50cc8805a9df2876db45f64d7eadaaccc104cde4a85417ad7d0a06e56e09002c

Analysis

max time kernel
2571645s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50cc8805a9df2876db45f64d7eadaaccc104cde4a85417ad7d0a06e56e09002c.apk
Size

20.4MB
MD5

3e4d346a26eef4769825054439bcd174
SHA1

6791b63af6a62a314a169251fea2ed95ae87e5fe
SHA256

50cc8805a9df2876db45f64d7eadaaccc104cde4a85417ad7d0a06e56e09002c
SHA512

388db8855447f71b1827c8f9becb2ba412fe0b430271a3778ad9c76747e8fb5f608146a87c2836b45dcfbb2898966b08fe9bfd1960e8815ce9fed9bdbaea830b
SSDEEP

393216:GhXgGg2wm53GPubed6KQBUPw9DQAyFOVvN8LA/xjoG8VIEz351RjbqBRRjXGBGgk:YXA+5WWbeopddBoGgIE7VjMpgTp6L

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.yl.edu/.jiagu/classes.dex	4251	com.yl.edu
/data/data/com.yl.edu/.jiagu/classes.dex!classes2.dex	4251	com.yl.edu
/data/data/com.yl.edu/.jiagu/tmp.dex	4251	com.yl.edu
/data/data/com.yl.edu/.jiagu/tmp.dex	4301	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yl.edu/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yl.edu/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.yl.edu/.jiagu/tmp.dex	4251	com.yl.edu
/data/data/com.yl.edu/.jiagu/classes.dex	4351	com.yl.edu:pushcore
/data/data/com.yl.edu/.jiagu/classes.dex!classes2.dex	4351	com.yl.edu:pushcore
/data/data/com.yl.edu/.jiagu/tmp.dex	4351	com.yl.edu:pushcore
/data/data/com.yl.edu/.jiagu/tmp.dex	4351	com.yl.edu:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yl.edu:pushcore

com.yl.edu
1⤵
- Loads dropped Dex/Jar
PID:4251
- chmod 755 /data/data/com.yl.edu/.jiagu/libjiagu.so
  2⤵
  PID:4277
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yl.edu/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yl.edu/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4301

com.yl.edu:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4351
- logcat -d time -s tag:W
  2⤵
  PID:4552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yl.edu/.jiagu/classes.dex

Filesize
4.6MB

MD5
ead5e35ed6963fa81993a71d51e42049

SHA1
90e471c926c4cd8b534336d41feca18ee12e90b9

SHA256
f3dd9d0515ee43687bba880203293a8684dd4bfeda25084510b2625b13f95daa

SHA512
c5d93fd6dfab08256e1715331b69a5b8bd551dfde018dc881d48246f3ae05d159a7a464adb220251b18e3347a906e49474ced4cd5af2236d64e4a533d4b1079e

Download Submit
/data/data/com.yl.edu/.jiagu/classes.dex

Filesize
6.3MB

MD5
b8905c0308faad5866171de87520c4f9

SHA1
8638dc5fe91e25b26358e6eccdb37e598f237259

SHA256
519cc87377087766997234b3a960b5a9f66e12a02a0969afc321d9ec65447ec7

SHA512
51bcf479e8fa2cdfee30460380f3914f921195eff3b8acfa482a41f690ac565854ec1de9b97faa6278afdb8684a162b0d3215ae8e6387a711c6a8bf0301b1c73

Download Submit
/data/data/com.yl.edu/.jiagu/classes.dex!classes2.dex

Filesize
4.0MB

MD5
48830e1f4e813a43786f8d05aa809307

SHA1
0084a0d408fc684ecef77e23e8f716551a1d31cb

SHA256
aa6c390fca0d17dc2b5fe21bc02486102d46d7efd0915918093b8c48dc342714

SHA512
6088d78262d913f908810197224f70deb25e6c59d312f5a6c19d92f53fc3874a64f9e2016159e007c5bbc34ff434dc1e2a98e287f24bbaf8d2a39dbfec48f701

Download Submit
/data/data/com.yl.edu/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.yl.edu/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.yl.edu/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yl.edu/app_crashrecord/1004

Filesize
340B

MD5
0135a299a70dd92fa32ae62b2edce951

SHA1
bc2662b882843f4a57227ceb4abcaa53140c9e37

SHA256
a333ba4caf53f9333611c56e67f6cccb952ac461e26a4129e8fcf47600d1dfb2

SHA512
e7863ea131c8283380c8519ce3db5de8aacc66c153e030c652dd39774160b9401b2bbb77c420b72c7233fd829c9b3671f95acbb920715be2d4dff3d9d4b9f019

Download Submit
/data/data/com.yl.edu/databases/bugly_db_-wal

Filesize
128KB

MD5
1f722be1fb1bd2a37dc259f716115335

SHA1
aaafd35517197c4d6381453580068f8b4522a34b

SHA256
77879c8bcf9316953f7f8433768b00ddf05aff362a010ad2419b5290f2e33c7b

SHA512
692d56d150dea34d5b7fb0909167f17591f9b10de0dcfca517de2fec6a1718b027512d81b2cbc6a49cd6a0d461917ea2cbb48f6e80d63f1df3b9d0f1ad080bcb

Download Submit
/data/data/com.yl.edu/files/jpush_stat_cache_history.json

Filesize
151B

MD5
ff4595e5d5816e5a64de59524b4faee0

SHA1
82aeae250c2b24ff1c8c2926182d6f87742ffee1

SHA256
aa1b9600fd8ce1bfe006e008dafb779b68cc7413c2812b96acbe5ca1742707ed

SHA512
681bb59074b6278d7dae10f0908b2346e5aa6c328dcbea0d477ddbbedfeca031431d5550c9339e5f7ca2c4d8485a93da57d3eccb27a543624d9798d7ee47076f

Download Submit
/data/data/com.yl.edu/files/jpush_stat_cache_history.json

Filesize
340B

MD5
891489f4001644d97ca9993d105059d0

SHA1
9a8574d07dec978a51e86cd9c5e3e2f80c9ed7ac

SHA256
086df143895dbf4e4f059613b8d1f1e3a1ac42f3188c31d04291ed5fa3b272f0

SHA512
3c7a191dbb71c8eeeafaade5bf4442c3144e2e1ba96d9ab3a9f33e934fefece7730654555a5752fca8a0d451b5f4618a7966b4dac53af4392be5034e8caf5679

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
bc29768f1cfeddda8e917f8ec863682b

SHA1
ce1d52f38a2c3b27788855fdc4418748be94cead

SHA256
3954b5337c05b52823c10f0aa5920d256f5ccd51a9650ff975cf15f4d1e3e259

SHA512
db5614860ad13e9ebc71fb0cacbb1da0557200ef3f8fa683277327d6a6085c113f5f50e6a1173fb4f6585626bd08223d6af284a21b981647ddce35ba8945ccad

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
5cb325581184101e02274147a7d52935

SHA1
26527de50d6e4eadfbb1fb2e7242149a3ec475f7

SHA256
32175f37d08abdf55ef095d13ca8d6a8f93edf58ca65c3fd357ddd25920e874f

SHA512
5b647c4c986eaeeb37942e5ecceb1ac380388f963191c2a7fdf88494ab5f12e184549cb85c9e02306a6e9b71110c18c8dd99a5dcd6d071b34ab8e3bcbc60855c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads