3d5bc7d77ca0bbbbc1f908fb3dfb039eae8b9cc6ad52dc930bae1c445086d13d

Analysis

max time kernel
2657616s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d5bc7d77ca0bbbbc1f908fb3dfb039eae8b9cc6ad52dc930bae1c445086d13d.apk
Size

14.2MB
MD5

8eab9864c9a7156e2a1eca2caa6039f3
SHA1

cdb03330d9377bb6c4e63510d03b257e55197ed2
SHA256

3d5bc7d77ca0bbbbc1f908fb3dfb039eae8b9cc6ad52dc930bae1c445086d13d
SHA512

e80b4de7e411bdcff99129ac3a553a12d0a1b33cbf2df5e7996cee56f9e452e32cb045633c3605a0e759c0640ed4284203b32178fb72fb5c8d932d0d2d1e94e3
SSDEEP

393216:GjWjrG21SL0cn7IY5OXaBz7fa07ZEexTn3qrJ5:GjWHP1STn7IkOXaBzzpZEpV5

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 7 IoCs

description	ioc	Process
Accessed system property	key: ro.serialno	com.sjs.sjsapp
Accessed system property	key: ro.bootloader	com.sjs.sjsapp
Accessed system property	key: ro.bootmode	com.sjs.sjsapp
Accessed system property	key: ro.hardware	com.sjs.sjsapp
Accessed system property	key: ro.product.device	com.sjs.sjsapp
Accessed system property	key: ro.product.model	com.sjs.sjsapp
Accessed system property	key: ro.product.name	com.sjs.sjsapp

Checks Qemu related system properties. 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.sjs.sjsapp
Accessed system property	key: init.svc.qemu-props	com.sjs.sjsapp
Accessed system property	key: qemu.hw.mainkeys	com.sjs.sjsapp
Accessed system property	key: qemu.sf.fake_camera	com.sjs.sjsapp
Accessed system property	key: ro.kernel.android.qemud	com.sjs.sjsapp
Accessed system property	key: ro.kernel.qemu.gles	com.sjs.sjsapp
Accessed system property	key: ro.kernel.qemu	com.sjs.sjsapp

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.sjs.sjsapp/.jiagu/classes.dex	4256	com.sjs.sjsapp
/data/data/com.sjs.sjsapp/.jiagu/classes.dex!classes2.dex	4256	com.sjs.sjsapp
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex	4256	com.sjs.sjsapp
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex	4337	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sjs.sjsapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.sjs.sjsapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex	4256	com.sjs.sjsapp
/data/data/com.sjs.sjsapp/.jiagu/classes.dex	4380	com.sjs.sjsapp:pushcore
/data/data/com.sjs.sjsapp/.jiagu/classes.dex!classes2.dex	4380	com.sjs.sjsapp:pushcore
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex	4380	com.sjs.sjsapp:pushcore
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex	4380	com.sjs.sjsapp:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sjs.sjsapp

com.sjs.sjsapp
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- chmod 755 /data/data/com.sjs.sjsapp/.jiagu/libjiagu.so
  2⤵
  PID:4313
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sjs.sjsapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.sjs.sjsapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4337
- sh -c ps
  2⤵
  PID:4525
- ps
  2⤵
  PID:4525
- ps daemonsu
  2⤵
  PID:4552
- ps | grep su
  2⤵
  PID:4575

com.sjs.sjsapp:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sjs.sjsapp/.jiagu/classes.dex

Filesize
5.3MB

MD5
1d2df9a89c3fd9ca4689206cd6c995af

SHA1
e48b5355c7d5db32e3f6486cd5df92383785324b

SHA256
607583d14ba9ee478ab262f586db10f848e16e2c290da38cb97b94cb1e819061

SHA512
31da6fb7fe3bed9ac39fde1e88c799ae1064b10ab03b9a13fff0cafab4b781b057a7c200efe1d820d747b253216776cb0658f2fb3f54d665e1b6e4878dd99797

Download Submit
/data/data/com.sjs.sjsapp/.jiagu/classes.dex

Filesize
5.3MB

MD5
3069ed97bb903e44371e88dde865a1b6

SHA1
b92b52ac0fd0d5cd496285e3855d1c62a76f05fe

SHA256
cacc2c5c89398984f255194bb614fb217173337c51f9b07aa64a1d48a1fa8c25

SHA512
8a767d4359263a1d931db8bdfb48b49fc2d649e0616eec3eb7ae820e758d81e78ad5bb2b0693452c22c98d0ba819926da3b1c5f04ad5161258ffb68065f50750

Download Submit
/data/data/com.sjs.sjsapp/.jiagu/classes.dex

Filesize
6.6MB

MD5
002a69179a19ff85306d98e709f465bb

SHA1
c464cfaa76e887aeab67196460e52e483ce8c9e6

SHA256
38b59aebf67385de8a0be254770f877ddf837c7ea213ff9146f953f26f00a3f5

SHA512
a7fae01eb48c6e09f96196269b55e1c7c06e4973466c4914db5cd27741b643c4b18fb75aeea04117842631542a1e06c2f1ce42c606b90373fd27ff6098aaa329

Download Submit
/data/data/com.sjs.sjsapp/.jiagu/classes.dex!classes2.dex

Filesize
4.3MB

MD5
18702e6ba48b71a3054d2e06c05bb79b

SHA1
76b8459b38e95aac44f5b981e844d2e082a30ae1

SHA256
63caba8eedad336a7b8ffe834822a298d9b4e15eef43e10a456c7faa072801e9

SHA512
3b7dae9c480f14980b77621961ebedd36516262e2953c4fa835697fc8898a4e20120ae7490b148bf9708f4a86581e47ec910b35e23e9ab5fafe8f4341a63f673

Download Submit
/data/data/com.sjs.sjsapp/.jiagu/libjiagu.so

Filesize
77KB

MD5
2bfffc2da43115364d4c1685c16a63ae

SHA1
7251b4e2007526318539aff3ab19f53f84e29cba

SHA256
33a2657591a6182fbe4dea628e68a34f1c3ce979d6a60beecc66687a0937b7c2

SHA512
b33f2b62da9d99bcd3eb6457c1c25fbbd4bd9cf1502938c4086e9cec7b07fac2deecf6e9eea48b40a44a6916e4a5c70779210df54da16efaf0d6f5db5a00fdcb

Download Submit
/data/data/com.sjs.sjsapp/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.sjs.sjsapp/databases/ua.db-wal

Filesize
8KB

MD5
d3673959a13c01c7ad5518dc455c6611

SHA1
5412b2f616ee77dc40db116da7c624081931fddf

SHA256
98b208f35b324dcb9d3b5319e0c941beaa18c0c62939877f4677641d459b7775

SHA512
2573344f4b6bbfee227a9a8580730e81eab2582d3bcf9a96c7337f3ea279eeb666c115d3e080b5e01240c5b0ca36af63701222b0f118573aef83601d7d8d44ee

Download Submit
/data/data/com.sjs.sjsapp/files/.jglogs/.jg.ac

Filesize
32B

MD5
23d739fa1aea170322f0bbeb1345d67b

SHA1
04fbdcce979b6b4a510fe6874878e4fe82866f98

SHA256
5f95007d4d555e250b29b18db557c204aa5bada5670d04f60c68f147b8cab7ef

SHA512
71ef721aee471ed6509ac03e049f3af344ba5a1d4a4faa39e5f39ad2abf3c4489c053fcfe6910cb08512d0c363a7fb6ad09b9615d69f6e2668ea885e7705d967

Download Submit
/data/data/com.sjs.sjsapp/files/.jglogs/.jg.di

Filesize
340B

MD5
234a5b8cdc670ea4826f3a6e6de682fd

SHA1
c006d67196beb22f553f9e4dd4d6b8309f822aa3

SHA256
f67504970f26fb85429b4e48a013af3e4e687490348aea43c2d62ffc42569951

SHA512
cea65a284256d9f5255a7c8c1a4ad52235dbea884b294e2d4ef8bcd32cd94f3a33a97050a6da7541fcab9f5083e418039a6a58bf06db9130f26d77ad3cacc0a1

Download Submit
/data/data/com.sjs.sjsapp/files/.jglogs/.jg.di

Filesize
340B

MD5
d769c444abaa4b873e3445ea75475210

SHA1
ed3a717a95bd575e73111926304f6e8475266e04

SHA256
caa4712b0f31c968a41a58c62c63b20a33d0d7e642cd401aa602e4d9be494ff3

SHA512
36fc16ccceab160958fda975a3a3e488fa0bb8a95187e520bf14171ae958269320e715951f920b87d86f8690e57f4e46ef9393996ffe6842423b939fb7b04038

Download Submit
/data/data/com.sjs.sjsapp/files/.jglogs/.jg.ic

Filesize
32B

MD5
bef69170222dd2bacbc93e8de9042250

SHA1
8fc9b62c0c02a94e148c2be3797f3e1c06276446

SHA256
0de2984b3152361cc94327030bf7684ad121809092ff3e1bdb75199f5c388494

SHA512
969644443c3f3f515f332aeb1a74ffe5278daebdacaff0dc4664094aa1b616e8daaeceaffe5863342620314fa02e7175e0853de96e7ff0b3d5ad1dc95ec358ac

Download Submit
/data/data/com.sjs.sjsapp/files/.jglogs/.jg.ri

Filesize
314B

MD5
0b1c16d45c0feda6938ce58d72af0c16

SHA1
d8602e2a5e6ec4940571b734c8a7fa35d224ee2e

SHA256
9379f62cb60f560e073a4f5a51d8acb4281d51fbf500977009ba22b455e3505c

SHA512
b57cd4c38b525e71c370750c6133789f5d677a79e08c29ce23069445a52060a8f013bab089ba39f38f13f1f928a6152880985523bce1f4fadda28cc1c2c12181

Download Submit
/data/data/com.sjs.sjsapp/files/.jiagu.lock

Filesize
27B

MD5
a9072fb7ea8b482837e15584e604cca4

SHA1
8f9a05b6a2e8faf61a56495055bfda9b4bb5dc50

SHA256
5535b272d330d7a6cde371e55f3a1d3c1462cdbb634559debee5715f7124e20b

SHA512
c276ebaa284147c094b1faf963d1ac879da88a56502643236ec03bfc303bc50b5f743473d97204dc59103cbd8f8d82056dbe8d61965029f461019c3272f1182e

Download Submit
/data/data/com.sjs.sjsapp/files/.um/um_cache_1703464655302.env

Filesize
1KB

MD5
5f3fc8be02b68990ad5e9bb30c2f0998

SHA1
f8c3fc7ab1fb02956b76822aef7853c99996dcb4

SHA256
01ff6dbbde2f9e927c1b3f005a7c4abc50e2247e44ec86047d15c4ed80469c0d

SHA512
29620e10a0fbbd8b0bcf8398e73c3a20c243d7080a8af81bd70f8b4a6cbf40038f3a2972c6dd9876283e67fa079ed105644eea627155f2086b371a535aa9c94d

Download Submit
/data/data/com.sjs.sjsapp/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ce84a5933f9c74eb85194407cc2b25a2

SHA1
49f6432a679927b037b96845211836b4ea407d2b

SHA256
d88a9fb34b4610649be77b2d97665d3f8c1a86868610720022262b0bdc578d63

SHA512
4f554fb6bd8ae7c133ebc2fb6e9507feeeb803fe6f98766c59bca210dc3a381385c588a87ee0d5dfb5ce62a0b8c9480ea097d74b059d7d5a79f9bb70a012e9df

Download Submit
/data/data/com.sjs.sjsapp/files/exid.dat

Filesize
60B

MD5
51831e1f320603776b6d61e103af25be

SHA1
4b9bb40df389a375d06fbcd7d39f4b515e1c6a49

SHA256
32ad1dc86832288897adeb387e5d32ada10d8f5719104986064af039366fe215

SHA512
6f58972239202a40d13a523324d1620598f9f5304050fb814b3649b7204191bfda1f291cf059c49159fb9be5904f206e7fd7028900190a29c5533d27239cd7fc

Download Submit
/data/data/com.sjs.sjsapp/files/umeng_it.cache

Filesize
496B

MD5
820c8d02394b7008d084980bc8e278b7

SHA1
95db950cd2bec2c63565d06babb45dacc6ad2e1b

SHA256
557e81fd324e2027540076e3399a20b076ea5b791f7ed2bedbe3aaabece20d29

SHA512
20cf9310ea5a3db2bccdbba00326704a5f9bd48faa81ef51d856cfa8859e49d2ded5f0b23cdb0be582ed2374e703644fb8a6cc9903c989c49834f7a2cd5c2004

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
f6294c8bbc5ee4f587ba99d8bf66d5f1

SHA1
2fb5d4dd06762afb291e3f1f7bc54039da634f0d

SHA256
9b46c7f3a74c3b26b5285f75ecd71381386476657c15be441c890c99d73afb6f

SHA512
b0532aebe292bb6599e96c51c44d9319e1ffa979ab5aba20cc452285efe05824543918920adb85405c7ef1adb2fb1ff55306201d09098304bcc386b2ed9e3bdf

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
19f30b87955b8ae2b274f8827483bd79

SHA1
652cae3b19c7ccfb1de5fee8322a806a3d93297d

SHA256
6630569ec230cde8acf616971ba262b25256d17f46aece1ae698d8c548267b44

SHA512
78fe312b8ed300cbd4a939e29bf3821174dd6860c2ceff00469294abee6aac053400e802bdb8516b57630a17161a922a3cb199156e69b8fdd82d3dd9bd3279b8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
ee342222d13c08180c30ef739af0d6bb

SHA1
980647d58614cba1142ab2bf6b8f9dfc1787ecf7

SHA256
96c5cffcbc8921188eeea98b35dfd166eeb41b2f770fe90854ff58a0afad576f

SHA512
ad9151e142c5b1c97357f9467417430d471392662d843e59793c70bbc1a3fbef2af7451c203376781d3017229efa926d245ae4604c270c4fdb6de81265645506

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
f8482246b5ca816759fbd5b17259cb1b

SHA1
870605329912b23fd4a8c70cebddd29edb25a349

SHA256
a4977b3d1ac0f96027f3bbe32a3fe599f78ee0b66c628a245f059cd36b5e36b9

SHA512
6e81c12752f9be86c197f5ce940e32d0f5262c492086c3631e1fbb866f5710d2e40a8f282b4d3424543f29c7a433aaa468f87025d11fc69779bda8ac7b880ed2

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
6adfb81ffefe471b0af6765cb077079b

SHA1
b71a26a15b79f8606d42ff1d85dd3c111f6a3a27

SHA256
7826b561dab0d6fbb13396cc8caeaf88031d298ebf5eb6fb2fded60094b8a043

SHA512
4e17b2e01bd10cc8377f6cbfdc5b1b0371b4d7950127f02a9060bfa17d11ba1bbcc0af37422c84b0b871b1ea0fd1fb4f3727ab76de06e9a06bd103c5e1601706

Download Submit