491779be7f05d9fb3433f53a9688534e16add49e86b3ad01dc19d9d937c0470e

Analysis

max time kernel
2544108s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

491779be7f05d9fb3433f53a9688534e16add49e86b3ad01dc19d9d937c0470e.apk
Size

15.8MB
MD5

4124cd43bb8acc62bfed5c6553c0f3d1
SHA1

0f251d5794f54cb043502dc20941fa7e7316d01d
SHA256

491779be7f05d9fb3433f53a9688534e16add49e86b3ad01dc19d9d937c0470e
SHA512

2ad4bce576f0c471a1e6a5fa5bf191b4dea3baf0f84a0740e868a397058bb16030d174523c43560dce76eac702607189d9c5f2abeb82ad314a68129762dd5bcb
SSDEEP

393216:7Qa8RRSaum+aRfNsiRP6tIQdHGLpzrQ+X0oMAkOxRgYj2O054fo12KA:7P8SaEaRfNLN6tIQdmLpdXxjrw55UKA

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.Multigold.CunJinBao

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex	4629	com.Multigold.CunJinBao
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex!classes2.dex	4629	com.Multigold.CunJinBao
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex!classes3.dex	4629	com.Multigold.CunJinBao

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.Multigold.CunJinBao

com.Multigold.CunJinBao
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4629

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.Multigold.CunJinBao/files/.jglogs/.jg.ri

Filesize
307B

MD5
a368403c71a3a3fabc1501df397fac4d

SHA1
3c522366df92264b0fd477b86e896ef6be00eaca

SHA256
ba8a2b02c30235874fef35392bfefd782e863d607f67254bb042d0cf598e9af6

SHA512
1aa4d8589e459aff2806eb5bd8d84db3a7c631e1ea26511415fbb85cb2313bcc999c3a09535dd1352eb8c2c7f0907255432dea7f7af8ceff3258ab02848106a5

Download Submit
/data/data/com.Multigold.CunJinBao/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
f11ad0193c3cbe4501c298a3e04c27e5

SHA1
ca120bb0fb2e63e62e9bb5534feb01e5c2557062

SHA256
1de7c4c28ec38dbb660cb12d5d90f8870cd596b3cd9c2f721ee20b67d8dd1116

SHA512
644819c9a84309766a66065d8cc4ef1146c1970fcce1bc1428ecfa45482a3eab1d3bd4414ede6aefbd094b35e9a6659a982ca520612c778efd8cd581b3b1a601

Download Submit
/data/data/com.Multigold.CunJinBao/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
633dbc6687b1a7d377096ca8b3170af9

SHA1
c9b3f41a71f7c585c22b89ba24c74d105193ed90

SHA256
bb973e830ab68c6b216cedc11c5ff5b7ee522448e17eb5b267e31d4a335d57a9

SHA512
2539da1441d7bbfdb4b9fa1a22b0b6e29f5a80e0066bd34e3cc7a5569b3fb1787a41657bc11800711aa64832e96f9ff9dc14346505bfedb393a0cd7bd15f17e0

Download Submit
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex

Filesize
5.7MB

MD5
494b2d7e64baadd79934c32cc2e8c1fe

SHA1
08f4865309037622d3db59167ee5f10b68548029

SHA256
ab5ca19197dc93e5e424900d79879e7e9affe115577a681780e57714674c5707

SHA512
5c2bc0a5b8df1eaac04adacd0599993112d535984a3ff0ecada052c544d91a817f57fcc0f527898b6799bdbb5b01972984cbe5e4bb4b4e61b7ac5df81628f578

Download Submit
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex!classes2.dex

Filesize
6.3MB

MD5
a50ec94b7563dfd9d8ac459bd7779acb

SHA1
fc5694cdc31c367073b0f4b578e7800caa25cc88

SHA256
2d1d1d6cd890bcb31eaced93d5e972420e1d0df0cd3d37262412c2dbcc9a1023

SHA512
20d2d40559474dc98da70569d39fe4f196111eed4cf7c8a19ec960454736110f56f6afb04ffa7bbca34d89b38e6aa008cb3081ab74c7fda44c60c968c25465f3

Download Submit
/data/user/0/com.Multigold.CunJinBao/.jiagu/classes.dex!classes3.dex

Filesize
4.9MB

MD5
b355dfdd3e42d9380dafad884c93b684

SHA1
1cb690227bd9ac6d9d3dc4e954de2e4b75787224

SHA256
c18688196880dfffd518fb1e5d41892920b32fd4812463f577f3875593a1d64b

SHA512
8b56891c095795ec68ed41b312a40b98fbf93c46bbafe73020d6ad33280ca37057b00684e6770c6de70060e3b70ff1eb44ed817d6873b01b9e4916868c471c50

Download Submit
/data/user/0/com.Multigold.CunJinBao/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit