a273777cf01aace6a2994ee852b786296d58fd29912f44284b15b3e6f09e41be

Analysis

max time kernel
2719593s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a273777cf01aace6a2994ee852b786296d58fd29912f44284b15b3e6f09e41be.apk
Size

21.5MB
MD5

592d037ea2e77a28c3e7bdd07b2830b2
SHA1

e4f481361c9b4577fcd4d2d64553f6d4241b4270
SHA256

a273777cf01aace6a2994ee852b786296d58fd29912f44284b15b3e6f09e41be
SHA512

4168a8fb1b638697fcc269239ca126f40deb5a3dffdc396b9ab3f0b12567db572e6e837788a1a4908343a2c4103943c8b0e54b5ffabb783f73a865f608d20f97
SSDEEP

393216:wgTs59iTMo5fkwkENWPwS4u8eXaSlxmBrGqx6zKVYJgdwJrQjCStbI:3w9iX1kENWPwSfFXaSlxmBrRQKVUcwS2

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	wallet.gem.com

Loads dropped Dex/Jar 18 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/wallet.gem.com/[email protected]	4461	wallet.gem.com
/data/user/0/wallet.gem.com/[email protected]!classes2.dex	4461	wallet.gem.com
/data/user/0/wallet.gem.com/[email protected]!classes3.dex	4461	wallet.gem.com
/data/user/0/wallet.gem.com/[email protected]!classes4.dex	4461	wallet.gem.com
/data/user/0/wallet.gem.com/[email protected]!classes5.dex	4461	wallet.gem.com
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmain_312768000000.zip	4461	wallet.gem.com
/data/user/0/wallet.gem.com/[email protected]	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes2.dex	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes3.dex	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes4.dex	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes5.dex	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmain_312768000000.zip	4592	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]	4826	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes2.dex	4826	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes3.dex	4826	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes4.dex	4826	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/[email protected]!classes5.dex	4826	wallet.gem.com:pushcore
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmain_312768000000.zip	4826	wallet.gem.com:pushcore

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	wallet.gem.com

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	wallet.gem.com:pushcore

wallet.gem.com
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4461

wallet.gem.com:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4592

wallet.gem.com:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4826

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wallet.gem.com/files/.jglogs/.jg.ac

Filesize
32B

MD5
85c7875c8678f8d18c4ce079fe06edd0

SHA1
f557f09d9ce487a202ad6bd59a8cb3977a5612a3

SHA256
95f346795208ac39f5bbc7116cfb44573453540bb35fca99a67edf1e1abd2c89

SHA512
d119b2f768ac61b4a402905be8bd68fa45d8fa718ddd35fdcdeab87c5de406de2a010e02089729eeb2b5f0c0607ca68eade628bfa884e7bf4188558d863521b5

Download Submit
/data/data/wallet.gem.com/files/.jglogs/.jg.di

Filesize
340B

MD5
46cfefeab533c95bfc2c42cf3032eff1

SHA1
0534a269bd22269e27d64073e9bac40f42a3ffbc

SHA256
b775f25d6de874b2d517f47dd514009e2f8b280765ff9f6a7a01fa8e7de2087a

SHA512
a3077145223b752c04e327900960b43df979d40197718516c8062b59cc2a61b097d34ee784f31181ec71e833d1802b5d3247ad63fd10763658aa6736d16f640b

Download Submit
/data/data/wallet.gem.com/files/.jglogs/.jg.ic

Filesize
32B

MD5
c1c1a8e1e1d28afee52a3fdb500c01ad

SHA1
0558865cbfe1253c97858d21009687356df16e54

SHA256
8e63b4c27b77f32c2c6582043a1bf8ce76ee6ebaa531d5d6639172ed4c70cceb

SHA512
3314030da56ee3c5f173bcf78b686a5f2a092c05790f6582ddcde4f86b8b7d81c41cee038fb961d5f9714c1b8c55774f203e4906fd751f311bccf80eb612467f

Download Submit
/data/data/wallet.gem.com/files/.jglogs/.jg.rd

Filesize
32B

MD5
727546267d8815b006e7a7a75ea6cfe5

SHA1
e7764c6ef1259a73881502940ae14666807fc87f

SHA256
080e45e6d7e2402abe33615f79a18b1d2d06c4192bb50e307e81b7bc2fd11484

SHA512
451490af700751c961f92d2fa2f4bf16d9a5c92071dae6a677b2f7327a83d0db344d5f5e7c3b1ace6f9a1a28e4b813eda8deef511cd5f90528d16a09234f6554

Download Submit
/data/data/wallet.gem.com/files/.jglogs/.jg.ri

Filesize
314B

MD5
2a2aa621aa7daa7fe751a539a590b23b

SHA1
be0a94e38e2de5a024a5c5fcba270b6e610edd1b

SHA256
32b095d9b6162bde8f9c73b2fddb2f6b1488e94b97e164ad8e32680a8f7a18bd

SHA512
2c17fd9e25fbd685e9f59dac6264dd31dbbe6f832e7c132ad781bb016bd2dc45ed01895b1cb62b457f78aeffe579447832ab5fe9cd3aff7d4b89d384ce9c920d

Download Submit
/data/data/wallet.gem.com/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/wallet.gem.com/files/.jiagu.lock

Filesize
27B

MD5
8615045d42296a3e416804bb794d08f5

SHA1
68500c8eaaaa9ba4c9a669c362e0ede23bed7077

SHA256
5e39ac6fddb8cf53ce9933f6a8d38d81166700f1758b78d47b3502ea63355756

SHA512
903e10e2e432c3eb5860cfcf72b08d2bbb94813000f72e75d73abff8754cb3a3d6de5d882c026069013fb1c3d22ecb7f3fb70c5adf0798a4b732ef21c75f54c8

Download Submit
/data/user/0/wallet.gem.com/.jiagu/libjiagu.so

Filesize
485KB

MD5
2c1a490890ff15348d2fc3815b2cfb3d

SHA1
922e1e5539c40ad5bed578a9cea9f076df02eaee

SHA256
4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

SHA512
3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

Download Submit
/data/user/0/wallet.gem.com/[email protected]

Filesize
5.8MB

MD5
4156358e2d76661c5b925e8f911b8c20

SHA1
e60b27afc00f267eaa00795e35a83e8be752360e

SHA256
3249996de76900d095ce7fb9fcb86e0f025ab7b4876135409dbe48e6aa3e591c

SHA512
3ddfed7e29564e3657a352832f677e44bc2a9986f3482b35a3a3c4cfaf3121da829d1e6b8cad6b32fc77a5bb45ceb5b02362de1329c1b40922b1db1e514cbbeb

Download Submit
/data/user/0/wallet.gem.com/[email protected]!classes2.dex

Filesize
5.2MB

MD5
fb1880f785b05996fe045d801f563ae9

SHA1
eb0c7f08f3f014cd758d7516e95bb0787fab2112

SHA256
c7e3a8c3d3188d5a5a3c3389abd7a9d57b668f175edf0ca1ade7321d163d4898

SHA512
bf095c6096992e61602cfedefea2f0e23ec3f2804ac5621b5931ad7776dcbafbcfa0b6a711d0665c608fcb05eeb865404667d9c6a6184243b2e48b5dc30868bc

Download Submit
/data/user/0/wallet.gem.com/[email protected]!classes3.dex

Filesize
6.4MB

MD5
9b485e166e7c4fc5021e29a3865eaaea

SHA1
bfed385461a6025954d2ea347a8604387e8bdb46

SHA256
27bd175813b5066c115c163b766eb06bdd6271b78adb2a3f85a41dc20244d415

SHA512
8de372780e251a8425e1c77cfa7c15f3e6e8251c03fd49bd04a4b8b5ce15e04ab51643dac1b1ab27684bda0cd1abb9ba6746f2aae6b224096bca3967f73e75b1

