48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3

Analysis

max time kernel
2547245s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3.apk
Size

22.9MB
MD5

4427c73ab06ca8e263443d1688ee6d87
SHA1

bb6ff23b7576161b4e3160dd9e0ea379a224cfca
SHA256

48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3
SHA512

55bf393a9b8f0e200eac86b8702c1ad186111be0b4a1156e5d4e65a44b6802be17324c43908d1b315dd4dffc55b70a9cb2897d9117ff41c5de99fbf84f216c43
SSDEEP

393216:G/9xm2h9ldyrBoQzWmDTryQJ+0cA7UsaRG0ILo3ki3pnfgVuqLKBTCp6:a9j27N0IeDqLm

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lagouyigou.lgyg

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.lagouyigou.lgyg/.jiagu/classes.dex	4272	com.lagouyigou.lgyg
/data/data/com.lagouyigou.lgyg/.jiagu/classes.dex!classes2.dex	4272	com.lagouyigou.lgyg
/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex	4272	com.lagouyigou.lgyg
/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex	4301	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lagouyigou.lgyg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex	4272	com.lagouyigou.lgyg

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.lagouyigou.lgyg

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lagouyigou.lgyg

com.lagouyigou.lgyg
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lagouyigou.lgyg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4301

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lagouyigou.lgyg/.jiagu/classes.dex

Filesize
6.2MB

MD5
a31c5b1987be0df87c333ecbb1a309ae

SHA1
d743b6340d8317bb941ca218376ea67f247667c9

SHA256
b5da27dadec2cf3dd0820a477bf95b2a25ded227c151220ec77b30044808e848

SHA512
6258dac04e1a5987da100a7af1225a386687c1afd2989af68580cbcc834dbfc67113f0b9cb9de1c45bedef4d40c185db202176f5d1e0ba9abdd62d02ed5e6e6a

Download Submit
/data/data/com.lagouyigou.lgyg/.jiagu/classes.dex!classes2.dex

Filesize
3.9MB

MD5
52cd03a010435f6feb19089f018d4205

SHA1
27b86c4da52599ff6a78a9b82df417f0548bc0eb

SHA256
3d04972331f0fba51fab269f5ef2a045dbb2c03960aba23b8d3eae6e24f39a93

SHA512
8fc1afcca93070b8b3c69e8acd87a8b4d2e5bd93877407299f7b6f70d3b94a97a9e5c0665f7ea851d9142158a7134112069789e53f18382c6c3447815ac9ae83

Download Submit
/data/data/com.lagouyigou.lgyg/.jiagu/libjiagu.so

Filesize
482KB

MD5
5490ebba5b6b3bea4f8982ce96562d14

SHA1
c5558bdfad49d592ffb7a81b4ed45091e844f85a

SHA256
0dedc67aa0c32fce51aec921c5d2d957296cd92a9a7a2af775f8e3214f01bd26

SHA512
d71dd58751b79176b2bb7483e896ae12dcf6e69045d52bde8e314299a1f5ecbd17c6ff83974c983d6c9bfd1b6f6fe84bf4354c78520141d8a82bb8989a950cc1

Download Submit
/data/data/com.lagouyigou.lgyg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.lagouyigou.lgyg/databases/accs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lagouyigou.lgyg/databases/accs.db-journal

Filesize
512B

MD5
bec5de353f218b612f010c12f87ff846

SHA1
4cdedf6738f408ec8d4bd0669bb9629b4ae2a385

SHA256
2e96c9957aab35ac719fd51beccdbcd373c3a011ba63a3ae1e4a1f1518aadf91

SHA512
2724d413be1d09337278a08e224618726d935a67f47861f66a8a9e885968cca7ab0b9289fd36d7d5d28751a7ccdbbdbcb8561bf913041097c87ea5708e5543ff

Download Submit
/data/data/com.lagouyigou.lgyg/databases/accs.db-wal

Filesize
32KB

MD5
9e5858f2a4afaaae3ef280b0a64aba85

SHA1
34f1bd2b4aa88bbddf54aad6b68f783da4819a03

SHA256
544d85180f02b20cb394cb68cc141a4f2651125e04c15b23aaf46854d3b69bf2

SHA512
25d25ef3c5b05830224e8c136e6111600a4454e7341bf2c51cec9f09e49cda0a12ad9f3873e5de187206ec7abca557564cda47aca0b2abc3d2774f86102fd8ee

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
4d05548afafdb66c0cd0ee03a9aeed72

SHA1
7761608a4e3485223ccf19c729a7e7720a25148c

SHA256
cd74af63db59d12ecfc4fcba0883e9571cc5087fcea229be3ff986af7d4d7cfa

SHA512
0d7832ece9191bc3f6762365cb0ac5fdeea7d64f39c64690f2a22668e67cf5732018f5ada35be30d671187d709ad839df7f2ded48e8a1215ee45fb22343daad9

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
18b0f01098c81c528440b0c694b786e5

SHA1
b85b25b7051902bccf0e10d2a393b67af8231caa

SHA256
6a9bd2dc5d97eb6e0a7f49c35bf9a43e4c45d9541e23df59aa8f171fc5e4d402

SHA512
021e5428f1d56185490646fc2ed4ad29f82733e13ecd72a7f70d6c1e3886468fc759a62b346c1892a35fc9d4d97de5d4cbfabc6d5260a7320eded65a74a0a133

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
8136b281a3d93238678f5074ed22f312

SHA1
05d2c7c49d7ed239a49286d7f6a6843801a3aa93

SHA256
cc41ea3f82959487a361eca5d6851a30a40912b5af4230db6d8dfe4360354327

SHA512
ef2c260c826bf59cf1cc667326dc28312443146710a85dd324d30a1cec79651a44271d6eba2a263c53ec39be4c8073b85010d67d2038d2cb6861d0f1046a495f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
16a30e1040e51abdae706505e1d8be89

SHA1
415ce3e14a6e382ae268389d7671b3dc19fd24f1

SHA256
9b3c31e57257bdebca48217dbb4f648810aa2bf6eee782954e064a4324550d1e

SHA512
622dc07f43b79d1db5cbd614de7c1fa2e34e2c0e28a4257d5f6c17bff564660c352bad6343959ab4cb00847939c04f72677ac05ef67faec7ac33bf4b0981afc1

Download Submit
/storage/emulated/0/Android/data/com.lagouyigou.lgyg/files/tbslog/tbslog.txt

Filesize
4KB

MD5
0ad77c3dde2488ac72ad5e8b34dc79c1

SHA1
41975f0cd1a30b89df1c1de2ca04f85754ce7b9e

SHA256
68b8211dadbed680405a23ba3dc5b6e6f0261398039e35d2fd0d05e332abaa5c

SHA512
29a094f33c09dfb83988a9fc92026d0c23f56c162014e93576081eb64756ea993da67816e8314400bb4b047377bf936e2b3e85010802f77060b12761c49d9669

Download Submit