37de6aa4fa2b404ef3f4d53e34c195e397e5c4c69bcfcb231b33315696ecf41d

Analysis

max time kernel
2868245s
max time network
145s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37de6aa4fa2b404ef3f4d53e34c195e397e5c4c69bcfcb231b33315696ecf41d.apk
Size

12.3MB
MD5

1e5795d111db9ff11b2b470dba2b49a7
SHA1

9e73d6aa633b5cc5ece724293ee5e9bd341132bc
SHA256

37de6aa4fa2b404ef3f4d53e34c195e397e5c4c69bcfcb231b33315696ecf41d
SHA512

8146c3082c815968d974d17bf6923bf5f16ff7972236f525ce0be5f1944cbf517a3bbcee1425744c00bc146e67145ec77360865e15d9379a5518a649723cedf6
SSDEEP

393216:KGgdaYTClcx9uICa63bbJw3zPzoTvy0l5qu:KFQlc3uIJ6nJw37zoTaKsu

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 7 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex	4262	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex	4262	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes3.dex	4262	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4262	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4294	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4262	com.lushi.zhuanbao
Anonymous-DexFile@0xe1280000-0xe128c338	4262	com.lushi.zhuanbao

com.lushi.zhuanbao
1⤵
- Loads dropped Dex/Jar
PID:4262
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4294

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
75d46252620a12dd7343e91c8ba209bb

SHA1
6615b67e21963e5689685f8494f442dcd729d4d1

SHA256
c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71

SHA512
9ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8

Download Submit
/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
4e93a7a07efedcc6e3c741526d2d89a7

SHA1
e25833d7a51783c17978a7c5e7953d7cf1df80f5

SHA256
26fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e

SHA512
94a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex

Filesize
6.0MB

MD5
9c033bd10b44e5d5131977e80ecafc1b

SHA1
77a150c14bb65f172c5df57b4b303524a9d4ffe8

SHA256
b0d84fc74b15d0726030b79fe0b72c02515c3f4098d4947ef6aa86cbc4c324da

SHA512
e0dd9ea7c661f965e641085d90b88f0548e4751161740d60f212ac57745088eb09b19c45255b517a3436308632605ed5dcf9553f658189e304f88eb272404b49

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex

Filesize
6.1MB

MD5
7a640e93fe289fda6a4b087a1924de12

SHA1
440183491f1f3f644c755cd38ca7f1e04e00462b

SHA256
1589c969ba5be207938c9483fcbccc27a660f29a56d904753a05f0a134158a4d

SHA512
315d58dc78ceee663f64ac7f312cf505d3b318c197aa190061d6b7cf067a39cd820ce921b91f257504f7407b649808e29106005cadfbe6a513a30ca4674bea4b

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes3.dex

Filesize
87KB

MD5
e3cca5affb2b13e55b7bb73c397b11d3

SHA1
25110f9caf2ad6bc62bdafdb4e3b70cd93396d23

SHA256
10dc27451938c6a4ff8874099824dee1ed9dc23c74cae0924da7f39ccc8c554f

SHA512
917425ed6e8ac57037867b98f93d786b1162806ed18765b20673103471d6eae331840ff5e81f5d3ff166fd488b57947e345f5cafca16b4f63b5694d23e5efcfc

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
512B

MD5
e987307aae9946b69014eaadfbbd57fa

SHA1
53261aae8469d7c8b3d214484d52b350ff2a9c3e

SHA256
7baed0dca588b649f7d6bb6846d35460bd4371b0be230db9578fba164e2d4903

SHA512
5bf436698115d2aa5e88fe066e3672e1be1d3327ce5934d89da118dfd1d0d12c5e79dc2ed85a59caf808723b24b5ef78e1c3c4003ce3fbc939d5020fb65122ca

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-wal

Filesize
32KB

MD5
02e4f30137536fd1ede23134f579503b

SHA1
83b70be09d6868377b36cb11a0384a5c77908a9a

SHA256
c1e199c5857c066247c4483a6a623b998ab87452a42aa75a547ef314f9fea8c4

SHA512
6992583e4e8eb0a17a9aba8520fe8866c24b48991baaf9ad841aaf67f0d141163adf992ebc4dbd93aff86638de1ad68196fc92cab4a2bd587587c3d7a4b802ed

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ac

Filesize
32B

MD5
b9c64f04129ffc89111b5e5d879dc0d3

SHA1
7fd48d28f8720e82108283d95d14b277731825a1

SHA256
9261dcf52bcb9f2c8cbeebdb93f6f6d1ccecf1da6a5600d06afd3c78003ad89f

SHA512
1c3c28f3939fdfb3a06729c5d9d77f1c7a58b8850abbdbf89ac2eaedebcccbef5db1804ac07ad56224f9e060b2f2eb7e90bf7b450b89bd4bfa939646237ec9e4

