29d93f043c69cf15d050b8a97b8ede727ea889874c5a9881d32afc61274d7eff

Analysis

max time kernel
2833857s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29d93f043c69cf15d050b8a97b8ede727ea889874c5a9881d32afc61274d7eff.apk
Size

30.9MB
MD5

d1528c6dadf18d78e7bf1456528a8796
SHA1

18e3ed9e295e0b455f84a836525cc595bc31390e
SHA256

29d93f043c69cf15d050b8a97b8ede727ea889874c5a9881d32afc61274d7eff
SHA512

d2b8a7c63e221e24062f7ebaf23aa6b0e2acca20fc442c9dd9b98d5c9b41f1c64c157dc275dc2af810e61091d89a315ed52afa3e1b59df551e536f6c9d313779
SSDEEP

786432:80DuezbZz9FsR2dhk8jgt4yJ+BKLUvS66bwUZZVMvAilVz:80DXzbZz9FQ2dhNZwIvS62FbIvDz

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.pipige.m.pige:TcmsService

Checks known Qemu files. 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/sys/qemu_trace	com.pipige.m.pige

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.pipige.m.pige/.jiagu/classes.dex	4232	com.pipige.m.pige
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes2.dex	4232	com.pipige.m.pige
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes3.dex	4232	com.pipige.m.pige
/data/data/com.pipige.m.pige/.jiagu/classes.dex	4387	com.pipige.m.pige:TcmsService
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes2.dex	4387	com.pipige.m.pige:TcmsService
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes3.dex	4387	com.pipige.m.pige:TcmsService

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.pipige.m.pige

com.pipige.m.pige
1⤵
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4232
- chmod 755 /data/user/0/com.pipige.m.pige/.jiagu/libjiagu.so
  2⤵
  PID:4257
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.pipige.m.pige/.jiagu/classes.dex --dex-file=/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.pipige.m.pige/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4564
- sh -c ps
  2⤵
  PID:4621
- ps
  2⤵
  PID:4621

com.pipige.m.pige:TcmsService
1⤵
- Requests cell location
- Loads dropped Dex/Jar
PID:4387
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4471
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4491
- sh
  2⤵
  PID:4523
- - cat /proc/net/xt_qtaguid/stats
    3⤵
    PID:4551

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pipige.m.pige/.jiagu/classes.dex

Filesize
9.4MB

MD5
d6b5efbe7f1086aae17a8ad2313ccfae

SHA1
fe50e714559578d051352beb3d7b18b1cf4e762d

SHA256
456debe447df1aca4710bd7d03998d4dbae14ed139808bef89433a49e5149ba5

SHA512
c388a2e4558907179378d8ecd13bedee40d712e999ff311d8347200a56f5453e7373ed9d37257ded0702d0e06ba56f1a0d65b3966ed0faf286f9c7020092b301

Download Submit
/data/data/com.pipige.m.pige/.jiagu/classes.dex

Filesize
8.2MB

MD5
920ed38687d9de7ae36b57b23661ee6f

SHA1
3a6a577ff009fc38c163ffd19ff6d34dbdd10c2e

SHA256
f260504ce8f6ab28705c2ad1ffbd61dbf4eed4d535688b2e9f6661789deb7685

SHA512
9b12eae7e056067e9795ab90ea2259cac0e7ca592f5f0a3c5f000e312469b41eec40475d968cff9a74883fcfef171d15632c9d46d923075d6bc4d74b04c24881

Download Submit
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes2.dex

Filesize
6.9MB

MD5
7b385b6d392526d61edd95e01eed22d1

SHA1
1af867a932bd61284e251be930212496ded35562

SHA256
e68f12aa65c5811ff87821aaab93e78fa56d3d14053d92514ae970b47126b808

SHA512
5c9699b6a77c2968982a700ba2447127863ec9d0366a6cf1cdff84cd695a7e75cd6166614d581a41a53ad7189767f2d0ed655a4af047ac719120dd418127ac3e

Download Submit
/data/data/com.pipige.m.pige/.jiagu/classes.dex!classes3.dex

Filesize
83KB

MD5
765a79ee190650b905fc13d9ada2d1c0

SHA1
5d08ab34edf8e4ed772bdd6f6904774ffd3637a8

SHA256
2e1e59441cd96c666971e070910b64eedcbb614dc266ed2555eefde6be8ced14

SHA512
af5468dc53d31388eae1c63afb43360e0f3b14c9c03c11ef60561f08acc437fc3b8a48391fea8b70bb568bd0289d4ce4386fc0bab60bc964e6b44d0c79d2917d

