269b5372fa364d7bbe99da5562e71ec9c9fc68f6e29db44d8769a83978fbcf1d

Analysis

max time kernel
2818391s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 13:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

269b5372fa364d7bbe99da5562e71ec9c9fc68f6e29db44d8769a83978fbcf1d.apk
Size

21.2MB
MD5

a03fbc5a6361222645a727e01103f4e2
SHA1

d72a01f4120477e584bafd3804bbd891120b9138
SHA256

269b5372fa364d7bbe99da5562e71ec9c9fc68f6e29db44d8769a83978fbcf1d
SHA512

24d2257d1bfcd16f5a96524f854b1288dc510ddbab9cc9efc0129358b6145086c79dcdb5ae8abd02906117ea5e625b7664aa5aba06c6d3d42ea061597624259f
SSDEEP

393216:ViN7j1SnL3h82RFqPs/2oArq1Abc8zV9U7i3LUNeivdOoGLgNeipm157:EFwL3hXcDrU2R3Ge+5eRr

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 22 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.u1107897374.umt/.jiagu/classes.dex	4230	com.u1107897374.umt
/data/data/com.u1107897374.umt/.jiagu/classes.dex!classes2.dex	4230	com.u1107897374.umt
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4230	com.u1107897374.umt
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4260	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.u1107897374.umt/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.u1107897374.umt/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4230	com.u1107897374.umt
/data/data/com.u1107897374.umt/.jiagu/classes.dex	4306	com.u1107897374.umt:pushcore
/data/data/com.u1107897374.umt/.jiagu/classes.dex!classes2.dex	4306	com.u1107897374.umt:pushcore
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4306	com.u1107897374.umt:pushcore
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4306	com.u1107897374.umt:pushcore
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk	4230	com.u1107897374.umt
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk	4510	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk --output-vdex-fd=61 --oat-fd=68 --oat-location=/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/oat/x86/base.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.u1107897374.umt/.jiagu/classes.dex	4506	com.u1107897374.umt:p0
/data/data/com.u1107897374.umt/.jiagu/classes.dex!classes2.dex	4506	com.u1107897374.umt:p0
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4506	com.u1107897374.umt:p0
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4506	com.u1107897374.umt:p0
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk	4230	com.u1107897374.umt
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk	4506	com.u1107897374.umt:p0
/data/data/com.u1107897374.umt/.jiagu/classes.dex	4585	com.u1107897374.umt:p1
/data/data/com.u1107897374.umt/.jiagu/classes.dex!classes2.dex	4585	com.u1107897374.umt:p1
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4585	com.u1107897374.umt:p1
/data/data/com.u1107897374.umt/.jiagu/tmp.dex	4585	com.u1107897374.umt:p1
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk	4585	com.u1107897374.umt:p1

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.u1107897374.umt:pushcore

com.u1107897374.umt
1⤵
- Loads dropped Dex/Jar
PID:4230
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.u1107897374.umt/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.u1107897374.umt/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4260
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk --output-vdex-fd=61 --oat-fd=68 --oat-location=/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/oat/x86/base.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4510
- sh -c ps -ef
  2⤵
  PID:4715
- ps -ef
  2⤵
  PID:4715

com.u1107897374.umt:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4306

com.u1107897374.umt:p0
1⤵
- Loads dropped Dex/Jar
PID:4506

com.u1107897374.umt:p1
1⤵
- Loads dropped Dex/Jar
PID:4585

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.u1107897374.umt/.jiagu/classes.dex

Filesize
6.9MB

MD5
27e8486af2a00d3fcba3d79a77a56c5c

SHA1
12a745e2ba5b4126a19520385b9faaf55ea4a0ef

SHA256
92f176dc9ac13b7d9157d79c9784726243cafe5d7e504a7032ef3417435fab81

SHA512
93ea510ed9637335ee3324dad8f660da6aec5ec39a694b0cf05bfed1266ad4750459752f07258ee3e6ab9662317184ac434c1e5f2421b2ff0c7fe73a6e0afc90

Download Submit
/data/data/com.u1107897374.umt/.jiagu/classes.dex!classes2.dex

Filesize
804KB

MD5
b86352805f7d1d0d11122623c0f8effe

SHA1
6d5f07fd469cb315707521bad011998cf9aa568a

SHA256
e1745cb985b1d8f565cb11c4a2f5f7bfb65509cbf8545f46479459abf3903e66

SHA512
3279af67c8759e13ddd6c8764f92998b24bfc08e10f2ace237e0e86b3ce7c9902c2c523cbd2ab0ea653c273254a23fcc87a384df838a48c28a4c1d91902d2e71

Download Submit
/data/data/com.u1107897374.umt/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/data/com.u1107897374.umt/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.u1107897374.umt/files/.YFlurrySenderIndex.info.AnalyticsData_48RJJP7ZCZZBB6KMMWW5_239

Filesize
88B

MD5
8188eedb90054757767db2f7151e85ae

SHA1
32ba5d54b66e2d5882839a5a5233308ed1ba59e8

SHA256
3e073a11fb3d68749aeb2b383d92c1c147182041a9c1bba80fb3856b735eeab6

SHA512
065269b372e18f102f11c02d1f53d1c2d210a6aac4ea9838db04e6b909c21570c3b2bd5f02c53dc4b1383397989cd6c428d97bb06d2b3d84b5bf011702b8c8c4

Download Submit
/data/data/com.u1107897374.umt/files/.YFlurrySenderIndex.info.AnalyticsMain

Filesize
72B

MD5
deae4f12e8444d320ae1db9d7c268231

SHA1
7ad2b7af358cc715992a6336aa0f00f08b3241d6

SHA256
e768be1bb891877d5ddb4608077b788953bd2a35f830872d6558354bcb345fec

SHA512
a2f3647270e1ccdb1f1160f19844c304cfa38b935bd4108459f2e307e8cddbb3b605cc13099fe0c33616c61c128b8bbbf8ad75921fbbd10f1f43388acd32870d

Download Submit
/data/data/com.u1107897374.umt/files/.jglogs/.jg.ri

Filesize
307B

MD5
4055eca9b1b329bd4b47d64155f7d497

SHA1
64d7a662c7ddaf2162457f33fb27693f5adba89b

SHA256
ad004502302842b9e0daa012e389c2c3068f4774b906348c315e61ab76e1979e

SHA512
d4803ebb93cbf87ed1985faf58c01c0e61c1acaa035525226cee4177506566afd76c5f9335504bdf78e3275b3c7f1ab2146f3b6e827ac87bbcb41a10bcc54f64

Download Submit
/data/data/com.u1107897374.umt/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
e2f67e0ab36c70a45e2c0e6719d987c7

SHA1
00cd77ae65e38f2012c1c5b83f2fd4146ce0f31a

SHA256
7da613aed5d155ada88c42ad86236c4ab0afd32bce997de27de6c0fbe3bd29da

SHA512
db8aa410fcf05a79441de924ad76d26d9e0338523ff56190b4d58ff1e999e2722c9c70b48d99a50608fc77d3776b25b7e25ad7a0b02ea509ef5b6b5f07e8e3cb

Download Submit
/data/data/com.u1107897374.umt/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
dd1026436e6137d58ad6a41032f9ca49

SHA1
027e44465e6a0095e633fa424b07e2b8e48a4015

SHA256
6ae22fab781c118669c20348522d85a6e3680fa5eae3542c3e3c70a37221f5a3

SHA512
8637cc3692c2a9996fde9eff940bc2d4d72238254b7b05e27c4c4c4b2b6de67e7392add2f6ce8343fbdced617e434404e9cf28ca2c45c88a7c7b414e47fc5044

Download Submit
/data/data/com.u1107897374.umt/files/.yflurrydatasenderblock.8e01c8f3-29af-4563-a058-ceafff0b4e3e

Filesize
555B

MD5
06b477ecaea208b5bf80b2810d56765d

SHA1
ec3c922b097f2f040a6274720c7f17e42eef44aa

SHA256
925e88173cfb9a92abe615074570e16c75d5001ac54eb1d28410827d68ff2d5a

SHA512
2bbb39dabbe96d1f0e27170da074defd0bdbb3e279585d61e1f7e8eafc43fcc1c1907e809603ce74e1c7ea3a63663f64f7b40b45948205bfd9e2647c492cfd79

Download Submit
/data/data/com.u1107897374.umt/files/.yflurryreport.-4284ecc46c5ffd39

Filesize
361B

MD5
994a9b6f4253647875a75b1401dc19cc

SHA1
22f3c5e0a00c7865acca0972e6e7e6394c6657cf

SHA256
e08d025be2bf7b7983222f99521a20f5a9fd849d5f708c6e81f492fdcbca5285

SHA512
4bf44e657ba808edef184c2cff156da630e02d5bc5569c1bf81f0e00b6bfcc75bb48345b179f95ce1b2b3bf4f675594273ee51c4269f8e8d81935c9faca9c346

Download Submit
/data/data/com.u1107897374.umt/files/push_stat_cache.json

Filesize
120B

MD5
23cf9c5b8528e35a4d6cf180cb69e900

SHA1
06be7939011fc6adee4b55b537ddc9022e6c10da

SHA256
bbfb41e7bc1c84c71680d007f8187742e722521649ab4e2f1e1443c7a87d6444

SHA512
284ef78e5d9eb98d3d9c7cb9549b85c3954663ec0ed494d77a555ae3cfff721bb21b1a21b2130b3f751f529459a4bdb850e7cad320193de5c4244fc4d1203306

Download Submit
/data/data/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/oat/base.apk.cur.prof

Filesize
206B

MD5
905729c6478be5070e450e57f2f7b799

SHA1
5144b82b44deaff20a662012a64b381aaf967ce0

SHA256
c36e1ec84a169f593d5ba4d75e6f95a52d97f74f1379a8f75af0ede979c8ef08

SHA512
cead776fdc0d8e3561d239a53d2dc270b5e296acbfa7b4af22b5b396e34072e408c2eda29ae0c0a2ca215f7f06644c960bc7f618e84b1a2bfdf7d96b7a299e88

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/Push_Page_Config.xml

Filesize
512B

MD5
c47cae18eb3f7cfaa0a0ca10cf524b91

SHA1
4d9174df9d8f2b46cf42d655ad2cfc0d6b7453d2

SHA256
411dbd274e88da6ef2e2f639ad5b7324121ac289757d05a758b24f7d2d510c46

SHA512
5659216814289beac1bc7b6ee559be6bf5512b57775ff81675e0ebd9c7bde7f100075f4a58b59d8b083d1ee064f57177c908afeac78aae340522ff97c21a41e1

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
305B

MD5
ebb840d87afcb3c8117c9c1c98e7102d

SHA1
dd9e5930a9da44ef042ee14fa0edb4fa62861874

SHA256
e7e9df4d90e71d1c4af7b064cae5f7a2e1e4ba5112fb764fdf44d6126696cdd8

SHA512
751d38aaf72dae45ef5cdb54be4d260428107801b633b359cb5fb86fdbf4144a5216f4dc6503b5023a359276354acd56468cd2b6a7da9da722732776a7c2193a

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
24KB

MD5
d0782cabc1fbf58a69b7cc2d9109a9e1

SHA1
232e06725ee43c46c56ad03e068f5d7262eebc90

SHA256
49da7e20a8b0bedf1f8052118fcc25b7e79bcdb52c0ba3f7281b2a10f7dcbac3

SHA512
27b6028ab40fe14b807e4cf6682ed91693af03d688ac727706fed00af2659ae9c162c12378eea315d54d97822ed12fbb0abf79c3309ffae188fa41452782f82f

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
541B

MD5
4746786fd6021b72ca6ecfdf17278b44

SHA1
ebcd1216a080c6fa9334fee8ef76ed646544e38b

SHA256
5aec8eebcbaeb05332702c3f4087e90886e29000c62527838a9526cd2b4fc13d

SHA512
dabdedfac25cc204f4637fb4df1147b048901c70affd0b8d4d815d8ddad74dc5d7c30efa3b4d7be4327c006d35a4a74f2661db924fa79b10cd60e438d9566d25

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
307B

MD5
554fb938d976fcc27dd8aa0e3acde85a

SHA1
84745685c394135ea0ce4625ba18e8e1e5d9a763

SHA256
eb4dda868410177fad786a0928c44d930fb34ec318709ddd3e852d21e179d05e

SHA512
12c7ce6c943c3639f1effcdeac1136d080c670ad3521f36c2f648d98ec021b70feb06ba72d40bc0af6bb72af792f4761a639db52bdd8070876c89ec1aa139d83

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
177B

MD5
dfe52f91252e3e1731a9418181c27c37

SHA1
67156597be69c14276f5b06eeb8d39dd38142a68

SHA256
847ac76a12f8a9f864d3a8a481d1f47d34ecf8d551d9722a73c96fb664d416d0

SHA512
0369f7fe80035aac95293f4d8d30b8e1394857d21c5d9893b00e77a965a5fc3691eaf3800a7207098bf2dd7f8a08742e36578a63df5cd93356bfefb792d21e6c

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.config.xml

Filesize
241B

MD5
a4f4b977304b19a55345e016caeb5906

SHA1
67d9c854e8176b2c03d2ce8cbeda57e8218cb431

SHA256
bbf1fa18af722ad710672705b8a6991fd2840cd2d581212de64ecb46b2d0a0ad

SHA512
db0891c4ffd85438ea494fa3c93b540d2e36c2b7c3821a3e5f25ce951afc73cdd824babdffc78a70ad71d071c510252e1717902b1d8abf533652444d371f53f9

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/com.dafa_190808_gugug.buhum/shared_prefs/cn.jpush.preferences.v2.xml

Filesize
159B

MD5
467366b7f465ddaed0830656fcda9f1d

SHA1
36c47ec1e6b37503789d47b3d73a48806cfbe696

SHA256
48c7cbcce9c4a219f0d1d64bee6fdfae26e450338ce71a4d9bc010bec937df20

SHA512
361446feee8887a36305aead904ccd533b427d7570db5b6d62424c00283235b65e284cf1826f020a845d7477b493fbfa5adb5fc55741209a59f75cdd944906f3

Download Submit
/data/data/com.u1107897374.umt/virtual/data/user/0/wifiMacAddress

Filesize
284B

MD5
7ca0ee4ef88fd7346604f7eead5c84eb

SHA1
b08b37c14dccf1f0603571dd62332c75b919dce3

SHA256
8be9ef36e3d98478bd2c38ada04f22bb47501c8fbd61f7ee2dfbe11714b8f60c

SHA512
95e768b6e8c52713e9b0de977462883a1b5762833b6b228b3bbf45ec31c7fa92436820f13a5362509d5276fc7e0dd684b79540c602feee4545c5a28966283702

Download Submit
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk

Filesize
6.7MB

MD5
f8926bb05084a8c9ffa6685b84574f9d

SHA1
d1c2f8cf6e4287e49c2ab0cb1eb9038ce1d32691

SHA256
5359480054791beaa004f195dd9ed4d61d6fb1de050b0b05bef50b4ca91a40a1

SHA512
ef1b1a4cbc9a502baae02248948c5984527c7fc72fcf71ca89354e891125a48330975738dd6b72b87e76d8a1f63f9b0fb76149c7187e0698cb8288b8843b39d6

Download Submit
/data/user/0/com.u1107897374.umt/virtual/data/app/com.dafa_190808_gugug.buhum/base.apk

Filesize
6.7MB

MD5
afd9536ac2ed4fc5afcd0f697733270e

SHA1
183e85564d97a4308e8ce1915c659f045d97c6d0

SHA256
63cef53536a2bb0d67de259e82ef5f8717a827cad77929f363995a601a50cd78

SHA512
c8dc25c008f42330e088fc44370dcaf176af8a79acf2ab59233161ff719ad1e7c08ebdc7588c51d4f828024497c0aba0699d08e4660b2005449d05a4dff48973

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads