29bc93845c286ea2281e1e44371741594de62940bea45fce9ee02cb493c75517

Analysis

max time kernel
2679659s
max time network
164s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
23-12-2023 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29bc93845c286ea2281e1e44371741594de62940bea45fce9ee02cb493c75517.apk
Size

21.4MB
MD5

d7ba227d9c1449b37df0d2c95cc56e61
SHA1

fed838540219a9008ec4c94ddb9e11bdda67387f
SHA256

29bc93845c286ea2281e1e44371741594de62940bea45fce9ee02cb493c75517
SHA512

54fbf6f54bccecd3422385b30b6644de20fd24c2d240bb665672e32ebe2b45067b716dd97dd766f37e294f359e3e1cabbc809b979e387eecc1a0034b685ff23e
SSDEEP

393216:Mfk976J83NQFyfpqorz6BgF+PQnkVUyfobgsf9s86tBofWnG0aChT5:NUJ8Kw+BKNkGyfobgMm86zo+nG0aChd

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/cn.controlsys.cloudmeter/[email protected]	4244	cn.controlsys.cloudmeter
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes2.dex	4244	cn.controlsys.cloudmeter
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes3.dex	4244	cn.controlsys.cloudmeter
/data/user/0/cn.controlsys.cloudmeter/[email protected]	4397	cn.controlsys.cloudmeter:mult
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes2.dex	4397	cn.controlsys.cloudmeter:mult
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes3.dex	4397	cn.controlsys.cloudmeter:mult

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.controlsys.cloudmeter:mult
Framework API call	javax.crypto.Cipher.doFinal	cn.controlsys.cloudmeter

cn.controlsys.cloudmeter
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244

cn.controlsys.cloudmeter:mult
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4397

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cn.controlsys.cloudmeter/.jiagu/libjiagu.so

Filesize
485KB

MD5
015df5724b50b4fbc6dd0caf7ccb817c

SHA1
980780e98c9958aec97ab7a0de8d28a4c5fd9429

SHA256
183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6

SHA512
fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

Download Submit
/data/user/0/cn.controlsys.cloudmeter/.jiagu/libjiagu_64.so

Filesize
568KB

MD5
b2a24ef1908c7b17d569102cf6cd0a61

SHA1
ae1dcf214dc0e4a1cefcccebb4b954d488a17d29

SHA256
29a564ed880098e25b146daaad60f9b1bad45a1610313f6e900dcc5cd251c511

SHA512
1aedb125d45414a62fc5f162eaa96498576f1ac368ab8d0d6bb22c6616bbbb7e5d9f3ccfef9710535f37211d9b110fa78b5b2c0f9cdcf34e04c80c1419911773

Download Submit
/data/user/0/cn.controlsys.cloudmeter/[email protected]

Filesize
6.5MB

MD5
ced87ebfc292b0ec95fc6e2b409aba18

SHA1
909591491cc1f65b6d3678b4433677d85ffc3ad5

SHA256
786485ee68bb63219822d9793730f6328084c3d3cb13a8a981667298a9b94aa9

SHA512
68702b0ee37b639ed250f028e8af580f959f6d787a7b50342c78852387398b28f6cbac08d341f77e25eb5ce366a9e5d8c4a61d3a562942cda9b98a3e2478ff3d

Download Submit
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes2.dex

Filesize
7.3MB

MD5
5018d98c70cced825fb2cb7ac3331a6e

SHA1
e2cd93f748205266d8ac7955358c5375a8588267

SHA256
d7ea4a9e595a732b9afdc22f01e443de2c75f47012ebf5c9ca5125780cb1d47e

SHA512
367b831ae5d242c7fff532a5fbac1dd16d1ae87ed6f552228d9719c3ac15bdd37073f1f77295a7492dbc6b2456b7b1fe62743cced52c52d37bbfe8c74fbfb06e

Download Submit
/data/user/0/cn.controlsys.cloudmeter/[email protected]!classes3.dex

Filesize
36KB

MD5
8f5533edafdacc3e5bc2183b0c840e97

SHA1
73066ba4d9144adda23296e848f53a3cce8a9a30

SHA256
06e20db8d36a1263984947dd5f1c87773f4ad3514eea24edc859c9c39d82056e

SHA512
2214d816799a4d31d5c40b938224e8b237455f8547997ffb715ff3aa4a4840ea8c4b47cbcb422c968a00623d8fec6f5dc4d976e1dbf2cdefed745bb6d15892e7

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.ac

Filesize
40B

MD5
b4ef210e5b5433efb703bc6f6a1cfe54

SHA1
05db374297fd206bc1b5e743445ba83fc8439a92

SHA256
cc01e2ab3d283765966164a7c181bcf5097ea1fc9979a8c5fc4d9ab189d162f8

SHA512
8420f05087b399101171b2b0d4eacd80bb39d4851f2cfe11a55b68906a8e3324ba08e60a75c59873323e6b358c534b03fa2f21352dc679b99a836cc92a4fc648

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.ac

Filesize
32B

MD5
e4e91a4805d9e25b748d1bdd128aeba3

SHA1
a4337b6ddc3b93a073d188cc8b3a26549356b359

SHA256
3d07d079b2741aaf4d9b95494b560f2c659a783a42819c02f4c2dd461ce5ae1d

SHA512
e9803cf7d21000aa528f5a985eb077383d652898a2728b3cbcd6b3c6a68c8bb128319d55631da7a216434f61dca082007615525600360fd1fd87cf1fa7a4c244

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.di

Filesize
348B

MD5
da47a9fe3c1948f89b925bbf177ce114

SHA1
080cb24c032fab0e80de90a2d597d152c1afe701

SHA256
18695093ea8e2bcd29babfafb40521a8352d476650665c7b91500e6f988e0e69

SHA512
d08837099550771a5ae010609853d7e629495a74a1ae651ffa7432570944cdc777562030ab12e806032cb4b536ee7fddf66f3a1fdbfd317858fde048df1902e1

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.di

Filesize
348B

MD5
6365830e849c15a940c55e09f93dec03

SHA1
f64ee59f8015a6afaddb1066d42d360bcfb03493

SHA256
1606c1beae749c597d994f263a993edd2b906416acfb1fa54ea16d1571c8b9c9

SHA512
08da0bfcb7e6f9144e08203a2038ea7e0f7eee5e4d0422d09dec1e3cb98ced77459dd4121e7de9f36694dd61ee2ff3b9e007d6014e2fb2614989f7954b6a7264

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.ic

Filesize
32B

MD5
4ba5155939085f55f04a5143b3bed685

SHA1
b6d76f386c4db4f242bcd4c55c4dae0106726164

SHA256
bf0f5fc0a4ef23b693ecb8e129be863ae95313f98768ee6ce8dfefcf46106d4c

SHA512
ca801ae4a0045affd1bc77150a62ae1c22aa6133f7945225e5117c48c5e62d04dbb54e76de52ffa5afd7e151d06371b758ceace865367881f170571dc9c2e96c

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.rd

Filesize
32B

MD5
5ec1284520c36534247079d9b59c55de

SHA1
b998fc62c6e8be486833d9b05f04c8373a28f723

SHA256
9c2992d14832e2c93dad243015c1829eeb569e3f933189640620323c450f92f8

SHA512
dae348836e1571410a9569d525ace6c5773ed055630389f6a463d57c03fea2bcf47e702a41aa244843ef18384c27698b94df157f770e8c0842fa1e980e0943b7

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jglogs/.jg.ri

Filesize
314B

MD5
2eb2b5f9a9c2fdd364be34dcfb6f81db

SHA1
9ba8bf06128bf96084ac295e2f44d8327d468279

SHA256
9be874bb4720af1a34c4a0b8e693d5f573d7749dc80416f66140acf9335d6118

SHA512
2fb0b2eb15448c338fdff8296f99cd1066e3ce198948e3e4db45177fb3d3a1ed81baca65dc462523fbb27fe71f8db79788b39005023e4cb36b40f0c6798f89a5

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/.jiagu.lock

Filesize
27B

MD5
0425365922499f9a9bb2d09bf5ea7abe

SHA1
39404f459e68586d24399555d1352b2551a5663d

SHA256
e733ff76577b4e0dd5c650818fb5badd14f652c6296995bfeb3211f1e9fe922f

SHA512
ad8aee5ac2a7421a8427b367500d90c5c0bbd044c012e4f52d775603a943ab1cd28a63a291c9005483f62a72d90b8cdc14fc9fcbf1bdc9c6f5b5fa997c53a047

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/jpush_stat_cache.json

Filesize
119B

MD5
d3b772da6de0222da9c382f9a5475c9b

SHA1
6661054c134f8b1038ee83404aa57b45ba490dda

SHA256
7d7bbbeaab66c0ef907b3aae936915c8ed0506ca16cdb2db06c0de6f827fdeb9

SHA512
4d5a68ffeed30f6ef3bcc24642eaf72b080576b80eeab06c6928cce38378b7e849ad4f0688e6b6ac88c5f3047b615e5d99ef4f9c5ace818062a713c4ea0d60ab

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/jpush_stat_history/normal/nowrap/109f997d-79bb-4d84-a65d-e974344b4c23

Filesize
159B

MD5
974bdaf8f911ca6bd8abb90280cadf9c

SHA1
ee132eeee1194f9f988b1b7f89094adc0564c208

SHA256
10abf1ce18936e2ad80bd69da329bd7221d04f8feb84da1fab404d4ccdd5f704

SHA512
24943e0ef0ae0e3d2092c95a7d0c498c8bc60eef27f9c7e81b03693e4a467fa0096e1dcfb0c63373f83cdb6ba04a06989d995abb013a020663a76b8ead45a119

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/jpush_stat_history_mult/normal/nowrap/ce8e324f-f0b7-4ef0-8581-bba6248b7118

Filesize
187B

MD5
f28cdbd4f8fcac9662fea6cef86292de

SHA1
b70128bd0eb027abdeb7b4e44a143e98278581ba

SHA256
ab681506f37c493ff5557ae3bed7c05a26545b29be0eb155f33f298c5cf0b93f

SHA512
dddf6a81366038c6a2062208559728055c536b8dccff01d835b7b0cec05cb4f9d79e807b71f9d955056d11eef13e4498ef2145e317d6f5b4cc3f61b317fbb150

Download Submit
/data/user/0/cn.controlsys.cloudmeter/files/objectbox/objectbox/data.mdb

Filesize
12KB

MD5
fac8647bfd1895c599aa0d483b7eedd4

SHA1
34f85705a94c632a8b172e75a98cdfce89ac955e

SHA256
51b0710f3602a6c453fdebcb1f00f1be9d387710d328ee46b2f58abb83f902f7

SHA512
e87af9874e79f443cb77aeceb60afa9a402916acdebd6045d5ae3e58218a7fc70181b27fba011310bcaa2b4cad19c0ae72cccaea3df1319237963a9a4cb15dba

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
2a72ae4f762e6f9ac4fcf737f1231d9b

SHA1
21c217fbf44bf61b175d095dc00b9f4385ff8542

SHA256
7dc425317b3a4bb76830c5d5351d5dc5d2a9a0f518b515aee9a964310bd8bddb

SHA512
3859d27fc9bf72881f7c1dbd0c1bc52697f627939d188288cde8b3ed6855cc3fed15863e0d649e1de093d4c737cebe4c5587ba8cd515080b206ca546e28b69e5

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
6dfe0929572e65da2af43cb4bf96afbf

SHA1
d8bbef8f8d696672eaffbe31aa7a4168c8296292

SHA256
b5103676fe90f28d3b085f6092c936053434728e1f0829503288063025444798

SHA512
de997965d682a3130cd89a9feb6eae09cae87dbbbeb5c65b6b2059875fc19476ea57f8855bce05745aeb0a731d4a7db97607f903f46d9d9bacd08446cc444c0d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads