5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e

Analysis

max time kernel
2599318s
max time network
159s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e.apk
Size

10.3MB
MD5

1c8266a95830621e716abf2e35c07ce3
SHA1

8f73ef77621b164148eb13e6d68c2ee40878ae13
SHA256

5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e
SHA512

2979e301b1357ab35828f948b5a89489796f2c62855df41ba18c96bac47212382b28e90b219d6ae1c0b2baa7502579221001cc50a8a20c4a8a64618ad6e79fa2
SSDEEP

196608:cMFrbvMXCOvFlxzK2UV2Ap2o8rl1TKxE69o3poFx:5LeNHzKhhpq51T56u3p6x

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.jwbaoy.xm:multiprocess
/sys/qemu_trace	com.jwbaoy.xm:multiprocess
/system/bin/qemu-props	com.jwbaoy.xm:multiprocess
/system/lib/libc_malloc_debug_qemu.so	com.jwbaoy.xm
/sys/qemu_trace	com.jwbaoy.xm
/system/bin/qemu-props	com.jwbaoy.xm

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/qemu_pipe	com.jwbaoy.xm:multiprocess
/dev/socket/qemud	com.jwbaoy.xm
/dev/qemu_pipe	com.jwbaoy.xm
/dev/socket/qemud	com.jwbaoy.xm:multiprocess

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jwbaoy.xm
Framework API call	javax.crypto.Cipher.doFinal	com.jwbaoy.xm:multiprocess

com.jwbaoy.xm
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268

com.jwbaoy.xm:multiprocess
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4303
- /system/bin/sh -c getprop
  2⤵
  PID:4386
- getprop
  2⤵
  PID:4386

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jwbaoy.xm/app_crashrecord/1002

Filesize
221B

MD5
c03e776abdc0cc1b6ad2025567aad986

SHA1
b76377b943d2c74753897ce215afb71f982e9ea6

SHA256
32f88bf181a75934f597887aa302e9f973595a5333220745500c13acd55dc255

SHA512
675c675632efcf007c1da961aadeb5abc33128cf2f030fc611e4323c56d722bf4822ae46ca32e3637b12245a4adacf170101e942a42314185be5044d04c448f7

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1002

Filesize
221B

MD5
92f61f0f7227ac39cff19172cbad7ac6

SHA1
8476f348a0339035ca570446bc1ce5a35c189dcf

SHA256
5a08fb41ce1c749fe2466eacc563b6f635a7ab655ff67ffc4448e4054dc9ab21

SHA512
a9dc7652985155e5c6621a387205dde0d2e3c3ccae9cd827d1b93475fb3dbd9b9b298c325a1c9bc4e11683863b1e481fd9e16afb9a6de8dea1691724b437fc26

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1002

Filesize
234B

MD5
1afb97afa671322a104a5408fa98bb90

SHA1
002032a9ce6a2c62ca8dfe57efc095b53f53c78f

SHA256
5453b57f11e9e478892d60108e711da44672b1b505353fe4870fba4f348bf42a

SHA512
6ecb68b2d86f74b45a9f0e0ff5f93cbd65bad3f0481e4adfb2ae868fba55cbe1e546404070d31719dd3026bbbe62a23d8ab92c7d00f2a06eb562b30d149b8db4

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1004

Filesize
221B

MD5
ee417afc3ad6be15c57e70823e2de8d5

SHA1
59d23dbc1b999dc2e0c6d69ad23a2591aa56e6fe

SHA256
5fc34869b5a51e89d25ae81df4ac6338ec82663e3915beb451e2c862dfde8d9b

SHA512
455ed0b12e855020f803748c2743cce2e96ad1bb61426af6e1b49516c536b8e4bc795a11c09bfa7ec50b89aeb38ff98ed25a97f6d228d3636283000bafed0121

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1004

Filesize
512B

MD5
4ff9feea07afa1dc503b081c2412bc67

SHA1
545d7b874500416cc7e7e705bbdb0881efc4780d

SHA256
62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c

SHA512
ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

Download Submit
/data/data/com.jwbaoy.xm/app_crashrecord/1004

Filesize
234B

MD5
e8bece5007b71493f62eef5d678f81db

SHA1
6bd81df2833dfb621e9d9b99acbcadecffd7f870

SHA256
6d16ff465e3410b854a7a95acb1a600f9e653c3e86242b30b669971d77390d91

SHA512
a13cd1a1733de37ceb00a7498bcb3e6eb5225ee122c588f754530f6808c352ce045fc0e4509cc921dbe0dea07043fdf2b873b74245839a36574b83de714f6fd3

Download Submit
/data/data/com.jwbaoy.xm/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
512B

MD5
1377f0dcc7313f4ed50867880f127b73

SHA1
b9ecf6ea92739ab8737c275e1d66d9f473f5db68

SHA256
40a42fb483c4d543633677954b4f2370f34769ad5b8fc85e434dbbe28f7d37b2

SHA512
f94cce49528aebaf851eeeb66b4ee7e3ed4478af5c7fdc42c97ce032057e44e67f477b6b86832a0b5169029f515aaff266ef3704a8b63464c760822b85702806

Download Submit
/data/data/com.jwbaoy.xm/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.jwbaoy.xm/databases/bugly_db_-wal

Filesize
76KB

MD5
3a63fa5f2f1e1ed301f0d9cd8b3c0c78

SHA1
f39b626119a8515418d53a21bc396ea06acf2858

SHA256
aac2f3cd25c62c9766c98082e10166e35eafbf2d7ed69e8d9c3bb10d224a1413

SHA512
335d5689c8b6d06cd2b37aff24471b4eedbaf47f1275c66df158717b8f0447bccffc7b520847b4d0c01abbba39ee6a3b1a8875fc7921f314889caa3faf88ea0d

Download Submit
/data/data/com.jwbaoy.xm/databases/bugly_db_-wal

Filesize
68KB

MD5
11d5266c057f4f27676252537c9bf305

SHA1
803b930d48714e522132f875492f6812184b8550

SHA256
b23d8de6e5a1935b62c46161a8b7586e2439827f5c483c99487574f713253a13

SHA512
c10068f705725580e15d7f75b23c3fa88e81328ce12f02eec6b80df8ebf89295b5eecd9dcd37b9ef2d725d67ef3e51b9873d457b8770ef4c93800f6fb963a633

Download Submit
/data/data/com.jwbaoy.xm/files/jpush_stat_cache_history.json

Filesize
489B

MD5
b17983eafc54bd0c547493aa624bb749

SHA1
32634a214044a60cca22304acbce0b6c3cf6f153

SHA256
7637e9a08459215687716ed3193d15b67ce5633d3e0f7b17fbf4b2190d6cb58e

SHA512
207c7ed1927131c67820442aab56adbea35d5b15aa22951e0fd318488784f0612168acd6762386d9e39191d7da663ca75960c142f67c1e46bc914ac0d97de866

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
300B

MD5
5d926079003ddf95048849f7ed624c7d

SHA1
806d5963cf4a42bf1fdd720bae58ed81ee420bc9

SHA256
73d618f6dcff4253617fff72c416a331eba18c2e394a9a862bd08df9cc269569

SHA512
500094013bc8cab8e02e0f1163c32bfdfc3e0c899853d0bfe3ae28a0f12fd4834b92098b626e9de9cc0d0d728345259b2173e0d78d1289066f41feca439111f5

Download Submit