Download Submit
/data/data/com.pipige.m.pige/.jiagu/libjiagu.so

Filesize
363KB

MD5
f7f5e960db0c8a6f3b5b8d1a0427a042

SHA1
a8b623f9f87a6e785508befe07314da2fa903bfa

SHA256
17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

SHA512
ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

Download Submit
/data/data/com.pipige.m.pige/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
7d0fff56f1153160f8daccb3426fc5ff

SHA1
d23b3d9355ae7a3497f969588570c3d9ed01914f

SHA256
02ce07294dc8c0ab8de482110f293b4095adf3774dd557fe9afce925c9924834

SHA512
4010b2efd6618d2767988e2a960c8ee58e3d3e4170bc9c6a9bfbecc8376786cea1569bb23e0f15bd18e5e78ab78a2dff1584faa3d0f52298b165fa6719fe9e56

Download Submit
/data/data/com.pipige.m.pige/databases/mwsdk_analytics.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.pipige.m.pige/databases/mwsdk_analytics.db-wal

Filesize
32KB

MD5
597b3236c435b3887878484ec73a4ea1

SHA1
23ef1251c591d23a3c4fc00be95ab5c2bae27199

SHA256
86df96ef12d60c7578bb1eec4d35bfa529e4cf83508361ffdbd62a8dfe7be885

SHA512
55b06db740bfae1651f288dc69f5e1e7796da3ff81cd11d5573068fe76b9590cc6c075b09c551029c828a1d9b2bf412d2b21dbc7a811ffd72b56ffadb6111469

Download Submit
/data/data/com.pipige.m.pige/databases/pipge

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pipige.m.pige/databases/pipge-journal

Filesize
512B

MD5
edd2e3754357610034d9c9de5ab1be59

SHA1
05c27d862a8f6a06c18ad533286d75f9dea54406

SHA256
d73a0c879d6371cdeabd073e700c0a3c33c682dd42961e80860a0ca8473ae8a6

SHA512
97808451897e87f79000e1ca5bee4a1cf6fe59042c90dea0d05996ead80357d96007dcdabed1c0c37f0d892fdb2479db22cd614bdc941acfffae52850de80ae0

Download Submit
/data/data/com.pipige.m.pige/databases/pipge-wal

Filesize
36KB

MD5
e23cc7ad3e3f717a2dcc1ba1e3d8f300

SHA1
62a624605d853536871fdda109f1035be3ae8ca1

SHA256
51bb22e43f9379d22bbf17d0b22c7dbfc552080954e50281a7244306705c986d

SHA512
5aa7e980d9fdeb3ed6314ab016aa05cb29a849baf2b55d622bc3466d97582a1b437720e6683caa4f44936dfe8995c470d48995ed121efcc0cf53c355b89a3272

Download Submit
/data/data/com.pipige.m.pige/databases/tencent_analysis.db-wal

Filesize
84KB

MD5
6ffea6a51991f8eb3d61546fddc086f4

SHA1
38f40bd8cf7734c2a01ffcfbf7ea39a34c51b6be

SHA256
9a1b2038e9c24536994107a39062ea4717fb4b0360de6ffec17262d83c97db56

SHA512
d53e14f18dbc12694539a7da2be1f80863e7de74f8a2ab8aca4b1d52df9b22b455e3e9385d5c09453b62fe82b43c01651234ebf80523f303b1588ddd9c3e214e

Download Submit
/data/data/com.pipige.m.pige/files/.jglogs/.jg.ac

Filesize
40B

MD5
4c74f81c4ba888a3b22535e91a309a1c

SHA1
102a55699f4a91b61629b2017e217c8a067ad541

SHA256
70333d4a34b8d8895aabe9c6992659a9b11e23996a4155d35576b82a23a26a01

SHA512
19143287cc9aec679ecad85c1d09ca51ba044342fc0ac1fe1546e59658570f351182b35fc412ba5a9291ad738faa8d4f326a9ad2bc52a425140189376e1d1066

Download Submit
/data/data/com.pipige.m.pige/files/.jglogs/.jg.di

Filesize
340B

MD5
8062064d705d3d0e108582ddb524a1ba

SHA1
791699e7ad9fc7bd3334b116a12c283b0d46f581

SHA256
43f1ac026eb37256c13fb8a5906584647b1b714b6fcd72a36488dacbd5bcd796

SHA512
69412867322e60ba2cc6f6e6f3a62c428944247984569274b246cb9eb9a3c2518e2ab53e3a3e62fa46b5052a3f628088903cc6c10de33cf86c2940830013732b

Download Submit
/data/data/com.pipige.m.pige/files/.jglogs/.jg.di

Filesize
340B

MD5
face3e9a3e88c422a168225f26341141

SHA1
930744312b2233b353ad6f1b712e1c5440dd8610

SHA256
dc79c541e67caebb0ca4d75af82d6abc2aeac30ed24604c02dd49c88dc166c36

SHA512
1787cae7d568be60526dd47c4f75c41996bab188eb9da1c286ab9e52695193c623d85fba0ff03eeba67a54f047e480eb7f0438c75dd2f5e135faf7c4304f8783

Download Submit
/data/data/com.pipige.m.pige/files/.jglogs/.jg.ri

Filesize
314B

MD5
a9fe22cb8d5e7faae65fe6502925b5f3

SHA1
ebf684eefa313b4a87b7cd62b0a4555eed7ba880

SHA256
03321faffcf782ca56e500ea5878073f0a8764283886f5bae9fa368ff055038d

SHA512
2d3ac1c7a654d391b8e0079046e5d57bc44a0fb09dcc633e53069becac563b1d54f3b12fb73c6e90efbb808638591e24d93e86478ff6153e127e3b6eeeefe47a

Download Submit
/data/data/com.pipige.m.pige/files/.jiagu.lock

Filesize
27B

MD5
d825b15f7e866876ac4e1b738225e646

SHA1
f7b44553d5f76842fc68913f1714db8e4eed6c94

SHA256
d11115814905407c6e8b937f83263819d2e3dceca642cef74dfaec9421a1d099

SHA512
2d4df207bcecbf2c99260d545018b857af2e6c4cbf848c95289f830c4dc4c18255e4098c8e6d1b04571e69de5bf5dc5601c550b72699ee7720d2f50e460ba5a8

Download Submit
/data/data/com.pipige.m.pige/files/WXOPENIM/openim/12-27_01_33_com.pipige.m.pige_TcmsService_4387

Filesize
5KB

MD5
9787ddd72f0bc0e1f17c9725d7256780

SHA1
5ee1a810d532a834aa8a3764a048c35f97022d03

SHA256
40a5349651deef3674d2565e569549ac57154d1eacb1ec00c957c3cb1b6dc52e

SHA512
7a38c8e316a0ada8418900f0f9c83592dd9226edc50abfacece87c88321c7d4513e71cc57947473243d4de07702ae489df103de10d068be6d7790f7b888852b8

Download Submit
/data/data/com.pipige.m.pige/files/jpush_stat_cache.json

Filesize
152B

MD5
7d73497e20211dd0bffdb0b4cf122acc

SHA1
2bcec9fb32e513441201b60a6308fc397e715019

SHA256
6078799083dda3ccb104009a6d2eeac81b4a58d4b8563a80d874b25b8aab7b2b

SHA512
59d7cf5c3c84b3159e7a451ca782a2514efb722c2fdd66b8432b9e6b7825b74b01014b6d63b0520429c171fd98bef5b74f01b260d57b12031c244873232e9833

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
1b918418f54d966edf453b7a5b4649f9

SHA1
6175809613a817cd9e35d3c7757cacda29ac1de2

SHA256
77cb5384fc7b9e086c40668efca930d0448bc9bbfc0b9c43a93497ae187c1670

SHA512
0b043bc54aedc523bc99329ede508ddae0be7c296fb8276ce593991fff0d9c6252dfc5fb231600779f73dce032ac0e7896eca9fd490868dbfd0e6d02df56b578

Download Submit
/storage/emulated/0/com.pipige.m.pige/WXOPENIM/tcmslog/userTrack/2_20231227_r

Filesize
340B

MD5
0110374f8c73b4228d57d89d183049fb

SHA1
93aec89d118d1e2892ef01ffecc55e2f3390eb92

SHA256
bf37a36ee1a16b5f288bc91af56c682fd060b7dbeda5f8c3afbfea1173c83f3d

SHA512
25efb5948a542e23b98d40a988b0f2a866fb05d6c8f170f3f72c57cb16e61b6671c707201407c9b3d1be7859f384f461db26035df416d7eb698e35307a8de29a

Download Submit