09be28acba0637764c4638d93756ede9b73052fb12d6c5e11e1af03486a00807

Analysis

max time kernel
2861033s
max time network
142s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09be28acba0637764c4638d93756ede9b73052fb12d6c5e11e1af03486a00807.apk
Size

17.2MB
MD5

48d81527b3251bcdb89a15c7861af864
SHA1

6e29998293babea199a399a1c63a0624d484fdb6
SHA256

09be28acba0637764c4638d93756ede9b73052fb12d6c5e11e1af03486a00807
SHA512

4663b9ea580fba2d4dbc749a9e032b5c24db33c0fe86ad6762f20062c4d625eb3dccdda1b146324c32cfc60683b1b292a51209337e075536ce67308080f7d3dc
SSDEEP

393216:fXm4HGe1n0U9pecC1DNp8/M5ChLRR8klTX1BD3Os5Nges/:7t0U9TCX2/hhLRR8kljLzces/

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobi.clearsafe

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.mobi.clearsafe/.jiagu/classes.dex	4961	com.mobi.clearsafe
/data/data/com.mobi.clearsafe/.jiagu/classes.dex!classes2.dex	4961	com.mobi.clearsafe
/data/data/com.mobi.clearsafe/.jiagu/classes.dex!classes3.dex	4961	com.mobi.clearsafe

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mobi.clearsafe

com.mobi.clearsafe
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4961

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobi.clearsafe/.jiagu/classes.dex

Filesize
6.3MB

MD5
c4a6e6f66772a91dca88ce321bacdc5d

SHA1
c30c4880061e74b598c96e807aa16914d76504e5

SHA256
c6d2b4634183d5cb4c7ab945c178335e3da823cd2b8b393870edbba5850f6d4f

SHA512
bc48b3fe0d610ac8b4ada1b3a377d5577a2b74480000de55d66422cfc6c09bfa3e0233b8347168833660246860da311eec1a727f0a3008cbdd7373306b2cc2c7

Download Submit
/data/data/com.mobi.clearsafe/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
2ff0a45eefe563ba5534c5cfa5ed7ce8

SHA1
ed328f405a6705915c3d11d5882fc5e0ef1eca5b

SHA256
d10d7ee2cd0097522ea4456f3e09b255249295f72686a44da07047f8fe3c0645

SHA512
03af2acaca44a16cf32c12d802b933833aaa1423773c18b3f3515ec600ad15ffe53bc76c7d66d8c31023b541fd6fd30ac7d2819bcd320a2c27c1b8aa36172502

Download Submit
/data/data/com.mobi.clearsafe/.jiagu/classes.dex!classes3.dex

Filesize
3.5MB

MD5
1c240b4342243b8fe41a34ce60d39233

SHA1
36e1335e19cad3239f21ff6262f2e3577174ce08

SHA256
cafb4dd1345bb4311da5ef53b77a9eacc35c43af23af153ab974e640aa2f18fd

SHA512
822363f4089f7118e0f9e0df36214cd30d9c664d4296ad1a4a8a295354ee9c6e3b8f2dccb9bed29a1518ecf005c658466a3558d57c410649c93c79d1b5ca36ce

Download Submit
/data/data/com.mobi.clearsafe/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.mobi.clearsafe/.jiagu/libjiagu_64.so

Filesize
569KB

MD5
64f0958be2a8e6862b90faacb40129e0

SHA1
389c618137db70dbf84adffcdc3c5d4850a5ff24

SHA256
4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

SHA512
793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

Download Submit
/data/data/com.mobi.clearsafe/databases/MessageStore.db-journal

Filesize
12KB

MD5
142b6393a0248329b81b0c97268e979e

SHA1
66b6343932db4bba2c1df5ec5612975bcd5c36f9

SHA256
beec4a1dd8e403fd9abc2d1095c06e167efbe3b44dba2a85f42669dee1d1a283

SHA512
91456903b490612896e533c2004bc7b20542a4ec5d3c5c3d579ff2a3245421ef571130caf81dac84922113975c42f32276f53ccba0643081a940da018afb9f37

Download Submit
/data/data/com.mobi.clearsafe/databases/accs.db

Filesize
20KB

MD5
d95e1280cc553509d7b5b7851398db12

SHA1
121eb76ea37f3407d0f3b56392f6f67893fbe649

SHA256
58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c

SHA512
f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

Download Submit
/data/data/com.mobi.clearsafe/databases/accs.db-journal

Filesize
512B

MD5
1fb475990c6c10dfd8d65c4a03d333aa

SHA1
08cb6c462bc47e8622412f74fed75de8121ecf7d

SHA256
c7e6e7547c32d513cf9b7b4ec3a74e6afcc15e5984c503c4d6771e185e32f516

SHA512
108ede2e2c27b43fcbdf8d4c10fc520c668ea6ca07ba9365bcc71c724f28e6a17b9c39bf4efa248feb8424a487294debabc9a9629f19ac9c58576456828d9fc7

Download Submit
/data/data/com.mobi.clearsafe/databases/accs.db-journal

Filesize
8KB

MD5
684a75aa028f9306f55295d3e2a06797

SHA1
195ba4e7d257e481bb7fbb58cc8516034ee2089d

SHA256
e6fc9c57b9e1a17eb404d2c1eddcc9d74eeb934b3f581d5739747981d87a4cde

SHA512
77a8915a81d27c038679c5272b0a2cef18b312764896d5fdce70dfc013b4385fee9788724d3b42d30397a8fbcd61a805c1d4859e0ce3763c342e3a2f60380012

Download Submit
/data/data/com.mobi.clearsafe/databases/accs.db-journal

Filesize
8KB

MD5
cca31183c1dd62bb5a3ce6689d17719a

SHA1
88e27fd015b64c31fd1578b0cb1d752396ffcf04

SHA256
44e24773c5ca495d7ca03acf9963680da23dc9eee8b62b7c8182a1c8aa1e2d54

SHA512
f9e0e3b58c96d979ef94991994ceef3144ea3383efdb9566b0d33fb26743b6c2828b35d3896329e200867fc055791ed24791aa573cf51b9d71e7ea4340a2b82d

Download Submit
/data/data/com.mobi.clearsafe/databases/npth_log.db

Filesize
20KB

MD5
6aa2221283e2f6a24a1c148e8093c4d4

SHA1
d757b8ca71e249c536d7ee6c9abf30a83205f5d7

SHA256
6aa4c467e4c4b25f7a3b1844f3b1dd4afeaf625282f1c14ce1d8d818bf8725b1

SHA512
f88555a33dac3ec698c8f363e2f9185bd08fcfd407de64625d57a7dfdb4c727a1ecc306565ecc74eabc34c4b84d86ab40b42417f33685521e49c61bc238bf979

Download Submit
/data/data/com.mobi.clearsafe/databases/npth_log.db-journal

Filesize
512B

MD5
532fcc193880d9c51f68ff37f4f78446

SHA1
ae6d65bd8dc9a40d8497f4409344eff81d7a14fc

SHA256
77078e14ed8219688e3fdda29092f110bd3c8540197ccbfef0b7c3fe147c5bcf

SHA512
f191d35da5e4f8303802045608283c49ca84de7e689ddda90e3a83be09ffe9cb4b5058186591923f6f38229d59bfb566ecef871ffdf800e6a74816761d5f6c5e

Download Submit
/data/data/com.mobi.clearsafe/databases/npth_log.db-journal

Filesize
8KB

MD5
36e38aed1dc3933a8911a77f84865608

SHA1
a9ecf1db9e470bd5a6e503a8e97e29e30f43fe53

SHA256
ad6d414768d0a2770271836d228c9f36ee412665aeb4e541f30d2ae4c28c28b1

SHA512
38fb557e2501f99acd444ce988e57c0cc6d776783c05324ad73120c530297cdd6f6c2aa161ff4855b386b6030380875dc9977b918b13a92be56d770795a4efff

Download Submit
/data/data/com.mobi.clearsafe/databases/npth_log.db-journal

Filesize
8KB

MD5
6d579788c0e0201405504f9a9914c509

SHA1
632a5078341e9a9f14ef3690d7cd830067725248

SHA256
2e72419ee0705dd87694ef1aeb3fcd2be9a9944de3c954e93a8e63621476a9f9

SHA512
94a20af06231f6c3511e94cf3f7f4a108621aebe8f13b8408e88fbb0e5115e1ec96d6997118bdbda9841777efa1c204d5013589de601be1642b51725c6466819

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
e26768cda6186228870bca35fd136990

SHA1
0ae6ba0b8e7afb912918a4ab6804dde69a4ed88e

SHA256
52df65e9719f26781fa14775c673172189af6a1861c49b7f671624f85092dfff

SHA512
125033a4eee47cdda9e07eba4b53eedd2455896f21624bc05c869670527495a6f75cba4ff6e59b7afcfc51d2cb271bc442f4bf7039d6fbb8a3ab086ebb7c30a1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
e7f4d76b3152a277f109d97c42629209

SHA1
77b445bffa85ca636951bebb9f63db4d292632c6

SHA256
7ce4b241d89a63db6c7ac205531fd87e9dde42c9abbb3f3def538aa1ada1a7e6

SHA512
7e824423bcdbab0223ad3098c911b1e0b4ab7feeeb8dc1aba2b8a94f7f057ab7fa9ef2dfd83f0a1f12c71cd12e60b830d65653b93196316842d75ff21ea59d48

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
1adabe2d3289ddfaa158ba6806467ef3

SHA1
8051d6050680a2ea8ba2ba07aa29bb312ba70f8f

SHA256
e72acdc734d2f3470313b7e9b84c66e775eb183acb888b7b3b039f0c19c22abf

SHA512
026d199d7044f792194476da5374b623975588a06a22353285a6f5f19187fbb9933e0655d4eec179406eec4c4359b395d6a6066ef3b6f6671f85905667b5e909

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
e92e7c9996a3cb5babc5223eb2f76a16

SHA1
9dbbe901b0c02be523a491e2bdb51f6e542ac66b

SHA256
98d3b365f72eb3ab3eb75aff49840735033aa0a15f49ac5d4030e85587c60213

SHA512
6bfb06111ef0c400ce810102ff3b5ba39978d34e77c9c30d9c76d907c45e54cf3ca57584cc2a1fd496d402185d449ab3bc3d9e9675d20b79e61c703c22a4c606

Download Submit