33a5fe8a2d7ba22225bf7ff279fb639df80049fdbf02b17a4c4e4c4df3cd48c5

Analysis

max time kernel
2854045s
max time network
139s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33a5fe8a2d7ba22225bf7ff279fb639df80049fdbf02b17a4c4e4c4df3cd48c5.apk
Size

29.5MB
MD5

74659e2d8271e7bb1995c8828ee112d2
SHA1

5de56bc9d22a7d4d19f8794727521303b7835c72
SHA256

33a5fe8a2d7ba22225bf7ff279fb639df80049fdbf02b17a4c4e4c4df3cd48c5
SHA512

71cf6ddb7f352df249d5514c7a0938b84e6f57996b94f04cba74a2688699ca0a203c24dc8c3c927bf6e856828716e0dbd6c048fc58c5560c186fdd7461faa2e2
SSDEEP

393216:NXmEvGuIneOqaMgBM2sPDmbJE2ciq4pzn8yMXK6FKwECpBU+KKWqkGkKn8AxVWk:hQTMXPDUcmn8VK6FKvCpBU+BFkbNUWk

Score

8^/10

Malware Config

Signatures

Requests cell location 2 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cc.gara.fish.jj_fish:channel
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cc.gara.fish.jj_fish

Loads dropped Dex/Jar 13 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes2.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes3.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes4.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex	4295	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/cc.gara.fish.jj_fish/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex	4257	cc.gara.fish.jj_fish
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex	4619	cc.gara.fish.jj_fish:channel
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes2.dex	4619	cc.gara.fish.jj_fish:channel
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes3.dex	4619	cc.gara.fish.jj_fish:channel
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes4.dex	4619	cc.gara.fish.jj_fish:channel
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex	4619	cc.gara.fish.jj_fish:channel
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex	4619	cc.gara.fish.jj_fish:channel

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cc.gara.fish.jj_fish:channel

cc.gara.fish.jj_fish
1⤵
- Requests cell location
- Loads dropped Dex/Jar
PID:4257
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/cc.gara.fish.jj_fish/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4295

cc.gara.fish.jj_fish:channel
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4619

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex

Filesize
6.6MB

MD5
de850a019156fb8c33dfcd8a6efcf173

SHA1
db10664a3856ef2fea6f95a288217f8c3b94c1b5

SHA256
fe4563d21b57bec2f505a386cae31f69eb7c830ef38ca71de9509767c2059184

SHA512
8abe6e15269951870dc948bf21c00f4538c85c6b4a5c9f1f78f2e503f8eb0e51db801e287052db2b186a028d8a460e91afd953d641657666dc55906da4d88d8f

Download Submit
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes2.dex

Filesize
7.7MB

MD5
605ab142812d14a142950fb19359461e

SHA1
8f6393c500867980a3c5955346bdb55e470bed7b

SHA256
ee2c9caa01eca2aa1be496a33165dea01bea2d53bb7fc33a5f0c4bfa915b1015

SHA512
e5c660652b4239d6aa2124cd8d2ff6cab0bdeae61d9e2ca08acec6694f895cecfc089394cefa9a685be56243d59593072f75c24e3f9744307444797c2a268a84

Download Submit
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes3.dex

Filesize
6.6MB

MD5
2f4f3fad8c182d6327eb45a68f534fe7

SHA1
ada6a8b4d6f65f7276446fe7bcbef047095de4e8

SHA256
cca0daf7c10899d41cdad1028207dd05464623969652c8c2061f64fbfbe30ca7

SHA512
6d0cce76bb86e26ed5e8d2042ce1f6b050275aa9ef199496280cc7cfa0eb0985911b35b6fe7b847dfebcc45b54a055b93ca312cb84ee199c06df41a6109b5113

Download Submit
/data/data/cc.gara.fish.jj_fish/.jiagu/classes.dex!classes4.dex

Filesize
4.0MB

MD5
4c7f2ede0065096e9bf48786f4550eff

SHA1
ed24d32dee3283fa9b619f06bfa11a943a493dc8

SHA256
bd038d8790950ca3299b1ce443e52cc06fe780405f1709a289569d9cf28d2a10

SHA512
6e5de2e06af79e2cc33410688841023db34d2ecc53e9a3cf78c9bc692a9fbf53aca3df48b0ccda86323ba24d19d7ecf41cf7a3d44786fc3553da6ff88e2c809c

Download Submit
/data/data/cc.gara.fish.jj_fish/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/cc.gara.fish.jj_fish/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cc.gara.fish.jj_fish/databases/MessageStore.db-journal

Filesize
512B

MD5
5b21ed7513750c144acc37094a530cf7

SHA1
0543da7e77b5c71148f61c8b6f7af4606e94a126

SHA256
3983cc3bc3b3353cd2c43a3a4eec1f67c9c2aa57d9b6ade4c886f372d41626e7

SHA512
d069f5602403eda0daf31f8823948672670040faab9ea027ed0ac9898fa8cb6a1bce89bf4134b2ef955d1be949adb7be194da84d77f1da36a2cf28d6b5ec6189

Download Submit
/data/data/cc.gara.fish.jj_fish/databases/MessageStore.db-wal

Filesize
48KB

MD5
ed85dad31c1951895cd5f6eef1cc9de1

SHA1
e6fee36681d6818d66d683c8c1866cb3e8a7e49a

SHA256
de3b10dcc18079f26e533c22ec8734432719d2f5e7ee7ca7bcdc4a80d5643a24

SHA512
9fd02d88e6b2e8f9f5a19f954a14b94af301c46210baa6aae83867bd9d83adcad45658852008726d8ff3cfff4be093d54a132a15b100eecebfe70a2b8bec5f7c

Download Submit
/data/data/cc.gara.fish.jj_fish/databases/MsgLogStore.db-journal

Filesize
512B

MD5
9d879ebe3de0cc5d297b76f45d9c3f54

SHA1
094b30addeb7b9f90be012ab10cfce0cf7bb87eb

SHA256
1c66b52e89f4837136096431cbfffd8dabb67ed500043fbb05c6bdaa41cb9717

SHA512
8812bd7aa7fbf422b4d2b10638cb693f0e536afa132ae298745a4efbb3227397bb42d553400d860874ef9e510c99db3448cbf1ae2371793dc4c001b222652cc7

Download Submit
/data/data/cc.gara.fish.jj_fish/databases/MsgLogStore.db-wal

Filesize
16KB

MD5
d4297caa80062c0c9f4c8d7a4fbc60ca

SHA1
6545f0aecf966a3537268355ab2480e45ba5ecd7

SHA256
84211bf17ed2817895dffe4aa3eb6b1eab86efff7c16fb45c2b56a48286f3100

SHA512
6991c66aaf559b1383b837b1f4e15c0874be86c6153ef5a86558406567377b314e99cf6fb038ac79365d73a3ebafb0732d576cb684d5882834f371e2e1b71cd3

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.ac

Filesize
32B

MD5
bf0c78cefea0411d60bcc7f8bc6024aa

SHA1
0b9bc1fd98ee145327e4d5d63f30dc1d43326489

SHA256
bf343d364652bea3c4e1b6c793f9d8d2b1e88fa0f14e50802f52bfa859121a56

SHA512
bfc72e48be612f69deb20b5aff28baab25b63cdcc8c15cec8ea79ed291faf1ef6a84d8a35a78cdac68084fd6fdc8597a1cfae73d114cfea560bb6a49d2865668

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.ic

Filesize
32B

MD5
1099c01bba582095403de055e5abcb8a

SHA1
1f5038ebd09449034cc26b473f41407b6d2ea277

SHA256
151cbb39b130e2a1dd5d5990347b06dc784ba3cd824d777ca2a15827371173b8

SHA512
3045f432352e75d1e1d11bffd41ffad3950754af6285b020d4b630bdf056f94f7f8c2627b2c8f20322bccc917db3eb34df9d5312908426b99d96712d60af2e55

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.rd

Filesize
32B

MD5
369984faeb737622cf929a333672b4d4

SHA1
fee3a7d0b8ab08f94d25b5be25ecac9af9bab2da

SHA256
296c56c42902ee77c0fd0caec5834d730ccce00215fed9a1b3357d1c587e3bbf

SHA512
63718f14d1636a5da7f290e21fda10278165c59930fc914ed70cc3894be49a5a9c170a79bd95b652d3707fba4327b1f5b20aa227fbea26587e477523a27fd13e

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.ri

Filesize
314B

MD5
736f76b477475d9d06ded1e0332bcb01

SHA1
3e911069cbd31b15ddd53c3b3ed89b8021aa5123

SHA256
32a1ed7fcbd63544835ccc190d9f5776209cbd0eade390932232c8737d4e0065

SHA512
93ae7c57ad040dc3ab51e7a47991b35041ef7a8d0559e0785b65b17a997e803e067a96b2669caa9b812a84da20f9453d0a4a793d04ae8abcbecd7ecb5b060453

