2b6240774ba5d5e8273330293666abcf9e1e963d8679320a8982ef3a03b5eb74

Analysis

max time kernel
2832996s
max time network
153s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 14:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b6240774ba5d5e8273330293666abcf9e1e963d8679320a8982ef3a03b5eb74.apk
Size

16.7MB
MD5

5a6a46cd5a7961b9cb3cc1ffa5f81be6
SHA1

03a8a7fc5bd52328e72be12615ac6e9e1b1391cd
SHA256

2b6240774ba5d5e8273330293666abcf9e1e963d8679320a8982ef3a03b5eb74
SHA512

b51e04408e03c24f4567abb5e11b917a1bdda725c1002c7c992684180ca524a9e8a87378fe294589c260a69cc9e74c3d28155206cc5ced5d49c334b81d7b3436
SSDEEP

393216:RjIxaDCZEBoLxkNPmvcWo4Foyu2tlcBku1awFgfvA:RMxaDqCP6cWoyDul6Q

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 11 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4255	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4255	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4255	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4255	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4305	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4255	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4356	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4356	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4356	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4356	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4356	com.xgbuy.xg:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
  2⤵
  PID:4280
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4305

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.5MB

MD5
8294f2f81db54ee61aacbd082fd565ce

SHA1
0c726749fb05c8f687bb5274e097e0d33f4e3394

SHA256
f7e28f4705fcca718a9d973763928039e8f7df1bac4088d8b08cf356d366c115

SHA512
d3c45de73a5b8ce733dc29f1c390b7a14678079d67e94f4915b25f65bf538b206df3ccf5cfacbe4d0e011aa06a6dc0159fad407ca16af87b2bace230c54c754e

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
5321485d5bc4b58bced4df4646e66c6f

SHA1
aed5f5694b4d1bddbebd77bff43e5c75f8b4f555

SHA256
44276d7e3c28fe84fe0de44f11124016846d0620be4be1ca82ebf835c6cce139

SHA512
29f57b81af94feca855d8af4191714e053de9f0f974246b32cf4856c88596fed0f7a31f47eb0fd2d48dd35f0f0f65eb6b9e596d2029f791346d923853469b2c7

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
1.9MB

MD5
c89a7bb0027122b831fcc546fe65183d

SHA1
7b0e11c1141539623648a051b6de07f3152045c9

SHA256
f6672688f527dc0e45ddfb3137055fe21029ac3124c50686c95913f8daf58f54

SHA512
1cf1bec0ab53d44c177f51e081caff59bd1a9e1fb4e020295a6d5d6a5c76e222b9ffaebf707be70ef328aa1d0ddc2e3ef87eb52ae68e88eb94f40116c3757166

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
446KB

MD5
8f55d5deb281d8aa1a0b9f72f7185e58

SHA1
5ce262af6a74a11931bf4b1e92a59b9acab27f37

SHA256
b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944

SHA512
4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
8415dc830520feb0dbc9c80b61f295b2

SHA1
0c42211ffe6c130f5ba11b97fb03a33adbafa1fe

SHA256
d75d7c8b84e158a9e42696eeaf21b75c4d6a0f1f31e15b7b3aa1f4cc4d7afdad

SHA512
a483b4889ddf2ac6db6598850f913e4964527b86b25943a30ac6be672b5f59a746696cc2b07eb4af7e374e59fecf2655031957f3722e64af8dccae7ab2044230

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm

Filesize
32B

MD5
1264f30db5bc978090c891fc9ba97820

SHA1
22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc

SHA256
6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c

SHA512
f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
25888505edcb9d4b4c80a8d2b764607b

SHA1
3a9e1c7d1b0058b15407e5c671cfc19fad642b08

SHA256
7c57d88971f5c0cbbd77eba69532b769b1194898b29470425088136c7f83ef3d

SHA512
d3a52cf89558ae960c90c6500f3c6c2bcb1a8f076fde714e6f35a6006d6d61679def1f2d714685b8c614fcb142b882dc7eaabc045931d030a347bd07865febdf

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
2c0b5a4d8262d7dc599a1b1d54340824

SHA1
4a2305bc67f86e8b8140ba1a164409c4738c7ae6

SHA256
2e699b7f98081375166eb18aa096f8841ad951fb017628870ec88c4020127c8f

SHA512
f6791c6990b33ca5e7c9797d6021a525c5116e9840111965aa9833990506c984fad6c160630169dd4e6f95de9d3e031e239cbb182c60707d8461a1b8100e857c

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
314B

MD5
57b0ecf2856b51ef23f2b34d47167c85

SHA1
371b2544322cdeef9c58605610a2cebd81d71834

SHA256
0febc6f52419899014e8c862819d195cdd8fdb52d760678737a091d69b8b8c03

SHA512
eb57d0c04c391892c10397e37fd368827e77e8ab32484e9fe368e8480747f7c51022c1d01001e71de846a43d0688aa258cf0f68ea8a61bef0160839f8f7b86c6

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
d9a23f7872a31a4be47ea4b9488335b7

SHA1
775bbc8b61cc7c258fc133f06a38ed538380bcbf

SHA256
69cd234b5355e8d66173c4bb4c4480f401a7a006a4b2500b0ad102acc36fd850

SHA512
c18088a9af53a7303b8f62ea170cc3fd3d76d1f85e9fbc66bd5b89eafeb34ef6ae594e9068d176e423f4152219b88ee3643c002844e8ede864a448262f13544a

Download Submit
/data/data/com.xgbuy.xg/files/sobot_chat_log/sobot_chat_20231227_log.txt

Filesize
201B

MD5
5b253d2fdc59b856ede523cfdae717d9

SHA1
4102b475e5d6a673ad60a0c680ec141c96901264

SHA256
c84a81650d95f8a6480ea6e1d7fb3ff886fee496b3035295185d0abca551e2c7

SHA512
757e2e7d3399e95b700332377d1030721fe87cd6e011bb1f1c8cc1e872758d73781cc5877883769a4ee559053ce748630e8668d13115668f47b49a30ee60d0b5

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
75bc1c5fc446d0d39b42ab0dcddcd87a

SHA1
a946d232747836340e9e3de5e3e4dac985fc04da

SHA256
022ee48574ae3615bd5d2bb14f2b1cffa77104ff6390f47f9ab0bbdc1c84cafc

SHA512
7d131367b15bf3d351460637a55ad72cfd87834c1e865f470b0d22127d3f14814a12367d607227e215a8f29bb5cabe345e9914fe07d4f7c8b274d80cfba2a57c

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads