6a5ee29a664cdf3d44545e487abc2aa395e7dfe4857a1d0eb2109dcd920eaa4a

Analysis

max time kernel
2644297s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a5ee29a664cdf3d44545e487abc2aa395e7dfe4857a1d0eb2109dcd920eaa4a.apk
Size

31.7MB
MD5

119bd65125469956a451706bbc38e70c
SHA1

667a4d29d9d70b44e2d3cb1ac982761b7c5c1eb1
SHA256

6a5ee29a664cdf3d44545e487abc2aa395e7dfe4857a1d0eb2109dcd920eaa4a
SHA512

73242846a73bc81f20db59f2dc1c261eef10228314c4d3c64a3a1d052b380ad2edfc1cbb4285ad9d0d301cfc5cdab19d3aadb0e856b105d58957dd98279174ed
SSDEEP

786432:LYNS4kCQ2zDnbE6DIBGljRq8LyRqQHwaOzicc7qNI:LT4kCn/ngaXjRfyRHbOziccYI

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.keisdom.nanjingwisdom/.jiagu/classes.dex	4269	com.keisdom.nanjingwisdom
/data/user/0/com.keisdom.nanjingwisdom/.jiagu/classes.dex!classes2.dex	4269	com.keisdom.nanjingwisdom
/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex	4269	com.keisdom.nanjingwisdom
/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex	4317	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.keisdom.nanjingwisdom/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex	4269	com.keisdom.nanjingwisdom

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.keisdom.nanjingwisdom

com.keisdom.nanjingwisdom
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269
- chmod 755 /data/user/0/com.keisdom.nanjingwisdom/.jiagu/libjiagu.so
  2⤵
  PID:4292
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.keisdom.nanjingwisdom/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4317

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.keisdom.nanjingwisdom/.jiagu/classes.dex

Filesize
3.3MB

MD5
160b9dcda98cb6267cc225a9704c8ab2

SHA1
978a66edeb266338515f5abf9b9f2255263470b2

SHA256
f8a0e8a1c4bd689454fd02b410523b096fed073d22f4afe7e6e52c2b276ab6aa

SHA512
8a913dc42cd8a63d7abee29cf09782ffaf703c587de595967ed649fb016bc04b436d3a6f2cc1a7be73e4f34cb4e5a7520aef34a5c8b8a7936aff4f203677297f

Download Submit
/data/data/com.keisdom.nanjingwisdom/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.keisdom.nanjingwisdom/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.keisdom.nanjingwisdom/databases/accs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.keisdom.nanjingwisdom/databases/accs.db-journal

Filesize
512B

MD5
a42b382940f686f6b2a90e5e5b66568b

SHA1
13b5e27cd05335c691370bfd52c8c92b867e63b7

SHA256
7e85ea75192d59f043f3e097839b623648ba207bbe5ffeb1590f4152f0620338

SHA512
3b764054d3a64b231c365327a46f6c91e83c7755081b72912dabb4d1982fffda16a648e90a9addd05e885c4280a7c884cd0d17fe282591afa93bedd5d08d16a5

Download Submit
/data/data/com.keisdom.nanjingwisdom/files/.jglogs/.jg.ri

Filesize
314B

MD5
9d4623f3e88d7a64c9173409a64edacb

SHA1
66dd1f67e23eb42321d9ebd62ccfe64bc2923a0f

SHA256
5430cd0768fcadaabc3ce47eda9270ed42e27aeb3d9dc5a4d62c9ac625f34f45

SHA512
63f7b10d4ff6eecb2df7b235b873002667346788e8c668e2a11fbe516fcd609a548672651680aabacd69a84b4e0cbe612e383a293e0848e54a542e91102f741a

Download Submit
/data/data/com.keisdom.nanjingwisdom/files/.jiagu.lock

Filesize
27B

MD5
c1101151c22f142104307e37b2a286a0

SHA1
4df619594277c4b71d05ee3bdf9808c2a46cbe8d

SHA256
f6f0727beebda04e747260747ef3bfa6e3504263fbe7b3c9575db3df49fbb9bd

SHA512
9740c89ea2665e63a71e2761a6671002dae8ff2d2e9d3a50c06072d74cfa4abf15c6b2470ad593fe7cd7392070e942f10464e864dc7bef97676a0e980e81fde7

Download Submit
/data/user/0/com.keisdom.nanjingwisdom/.jiagu/classes.dex

Filesize
5.7MB

MD5
843833d5acd1c01a0711b4561c2999f2

SHA1
83307ebaf6e9a125b71bc832f7da407a3019797c

SHA256
32f03ffb11fa0c7bfa3cc3a3cc736d0e883f941717ee73ab2113411723e08262

SHA512
bca96535ed287244d8027b2dc88a626ed58692c85329bc86027c8e1999175e61e27d87d58101e2f7ec133e646328478f099e4439cbf68e0d8cdb7e202365bdb6

Download Submit
/data/user/0/com.keisdom.nanjingwisdom/.jiagu/classes.dex!classes2.dex

Filesize
1.5MB

MD5
4adae9c1dcc79004df1b76895cd7d9ee

SHA1
8102077e8114ad7b9c1e8c351336ee38dd75e726

SHA256
e62be2105eb175ba444094b032ed54660347ba15578cd4b515cd36457a71e2a1

SHA512
a7455faf38b0866014d4de54d202855fd35a83fce043255e9fe1dde98d28854a5957b9e92b5374b8c43b2947cf49a4d3fc76b07761f180e468c2b835e487a967

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
df3211918035080b35995762336b9137

SHA1
205a785b58130b95f54ea4adf28d2484abc4dd16

SHA256
a4dac42d591d1158350ef62b73e02c758d24a26baf85b655cf3be14a76b7bebd

SHA512
b8d8a5ba18b4ddd22723dd2aa7bbc64e8a718a41b2beb9d0efdadda4ef7f9e93643b6ef09e9eae24b25fb6780f9e0fbaba638fc4c035e5c88019d97fa26624dc

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
1a1f3c59bb28cedc2c0fc776a4de28ec

SHA1
0ba6157b8afac00cbf7d1c62f9babc515798a0de

SHA256
6d1f4c7a8aa88e1f6ada881eb3d0491069d759b8e8ff29e99ea3555afbff14d5

SHA512
398c0009636e3ec50e4de764b6b01a7d8b36fd3cbc25c25d3e8137f0cbcc27c0425606c33df754826c801779052289168c01609e0fbdb08a328cb20f5c1830eb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
e6d92cd0356e42ee4af723d067ccce6a

SHA1
c3d71ea3fee958dd998cc5ca6af4eb0fabd46ef6

SHA256
2588b8620ae95fdaf0982428f78bf0f08e99ecc58502331e691b45953ad92b31

SHA512
6e3e48d639f980605f3b4ad72c5b68eaa16df29bafb87fadcc22200bd4a0368659430bfc4ecb584e08bf2ee1f75f952147a1b0aa7262fd81c9cc3d78dd80631d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads