5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8

Analysis

max time kernel
2573350s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
23/12/2023, 17:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8.apk
Size

31.8MB
MD5

fde8ac152bf3c97be84e20f631e2b1a3
SHA1

4bd644f9692ee9a89e08b20e5e02190e39ad36c7
SHA256

5c396b31f25c07be1e181aabbffef1458ef1b49f86d47d78c35455a27bdc22b8
SHA512

5cbccfc223623f8d7e9a95d3c3b8cd3597e2797b708d821bebfa4c084af029f78f33a72d050d3bffb31d4d22601e32a6555fbc791d1ca12fdaa8c7c20a731feb
SSDEEP

786432:7oh39x3aK1sJWGQ5a+YI2avI/98U+dagWGG:709cKeJWhaBlR+MgnG

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.hzpd.sjz

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex	4536	com.hzpd.sjz
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex	4536	com.hzpd.sjz
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex	4536	com.hzpd.sjz
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex	4655	com.hzpd.sjz:mult
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex	4655	com.hzpd.sjz:mult
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex	4655	com.hzpd.sjz:mult

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.hzpd.sjz

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hzpd.sjz
Framework API call	javax.crypto.Cipher.doFinal	com.hzpd.sjz:mult

com.hzpd.sjz
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4536

com.hzpd.sjz:mult
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4655

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hzpd.sjz/databases/ua.db

Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/data/com.hzpd.sjz/databases/ua.db

Filesize
24KB

MD5
9afe85b3ee93c9f6968df716ecd489e7

SHA1
0516f934b9f2ea8260409b1d8eacc5e656b2b750

SHA256
168c969b780bc44c92fcdaf8eabd929e0e18abaafaa06647155e6efce6d3f90d

SHA512
f7982b2870a44821945862f8aa160433d8516648492885d09130552c975b9eedd3a9de7cedf8d23b269a7eff0babd6a059a4150618dbc04970bf19e0cfb4bb85

Download Submit
/data/data/com.hzpd.sjz/databases/ua.db-journal

Filesize
512B

MD5
3506a140e5288279d934fec7552ffe98

SHA1
9556641f451f1cd4cadf305d89fa80acee8cc5e9

SHA256
07297a41d2620f627bc5c9c5f2e3ce0bebf971d2f3c40c57930ff63fe673f4d6

SHA512
2da9bafefcd3dd237c50aaca9176a09b9c7bf283bc194f48ecd8702f5a2f8e3a857604d6bde4c889637ade57e690f2c51b30c4833b48a3edf22390ab7d1086bc

Download Submit
/data/data/com.hzpd.sjz/databases/ua.db-journal

Filesize
8KB

MD5
d98c5d9be946ac8f96cc8b84b87e3a85

SHA1
2baa8af024e0c94d4abb49ceb740f363eac9b728

SHA256
a42682b7d702ee7c580ddce268d543cbd796daaebd7a4353884d4d469a9976d2

SHA512
590303e24f5da2904681d0f7c7a3751a61b96a7ccc25b396c9b930a8dde5c84fada83a3e7cab19c225831d2ed4f1ac5f6cd96eb10d864792dba7aa3e1f7c32af

Download Submit
/data/data/com.hzpd.sjz/databases/ua.db-journal

Filesize
8KB

MD5
759e4cdc7bccc3346e1200e7445a229b

SHA1
bae08f39fd071d645143c35450de049c79430639

SHA256
246cc4f73e1000bb61ace16e6c4fc063276e750b90899da01a32ac58845c9448

SHA512
078f5faecfb78e8ac24c30981afc954069cc068f2337abcbcb865a5c35560918fe0dc23f5adfa2c6565ea9ef4f71bcdaefbd5849e5c5b46d7a7dea77b9bec83c

Download Submit
/data/data/com.hzpd.sjz/databases/ua.db-journal

Filesize
16KB

MD5
f9d0140c9f3c6689acbf48e44da8d0a8

SHA1
f5f4ab3fa32e75ff7c68541c692d700414228a23

SHA256
655fc537f5031a3e06a95238da5032ace40d4a45185c26c840ba9c8c4e60bf28

SHA512
271fe0d9cf62c67a59c7eca5232129f12215c13bac7a2eacdd07ff315031f149488f3ee75ac24c9d21be99331a9fc046f29f86ff1a770155c0b12031ac99bf9f

Download Submit
/data/data/com.hzpd.sjz/files/.jglogs/.jg.ri

Filesize
307B

MD5
e3b1ab52bb1a9ed5b413e0f8067338b7

SHA1
80c3623682570f79e226a10274dff7c9a23658e9

SHA256
b9bb5e7a4253e66ab5afe7147cb87dae9da9ee6f5d46d5dbd1ad734f5ae1fbc0

SHA512
f577399c8c9cc1a0d8434bd4bed8907374019122cbf11b402bbd03a7c19fb97b6263259f4dc2758fc9112c440358ba6c196cf71e7b339a81c023130aa03365a3

Download Submit
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex

Filesize
6.3MB

MD5
278766d75fbcb32245a69ff2dd33c3ac

SHA1
cd3983566e0e3ada8c1c1e7374f36f8e577041b7

SHA256
5ebea6f34539858ee8e45fcdeb5456a8f5f34dc605cb8a428007ad513b39cb66

SHA512
8fd179d432c801f81e00d7fea0369b022ecc50f2f1d1e82396d4b8bce3915ba87de5181e984186c514e09ece5fb61879604c47d9b86d1cacc2bf4ada5fb43115

Download Submit
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes2.dex

Filesize
7.1MB

MD5
06668c7c2cacfc3cc01e4d86731d4ac2

SHA1
67edb7b5ca6628c989968b2add48ae7b53bea765

SHA256
8af5491479ff00d3a8a77f0ab15ef5d3fb129033752bf6c1aa3be0bdb910e70e

SHA512
58d25b459a407b59c5926bb9a0d9639b196ab53e6c7acca527277467ff1dde53127e7045f9d6d1dcfb3a95c84ddb479bef7d46a9ebe6123ca61aa3884a6246ff

Download Submit
/data/user/0/com.hzpd.sjz/.jiagu/classes.dex!classes3.dex

Filesize
3.4MB

MD5
69081c1200d824e0867d4f649ca5ab11

SHA1
a074705797e3a1ef0bb3cec6aea93941c5cc1293

SHA256
b63d9f927772f53a9d51ca99522143a23c3a31ee2eec9427a0dd49b6b13185e3

SHA512
5724699793287267a2cb5498c8cd5a7a8791fe52e8603fb1b597c5d1a5f84f1e3eca925e30ecb252f397f578a225cdd211116cb2f93f727993ad97af8d1aa242

Download Submit
/data/user/0/com.hzpd.sjz/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/user/0/com.hzpd.sjz/cache/OkHttpCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
512B

MD5
327dbdf4a629c6c33e954d2e93dfc65f

SHA1
90822c4f60c0c05fa1b04fca125390206c566d37

SHA256
56d29eca12fee35f00505d56ed402bf3a54f7553bfc2654c6c6aa1003312b04d

SHA512
6c0c40a67cda5c563888ef68ab2ad00c39943e9f83860765aed6f01e7215ba3ff9aea68087bf59eaa0b26323ffe667e4a8d2d9e92d6fff69f5438e57dc6ab85f

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
8KB

MD5
cf41a37083e38eddd0fa741e72572a39

SHA1
f21d7f3f6a7c715814fc710e038e95aeb0b1af6a

SHA256
6aa746e2671aa6a4282bb651ad5f238b7e8c608856d268bba1995f67c97d7105

SHA512
b647e8782b8b917dde4bc8f24396ab531bbf73bb9f8112f6274904da8afb08ea68ab75cc33df1d9635d3a3febb5b589fc843b75e40b39ceed8d26ddf7147c6c2

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
8KB

MD5
0935ce07007d50c1f2d8572269312212

SHA1
41eef2924fe2ee76380f9fe52aba1a307451f1b1

SHA256
68160a7c270c88beee1e34e022a9064453b47040bffbfbdf16a71968265e6cb4

SHA512
5d81a7b4112f77ec5a68bb34ccb4eeda8a8588d14414136bd6bc7efbfa239ea29f7f57e36b2e6c7742737f09bf7dca908fe4708c6504ab6fab0e7ad7a0ecab50

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
12KB

MD5
a6e2ae40f6846008985d624d7459c83b

SHA1
68e81539229fa008a633be6d83db77ed68e8a78b

SHA256
3093064b674d854413dc6905d68dfcee732efd30a9e6911e7bf2ef4532423479

SHA512
e03da9b8a564c3c46ddace2c4a8a7008ce125f6449fa42314e6dc7ff06bf06c7e57a0f013ae1b30e743b72928f36ea26f7e9ff7acda6ecfc069c2212480918d8

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
16KB

MD5
2831f6c4cc665b71489eab50d73b37ad

SHA1
a1aa6fb029c66c810182661a1253b225674b7bc5

SHA256
45b5e58825172cf24fee7706e2ce6401d6630651ad2ab27522d233e2c573e4c8

SHA512
ed2783096b5a0bd6e847ff3d9af1cbab9fd5f62548102b70ccfb6a73706f011f4d66dc68ddacae1ab015e221ace88960675b7690a44e1e266f71742a093812fe

Download Submit
/data/user/0/com.hzpd.sjz/databases/ChannelList.db-journal

Filesize
12KB

MD5
08510b892be4c77caf0bd3309b37671e

SHA1
89894aa448202f9cade94c0ac3286c276e39796d

SHA256
876d30d7b0bd54b838402758e5d7193bfa88ba8fc50972171e7d6d7f65d237d9

SHA512
5566920d457cbe2d36715a912368127e745921ca8b57370178f0ad49564e7de60a812310f3d04eb041a9c9506f12ed6e52502c624dcfa799c321a6434cfff631

Download Submit
/data/user/0/com.hzpd.sjz/files/.envelope/a==7.5.3&&1.0.4_1703380270609_envelope.log

Filesize
1KB

MD5
0ce5f5b6ecad959cfbc00e4a463350f6

SHA1
c0d4e86136595e9eab823efd3e4d9c27067cc66a

SHA256
145494b7059a3ab0eb63efcfecad242acb1442fdb2c1f6ac1036f11d117dd095

SHA512
bff4584b024f968f78ee44ecf8d441c9e0b1353645bbbcbd8e1a6f5c1fe36d599b2fc1809f3b362c0826d95f08eb68036c3a3589cd0951844a632c356bee4f93

Download Submit
/data/user/0/com.hzpd.sjz/files/.envelope/i==1.2.0&&1.0.4_1703380266510_envelope.log

Filesize
2KB

MD5
0231c6aa890b924be61cdab058a531a8

SHA1
a909d72b161e3a96df413b8492c3f988a74ff49c

SHA256
0dab376da4bb27abbfad1f0f63532890f5c3bf8161edee7d34c4081f62beaefd

SHA512
05e496161e51b391fca1624b3ecc7536abf489a655953b78cdf0e44e1b53a9752ea5cb0e83183864915102fa3dc272da9e6240f74a5a82ba7f095addf82ac04e

Download Submit
/data/user/0/com.hzpd.sjz/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
fe79d93d72fc52a446b00890c4ca1a44

SHA1
81cd59ba5886c59341a764fb32c78ab1f739fac2

SHA256
4c6400536660b1ff01cbe9f5c96cee8edc036c993850aa252a84d498554ae61c

SHA512
6c9274c1b077b465f993681f601421d7073304a89d072b888d7f8b01ebc3a19ebf58ccc90529111bc758b20c1ae8125a1a5fac85d810f743c9ba69112374275e

Download Submit
/data/user/0/com.hzpd.sjz/files/HZPD/3575610

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
/data/user/0/com.hzpd.sjz/files/exid.dat

Filesize
55B

MD5
5b3e7258cc4f48e481f8cda0adb2484a

SHA1
439fe9b0beec719cc61edc25c5eda1f187db5cf4

SHA256
0c5315f0416dc58e3fd8dbc2918f815df408bfb4c374683a1534007f6da25af3

SHA512
e9b2c767251cb98ad6d7c346f7f07fd1690a043dcfdd148bd36e4829b9148c26a2737e1233a9008d2e32898ac0c404fbcda6287b6c0de88cadd02c209863ec42

Download Submit
/data/user/0/com.hzpd.sjz/files/jpush_stat_cache_history.json

Filesize
174B

MD5
be431db4814e2a320ad16667a70321a2

SHA1
b099b5bc3b787749b3e005be091a44be1d83ffe2

SHA256
30f1f6e7c187799bc75fe37a64eb205004a81db39b7d3a5018edf1b7023eb921

SHA512
609b092fc0166ed7e5489f93453232d0f022f9622430f0bea2cfc9c1f4c08137f294beec53c76fd43307c7ad40fd583a3182609350b09aca025cf7fc08963a83

Download Submit
/data/user/0/com.hzpd.sjz/files/jpush_stat_cache_history.json

Filesize
154B

MD5
2911d6a41a5b01b859f00231ac606c75

SHA1
8b140b88575f08103c0ea478f2397e559c29f1ef

SHA256
fc712f3686bf022ac458720495adc6ca53d246b9ce1aec83bdfbd5baf061bd7d

SHA512
50e70818e3174b98736d8374aae97ea0d523ee38aad7f1a0a741a2d377b3bfee5c247345a9a0ff7e97b77bf34f45d0d59d383223392f6e926e2527210b888082

Download Submit
/data/user/0/com.hzpd.sjz/files/jpush_stat_cache_history.json

Filesize
328B

MD5
fbbbcca0bc5af59713dc58f93b3c5ba5

SHA1
90a31201709c5c01fc546116b90b060e3449f594

SHA256
18efc41d394c389cd59935d25026bf9ad8548375513dc839a571ee1c0fa2828a

SHA512
ed89e669f7f0ae7a17ab618d194320f7630316ab2787b80097685889895b020c2c92c6bd772edfaecaeb17e6bf13a35a360ee980a43616bc3b4a1019da34eaa8

Download Submit
/data/user/0/com.hzpd.sjz/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzgwMjY0NTMy

Filesize
1KB

MD5
8ab44ee16bc76e3253386c0f27887859

SHA1
a7150a0386c304427fe0e6de93f72ca98b2ac85b

SHA256
abc8c68cc714470bfec9616ee55f465a7a4ec2b7b6d420ef9b5db20fc51a25fb

SHA512
bde503b012dec2b37e92c35f711b834d35f782cabc8eb105272efec9a80db8a22c7432b54407fb2be18a3142dbac48ef152b2cbd4ce56a5d16b12d7e590c9249

Download Submit
/data/user/0/com.hzpd.sjz/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzAzMzgwMjk1NTE0

Filesize
1KB

MD5
a49a6ab2bac870ca68c70e1aacbd9614

SHA1
b44b7ffadfce95084548cdd176064fdf9cc541d6

SHA256
da8a5ef8d075ae91beecaf9e4791e6cbd663ac1e55dde991ac2b553ccae397c6

SHA512
3f6009e59b4b9a91ef182b9544ff829fe4538abe2a6ab0c077f4f024848c92b5442be8eed077fd82f69ee454fdbb0fc698b37518215a13e1ebbdafa6147e3f10

Download Submit
/data/user/0/com.hzpd.sjz/files/umeng_it.cache

Filesize
350B

MD5
019824861ee18b561519d49b0517d517

SHA1
a9bce784ae537ce684f230c943cbca61637fa309

SHA256
0470628fcf807c3243fcf776c599125a0f47dde0e3ef19ffb3fc910dd54d8e99

SHA512
22f7eee741f722a877cb43105e7cee9bd605ca18f392a528cb9c125119e4e9f9f34807b8d0470b230ae0b2468c3f156be9fc0a60316e2507059d474c52ee46a2

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
3ca5b4c9ebefebd394cc5694cc5d53b4

SHA1
da02fd61f73247390a576ea5ecb49471ca290479

SHA256
0c5a8297417a3941954bb4faaa45be8f0b00a4f4c327c955b6e581fdfbb1fa39

SHA512
fc6f61735db5e2b6f9460ed36464fc6bffbe443b6f98bfcf97ac7e99dfbb2adda97df25e34d8295537fcd229522290614a0fba7c990a4ed666dfd76cafcd3f45

Download Submit