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ic

Filesize
32B

MD5
c45c23630cfcf468ad03b4e9877aa5f2

SHA1
cf30d569f48cdca48b50e4081915ea9fb9afe1a5

SHA256
db2142b77a6511c1f110f2e65c5b13e8456309d106e33b99ad7a7e3eb2f9fdc6

SHA512
a17cb02f69eb27f0ff3215380b398f8f16c8f3ea9fb787a5004ab6fcd0263fcf819f8e8fb19e8d529fcadc57b190f0191ff1c3ae4da5ed03316c29a5bc63dee2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.rd

Filesize
32B

MD5
1d2ea4b5d937561a94a9a3a39976081a

SHA1
6e745905dd297b4ac6b2d423777e84cba406bfa9

SHA256
472d7e167a6f26d7223a7ff84053df9b1d083484ba1299223551bccb31ad7537

SHA512
109deed33298ff01e28dc7d44c04eca3dfbc94c1a7ed034920c60be4ab543f501485f65e9a963857b3480cb85191ca6714a8c94c5f7a619733f9e1e1e99fb224

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
314B

MD5
73ae2111cd99787dec1858b910c6ed35

SHA1
d9ef6898603e26cbf6aeabb5a7ec774ac2e8a1ad

SHA256
5968af60168c31b04c37f8ca967572c383eef6754c29af8b6d333f7b229d3608

SHA512
b9d2fc0930adc993342d58be45d0119e24c3a3c611596ad78a3f006cade27f740a245982ef87cd6ce5201ccd8f02df68fc9028ac4e5bd9065d913d155a1e9706

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
3baf5ed5631ae5d2ec0d4996925a8a98

SHA1
a31f9a6268631ae5a507ed5b2ab34c73c215f8a3

SHA256
df25c92bdf65c7d9dfd4620ae246febebfec4f06d0226ad921d9812bc2102c2b

SHA512
561db7cae2391ab02007ac279c634891c7a5634cd8eabf0a850bed1217d8ae57f6ac4e2af4740ea373355391eda19256732f2b058ad8b7295c5db659de3a747b

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
9587c17368000404bb9ac26274e3c0a0

SHA1
fbe3ffa15c0184f6fb0c138a967b98c21b0edcb2

SHA256
4007734869e1622643e914b6bcb72ecbfa56276dc7c6e5c448c94265be0fc218

SHA512
d90448d296b6d6e965b1fc07578d3e44846e8c3baea0a03f4794cfea65a83bbb35192890cb95f236e023f8438132f14c9919e2732701639dae15a4c0023f19a1

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
5007307710aa02ef54e9c52620567eff

SHA1
e2c9146571581a3cd686689818e1b00a14d61c32

SHA256
8f7bb88998b3e94f74ee7e3b2fcb85b218fc76dae157dbdf351c0f6345a10c88

SHA512
6f456322312bf236786b003fba4c2580aaf93569f17d985b57a1486f90cff86ebba708f8c8edabaca82b48425ae07a5dc702d2859af7dcd6921fbe577c2f0d6e

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
ef5deb235397f07548506e64c37f7677

SHA1
00b24a7cb177ba9db01d6636058c72477f0bd7b9

SHA256
af7b021d73886155de7f474f254874043c81cbe14983c6340dee71714ac23cba

SHA512
76ea307987f6e0c8c9a03bdea8a32c9b93f44f6a8de6891aa6ffb3e3a4590d6ded4ebffdc98c3fae2edca7e1ababd44d5dba5996a19d7e60125fd6c28f673be9

Download Submit
/data/data/com.lushi.zhuanbao/files/.jiagu.lock

Filesize
27B

MD5
fe2c4d4a8109eea504cf6cfb034d6c0f

SHA1
679db6815fefa55500f47fe21feb6aea003d95a0

SHA256
e48c5ad7a2722e7ef1343ac40cf4a427336433f1d2dab55ea4a4f63b6f2d269f

SHA512
cb9f8cd88ea8a805d72a7ea23e8150ea4a8c2bc253975dc235a582ad23f80ce9a047c1bb19aae0763ebdbb6447ce183265c8a7b34361f08e1e3f49b5301b9763

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
8dee4ebb9cf92be057fa2508ab2ef0b3

SHA1
638030f6aa551949b10859ab9fdb9bb98dd99772

SHA256
214263c1ead79048004145051ac71b3dbba5a06e72e5fadade95fdf336244d3a

SHA512
47936d53f18e1da6e729a43b4ebb5283101cb3dd82dd854b8d2827959f4bb25183d7f0806998d52ab74da73ab0b9ebc74097239a7b299e984451cbdfd0479db0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads