76e4cbd9e42a6c63bb769831bda898de9ac2e49b694ca080e360ec0aff482866

Analysis

max time kernel
2698669s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76e4cbd9e42a6c63bb769831bda898de9ac2e49b694ca080e360ec0aff482866.apk
Size

20.3MB
MD5

c2406d359917c70ced77fb6edd66e5a2
SHA1

2ed00d477ee97f96dc676e233bd40cc4429e5dc3
SHA256

76e4cbd9e42a6c63bb769831bda898de9ac2e49b694ca080e360ec0aff482866
SHA512

18fdfedb4c52c208a9bad4bdae1db6703f0447e232f843ca414a654bd99fac7ad3a079376f7c962d9cfaab096dd6d4bff7c6278740893f9a30d56126098a00dc
SSDEEP

393216:2DZ67NHMQHEGCkJrhsfReWY1pCSujV2YE0YpodJWFq6rp:210NsQHEG5Wf0zIDJMjodsN

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 7 IoCs

description	ioc	Process
Accessed system property	key: ro.product.device	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.product.model	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.product.name	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.serialno	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.bootloader	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.bootmode	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.hardware	com.tangchaoke.hrhj.huarunhaojing

Checks Qemu related system properties. 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: ro.kernel.qemu	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: init.svc.qemud	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: init.svc.qemu-props	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: qemu.hw.mainkeys	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: qemu.sf.fake_camera	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.kernel.android.qemud	com.tangchaoke.hrhj.huarunhaojing
Accessed system property	key: ro.kernel.qemu.gles	com.tangchaoke.hrhj.huarunhaojing

Loads dropped Dex/Jar 11 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex	4272	com.tangchaoke.hrhj.huarunhaojing
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes2.dex	4272	com.tangchaoke.hrhj.huarunhaojing
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes3.dex	4272	com.tangchaoke.hrhj.huarunhaojing
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex	4272	com.tangchaoke.hrhj.huarunhaojing
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex	4321	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex	4272	com.tangchaoke.hrhj.huarunhaojing
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex	4354	com.tangchaoke.hrhj.huarunhaojing:pushcore
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes2.dex	4354	com.tangchaoke.hrhj.huarunhaojing:pushcore
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes3.dex	4354	com.tangchaoke.hrhj.huarunhaojing:pushcore
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex	4354	com.tangchaoke.hrhj.huarunhaojing:pushcore
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex	4354	com.tangchaoke.hrhj.huarunhaojing:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tangchaoke.hrhj.huarunhaojing:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.tangchaoke.hrhj.huarunhaojing

com.tangchaoke.hrhj.huarunhaojing
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272
- chmod 755 /data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/libjiagu.so
  2⤵
  PID:4298
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4321
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex --dex-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4480
- sh -c ps
  2⤵
  PID:4510
- ps
  2⤵
  PID:4510
- ps | grep su
  2⤵
  PID:4556

com.tangchaoke.hrhj.huarunhaojing:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4354

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/.jgck

Filesize
4B

MD5
a2ee8498edf20f16e13bc5e15cbad43d

SHA1
970f6192e888966f15dbd7a5983e10d6a51b7876

SHA256
0b3b394fb5c5f1ea6c44bf87d24b656ad1c2271101360d1f84c6848c32dbe51c

SHA512
9030ee5a4995397926e8f23373a54c61dd960807e519655287d11d8e0f18afad87d292981b74660b77872768796bde5707da5754dc465e0d4b90388f46a4fdb8

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex

Filesize
6.8MB

MD5
df956abcd8184870fcd5c33c430618f6

SHA1
84b95123b3e378e8006bdd52276dd64c000cb545

SHA256
6bd55f6114a2a0d7ee2451b162ff717de2f87f5acf4d14e41a6d87cf6b4d0b07

SHA512
671501d20c54d0585d2192ef36d6043e720e77377c8989854f6f7f4ad221555e07876031fb202bc387a1db9f700bde0b92a304f844a4e7f6287a708ed2f46743

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex

Filesize
6.2MB

MD5
ddfdb2fdff82285f5526af3399b8facc

SHA1
14ecbdf7101e29bbc182ef016ec580aa4b20efe6

SHA256
261096ace3a6d394d9d727f4fab5a6238a59b0c34dc58e5bc0d82116b995760c

SHA512
dfa633e4d180b5546f152b7ba44f6821c877202d15369a5e494dfca303be1df7ffe7f8226df21a7144b03483ab2fd00fe3d0dc0c20b474885920dc0a544c6483

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes2.dex

Filesize
5.4MB

MD5
d58425a92fa6970b2446295dfe7a0863

SHA1
55f4e219e2c7c294a32495a45bfe1b022877bf12

SHA256
3c8d66accc9abaed1d8f65aa29222f23964c67e63951720edd8a4442a21b6e26

SHA512
e8d86ae9944c82d5521e768c8b978bef949c5178ee4b6970168de13f2e56696b692594d84d78940780e09950d6fb243e5fa781538d85b3c51c44e0fc203b3385

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/classes.dex!classes3.dex

Filesize
3.4MB

MD5
2504fb3b33cd576a8968a863951f51c3

SHA1
34fa9272dc244cfbe5117cc7de14f7f3bebf68e5

SHA256
3e3f5ab0c5cef7d019e5c25b3b94cb86af2596482a41f80e6ee3eaaa1e900a05

SHA512
012b34a2c2f5bbc95472bde22c4f4e70052c252c20cf4d0007a03c79542ed62fdbc4c1ddabade714e040b274580f5be30ccf519c8800d6f0a787433c8ff69a6c

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/libjiagu.so

Filesize
456KB

MD5
7e7125a1193cfa8a696c1b8a6d2a103e

SHA1
af193df6127a47f455ebb7d5b792d2e982f4e004

SHA256
707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681

SHA512
91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/cache/data/NetCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/cache/image_catch/00ffdf09b805090b34e395ec789adfa19118501b876866608655afb29cae0737.0.tmp

Filesize
26KB

MD5
9ab07a1697ff0d6c4f0f29d8063ff14d

SHA1
4cbe4dc0bdfeef8eca43437ffb4f3cc5f1f80153

SHA256
831fbcaa5997a3cd0c3005d4e1d98ec1551ae3ce9846773f999bf7cb1fc45305

SHA512
bc1998b4b4b5c3ea3c9527f6777792178f359cf257fac6543fff4869739b487b376f319d5e62cc3597d9e40cb14588c85a5bf5f2aa32b8826e70a2f03074fbe9

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/cache/image_catch/f7ce5c6c5759ecb878be710eb6152c76a653959e6ea43e332040e1930b729b0b.0.tmp

Filesize
26KB

MD5
5b25a58a0af8c8832b2f638fd8d6b335

SHA1
043f403ca3b6cc35998e5e314d694fd2cfd51474

SHA256
fd87220439e62d5307baa21d7db950fa0852672d3ffe54621191917040ef3971

SHA512
de493b36bb4026d1fc1907b791763fb8b6aba08ae17ac45bb6aa070b3f1693ca0433ed6fce2604827a3c36da123abe6e516556e2182c60c0b265e950c1a22ae1

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/cache/image_catch/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/.jglogs/.jg.ac

Filesize
40B

MD5
2c996bb8a9101491180de579e01bc89d

SHA1
127eb06b10e79f739fd984013b32dcc5f853b3f1

SHA256
a8a195a9c00d1ff2b0140694a38957165d9ca0790e144ee2098d631154ddf3dc

SHA512
4b5ea62c42b4ed875e56fe4c5ecdd38fdfb417d5227895362dfd1f0d787472fc54cb8767ede6a7eefcf4e6761547269d2d1d6e91b34e0aef0539a3dbbcfc4530

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/.jglogs/.jg.di

Filesize
340B

MD5
fd4b73cc00ccabe272d5dd6b5839e8d4

SHA1
66e58f351f93197a121a8490d5412f3a11cd9537

SHA256
ccb6fb94c2efda8398e500286d55b76d33f5a14a0100584812446e11ee118aa3

SHA512
20e6c88e8ea5f432b126063e50efb5a2b50a0869debeddefaa9be181cc3b92cdd6cd9e15cea3fa0fbe5c4c789f89507a0bc41a5aba5763473a4c7c7853ce9115

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/.jglogs/.jg.di

Filesize
340B

MD5
a6500b1fe47ec4cd0cfedfa50d9171fb

SHA1
27a4f79e0ba73caffd297c6d2515efe07694f1b9

SHA256
05ea94bb680a7fbf7073c2a40de9a00a5eb8eca996f247a825b8f302929498bc

SHA512
814cef624dad415660a57e261910ef9e0dba086e8f77f610d2bd000e2b5a387cd219c60488a3b4381991173bf2704657854d189a5c1d09c47f869297d226434f

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/jpush_stat_cache.json

Filesize
203B

MD5
1d806056810b4a89a262faac4bad1129

SHA1
2517fc98e172c197d135d2dea187a07632190bdf

SHA256
4b2755558c4dee40d20fe259699a3fbfc99c423b062740c0918d2d315726c67c

SHA512
1f8c497c9c1f93ee1880ca969a3c3e0412da6a496931e463933d44722fc2fed9522bdeaf2c4bed60521e9385d56f2075b406c0809df4f99065f3d8df42598af0

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/jpush_stat_cache_history.json

Filesize
174B

MD5
a1a94f7ad6e41222ec65cc20122b3761

SHA1
7f12a4d895f3a8071e8e1e7593a6f489cc874514

SHA256
85befe743fffa0ec7a930cfd0fde13a42864df00f5914373d76a8cc523f977ae

SHA512
3624b3d40411e28346edb089f3559cf1833b795a1763b5710fd5b8bdc5bc8c5b2d0722ceed7377b7bce9bbb38a6075b128ca86934e85350a8a843f1c9fbfaf0f

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/jpush_stat_cache_history.json

Filesize
284B

MD5
962d4989a1c8bea84087d005da606b1a

SHA1
1708fc1522f7bfe3b30d85d46c3e70a514c00c1d

SHA256
f32cdcb95c90fa0def7fc9ff5405c6500910cbeb259cbf788b192ba2069100cb

SHA512
ba2cf52030291728d5685fbc68838daa5b720c447444e9e7dac310988843dddcaba540cfedc86a00cef383c844b306964e646733cfc85facf5ad9cc332949cc4

Download Submit
/data/data/com.tangchaoke.hrhj.huarunhaojing/files/jpush_stat_cache_history.json

Filesize
363B

MD5
e97116f893ba944b11cd6756b10d4a50

SHA1
18e810880e34543775546b16d5e7ec93575ff5ed

SHA256
55fa7fb769904b8d84fe3b8720c3ffc9d3f122a2c2ea73e69ba5acfc15dc8108

SHA512
93130fff2538f9364f0dce38098ff8636c18839bd97a3e9848748d6023b2bd182935fc06a909bde55470906a023f788b8cca4cf19dd5f0107cdd1236d8d5399d

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
95d3b651762171b149cdab9e5f404e80

SHA1
3f91239b5bce731e4a96fdc7de04884de4fed4bf

SHA256
258a3baf5c59dae4e709e534efb24df1b86879b8867e2fa67dd07a213966d1ef

SHA512
0eba558c67e5644f72f78ad13b0c9b4ce8ed98e61b065b3ab620bb18ff3f2c066a7f851cd4208274a6d01f2a7952ed61f5658bfd19e930790ff662a9cd6af904

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
7582ee8a0cb3982e9625fdda47ba4995

SHA1
951d8968d52d55dbd28dd4fdb9435bf37420bb40

SHA256
dac952133ba4c044e00492173d63fefcbaca8f01968e22f0277ad4b3c722418b

SHA512
d5262eedc8e1392fec5831abd82181ad0048eb3260343a8bdfb6afea62c94782850b687ba0886d79f2453bbc384376de3f0b09fe771f306a63480811e4eda348

Download Submit