5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e

Analysis

max time kernel
2569270s
max time network
172s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 17:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e.apk
Size

10.3MB
MD5

1c8266a95830621e716abf2e35c07ce3
SHA1

8f73ef77621b164148eb13e6d68c2ee40878ae13
SHA256

5aadc77e3df618345ec73c71c8b00269cb81abd99f527f1ca5ec1bb90128ff3e
SHA512

2979e301b1357ab35828f948b5a89489796f2c62855df41ba18c96bac47212382b28e90b219d6ae1c0b2baa7502579221001cc50a8a20c4a8a64618ad6e79fa2
SSDEEP

196608:cMFrbvMXCOvFlxzK2UV2Ap2o8rl1TKxE69o3poFx:5LeNHzKhhpq51T56u3p6x

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.jwbaoy.xm
/system/lib/libc_malloc_debug_qemu.so	com.jwbaoy.xm:multiprocess
/sys/qemu_trace	com.jwbaoy.xm:multiprocess
/system/bin/qemu-props	com.jwbaoy.xm:multiprocess
/system/lib/libc_malloc_debug_qemu.so	com.jwbaoy.xm
/sys/qemu_trace	com.jwbaoy.xm

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.jwbaoy.xm
/dev/qemu_pipe	com.jwbaoy.xm
/dev/socket/qemud	com.jwbaoy.xm:multiprocess
/dev/qemu_pipe	com.jwbaoy.xm:multiprocess

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jwbaoy.xm
Framework API call	javax.crypto.Cipher.doFinal	com.jwbaoy.xm:multiprocess

com.jwbaoy.xm
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4643

com.jwbaoy.xm:multiprocess
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jwbaoy.xm/app_crashrecord/1002

Filesize
8KB

MD5
b637bfb279456b3e936a37d5a59d70fd

SHA1
aea23d71fd7b978aab4dc9f009e646cf91a497e9

SHA256
ca59f4d91edf71d2555022784b1a1816139d16266810ef92a76116fefa1c6d80

SHA512
37bb6d23ada4fd8c224186bc2db507963d1cbb205918915cca4bef00614ad83534d4186ed0b163b2ffc9df6955176d8952effc2c81a8dd3085a7ee2afbca610c

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1002

Filesize
8KB

MD5
1408be0b41be15a5e77a00cb67fa69ab

SHA1
81ee2b28b9fbd7165538e354653840aabef7b963

SHA256
b6fbece915e3ea7b0c8fd532e7a1377fa2cda56a8170f74944e3df49a9ad9428

SHA512
e4267155d4898153c969c6e46143ab2f09d4fb636c28a5fb9f909f8955bda0fbaf2d3f8577ba8e11bd5508de52cf0e9f0d8ff6f8085457eddc91ede6dc15fb3a

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1004

Filesize
221B

MD5
038395c2dd743c24c0a79dda0dc4b141

SHA1
aea3d940ca0b7dfe027eb214c54970b6b570de8d

SHA256
d5a4f2ba53e3a05a05af20b833209b699da3a3ea2e31d2795979625d33615585

SHA512
68d331c37d291f5b2a82f59043b102f05f5c8d47b3d461dee795ff9ebdf7668ce88aaf69ac89a159289a7416b6c3a783820168c61d0b0b73f825348f9bdcaf40

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1004

Filesize
221B

MD5
222f6ef705d4e260e48f3918e5a60d83

SHA1
923ef5e090b85a4e5a52349302fcd279796fddec

SHA256
5386230873e450034d1e78c17332b42d25a42aa6280fa078c09569d2d8272533

SHA512
21bb53cbfe76085238571e204c2137774a53dd0c68dcf12a4d5a6452db3cd8503e7931f46d16b62891bec279f3ff622672aece044bce3f7596200c32633d9a2c

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1004

Filesize
52KB

MD5
9b1b30b1051a1cd8b9a0ad29dd452e6e

SHA1
7f05746634cf0d862f11bb02a2c725bcb66c9d59

SHA256
bce9cbca4c35d183fa51914fa4b6d3c27b990286a6e627ac38817fa9eb830552

SHA512
4096a73fa0e959643bc68510264c9b4e342ee239adea3cc84706541bc93c6e082fc42c445419c4503e6c16264acdd875c88402caef4c574d7a789c8f00fb4230

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.jwbaoy.xm/app_crashrecord/1004

Filesize
221B

MD5
d44918ecfddab983fb667b123e5cb6ea

SHA1
ae002072ee92b6578bad13a88c9da7accf4f960b

SHA256
b9d269db3a37aece2f520625c60d3e85579316742392cb1ddfb3e9d28e23087e

SHA512
d79cd30bf5f0746027c156480daf507d7c5d43ee4742e88cae1f4a497f9312c244f35da8b933da562f1264e32f0d2c123b6e477ae13844717b3d136511216b48

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_

Filesize
16KB

MD5
286fdf328585f057a760cf1b3cd47aec

SHA1
bd6c049bba77c479f5c0c73fc8cadd8a59ed0682

SHA256
b8c5d3db7d09b6d4e6dfc09355600889b8f694825aea4a19bbea84430ea27e9a

SHA512
1f9efb136c99b83c36f608d27bf5592d96526fc50da2b68428783a23dc74545cfccc62b37cd0610590dd6496e87c66f14dfe5c65831b6c6059dfb7fa96386c01

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
8KB

MD5
55e826173358749ba31db2c4903e41a9

SHA1
aca20c5716fc8cd86598400a02661bcd1743548c

SHA256
50f951e6516efcadae7b90b47c6192da951127cdc8dfa3988864ac78e0866f39

SHA512
1981ce1ba2496e2f110e575c25d825eb7f4909a0929de68581079dee7258f3c468e9b03bef5cb57e1eb162dd25e2e072f0bd8c6a90f9d61429fa6d4b000469d9

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
8KB

MD5
e5c281bce8c98dfe007922e541c9d7f2

SHA1
3781236a74a93a8c6146c6f803d6be60c43a19dc

SHA256
6207561f7526fac31f107412967d302595147322567a90679adcb849937dd075

SHA512
86bc402badc0805ec734f998f3c097562c9bb7fbd4dd9e954dab55d0a826d31fc53610716516eeb19eba36655f6e1d5741b1f969caf1e0eb99f38814cc8eb9b2

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
12KB

MD5
ac7cc8d8973412f7c289f7b9f71a937c

SHA1
80361841a1429c96d3ed4c6c6a03120bf5133799

SHA256
c9b86394caf10870e485e4705c76d4155f5208863ba4ad4bf6091db20bdfd0ab

SHA512
2111181befce14dd635a1226dd7e1df57d664af5b63440d3ec0034bacca0122694f7338af1aa149376268b3ae0d1b90a182de35b8c2a83afb2a5bd38d1a4ada8

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
8KB

MD5
d59dbc692d80d9c644f12dd4833c8fd1

SHA1
01e5cebf1b4ea7c070537ffe42b1023d5c73c4b8

SHA256
e06c396c9dd5fb599edccb177c746e26228b93d478e1765601c19490746e60b1

SHA512
acd8e46c1d5bf3632291e4061dca4d71044d8d2f051cad06b2552e7fdf0eec63c3f7b356607c95025fbcc2eec6e71ca35f236b8181a5aed0e1aa881c976d5c0d

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
12KB

MD5
d9b69e74cc38bf9076dbf08ac8f9875c

SHA1
a4d5cfc60c4d7123bff315d91a34b4dcb325ddb8

SHA256
0f23de037ab90d9e29d78adf2e9c497ea96fb926c2cf2c75a289ac6f0878aafa

SHA512
4e8f89290e34bb759fae6d86a1213fbbaf8a0cb51128a3a13f352f18fcb7012f78f591439e77bfb2033728b6edb55c373acf539c3e77a603abbfdb203d76ac47

Download Submit
/data/user/0/com.jwbaoy.xm/databases/bugly_db_-journal

Filesize
8KB

MD5
2805106d9336d3c04c23e730cfe6f276

SHA1
0d6038a7135e409f49a1b3a207530df521164a25

SHA256
c49f8e09dedcf75972255570f2bb20f64d003872ca775d12df5718c156b6aa32

SHA512
0d748011a2824f1c1c02798d4248282c27cf1d3c435c2110a4f6fdb8e77052524ba04dd64159fb2d096fb30659d1603fd7c922ea9f0e9702769138e0226f0431

Download Submit
/data/user/0/com.jwbaoy.xm/files/jpush_stat_cache_history.json

Filesize
301B

MD5
c7e5337e4edd2b847b28dbc4b88f4fac

SHA1
4683478bfa3dd006f7e16edc6352146b5d1a2083

SHA256
f5068ad8fb99969470d0c060797a6e7ec5df25d8c2d56ac0a494bd41965f9ed9

SHA512
955f4d0f23c943ac938f9ca6515d01914df2e71ed5b8edafd54991118a573d0ed7ed6fbe268f550a8a741e79f55a3eb07e35a018f23e1ab523da00f306a2ad2d

Download Submit
/data/user/0/com.jwbaoy.xm/files/jpush_stat_cache_history.json

Filesize
8KB

MD5
5a8e2a7ec2611c2f6870b5d9d8faee38

SHA1
99c073379a79d3b987095c0373d69abba7717828

SHA256
ac4da0cb5c46498623a4cd83cc57e7292cdac0b8f0e25781881ead3563533f28

SHA512
2934f690b43385cb02df62fd9f42e42c690df543c86ff7aec47b750e1b4ba45c8846a8348ec48477b30187a7087d3bfb17c4fa9344ea6add59d8d4c8d440c6d4

Download Submit
/data/user/0/com.jwbaoy.xm/files/jpush_stat_cache_history.json

Filesize
174B

MD5
9692495793120e0ef7602866ae25b430

SHA1
17b83dfe966e51edd7a7c850fcfa16a13d439be0

SHA256
154a1656b1a02f06106fb2a5eb6adac53fe276c601ce5dd90e700f7a31f446b3

SHA512
995ba3d4eb4e6f2c24b91bc1c8b75ec168d1d2d4462832870a9f8b981c9a9ac8668e801df767ca71a50eb171ed1f48c6623c22d02b913b18ca111c5a7308f6e4

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
0fc12ec5a4a4b2be9af4dac37dd07004

SHA1
38c5b355f7133979874080b560d22ab7d7a85313

SHA256
9221acea505c0824cd383a127c8c5d34148f6967546121fb9f3b3e247713e9f2

SHA512
171e54ee309894a14fb1d61f6cfd4ed3a9035fd4760223f5ff7b0ef000005e7ecbea1f2e17544994cfaa98417458d13ecbf11eb0a28e6683993e906db1df3c40

Download Submit