54a2cecbcc5f5a4a53093c34662d5c9f2b2e0bd865df56755ec750a6d8de724b

Analysis

max time kernel
2604359s
max time network
144s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54a2cecbcc5f5a4a53093c34662d5c9f2b2e0bd865df56755ec750a6d8de724b.apk
Size

12.9MB
MD5

62732f6db5aa874061dc9977cd62e790
SHA1

6b138f091562c0a07da5e240d3f749ef4b208b4b
SHA256

54a2cecbcc5f5a4a53093c34662d5c9f2b2e0bd865df56755ec750a6d8de724b
SHA512

251f3c31c83ac37c0119e449d5819da023231bb6bea9d9607a1bbdd05664a2e373b7b92213cdf338a5288501b9e45cf98239ebdfcfe5cf8b1c662a49d8ffd272
SSDEEP

196608:SMGPU6IxYZ53u33Ajuh8Zl0DAsMy7WRBSHD9/434QkFyUUzaRRFytWvvKr:/GJZ53uHAqh00D4y7WqHJw3zpzoTy06r

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex	4212	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex	4212	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4212	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4245	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4212	com.lushi.zhuanbao
Anonymous-DexFile@0xe6400000-0xe640c338	4212	com.lushi.zhuanbao

com.lushi.zhuanbao
1⤵
- Loads dropped Dex/Jar
PID:4212
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4245

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
75d46252620a12dd7343e91c8ba209bb

SHA1
6615b67e21963e5689685f8494f442dcd729d4d1

SHA256
c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71

SHA512
9ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8

Download Submit
/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
4e93a7a07efedcc6e3c741526d2d89a7

SHA1
e25833d7a51783c17978a7c5e7953d7cf1df80f5

SHA256
26fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e

SHA512
94a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex

Filesize
5.9MB

MD5
4f32113d809dd75b14e5667c8f45e6d2

SHA1
ccd07779536ac42369fedd9867b6171acaacb706

SHA256
3b6fb7085882bf08371c6acd9390725f0b536a64a45225d26e6cc54d70ca1cc1

SHA512
18fcc76d8b8953b04c00668bfb9d8341076edf3acdc008b92080fbd9942887550d2294a9278606da89c656147f5b5b42d9bd84d058707cbd7acaf02173d41466

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex

Filesize
5.8MB

MD5
0141652b34bdac808871b61f484a565a

SHA1
5bbc8bf7134b6f68f6ce517884dba68922a420d7

SHA256
b417af1130ba5bb7e14fa4aa513e6bda377d9b8d236ee662be29047d2f1ae94d

SHA512
671a30df30b4349236606fc33427afe3fbcc8cd53b0bb895bc58328f93df3187f2befa9fe9ab2bb2af9d38a7f10e25ec354045e9ac06badbd484084db259b02b

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
512B

MD5
df052130f3366fbcb7a1440b5c2a649e

SHA1
18eaf3d1456147eb674e3621d267591ef570b6b6

SHA256
a94e1b14f5c75ab1734ae6ef9a31c9b87a83996c6402cf2b3b8004b48bdf832d

SHA512
64661466e9eda9ead49ac8f3bf9647589d055e84ddabdf3fdb332ca65fd8a6a71b1462d8acf132d253456f4ead3692f5de3bcc6af7ca40f6deec0cc99887c058

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-wal

Filesize
32KB

MD5
a301f4cc7f034c39b39dff7e0ac45f5c

SHA1
4661543ee5fe695c1342ba2ac56d3bfb3e40ec57

SHA256
47b52194fca35599ad20ccb0148b92c00a5cbc3ac477cbf14e8a4b43d872720e

SHA512
9edefda90f80aea53e9ee86ebc9490f828574c8d0e30bdaa15d26f0dd80b81852b741d4a0353e40a5453045eb23c3d488fbaaf66288d052d8fc3571ba185aa31

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ac

Filesize
32B

MD5
b9c64f04129ffc89111b5e5d879dc0d3

SHA1
7fd48d28f8720e82108283d95d14b277731825a1

SHA256
9261dcf52bcb9f2c8cbeebdb93f6f6d1ccecf1da6a5600d06afd3c78003ad89f

SHA512
1c3c28f3939fdfb3a06729c5d9d77f1c7a58b8850abbdbf89ac2eaedebcccbef5db1804ac07ad56224f9e060b2f2eb7e90bf7b450b89bd4bfa939646237ec9e4

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ic

Filesize
32B

MD5
c45c23630cfcf468ad03b4e9877aa5f2

SHA1
cf30d569f48cdca48b50e4081915ea9fb9afe1a5

SHA256
db2142b77a6511c1f110f2e65c5b13e8456309d106e33b99ad7a7e3eb2f9fdc6

SHA512
a17cb02f69eb27f0ff3215380b398f8f16c8f3ea9fb787a5004ab6fcd0263fcf819f8e8fb19e8d529fcadc57b190f0191ff1c3ae4da5ed03316c29a5bc63dee2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.rd

Filesize
32B

MD5
1d2ea4b5d937561a94a9a3a39976081a

SHA1
6e745905dd297b4ac6b2d423777e84cba406bfa9

SHA256
472d7e167a6f26d7223a7ff84053df9b1d083484ba1299223551bccb31ad7537

SHA512
109deed33298ff01e28dc7d44c04eca3dfbc94c1a7ed034920c60be4ab543f501485f65e9a963857b3480cb85191ca6714a8c94c5f7a619733f9e1e1e99fb224

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
314B

MD5
3c6b90f35fedd0d6fa3000e87f1cf267

SHA1
a7ea013055a0ee05662ea04b79685fe3e517f1c8

SHA256
382001f8199782a89b9a304c9a6f548c4d592d534e84fcae17f4381e93fd5a68

SHA512
0e8555d5df24a7b7c125a6f22cbee55c682ef9dc4941dfb0fd41a36093775cb6207d79da0b85c9ef1d50c60619bca942c863cb2d3abb8f0740bb6302a6e7797d

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
cf93e10eb08b843ef872c47bf8633f27

SHA1
8c644588e2a5578043fd0bee2d90abb791f8ef9a

SHA256
3d9d5677105d3d26a6ccaeb1ee28eb3371dc5eedef11cb3d0de0329e388b9776

SHA512
09df9a5a9e791ad48df6d1df6fc7eece861fdab5d4fbbaf1572b59cc6fa799db9ac2b8ac3177d7aeb4d90d0e04607a5fdeb5e1918c83a7061f522a57895cbd28

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
f1676955607b7524940bc92ec16fb07e

SHA1
ecaa680184c5452511977430f394ae2a2743c5d5

SHA256
7acd7d864a88cd27c7f582ebe1fffca5fe22a44a97862ace90350e1cff98aac7

SHA512
050bfc3032732546a003fa4edbb37c18afe15357fb667e397708e2b1187c067e7f9f85a1de6c62faef6909d865d5a5e5a016199974206a1b2deee6008bedc33f

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
5007307710aa02ef54e9c52620567eff

SHA1
e2c9146571581a3cd686689818e1b00a14d61c32

SHA256
8f7bb88998b3e94f74ee7e3b2fcb85b218fc76dae157dbdf351c0f6345a10c88

SHA512
6f456322312bf236786b003fba4c2580aaf93569f17d985b57a1486f90cff86ebba708f8c8edabaca82b48425ae07a5dc702d2859af7dcd6921fbe577c2f0d6e

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
ef5deb235397f07548506e64c37f7677

SHA1
00b24a7cb177ba9db01d6636058c72477f0bd7b9

SHA256
af7b021d73886155de7f474f254874043c81cbe14983c6340dee71714ac23cba

SHA512
76ea307987f6e0c8c9a03bdea8a32c9b93f44f6a8de6891aa6ffb3e3a4590d6ded4ebffdc98c3fae2edca7e1ababd44d5dba5996a19d7e60125fd6c28f673be9

Download Submit
/data/data/com.lushi.zhuanbao/files/.jiagu.lock

Filesize
27B

MD5
5d8945216ea430db1f0c781d9c5a766b

SHA1
818b4a7829e5760bb8dde9c1122c182a2d43715b

SHA256
13b6bb247406691dba390c0b61b60ab3a25da8051c27d8c1ce1dca9bfc099ca9

SHA512
0bde5cbe20bc97dc89583b0f28f83664562561b07913422d8856158e7b49c817bf75663c28955dcc72b7e5569a4b2e4cdf4b3069b01a8636dc27d7da86132c22

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
4e69a6d82b40a0b485ca65fca34b56e1

SHA1
67dfd76824a10e9fd45313ee44eda4b006a3ceb3

SHA256
d0ae09773d100b24e6ae073d2228fa6f9f1c9716af453ad2f128bda68333c18e

SHA512
a91105c7f145e30968230270ee2c31a7b4830524d7a829d78eb94cdf22197bc05b29aa8190e3d01b09e0789390163b555b4e53d6129726c7bbab316c85c93c0e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads