5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8

Analysis

max time kernel
2607200s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 17:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8.apk
Size

31.8MB
MD5

fde8ac152bf3c97be84e20f631e2b1a3
SHA1

4bd644f9692ee9a89e08b20e5e02190e39ad36c7
SHA256

5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8
SHA512

5cbccfc223623f8d7e9a95d3c3b8cd3597e2797b708d821bebfa4c084af029f78f33a72d050d3bffb31d4d22601e32a6555fbc791d1ca12fdaa8c7c20a731feb
SSDEEP

786432:7oh39x3aK1sJWGQ5a+YI2avI/98U+dagWGG:709cKeJWhaBlR+MgnG

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 11 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.hzpd.sjz/.jiagu/classes.dex	4193	com.hzpd.sjz
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex	4193	com.hzpd.sjz
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex	4193	com.hzpd.sjz
/data/data/com.hzpd.sjz/.jiagu/tmp.dex	4193	com.hzpd.sjz
/data/data/com.hzpd.sjz/.jiagu/tmp.dex	4253	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.hzpd.sjz/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.hzpd.sjz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.hzpd.sjz/.jiagu/tmp.dex	4193	com.hzpd.sjz
/data/data/com.hzpd.sjz/.jiagu/classes.dex	4303	com.hzpd.sjz:mult
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex	4303	com.hzpd.sjz:mult
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex	4303	com.hzpd.sjz:mult
/data/data/com.hzpd.sjz/.jiagu/tmp.dex	4303	com.hzpd.sjz:mult
/data/data/com.hzpd.sjz/.jiagu/tmp.dex	4303	com.hzpd.sjz:mult

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hzpd.sjz:mult

com.hzpd.sjz
1⤵
- Loads dropped Dex/Jar
PID:4193
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.hzpd.sjz/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.hzpd.sjz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4253

com.hzpd.sjz:mult
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4303

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hzpd.sjz/.jiagu/classes.dex

Filesize
6.3MB

MD5
278766d75fbcb32245a69ff2dd33c3ac

SHA1
cd3983566e0e3ada8c1c1e7374f36f8e577041b7

SHA256
5ebea6f34539858ee8e45fcdeb5456a8f5f34dc605cb8a428007ad513b39cb66

SHA512
8fd179d432c801f81e00d7fea0369b022ecc50f2f1d1e82396d4b8bce3915ba87de5181e984186c514e09ece5fb61879604c47d9b86d1cacc2bf4ada5fb43115

Download Submit
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex

Filesize
7.1MB

MD5
06668c7c2cacfc3cc01e4d86731d4ac2

SHA1
67edb7b5ca6628c989968b2add48ae7b53bea765

SHA256
8af5491479ff00d3a8a77f0ab15ef5d3fb129033752bf6c1aa3be0bdb910e70e

SHA512
58d25b459a407b59c5926bb9a0d9639b196ab53e6c7acca527277467ff1dde53127e7045f9d6d1dcfb3a95c84ddb479bef7d46a9ebe6123ca61aa3884a6246ff

Download Submit
/data/data/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex

Filesize
3.4MB

MD5
69081c1200d824e0867d4f649ca5ab11

SHA1
a074705797e3a1ef0bb3cec6aea93941c5cc1293

SHA256
b63d9f927772f53a9d51ca99522143a23c3a31ee2eec9427a0dd49b6b13185e3

SHA512
5724699793287267a2cb5498c8cd5a7a8791fe52e8603fb1b597c5d1a5f84f1e3eca925e30ecb252f397f578a225cdd211116cb2f93f727993ad97af8d1aa242

Download Submit
/data/data/com.hzpd.sjz/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.hzpd.sjz/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.ac

Filesize
32B

MD5
9a483378a6712a8aaf5df51f6b7d6756

SHA1
84f5aca18b58c31428dec4d5658516bb0ed1496f

SHA256
db0ee20d3e0ca71b1082904088e4de6337a8cf5ac6bb7ff1a24ca1db06119f36

SHA512
2c2574c9d9b22f7daf4fb4efd048faf506ead0c2222bad056f9f5736772422faa5caff5eff836e7abd65752bb906cc52a602cf249afce2ff87dfebac6443ad1c

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.ic

Filesize
32B

MD5
3a970fc998ec7ae0ef1f53dbfaceb74f

SHA1
fb834637bf384f11dd58e23a3b8fff837eb3ad13

SHA256
ed4abe443c9bcd0a48cd5fa20ef1c7f9fe36400efc373285a756593f4df1d9af

SHA512
9beb66d2047ff375bcbfd2acd56a236787a833eea5f7dc9248ffc1ff74ad72c5aa094fe4aa22bbe5d1116c53d2da33e67a05fdd8062e0322e0df8d76af2c153e

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.rd

Filesize
73B

MD5
0de65b996228b598cb7ddf6448f3142a

SHA1
373eba829c925de8fec4c1b980dc2f8b3fa3d40c

SHA256
e5c506bc51b9218e7aeaac063f5721069fc25052fdffef21f3fb4a87926592ec

SHA512
3596430e520e345db9026211b576dda99d667ced7a9f4fb45292cc564feac930ef54c4a42d9a5b146f38d56955c1d7202dab7f1a61419513bf236002fd7c0e39

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.ri

Filesize
307B

MD5
0801ee829ec933c8ccaac747c16646ee

SHA1
3f649d0b548fb8a6740386e2439e64f823c49b65

SHA256
3911b03a36e97cd223bc120852bc57f29bec65006f94eed6ddc2ea740c38b003

SHA512
6ff7586529db2ef402c6ba1250f24d0f583715e37336a27f07183ac26b0d9030d0c518cc498d5a1b439bcfb179c22171c511dc3a68f19a97eda2123f9aa245e8

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.ri

Filesize
314B

MD5
b33a95dadb6ef53caf963630af047175

SHA1
2a888cfdb08c2268f65a9d10085022eeec8b1eda

SHA256
d6150ab711d14987e9e94e0c50155d0a6a82baf63e6b667644bdde954fe44a53

SHA512
8e8e74403de9c7ce9ba0a5ebfe614a79140ad682f706e96fca444675baaf6c3e347419df61cc7eae92cac63ad526fe183085ddda01264b4e885091e4a53fb1be

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
448352d6c597c21d04a4b8b8f5acd7fc

SHA1
6a9a54a102835566072bca63fa60efdb752b1849

SHA256
c8eb1b1d3c7846cc1359987aec532e1070a12183301d1d6802d83640ecb93c29

SHA512
4a2910befccb2c77e3c33ec29d22538da389449dd9b9bcab02d709b8884b53ba83920deacd86300822479c65bedfe96529fc0312423a2d2a6d5c3507f779b853

Download Submit
/data/data/com.hzpd.sjz/files/.jiagu.lock

Filesize
27B

MD5
321bf89f0e882481b2d076659430aa47

SHA1
b906f1e315b63475a0ec653e3141122721fbae61

SHA256
68871cb18375ee445640addbbc440fd9f9335611fa29d9e8ca3ef88510b40f90

SHA512
2aba5cc7c2d470ac32140819f41e315855f3190717bbdb83822f315e2dd9af21207667fe05fc9c67a736950dbd27b156e5c891ed56c1c81ea4136f9715a0402f

Download Submit
/data/data/com.hzpd.sjz/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.hzpd.sjz/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/data/data/com.hzpd.sjz/files/jpush_stat_cache_history.json

Filesize
153B

MD5
532a6b942a0250a6f96dc9a726cc5c05

SHA1
b329d5131b9c3df79f2bb89dc06242fe5d0c8384

SHA256
81ddad623c8531714854a01d6285d888f692b664e00cadd1f7c3c7b327392dd9

SHA512
8056e99fb8155a81900ad21590426e285ad34b7062e71e5ea0c609280d68499d46c61469c7668191906841872dd58c9f383661e140ce6fc173b54b2f837d065b

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
146B

MD5
e306643fddf9034d1b9cbeeab206e99a

SHA1
be6d22d3e9c9a63bc62b596bb8cfe37618aa3a58

SHA256
43c1918cfb4474cae280902e3408e49b9e77df30c3ac2c91293b0a62cfee01af

SHA512
1f82d24f057ee2d1d4249d329db06c0b8337b271c8851960228f1fba1e14521c2c59db6b99f0654ba2e28843e93a4255e12fd9a6f006c23b1cef0a1c6f500fce

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
3b774ad141a1359d99b8e470bb9b9beb

SHA1
fab788891fa32de06e73be7eb1743ab11111588e

SHA256
88edb9d602001979b8d1cc1d8218317b7a7d6ce062991bbf2a082c24ad46af8d

SHA512
c371a13f333d4b5366d3516b80e9e4635012628269de9e620986db2f43e99527ebc0e5bf7c60518c0264cf641f9be0c3af29d27616591f05a7f3839722b5afb3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads