233ca15aaf8fdc2fdf0a77ecd99e41d4c4fbd4439293aa51b777a7ddd313feec

Analysis

max time kernel
2812153s
max time network
158s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

233ca15aaf8fdc2fdf0a77ecd99e41d4c4fbd4439293aa51b777a7ddd313feec.apk
Size

26.3MB
MD5

99b6c367ee936d6dc355ad0401ee9aa3
SHA1

861eab4afbf0b266392d2a0924b85b87e6b933de
SHA256

233ca15aaf8fdc2fdf0a77ecd99e41d4c4fbd4439293aa51b777a7ddd313feec
SHA512

ad06b9d105dd48c5492d91da08664f91b6c726975ab3ec8348633a58a5c7f0e86d18c46c295807b61131b9feb79a98a0edeb32d810f32b528b44dc81a4798ec0
SSDEEP

786432:9AwztTQMK0eX/g/rlQs0+ArlJn3/38C/SiuQqQ6YjQ:6wztTRecrlQAA/0kZjZQ

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.wuhui.weface
/system/lib/libc_malloc_debug_qemu.so	com.wuhui.weface
/sys/qemu_trace	com.wuhui.weface

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.wuhui.weface/.jiagu/classes.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes2.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes3.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes4.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/tmp.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/tmp.dex	4288	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.wuhui.weface/.jiagu/tmp.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.wuhui.weface/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.wuhui.weface/.jiagu/tmp.dex	4247	com.wuhui.weface
/data/data/com.wuhui.weface/.jiagu/classes.dex	4325	com.wuhui.weface:core
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes2.dex	4325	com.wuhui.weface:core
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes3.dex	4325	com.wuhui.weface:core
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes4.dex	4325	com.wuhui.weface:core
/data/data/com.wuhui.weface/.jiagu/tmp.dex	4325	com.wuhui.weface:core
/data/data/com.wuhui.weface/.jiagu/tmp.dex	4325	com.wuhui.weface:core

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wuhui.weface

com.wuhui.weface
1⤵
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.wuhui.weface/.jiagu/tmp.dex --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.wuhui.weface/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4288
- sh -c ps
  2⤵
  PID:4447
- ps
  2⤵
  PID:4447

com.wuhui.weface:core
1⤵
- Loads dropped Dex/Jar
PID:4325

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wuhui.weface/.jiagu/classes.dex

Filesize
6.0MB

MD5
8febf408d7831c69b238cf1762395428

SHA1
af08d8a952c1f08841474d9b42797169fa096e26

SHA256
efad26e8cf2fd18fae58f601745c547b15df7354f02191f79c5c586702d43e84

SHA512
b6a7f1d9997a45d98a9191450cfab34b19c0e3c694ea456d8a75ba290e0447c793534bacc8e2fdf5dd7f11ec7ec9dfb0c4cbfeabe43abf1922614a6516041b84

Download Submit
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes2.dex

Filesize
6.4MB

MD5
3ee401901bc285dbf71569c924d703ae

SHA1
901560d30cdf4df9aa3bd884967d5f7165579141

SHA256
8a2f6a5e13cd1499d514e4899add696ac0654397fad17a856db98a3e3df48d17

SHA512
7507a2a9318c6938ac271025f848532081228191cd77d8fd7ac8a66c043c48aabd8369841f04abd3dad1e0f3a56294425cb62945db688ed3dd084c968826c593

Download Submit
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes3.dex

Filesize
7.0MB

MD5
b298e1170496eca0af0c3239bb80a09d

SHA1
00e79fcc14bd6ac38374396314a0de28ba5edb2f

SHA256
10c94f93e834680b0b861b41e339f56f5bc28340357db797afd06c5a588b9d79

SHA512
f5f58a22fe1ec1d1d94e8250c21948cac3104fceabe1c0a4d0126b371eec108ba1dcbc2c0659b8ea4bcd440a10f465092f468f8c51180bbb0320c6aec034affa

Download Submit
/data/data/com.wuhui.weface/.jiagu/classes.dex!classes4.dex

Filesize
577KB

MD5
63c5e914c2c3fa896cb7712efc7a7c2c

SHA1
72fb1bf7b64e099e9a34147c29cf9c3a3d85df4f

SHA256
f2466514b2e42b3fa4364fc99a4d67e7c40b165fd3d5e233f66dba56a3b3ac10

SHA512
6a404b8e82876273879c2aa99c9128f83512b03b2e773b84b4b4f9eb6666932b4ae2a279248467b57e6b7254a419849bbac53bea37a5a8ee4148f88f5221a102

Download Submit
/data/data/com.wuhui.weface/.jiagu/libjiagu.so

Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.wuhui.weface/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
90B

MD5
ca7927e720fb835f285c6f356389838c

SHA1
94956661ff4bd6f1681dc59200b82267e6c48847

SHA256
1900c2de3a90cbcd6fbece466079032ea426fc531d2b527adb396e1188582649

SHA512
81477cdb865964abfd274013f7592b195c49ca838569ef9947e1a7ce3244c50e08c792de8ecf3ad41985135aaeb8eaa19f16ef96f1018b08db1babba1b3f5a4a

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
229B

MD5
4f7dc128b3da72c0aab897733204ea70

SHA1
e066e49389dacf8318a418da65c8bf29a6de2d7f

SHA256
f444535a55a42a94616116996b3546d7e51fb1df6d4d3a66688c22dad3d9f359

SHA512
f280348159f6c61776050a751798a4afccc3b66fd276d71bbf942078b4d1106acba9b648d477a85865a0ab46b7c65e644d764132a4374b78acaaae81e6df39a0

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
78B

MD5
73055410c21b8f9e771327a1a2690bf3

SHA1
d74e8058db59aaf7ee752beca2edf123b8d751e6

SHA256
79e3912ec711422cbc06060f3b0dd04f07ae2aa55940fc8c118ade56c3d84ffd

SHA512
09972281db955ec0df8bab659f65624678cabbc069892e7766a595bcaeecb8acdc60d7af28ac7091fa571cab162b5bcb94e6665fa46f3d1874c27a1cb6ac9213

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
55B

MD5
af2056a56b80e6bfa54dbd0800fb1e9f

SHA1
f7a76bb74aaf7c4ae5410e83a3db2aba24f46108

SHA256
4b6c55862abd8a3712a674edd432c3082c72da9ef21ca27acc687a683670628d

SHA512
f6636083c2bf9cce5802693096b6e775f3ea5f47924a9b900c1a6ca2b7aa607fc356faa6d5a3e8f4a7765366d419a96b8a3ddeb0b965afcf9707204307c00be9

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
151B

MD5
06d62337a6085bcc57bb8466e60fbdc8

SHA1
507b51bdf57bfea92b3ce3574283763ccf81f655

SHA256
738e65fa8fce03ce0142d4e605debc90ff5d795cd35267e9bdef4a293f573793

SHA512
73556825afdd2332b48dc7bd3729edd8ebc9f584b91df19b4e33a6e830c2008b4ceb2f9e178b3aa0dc0c0ddaf847408d85bd94b02f5b6debb3a376d4a4c0a24e

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
141B

MD5
29bd616fd62475bc1ac5d131504d8de4

SHA1
a1435967bde4aae6c6905e89ab00609e380ad39d

SHA256
9b73826fa45462d2c79af182c762cfa50e1517be29c7c15da76e12309e430124

SHA512
957555373b8d390d5d3c7b995d0a0d7d7d766456dc09ab3f01ca74a0a3704567c3994f09d0b5136d597788c4691d9f8fe3dd619b3f6e7258903b91eb25b89ca8

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
91B

MD5
2159878f37124f29ba013d6d339cbf8e

SHA1
0fe52d187696d5595f1909772105a6a932c5c7e6

SHA256
f8ed66bab81c6ac1499ecead1c4bc36b87016b22bb83a278735e9a477ac9abdb

SHA512
184bdf41b4964251d332ffcbecb2b5f3f4abe12c909b7245690372a365b94c13f8faa4d1c3afc5c7832e1ca8095f7c64ed6f0486178c2b6f02d509bb20e933d1

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
175B

MD5
91b5b924ae9dac59cc4ca342572f0243

SHA1
1c62c06e95922ea4a33840689fc5992f99e94f8c

SHA256
57aa150af4b437e74cfd93dc14b0110aaff850f018e2bab6759b57a9970db015

SHA512
e89a371c9af4c88b830564ddbb9ceffcfba48b3d26e86d3b604f9c30fa255454838450b39210c003ef802755edfbbec14fa46a352dbe62a2fc75f8b92caba6d9

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
314B

MD5
5378caf8123f69167bddec360960c357

SHA1
f37c1d044f873d40339a4bedc5fd5828b4778b5d

SHA256
002b90cca52f3cf6614f91024cbd22cd6ae5d075fc08e8b4b44e94b54d38105f

SHA512
e78ff94e8caec7c52681472edd8be71c3ecdd622e3499cdb7bcbd4f7f39694c4b9f4df68f0bb18b18ec55c53f08bfee022a12748c6388cd045294ca8e2886c93

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
58B

MD5
c728382821163782184eb5e8a57b05ae

SHA1
1b0b7fdf98c6f63c99e998a596ec77f116a21704

SHA256
32d0e0baea4f8a9f79ce81712a571185ce3ad44e791cb2c3d46d92572a443f31

SHA512
eef0bebb5e6a15604a398abd050a9dd3e01236b4741c1be5abfcf7fcaf3aa97545cd6c462027b67a9234dca7b304769bb79e5ab91d1790f9bb57ec9dab7447fd

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
95B

MD5
190fa42370cda0dcb6953e50951794d1

SHA1
a860d37a9e8a04b4f0c49668c1804e0916ad1773

SHA256
6974add5c476319c68d6a71065f2667dea3921441b2f3b8368a0a967f7edf862

SHA512
a01c447340a70b73d3150892451e9ad5002fdcf5a5dc64485e1e5ced379f99b604f3254f1d454aa3be56301bca2c5501901de54526a049c29489f23cf015b99c

Download Submit
/data/data/com.wuhui.weface/cache/nim/log/nim_sdk.log

Filesize
73B

MD5
9b658f1bd8d4f58bfc31e33bca1e92e0

SHA1
2622f4ed72f10c81e5604eafee65f8dadb61691a

SHA256
2684f1012fb42a8f362c22c1bb09faab450ca037252c55e8648c1e1fa436f702

SHA512
f3833d364d98d8fd3095f3cd6aa10b53f3f0f7ec8b60595b5e16839b38a8cc4d4d8b6a8501a44efa64af841c89d1728466232b13d7d20dac38e0107521208ad4

Download Submit
/data/data/com.wuhui.weface/cache/sentry-buffered-events/564ce8a3-22f7-4da1-818c-a8c756714390.sentry-event

Filesize
1KB

MD5
e21169465305c533caeda1b1e6708f68

SHA1
786e885c674e950f9d65c26e9d8a4db467b98e1c

SHA256
4c0572c411bc60a798fe597f9a0e846111f4971a28071a7fce76e81b10d9b567

SHA512
a06712bff3e5662ef8ff26ddda8e702c01520ce2bb8bdc3d4477adf2d2993cdd504ac50aee0e73a0f245c456d9b6f945af5e6f4b7fd6c926ca8b8ac4e8d505c9

Download Submit
/data/data/com.wuhui.weface/cache/sentry-buffered-events/7c9b7cdb-fa20-481e-8ea0-d4dc2c4dc215.sentry-event

Filesize
2KB

MD5
ee1f2e4530d5a1ed9c09260e4f2891c6

SHA1
0968f245f9753c92d8da0b6b892dc2c149ff034a

SHA256
8e2502a32a080666c93c2384da0cf7d7cc8198b4394e082aeac29553314547cc

SHA512
dc8d19a8a2f7c2df871ff2a495072698e2af0627f4404795b48272cf74f33c7b54b41a8918054d1fb98e6499f0e18b768b498962ce363ba22a86857668eda2d3

Download Submit
/data/data/com.wuhui.weface/databases/zhuge

Filesize
24KB

MD5
7c3e90409d4df832488dc5d600c2b3cd

SHA1
041b8676dd118789d012a7058fd9e5a43b993d1d

SHA256
071ad11ed5da85e3c0f9340d2830842dc5503cc49f7db72f0723f94e1ac27fe0

SHA512
4c8fb14d7ca8bc041bd920fa346a0b3b6fe6ee6dabfe5773767cb57df7d6baead467efb2269fea103a3a8690b4c69c2358f4750a195e1b1d3afb4db7bf62b082

Download Submit
/data/data/com.wuhui.weface/databases/zhuge

Filesize
24KB

MD5
351d8f084547b67dfbdfb921ea6681c5

SHA1
2a84dac4f733b070efb0ff9ae92eb1132f6322bb

SHA256
14307960d7bc2b9ca7adc82911e864a5ad75593b72d5945007c81237f04541c3

SHA512
645ef45349caa2fbbec74cc28ebc514e6dad1a48891073808f8f84b4b5e5598ccbe45d16c16d6996814644b84e07d8bc865318b80b564ccaf1b09031f103f213

Download Submit
/data/data/com.wuhui.weface/databases/zhuge-journal

Filesize
512B

MD5
e298058f101d67058ec56b6cf255c5bd

SHA1
8151eb610c713a3e35ab4f8cc91c7e59bc15c94d

SHA256
f58504a62156109391dda24fe9136df506c82cda32624cf61f854b66b662cf5e

SHA512
b2e80ab1984ca98c39c1bcdd4088c001db65b2ebce19f2f668fbcdfcd8d20e8c00fb7fa08a29fdf81ebacd9eb08e98ebe25eb4aefaf89ac4a01a68414947c87a

Download Submit
/data/data/com.wuhui.weface/databases/zhuge-wal

Filesize
36KB

MD5
1a731e80b1d82c6051e8124bf4f518b4

SHA1
bb54d44dc96bec68be742f4bd9d6c68051b8c567

SHA256
0f00111b46dfbd57d6630abd54b9ab11402d5b27522a273d9d7f27f51b1deee8

SHA512
2a1406bb8eff9c6b0cd6544352ada4f9e6c16a592673891fa7707a2fd8ee4783813065753d609f0fe5b51dc8365a357b377d65728195f0a122b9c66090975a55

