64c9a48b5273d6ec3f25f80a5ddec

SHA1
d4386a7ad870c06a1723e744c0ce42f0d017bf40

SHA256
11b5b7a6f182733c13ff11c5f33c58493c4729a449e10ccefa7fa9f3184b1eb5

SHA512
a288babe1053cdac52b1212c75001160dee1172937e405927a2b4acb2ad281ff28e0647e30df3ee053145cb49f894f76c4dfc36aa57ca571d89db1f45578adfb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
475KB

MD5
2cb13908eed9c2adbad8b32cfa693220

SHA1
c999a2e4b9b4397d7bc1881098525d432d0dc841

SHA256
a91fdfb0e1b9182379ee077b46b514577c70c55db4d0db29258d3b988c3babef

SHA512
132d24b19df6dcf8b29252c010cf38d31bf4e206eeef23f86401329927c14adee398d9589f61370115b75e05b714509513d3f3fbde2c62a4c2c0f77190d84749

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1ce2d749c4fbf5ff1519f54f1e5dece5

SHA1
607a43d60b14a9e896a6f034f066b74c31022c53

SHA256
4251a7449fb594818983651dbe88be0df1dc1050dc30c93658e541aa445d01a4

SHA512
388afc46816e8f03c7ed226dab6e6cfae1cead89719ba5fb5acf8c1d25237565dd45402fa0493ba0e1993bbece5c6ddd2e1b331236d90e8ed672db276fa69244

Download Submit
/storage/emulated/0/.idf/.IDF

Filesize
32B

MD5
807a77f60cdc658b1184e5e189f87ff3

SHA1
af9a9a04117c9b17ac2fed726e23b04c530687e1

SHA256
b9c6518bc09461423739e3b1c47626f67b54cb8fe4aec484ad6308491ef428e0

SHA512
9a612d5e1eae63dd856a9bfdbcd430bca5725cab0a03080c66662af68b08ef191719f74c19adb6a9fbe8fc370a151d45c58994cd35424bc4a3898f489c8ed3f8

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
109B

MD5
00f81aedb264c2cc117ebd9a0072eb14

SHA1
40165ae090d974669f78136db8b9329405805a6a

SHA256
3b38f2236effcbc99f81a326d7560e4cd72ee335826d6dd8a0b4e4198a8f00b6

SHA512
eb40122232aa429cec151a7b047867a71f8d96b651e3cece2ece2c3a14269009957c57db6ae0373e2a1b547da88df349c7adcc9e3a5cae519bd7e19909ec4c8a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads