2146023545d09bac7736a7bb86bf61ab38bc8daa44d1642f9333e6d72b132ba5

Analysis

max time kernel
2799585s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2146023545d09bac7736a7bb86bf61ab38bc8daa44d1642f9333e6d72b132ba5.apk
Size

27.6MB
MD5

0bcf3c297e3c39cb29e868d0b4d82e70
SHA1

40b87e7f910dc69062ba355626ec9c81fe063116
SHA256

2146023545d09bac7736a7bb86bf61ab38bc8daa44d1642f9333e6d72b132ba5
SHA512

738817ad3b6ffbd8b9080199f77a6a5937df99f3ab1366b80e07c88da53b2e1b17c8e01f211a8c163f17e307396531afe3183d5444ecdb270f26564df24a4395
SSDEEP

786432:L1iNQPC+R43Ya0yEd0tr2aEq7aAv+FVrmuBn0tFsc5:piWPCCza0ldMrBpv+Fx1B0tF5

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.wn.ydzg

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wn.ydzg/.jiagu/classes.dex	4474	com.wn.ydzg
/data/user/0/com.wn.ydzg/.jiagu/classes.dex!classes2.dex	4474	com.wn.ydzg
/data/data/com.wn.ydzg/.jiagu/tmp.dex	4474	com.wn.ydzg
/data/data/com.wn.ydzg/.jiagu/tmp.dex	4552	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wn.ydzg/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.wn.ydzg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.wn.ydzg/.jiagu/tmp.dex	4474	com.wn.ydzg

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wn.ydzg

com.wn.ydzg
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474
- chmod 755 /data/user/0/com.wn.ydzg/.jiagu/libjiagu.so
  2⤵
  PID:4526
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wn.ydzg/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.wn.ydzg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4552
- /system/bin/sh -c type su
  2⤵
  PID:4741
- sh -c ps
  2⤵
  PID:4799
- ps
  2⤵
  PID:4799

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wn.ydzg/.jiagu/classes.dex

Filesize
6.3MB

MD5
7dcea62a535a201468d1aff7f651c2b9

SHA1
d4f98b39bd84c4cc9d491b788520d7208202f808

SHA256
3457aa86bf11be16bfe83b7d77160279ab1d0f6ef3ce9c5b282905c167238080

SHA512
a11a0094506397484b3b02badf32eddc0c3a4974e12d6c6b0e1f5751a58d1f9e68d26a45ba2e38c696a7224de280906c02590b19f1959bff277fe460d23ee5c8

Download Submit
/data/data/com.wn.ydzg/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.wn.ydzg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.wn.ydzg/app_crashrecord/1004

Filesize
218B

MD5
6f244dc6dff1dd9615f704e9ae2d5114

SHA1
ee92bbcb8fe7f9d27c4c203f17fc51a63f13ec61

SHA256
92b9f8a8578d56942f9933c586911966cd2c95ba0095b0f0ffe9256106d211c2

SHA512
0ae8387005374f6dcd3abed6f10fcda73bc9c68f1370a742d8568af327377286a320922667a5d7dd2ef873b5b702cd5e1a7250b2b99ee29d28a438b57e9d2130

Download Submit
/data/data/com.wn.ydzg/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.wn.ydzg/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wn.ydzg/databases/bugly_db_-journal

Filesize
512B

MD5
fb7ada58cb583038909588bee04847c2

SHA1
f51185a188fb095f05ad7e05efb3065e88589fd7

SHA256
eac79f12c691fb23edabe9c6b955e004ec23b4a6c9b111e5cb430f8dcf6be9fa

SHA512
65347bdf2f5cb8c293d5fdf7e43e49673849c39cf14286322f2221cdbce080223ed133fc2309d3f1539c413af0ac1e4022d9c3d3270e72c9f369ee34dec7c795

Download Submit
/data/data/com.wn.ydzg/databases/bugly_db_-wal

Filesize
16KB

MD5
3e76131efe7818a216be9a62a22f7e12

SHA1
51a857bc94f5d9889660ed2b5c37b7183dd070c9

SHA256
0b23a1c710752ac3bb55de5cd4ef69d23bf53a147ef49413c8db5fb18940f3f6

SHA512
64931c946e3bd40e1d6516c1920b84ee502ded68758f63f9b0f1b465596c016489a00d2d711a078015c55149963b2f0b17ed37f8ff09c6c55314d540c08a778e

Download Submit
/data/data/com.wn.ydzg/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.wn.ydzg/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.wn.ydzg/databases/cc/cc.db-journal

Filesize
512B

MD5
83a11dc5f906a5fb5eb449f9bfed03dd

SHA1
989c4c3a4cbcf27fdb6cb913fe829f35dbdf75f4

SHA256
f7862d82897f6d3a9a0ffdc52d37794dad3c8add171adf1cb9b45a5b73bd5adc

SHA512
2d1c1c188abab8d522ff0cd911578a338ed279e8f0eceb0c6e6631052ae7e7364dcaa79a40886c435ee6f0f0e1365226eae4c872822b18b5838cebb679961e67

Download Submit
/data/data/com.wn.ydzg/databases/cc/cc.db-wal

Filesize
48KB

MD5
668049a8bf09757e2283f03ed521ede8

SHA1
511297baacedfecc5b50984e7278ad61145478ee

SHA256
a529ee0c46e99bfdeff025eb17d654198081fcf53a151dbd0308149c432689bc

SHA512
8202dea4c86cca2e6e14993ac5c1e6db6d8424d282de0d6763bc9ae4addf1290865ea2372500b919e65b698ba70b7c4b5b0608b3edbaf92426fdffe425c28826

Download Submit
/data/data/com.wn.ydzg/databases/cc/cc.db-wal

Filesize
16KB

MD5
ea73a6fc83530ab9910e6f64b4c63d03

SHA1
d05111bc95c58d32908c49357880e3778003d4ef

SHA256
155528ede3717c0bc8a8b3862e1a87bc31b3a5ea902ca712fd3390a78ef09adc

SHA512
79e5864a9673232d6c707472c88615e1e5415e0bf7c2833ca520c320b7c1fa64d5305b1b7b3054cd54915a9a8e03a33ccf5e740fa6b436cb501308d9b5a21f24

Download Submit
/data/data/com.wn.ydzg/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
d9c1ca7076f9b8d844ca86bf05925a05

SHA1
a70125970ea7a6122ef9a2f2fcaa377f0569ca46

SHA256
941da7f888af28a33e38e528f9a3bf4576ee7dee657ae74bcd3fb8946dda1309

SHA512
099fbb11ea3650143c54b5079f10d38b3825292f2a8a56e0a9795d74d119a6791c2ed1c1669f787b6ca81475fceb58b0a2599a0329b8e9bc56bea1807fd8e38b

Download Submit
/data/data/com.wn.ydzg/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
e08713e7c3a77217ac74432ca0c10c10

SHA1
1d706763b4355586dc1a6cc6b40b8c9cafd4b922

SHA256
be977d7a3d20a929d74ec84279a2b0866d9da9053453a9c810380ceb7b212bf0

SHA512
aedf0da47e47ce5f846e9f59c29e478a4312eef74a0faaed3c66bfcaa94f3d9ba4feeaf61eb7eb69fb453a5b91e1eed4ce92fe0c81c83d20d012eabb8c4d77d1

Download Submit
/data/data/com.wn.ydzg/databases/weineighbordb-journal

Filesize
512B

MD5
b5fd7c0485508b54291f34bebf9a8538

SHA1
111bc3fe6a6d31cc71453a6e4b942e5ce569b1ed

SHA256
71037b3ab9e6d553a880dc2377c49314e111faabc60f986cbce491c29d8ea404

SHA512
a0919837269c77ed9064840ac1fd3067b53f1b7aff0ba3706d5164fe83999520ab2e44648b99e6ca1abceaeb4bfd7006d2fb7c264bce8ad4b59ea09315d729cf

Download Submit
/data/data/com.wn.ydzg/databases/weineighbordb-wal

Filesize
16KB

MD5
6e800da0c2745d643bbd6a5afa5b7f96

SHA1
49a4939bba43f9bf5dd3eaf1778567d57854c401

SHA256
fc5421b424191d6f8b64294cdc2716d3e5b940d9a05acc4cf5e51bc9e146f1c6

SHA512
6082b11a5fe118e80d6f654a95f0ebfd1c5d284ed04d8535a482286ecd2a687a2bdf6319dde455ceb05b3f9532d1523200a2807ef959102320a9babcc5be4246

Download Submit
/data/data/com.wn.ydzg/databases/weineighbordb-wal

Filesize
136KB

MD5
077cb3b43be0a5cf8bf626d80e097045

SHA1
a5d31cabf836ccb6a14427bac6d071fcd642c32c

SHA256
ac4f73c279f75b30a2ba9efbd8264b153c0098ae725abb413682878a1c0e3e5e

SHA512
f642660033fcea79f815bc06a8e126ef7a13d9f42bc7f83994721cdc5f74fd8fa9c1b61001492d42720ba4eebcc58a5aad9ae40865f971cae7f6399cbff3c794

Download Submit
/data/data/com.wn.ydzg/databases/xUtils_http_cookie.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.wn.ydzg/databases/xUtils_http_cookie.db-journal

Filesize
512B

MD5
d863c39b88c3ebdb96fd88a0db106e7c

SHA1
2e77e04a805da3d9b13111063e5c111be4de8da4

SHA256
4303d93283c1e602b36ab18623bae08f1ce7dda4f8885e20088c99fcf57f8973

SHA512
ded67bc65756bc1627e005f7e025aaa11c8d86ca43e0fabfe0cd351d0732e660a3367a4222187767fd547705074b8fdbcda97e5fd2214c01d55ee33edce6cbaa

Download Submit
/data/data/com.wn.ydzg/databases/xUtils_http_cookie.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.wn.ydzg/databases/xUtils_http_cookie.db-wal

Filesize
16KB

MD5
e5c26e356d99c273cbd949e90ff8b0fc

SHA1
fe6c545771e08768a3acf3dc274dcc7f0a70b946

SHA256
5e6d87e3753fa398c27cfadf7e32a2ded07ec514ee85b9bc0bcb73b44470a945

SHA512
bf970f042323fe9463a6db23a1c58da9e09610e960b85950b3bd309da5ad4ead1cbd3c5a96d75797af8f8fc7538d48ccf3f96e9a4b4e38d5730ea41abf28a890

Download Submit
/data/data/com.wn.ydzg/databases/xUtils_http_cookie.db-wal

Filesize
4KB

MD5
bada092d0745dd34572deedd1882e407

SHA1
fdb7b90bfc72e754143547338d93d5c6623d2790

SHA256
9d73744d2f08eab2e6b297b7a3d2c83d3f9f0b5fcbd052cc31a2226eecf3337c

SHA512
ef829c6c0b4fe95cd0d7b7ccfe467ec0ca84153452490c43ab40b5f65da1a3973108d093027ace3a3d5e72ba001df53848e56f72075bb1c29f07d7b0572f6d6d

Download Submit
/data/data/com.wn.ydzg/files/.jglogs/.jg.ac

Filesize
40B

MD5
df0b2ea456e0096d7a1b7aa3a52a9293

SHA1
6f6755078c0a88752cffdfd2c6080ffb4b48dd40

SHA256
f3a0df60322d8e0e20cc51511ed29db888f1ca489d916a3bb8ca14ea3e6056b0

SHA512
9e23369ca1b802f93562d79327d6c086294e0c8a8e53246c3247b4057f07981dd116fa0c28df323c97d0b9661fbf0f0716cb359f18a7cd86136e7ce29a3aa1ba

Download Submit
/data/data/com.wn.ydzg/files/.jglogs/.jg.di

Filesize
340B

MD5
80b165e8d6ed002f3773593d9b3df155

SHA1
a614cd144c279b5fb9f53693ded75529b2660ba4

SHA256
14ffd0e9f207ee882aa59b73924d18b97cad436c2368756c6f0cda4e0a123b35

SHA512
3a7815758b950bf3bf2f8cec903f18a7e4348dd153e3c47f885b9900df28646cb73745c3cf59da26e6ac150e9e5810fcbb0eca65915170ed6308d09d23fab7eb

Download Submit
/data/data/com.wn.ydzg/files/.um/um_cache_1703606634574.env

Filesize
1KB

MD5
d024643ccf59269888e5df7918be5adc

SHA1
40eb61edc6d9b74ba13cf23aa7d561df3e925020

SHA256
1aa98ec5c65c2593b61afff008c6d5a64971d8ad9c2f6473c3b26d4d62b568fb

SHA512
ff94c929a36e085fa6625e715f57087454279fa7f730bb0cb8d2358105ad86595b951cb33ad5161c0532275838547d3e75aed5b11a9b125de3525dc987e66450

Download Submit
/data/data/com.wn.ydzg/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ffc72088527dda757b2195b740182b38

SHA1
fb335e2a171dcc7902ef0b19f6f75fc0ccb48e8d

SHA256
7e189a49b4dae8093e2cf27f63c0e55064882588cc0767df5baf1ea632f2ad34

SHA512
93e53b93ca89d42e2356302404e74ae0a29fa7fada545603be6da93c30adf8d3217b7eaccd5be73e1c6b7eecfe9b87e941c1beef5e897afa9e18e2de1f720760

Download Submit
/data/data/com.wn.ydzg/files/exid.dat

Filesize
54B

MD5
bae8434fc821c3d1f2069b8186d5b99d

SHA1
c347adba52b59bdbff296a460a78f3b9499ce7af

SHA256
890ed46800d9ed8f36766a22867718e0f36bc21a67ac631b7c89b3461b292634

SHA512
45755abe33db9f4309f8a74b8b6892e6400515b93a2c3b50fc74b31ff2f42ccb28f9e2433eccabc5441e1f498b94a1a0d50fbd36e17d21e8fac71905b34f7768

Download Submit
/data/user/0/com.wn.ydzg/.jiagu/classes.dex

Filesize
5.9MB

MD5
db9bc8c35b1b26f26eacbea8fc55e961

SHA1
2ff2d61bab0d7cbaa7cf0fd7e0c906396f82700e

SHA256
02635ba2cb678784ab95bbea3fa3584a50ee824fa85056f880f57d234f823d43

SHA512
3f4de630eceeb9fed22577792c22eb8dab8fd30ffb7583d930433d9d8fb5f7bc3571ad78beb823bc97d5f67eb4ebb77b8e9097e19cb69424da6fbadfaceb6759

Download Submit
/data/user/0/com.wn.ydzg/.jiagu/classes.dex!classes2.dex

Filesize
6.1MB

MD5
93b9edf4d4313dd0674f19ec5825ad6f

SHA1
4d7be2a8477179917e786cac760c142127f730fb

SHA256
b50901f24475b489c7a91f0032f08ac0943e0815068399d86c877bf9adc99edd

SHA512
288b1a22f6dc5925333fcacb07d7e4f917a7a6431957aaeb49de45b131600345361535081254feb8eda1951c0e2880358d16b68ee3ae5afc91e85330ef278c79

Download Submit