Download Submit
/data/data/com.wuhui.weface/databases/zhuge-wal

Filesize
12KB

MD5
e6476074d3cda5385e84f5dfebdc5090

SHA1
c6f633f3adb511928a177218f9bad1093ae900ef

SHA256
14cbd2b32dbdd549c05f4c093cad7b867a12d31f0799f875c93095212117bc2c

SHA512
a7237b099c3dedff63a51098fd3092b3a436cd378e70d0fd149649fe4e4056764dfbb7c5467d29d93488aca8d36a58501353fa1670d2ef91d2aefec3fca2e316

Download Submit
/data/data/com.wuhui.weface/databases/zhuge-wal

Filesize
12KB

MD5
f2c94ee58ea584b54413d053e63a2c4e

SHA1
fa955ced00bf3e725ec8bf8fd0b5f44437e59c19

SHA256
42de8022324671f19c93dabbdc9d177dd6835d91e2bc2a64fcbbaebc88b65d08

SHA512
518b7c5fc8a56b30a7670c31dbc751b0bcfec66fc6f3971a58eae387724056c14d701ccef52748956c26cf70a3ee748f4d777ed1c6ad05f11aecaeb116c9ef3c

Download Submit
/data/data/com.wuhui.weface/files/.jglogs/.jg.di

Filesize
340B

MD5
9ef9d68e6dfd739e0b711ca0b7a1e24e

SHA1
42942d16d2d0d9f1bc133e68bba2d088189c8415

SHA256
45f03d2356ff0a61cee8695fadfe84864dbc9d83ec3a762bc56e46b450422520

SHA512
22859eb09e895e8b88afed68c02e844709b917e4ddfbf2cb6292a2d8760b94dc4377e69212d0e18df94046463e81e07cbc444db60d2844d1b92ce26779c351ab

Download Submit
/data/data/com.wuhui.weface/files/.jglogs/.jg.di

Filesize
340B

MD5
98cdbc615e0e0eca588faa78da539351

SHA1
9f154b49e33c142b076cc6d52d4759775f59578e

SHA256
d629afb9feb3d21ac977b5dfa57eb70da838748e547b2c065e478464d73a42ae

SHA512
38a7f6a033e8adf762b12e55c024661c20a6c7c31d819ea03661b72c3ba3e46dcd29f004929527e498672ac618a9da663433609002ff70e50ad6706d5910c863

Download Submit
/data/data/com.wuhui.weface/files/.jglogs/.jg.rd

Filesize
73B

MD5
60a0bb7153fb412bec8d403a3ea969bb

SHA1
eb2e28a622c2905d52a3e98ddfbc5174b6efa3e8

SHA256
dfd226c1b31530431d149ec1b5c7208c470c54f8938398fbaba0ae2e36d1ba46

SHA512
6bf110d2b481fd61c8e73e5a510da2e2940acd23a2950f8a8c5daaaecf149ed6a8b053dc94385547f85caebce2d831759c8f518989768cfda0946ade5fc76555

Download Submit
/data/data/com.wuhui.weface/files/.jglogs/.jg.ri

Filesize
314B

MD5
c77b3c8d6db1610c81a5c4cdc37bad06

SHA1
826f64b1accad7fb7e1a99d9d04cb7788b51af07

SHA256
21410a0445ee3da3f4b0902063381e4272a1056fd15dad500ce80f353d5f8274

SHA512
22071bbace397377bae71c75fb1cd03dac085d9fddabcaf46cb9d35431e112625d02ebc7f960799f00f61afd49e3d8b104c12178288711ddcee2fe834f93d254

Download Submit
/data/data/com.wuhui.weface/files/.jiagu.lock

Filesize
27B

MD5
91b2162280ec54c20299c6c61fdfa8c3

SHA1
d029a87583934b3777ead26e19f5ab8649b3b983

SHA256
0203edb8e0d13f31be4b02570f8debb0efdd2a3f9f4fc9654dabf29668cc6c89

SHA512
ccea4b121b87d183ea81d4f17a0fbb7d23f47e501fc6e345707a0daa59fcdff4fe06967e11eb226e5fc071d594b4fe103227c025fe82ed566457e7111f01a4ff

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
11534a234edc03926c0899f69bbdf41a

SHA1
6e91674dcb7853001c23db03ca603b5e8421acb6

SHA256
c118dbadd8a36ad06665b2b7fd655c0737218fc1415d29c7bcf9ba3a3677dd94

SHA512
da3e768d43a006fdba7ef46da9ceaabb62a730e7c06242c6a5aa32981708e00881e60a2ae78ff62597ab0187a6ce9a26a088024735bcacd71c5c3fd4b03909f7

Download Submit