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.ri

Filesize
307B

MD5
82c9a05e291a5cd39f2155a2223523d6

SHA1
d2e9da2e863ce4781054d5e09a02ed1f5590ce9c

SHA256
38f6f3edc3d2dbdb2bd6f06522b5a079f57caeea59fa1b8666b1a11dff638133

SHA512
d0af3be6818294b08b1743b40eda987a3158c6edfea8a333436b60a6c1f6382abf31aac71325774af71809a4a7cc15cade9ac4356711dcf263835f66821eeabf

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.ri

Filesize
307B

MD5
ffb731470b12830c7a3cb05a709c96b1

SHA1
fa0ad3420265a64f30d0ff5fc0ac4202afbc6790

SHA256
71d10a0252c6a63a6e22dc0243c17f6f11b4f38b52fdc155c2eecb039ff7d87d

SHA512
0cb66874151336aa72b0ff90d69de67b30c6d09d4eb5efb97ca07d1b14434cb81e26d964bbd962bb9bfaa973ab7e924e3f1d402e067f63aa11ae576158482e43

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
37e5c8437d9aa2643f256d59b37e66f7

SHA1
c9b900318de3b17c93dfb48cff67745371e7a6f9

SHA256
d95c234fe33d5ac2ef6b2b3b23c47f77cf12c6abedfad0b12e444d24b4237a16

SHA512
dd837ff5210925a5460158e83bc4286d6b3b01d10542faba2baef89e6f8083ace5bc1cc2a14898475d961d2cf2dd0a25d55a3eb2e58e01b5cc90623690a34c1d

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
3d6e5af4b288dfbeb338478902d81398

SHA1
5f5ab6e1d09576e0525b3754e9ff03645a6d4c30

SHA256
c7d28bc79c9dd1ed2ee0521c09592147307ecb845f7db27be9cda9fe05e9a690

SHA512
bf3795b5125b45843ae513bf60cbdf2e8b85527c4194666e1fb8197f29c98535fd12149506033808de0b3ed046f406f1c9ce106ef8f63dd4d4605d8ed7f491e1

Download Submit
/data/data/cc.gara.fish.jj_fish/files/.jiagu.lock

Filesize
27B

MD5
ee5f82675e3ceb1cbea29ea5ffbc9d94

SHA1
e2c09af841509b86dec9658b8d51eb3156cceffb

SHA256
8e5a43b25cd8dceb4f236a567af80b5d87a38df0e790ad94d0923e673d706b50

SHA512
fcc610afe407093e23213fc99671e03812fa6a463844e1b7ec694d83489eec088d1ef33b0b79b1d7392d7dcb05690f0edced33a31a1a0d7df123772a21ba0995

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
a3e49e31cd2d7175dc96c264875fe012

SHA1
c6702e29289145c797d63c1ad5995c23be22c672

SHA256
be7ef743c3e0ebc5c385c190b61cbe866248e8464cb4cde60b466bb95d3ecd23

SHA512
8a01acb279392d8fbbb3caae58ca04f5769b1037522659c639996f280ba07f06027a3be5bea34e31aba4e6d625c096ad2e084615fe3a3bfbc2480d0557acf80e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
b88a10aa35b317985811b5bee0ae73b9

SHA1
502b3c61c0b4a984c2b3e2f4b4ba1f854db3fc89

SHA256
d28faed3fd377a6e14adad25f39224193d465740c0290b230005e2a838148adc

SHA512
39f7cecc816899a0fe2753e790258866a798a52cf7a4dc6374c00693836e66b203b25bc682ab7fceeb83c0c279ab49019504d37afe99fcfa919a074afa8e9b3a

Download Submit
/storage/emulated/0/.tcookieid

Filesize
33B

MD5
7e8e9b8d7c5eeb6da7ee1ffd55902543

SHA1
8c72d0d9a5f1fa3302ca66a24adac53cf8c7e426

SHA256
f6ccf74a005546bf245d804627fbfda52ed0eac8995b528bec6ae56927779065

SHA512
2de940a5f3f60bea8276c858f4f27f60c1ff6f4e4e630694c0d0f309b4988d39504bba719b0ec2c60bf9aa59f3856fa7e5a6a2cf484cc76539e11ff6e1b0a5ce

Download Submit
/storage/emulated/0/Android/data/cc.gara.fish.jj_fish/files/tbslog/tbslog.txt

Filesize
4KB

MD5
20b18ecba0aa63aff8e30265c28677f4

SHA1
ceb05b794e388f8900bd7e142bd6b85bc4ddf3e0

SHA256
bc5fd77aeedaa57dfe54fa450756940a36c4df1becfb6340db48a536736f2d62

SHA512
3f4f26ab3015bac4d6792f3feca96843df6b1ef0597d8be5922127378671b9329380cc4908bb6f7c1b2e2e0e9425aecb4b698233781907146d9c40d75a4ebcc9

Download Submit