Download Submit
/data/user/0/wallet.gem.com/[email protected]!classes4.dex

Filesize
6.6MB

MD5
b4dd72f0c9439fe2c38d5b3a90c6f02a

SHA1
3d1593f45d2c5fb622ca29d6ab5fcc8a392e106b

SHA256
4f6b1dd7c1f96e8c1df2621c95077939eae02c28e39ef6884408ef5910cf0fb2

SHA512
1033d27e1683397fd0dc4cd622d21e5c8b510e44504b00086e732ef562ca611846652db0aa6fc593d49734f80e1bf4588ebb02034db6ac7fc4252141f6770e93

Download Submit
/data/user/0/wallet.gem.com/[email protected]!classes5.dex

Filesize
2.7MB

MD5
c6c498ccf09283029e7cba4603c18d38

SHA1
6eae9494b3fb7a2adc670f2d1951592b944ca70c

SHA256
073d3fc2024d34c1b29cd1deff16a565a3a32d7c818684154544a7a3314f23db

SHA512
c333c2913de46f2d3c5f2e8fa8263cb73378b82946799a8b112f933ec1c908c64f4ea15f6872aca1eb45804cb980d01381b722d137ae4aed66d56cca80c2c559

Download Submit
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmain_312768000000.zip

Filesize
65KB

MD5
c5bbb46c9d8827d1e4e00cd117a67cf5

SHA1
7491b3191670420fee58d60d6480066c07ce7d5c

SHA256
8a7bdd15bed9839a642b029044e42897d9060925c7598d02f954eb5572573081

SHA512
c6cc7c71fb7924a09f966aba49523672215b79e64cc1adedf505828862cab10ba0c033a4965a4724911f689512967e31146a02694db1d164bb383223a8c1f1dd

Download Submit
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmain_312768000000.zip.tmp.4461

Filesize
381KB

MD5
392c9f24cf741835f03e992783c99707

SHA1
688f7f070da4e8324ccbe45f02c6756047dc3053

SHA256
68f360f5597645bd4b906b1b28617d08ea8a267d79ef57da4000f4404452fefc

SHA512
540a8f6d15c97ed7e43c8a359f39a9195290129e19c3715e713866559d058dfbcf0492eaf765f7558dadaf8a9a4f1c80355a5ac580f05df59c62885cf09b8221

Download Submit
/data/user/0/wallet.gem.com/app_SGLib/app_1703526493/libsgmainso-5.4.56.so.tmp.4461

Filesize
691KB

MD5
0959e74e2817acfdabfdb68d85529179

SHA1
8f5c41874cdeaa88cfbf6639ee6629ea21b8ef88

SHA256
d72e232383167362c542ead685ab9ced49c41b857c4fe305f76779ce54634d0e

SHA512
b8cdb34e868b97fd09dc5c906217281b3059d2f15ee967693d77e51039726a6337def14a317a78c7bc8fb5c9b9414798de74a924ddfd995fc8bd3cfa5a1bf080

Download Submit
/data/user/0/wallet.gem.com/databases/growing.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/wallet.gem.com/databases/growing.db-journal

Filesize
512B

MD5
cfcaf77deb3322ef95844fd949af1874

SHA1
f483f9c6531dc0f39980a1719fd513741313bdec

SHA256
b9f487ec563129a1ac0514d1b8cce6ab9efa75278fe9141f702c7654a8ccd179

SHA512
9747ad582de897d34bff0608038faab581e512ce8c73fef1a60cbce72eeaa9aa1bff38657f52028d4cc51f065d535a6592820590faf27369294bf839243833b4

Download Submit
/data/user/0/wallet.gem.com/databases/growing.db-journal

Filesize
8KB

MD5
af374c7b90848c4a8a18a1709a641129

SHA1
60a5668703e5b7e2e03bf5cdca508fbbc160ad2c

SHA256
a68a5ccb7672833be4a5eba82846e27f4b8f06f5f3b2b38b6bd718787fbecb90

SHA512
23b619bec51127f1b17e4a110ae621748e0b647a30a21b286e2c8ae5cf72535ed87653dd0b48877e4484f9eb99cc4631c7d93ef27583b9bf5e253e74aff3cc37

Download Submit
/data/user/0/wallet.gem.com/databases/wallet.gem.com:pushcore.growing.db

Filesize
485KB

MD5
02718383d6ff6a47f58891ff1e8f4c94

SHA1
fe8b826b1327a39316b39cc9af2be644d88b6796

SHA256
d09b3654ba5d68c1510b8eabec572544e037a6d1519261d9ca0ebb0c3baaaef5

SHA512
4f198294b53f0fea429a204eb238207973f9699af5e64f5bd6e4018397307cad0302bcd4ceb7f1412bd39e810e8f831728bd756c77556c0f8bcaa80a7e5dc022

Download Submit
/data/user/0/wallet.gem.com/databases/wallet.gem.com:pushcore.growing.db-journal

Filesize
512B

MD5
b71fd4d2ccafa195de07e396cb480be3

SHA1
8687fac9749078edbcb17934e32073b5fd2519ba

SHA256
b60756144c675708fd2ce7962cee90f2ac08e482f28194d43fb3230015b3c647

SHA512
2ef05dae4d2b24f70d08373df6057769130b311fbbdf56cfa93464104a51380b0d91cf021434da149bfd35eb99d038d630a25caa53da711bdf3c075271f7bfed

Download Submit
/data/user/0/wallet.gem.com/databases/wallet.gem.com:pushcore.growing.db-journal

Filesize
8KB

MD5
af96690f3e97cf0c12a3cad33fb3c8e2

SHA1
eba87fc8eee993b7ba365b9aa2c859a94a63dba2

SHA256
0011fd4e87912f2789aaf0a0d1ce9044ade1123322117b43aca55d12eb3dadb7

SHA512
ad69d0a00b39ff0b391c9c29feb882d18ba830dc329c3d310473127b695e175a1a270e6070a0cc20f9d0e10d62e6090e2dbf412f597bb049255eb90d3db384c3

Download Submit
/data/user/0/wallet.gem.com/databases/wallet.gem.com:pushcore.growing.db-journal

Filesize
8KB

MD5
80b368acc75228a841c111dbfa7b97e6

SHA1
4e982ea0aa8f7dff659acc6ca99fabe302083853

SHA256
d851e7733c7a2f2d77445fe97bc0a4a8776780dd2285c02d2aadeda9c0ceb40d

SHA512
625dfce77a9c03fa078859a609aebe03aab844eff6e853a6dd8dbfdbb026c67f9f9713c58d922adf2807243c48746d6c126ae2301ec00811c65cb2973895377a

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
c5b5d252fefd4ce5dc356ccaa7e347cd

SHA1
975c0c2a8f40e921a5f3dfe7a972d8dd64722cb3

SHA256
ae304d8f54c029a6d93d291908d559c54133b0095bc93cbbbcc7eb562834d8f2

SHA512
0cefac1e43b4cb464c4d720c14b67ec5079d7b83ea6d85f6c9f9e975fa765753cff791c3ca121c003759a6306fe309227f26a6fea539ec36fe5f975738a0e6bb

Download Submit
/storage/emulated/0/Android/data/wallet.gem.com/files/tbslog/tbslog.txt

Filesize
15KB

MD5
b5871798b9e13ddaf1131dc24dc86b37

SHA1
39f73018f52cccbd96ad57168f7fac5147c406d0

SHA256
3b0c00de91e523435f69a57940382826bbdab094c24af8f554bc7c9a38041a8d

SHA512
76aca978218c54f074e6a17ad152103b1722796b388c5076ac57db482c604db3f3a63aed7bd36240530d98bda765301950697f3fbcf87c5fddc914ad65f5264a

Download Submit
/storage/emulated/0/Android/data/wallet.gem.com/files/tbslog/tbslog.txt

Filesize
4KB

MD5
1ce6d1690981ab6645fc4ed74b16e982

SHA1
4a4d16196c123f9d5cf39ea0fd5cb148b8ac1284

SHA256
8073ab0f8402862b09a73839d0c293dff65dfb1f6067207eb63168d47bfee767

SHA512
9b8330e4a5287cceb18b39d6d9bc9f48f51d29d2ceb2806e82be84c916078d9d8ac9f5c34ac25206feb50353cf34274a65a35b5a59e371e744083e1b49057294

Download Submit