48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3

Analysis

max time kernel
2543893s
max time network
142s
platform
android_x64
resource
android-33-x64-arm64-20231215-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
submitted
23-12-2023 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3.apk
Size

22.9MB
MD5

4427c73ab06ca8e263443d1688ee6d87
SHA1

bb6ff23b7576161b4e3160dd9e0ea379a224cfca
SHA256

48f74f408809a75d1cb18588e249ef3d7cce23eb7d442f23a23658b7201081f3
SHA512

55bf393a9b8f0e200eac86b8702c1ad186111be0b4a1156e5d4e65a44b6802be17324c43908d1b315dd4dffc55b70a9cb2897d9117ff41c5de99fbf84f216c43
SSDEEP

393216:G/9xm2h9ldyrBoQzWmDTryQJ+0cA7UsaRG0ILo3ki3pnfgVuqLKBTCp6:a9j27N0IeDqLm

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lagouyigou.lgyg

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.lagouyigou.lgyg/.jiagu/classes.dex	4290	com.lagouyigou.lgyg
/data/user/0/com.lagouyigou.lgyg/.jiagu/classes.dex!classes2.dex	4290	com.lagouyigou.lgyg

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.lagouyigou.lgyg

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lagouyigou.lgyg

com.lagouyigou.lgyg
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4290

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lagouyigou.lgyg/.jiagu/classes.dex

Filesize
6.2MB

MD5
a31c5b1987be0df87c333ecbb1a309ae

SHA1
d743b6340d8317bb941ca218376ea67f247667c9

SHA256
b5da27dadec2cf3dd0820a477bf95b2a25ded227c151220ec77b30044808e848

SHA512
6258dac04e1a5987da100a7af1225a386687c1afd2989af68580cbcc834dbfc67113f0b9cb9de1c45bedef4d40c185db202176f5d1e0ba9abdd62d02ed5e6e6a

Download Submit
/data/user/0/com.lagouyigou.lgyg/.jiagu/classes.dex!classes2.dex

Filesize
3.9MB

MD5
52cd03a010435f6feb19089f018d4205

SHA1
27b86c4da52599ff6a78a9b82df417f0548bc0eb

SHA256
3d04972331f0fba51fab269f5ef2a045dbb2c03960aba23b8d3eae6e24f39a93

SHA512
8fc1afcca93070b8b3c69e8acd87a8b4d2e5bd93877407299f7b6f70d3b94a97a9e5c0665f7ea851d9142158a7134112069789e53f18382c6c3447815ac9ae83

Download Submit
/data/user/0/com.lagouyigou.lgyg/.jiagu/libjiagu.so

Filesize
482KB

MD5
5490ebba5b6b3bea4f8982ce96562d14

SHA1
c5558bdfad49d592ffb7a81b4ed45091e844f85a

SHA256
0dedc67aa0c32fce51aec921c5d2d957296cd92a9a7a2af775f8e3214f01bd26

SHA512
d71dd58751b79176b2bb7483e896ae12dcf6e69045d52bde8e314299a1f5ecbd17c6ff83974c983d6c9bfd1b6f6fe84bf4354c78520141d8a82bb8989a950cc1

Download Submit
/data/user/0/com.lagouyigou.lgyg/.jiagu/libjiagu_64.so

Filesize
510KB

MD5
463dd6a51edc6007a902072317ffdfd3

SHA1
60506fd9aca9bdfb7d99683f5abc835b8ba71322

SHA256
f4d7fee699bf3879e299232ecb5098fa24a26014cda7b43bfd13899b9d7d868c

SHA512
5fc4c1fab7842e861d44320602f20fc3fb4f8fc17ed5eb9b4cdb3e3ffbb4cc7b2c3955649bd00c744ac90f968699c30f61db9672594009c3eb69d8f8f6800198

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MessageStore.db

Filesize
36KB

MD5
813ae82180259fa068bea189e07fec67

SHA1
67a335e3df54b04f3ad89b53c3f3c4ec1567c515

SHA256
fba97e7f2a5671566f1ae652107b14b8ee1c307761ce2f044f41103fb3fd708c

SHA512
1284db387240ad2fc91aa0adfc6e9f97e7c098b9843602afaea280adf01e9a9b829f0e7cfe15ad9e7a9f5f482f4260cf022d754db9da06595735e06c1998618d

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MessageStore.db-journal

Filesize
512B

MD5
13038547771fa772525316032375f275

SHA1
0bf6a054207922b7ee72886553c4457c8b2a18eb

SHA256
5bc73727d04bbaca47fd889cbc720a412ea1037849c68505cc995bd887b1ca8c

SHA512
ff317c9ffc09ce53a36d7ce8e27f61107bcdebd553e854423f49bbb9b26214c65a0b27135c0ddcc163b3676e33090dfea3f8ab799fa5e2542d64a5efefc7cb1e

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MessageStore.db-journal

Filesize
8KB

MD5
35ea995cd02ce6a82d3061fd04e2edba

SHA1
53332cd0b51e5d184d7f1688f37221c78b74af3f

SHA256
5f8fabe0f6dfdd1f6cc99231363f96e6c8ac1c41ae8f2cbff1af3454c82e1629

SHA512
fda4ec1b95f6dc7445ad1c9e46b1ed54b82e2ee7b6ad7a3ca1312e2b317ce240264d914c2494edf9816642346a328d48b3498183a14e443fdd373863e3ccd46b

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MessageStore.db-journal

Filesize
8KB

MD5
44605d5970d10731eb2d79bad4f296c4

SHA1
426d70c674e776a92fdcbd211b563b52800a54b6

SHA256
4dedb2ad8852c18263e0fc511ea9b17cfc8a3cff28b774362c7a23fdbdb3143a

SHA512
6e5b1de2769b69423ced451671c8bed259c39ac55ed6e0cbff5d88012fba50f7ee55132193445c83a8cc774e5db4c5373b5a5d4efd91de516345782819a3c2fe

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MsgLogStore.db

Filesize
56KB

MD5
12a7d379e17bbd9dfb425607991f4814

SHA1
bc7c5ed79c42863755432f9adf05ffc1848b0a81

SHA256
6e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f

SHA512
18d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MsgLogStore.db-journal

Filesize
512B

MD5
9293dfcb520c963d77cf4bd06fe7d535

SHA1
e72c3b96f43593dbf4cfff407791fdd5d39bfbac

SHA256
2c40f9e1e688108d14d4e59e2d6343dca55c47530a2ab4b16734b625508f8db0

SHA512
64bc90e21bb1d10ce4573bc47ec40b02ede6ac7f1c03c186eed8effbaab63b2788bb86d65d8d550c5b204be9e768cf7265ae00c4ba8542e63109c6a5d36313fa

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
46d02f49e1530e5c42b27b1eae25508c

SHA1
033ef8bc2d2bde2451e44afe937840e548f74490

SHA256
b38b7a7183b216dd65bd79da65a9d0319f39ba6cc5e1a2e5f501fdd62cab3dff

SHA512
8db0c6fd7e76b350c0541bf2e280eb152ab5aa534e9d3c5e04b9fceb3c8520b4631d853fd771d07b4d62153895c3f018cbe1b74b7f813fb52d5e7d93cf54be78

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
d86edbf5ca8fd70435eab484f9cce076

SHA1
22c66d0cc645cbf2f7f6bdbd55d44fa699b95228

SHA256
f70d92cfd7a265b5cfbfae98a4af7d2c608c91dcb05fa96eb2e5c693288a930f

SHA512
7597351069f10665d26b8b3fdbbc18004363167269ac53bf10b753edbad7904ac5ef525f3f256289618ce79a1055c359a9416eb852a9e325e1fa37ca1aca3c46

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/accs.db

Filesize
12KB

MD5
d89acee9fbf356695093f2724f643ac8

SHA1
22d2f857dfd38f9df961569715333e53fe64ee36

SHA256
4e1313b40c676cdc9653aecd74da0f6212f5d84ef960e1e8bc249811bdeb5783

SHA512
66448f754e7932dfeb98d20cddef9fe318b3a3aff17c2c47d065db78c5f830208febed67faf30a41977bc62cbd5c7a6e8205da054ff296843a75ca1b463f420d

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/accs.db-journal

Filesize
8KB

MD5
5aab2f84ecd5cde027711dfce48507ac

SHA1
1d8f3dacd520d3d15213d79f5a5b32e666c97e6c

SHA256
2c9925d9234f95055729c2e0e5ffd76c9e08c95e31e872fe45e97e3f309b4bb0

SHA512
e2e45713dc412d7b35f46659269aebd6b58051588e0372127876b46ecb9931c971c8dba16e7cef1caa765dc59327305e0c28f96da0ad301ee46ea5d0958261d1

Download Submit
/data/user/0/com.lagouyigou.lgyg/databases/accs.db-journal

Filesize
8KB

MD5
24c821caaadff10f016a965a39218113

SHA1
9977703345dcd23eb034f17f0a792f34027538bc

SHA256
db03e99147e583dc29593abfc545eef1ff99a320b05172727405b895f38121fc

SHA512
55c727cae5bcc27ed579d42eed19a40a4e320a706673594a9c03ee398e21b4e1dd4ea4203bdf276264363e0d81a69ea8a6b903e7598d77d4e98d93a2b026cbd1

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.ac

Filesize
32B

MD5
9f08b66fb3473698f32486e558a9dbdf

SHA1
bbdea1676c0f4b6bb037acdd2acef3886fbeb095

SHA256
cd2cb98f622e7a9c9d40e62f1256fc41df559e8765c7854ce4d32e3282a61523

SHA512
017bdbdf25935cf45d8e9ecfdb93b566809e5efe67dbb7dd0575ccc9d7431b932a776707d30fd3bb6813019559b1a1ad5dbcf41b079cb53a3b2297eb1682e58a

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.di

Filesize
348B

MD5
effa7fa036d37e33630b27d8069e6204

SHA1
eac617deb6700e55af4f0dfaba65e4dc24022812

SHA256
0a90a749808aa3dcc65da190abfef129d33aef7644aee8fa470943334a780be4

SHA512
57697a686c07fdb1167ed8a04eb14af9028f1a5078403d40f268b272230f328085f58a190a325456cabb506cf01627018706a9d849cdb176557c2d77a5ca0588

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.ic

Filesize
32B

MD5
ecc87a066433c07cd362b7b7f70a3b55

SHA1
d4552f54d7036840268b9e855911263f765d6bcb

SHA256
9874312b76bca282252af49ccd3adc7ed43ff14fc40274383321778b62a7e883

SHA512
01c283d6b23f6dc1a92a52809fcb95a3c528de5ca26de57e3b2bc78932cfa046bac75055eba31684d8d4bd33bd1d0595e7c5c2743e9426042263ff95b35fd320

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.rd

Filesize
32B

MD5
1efafb300b7f693a9ac341750aea1326

SHA1
266bc52472ce08373e49cf638efa0dd660d87c1c

SHA256
8a597e572da3153bc34acdce27148b0620a9480c3209d2065eb32c8988b896fb

SHA512
d5d4feb2454a8d9da33c3f78d2567c13740bf711ee6df6540ad4a53eade2d715f1335a131b1caab04fd0b1684b4eacc04dff6a1fbb27b37e2c605f7797f3ab6c

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.ri

Filesize
314B

MD5
94a03fef78aed4f6ec0f7e11b1e1147b

SHA1
09a0da67892e9429010c2e537045a14ec473279b

SHA256
072beb7b3fb2f83d3df45ecde895933c6cac15d5a3d14a7463feed05bcb22b8e

SHA512
0146d950f827f1533f68fe28203dd2e27d24cf1bbfd2317e465908bc8fa0558f83e027975d0595574b651d2678dda740e086d2e7bf614a6116db922c38d1e947

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/user/0/com.lagouyigou.lgyg/files/.jiagu.lock

Filesize
27B

MD5
5973c1fc186ead3094da623d236e1f69

SHA1
11787280e5912855ce55a090a903ff74751e51f4

SHA256
897fabf74af132a58d85da6f26b39e7d6b52fb885c2915e649da121dbc6e2dcd

SHA512
9fea86284e0df0a528b57d7686b25ae821e1d8775e24e7bdc1ea34d30665aae55b1a5cfe7a1799741bd907cd62f9c48ddb5ca0d7e2038dc6d1c7a8b57a234243

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
83c59764c7f2fc0f6ea90720883058e7

SHA1
f469dceb3f6749296b9e542fec81ab04fcaca74d

SHA256
656abf2fa602396b45da0202f4dfc6742da75165df541b5df9655caf0214fd45

SHA512
6961fe06b46cdb23a3cd81c1af8d137d782c3b555c5b08a9b7118d2b81964d8223c2178ece3a95b36e40b64bb39456ccd2b26d77b5096f17d9e9cf924b010484

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
cff535fc5f87409002c93936f7c9fc08

SHA1
4dc8543077a7c60bfe1393d7281d1c93640820ca

SHA256
28d27c8f1f61126fb015002873dc733dc2d47891470f6c96cb928fe0c6c6c783

SHA512
3901ad615fc878a17b0d7c5ae77f0a4c74e25be6cf00cfd2d9ad6b42713c00322a386f162fd84b877f540e95148302a3684987fa4951e3a1003c01b0c880f9b3

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
fa923c52752fe885b17bcb3f49da8311

SHA1
9c4c2c6af945ece59fdb376711fc58d373ef0f85

SHA256
f4f380d6cddef3aa7d065ab101efd7611cce28005f752014fcbd20aebd9ff0cd

SHA512
c851965fd56870b4e6559b80543448daf9be5bdea13bbdc24d4eb4939f4a6a4229594e89dcf361fb929657f1639f41b6a79d92f2fe65ba7bb569dbd02471dc51

Download Submit