6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1

Analysis

max time kernel
2646039s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 18:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1.apk
Size

15.3MB
MD5

215034ea81518214ae34c86c7afb4cf4
SHA1

1ec064422beebf0e1d01c0115b78c71743055312
SHA256

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1
SHA512

951e1b678863cebbf567c1ed051a06000f097b454eb6bda4b624e92ac38cab26999c3e9f58689cfbddbb3230334b4dcdb5b2969ab08ddd6452f752d84246eb91
SSDEEP

393216:wQ6wxmEDeygHuabv9wP1V31E/6xXlb18u5lOVTU9wRZoERo:wcxmEehHzv9wPDSyxXn8u7OVTt/W

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.luyun.secretbox

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.luyun.secretbox/.jiagu/classes.dex	4485	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex	4485	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex	4485	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/tmp.dex	4485	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/tmp.dex	4544	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.luyun.secretbox/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.luyun.secretbox/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.luyun.secretbox/.jiagu/tmp.dex	4485	com.luyun.secretbox

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.luyun.secretbox

com.luyun.secretbox
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4485
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.luyun.secretbox/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.luyun.secretbox/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyun.secretbox/.jiagu/classes.dex

Filesize
6.4MB

MD5
439f6a37b69f69adda7e47c61d10c9cc

SHA1
e6778c9574459b13f5d2a1705169fda84408c2ba

SHA256
def488972cad642a88a80623968f4b691c6000f0dc24548c2726fe5c8070a672

SHA512
d3021d3586fd30e336b44a3ef69d3e84a952eb1bc71cde24305b67d95a737b3e7ebbcf5a76a976f38fcde76fa846b4452e971692efba0e57b4604888e24ee33d

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
1c60eb009eeedc30ed664abd5b60fb37

SHA1
c1e13ea5cc90c92f2cd4fd21d4a92d61a5c40872

SHA256
95a769115d0c4c6f191d331c666a148f1bf5b05a832a67dfe115b56444d5e478

SHA512
4e2dc50b3771413e5092de7d2fb7de94028dec7c6452d6644662ab02df8d7fa35524a581e46efc26149d5c91b731c1af76600b57579261196fad6ee000d50094

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex

Filesize
210KB

MD5
a82101e597b6e42a3524ad597ddfa5d4

SHA1
085f405ed768a1eef4f1b451bf9e90864b8952bc

SHA256
288ad666e23ad2465f1cbf42b005f7b58f9e1013d158e983a08d79cd9bc21f62

SHA512
4bf77e2975120683c45172063c9f232a9af3bc648809c828e19168292f591df929d720d530e680f4f552f41bff8da8df91c6fbf6af270e622b0ffeefeff8ef46

Download Submit
/data/data/com.luyun.secretbox/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.luyun.secretbox/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1002

Filesize
229B

MD5
4ef6cf3382efe9995b098f384543637d

SHA1
588d49ca8f57fe86dfd88b43777827eb6341d29d

SHA256
e43c75a57020b992a7fd14ebb7b735ce7d14feb94a884061371f94ed96f86e11

SHA512
e9c5087642bbe7099fafcc33155026c785a5d6c223e91c7d97e826e7bf373bf215c0afd52a1bdb2475ffa04a8f847ff04cb094f01ded4a18dc7d81b70206f1a7

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1004

Filesize
229B

MD5
1633451937958fbaa9601cc00c6d696c

SHA1
3f65f2a4864e1608c27ef45649587ac709aee9eb

SHA256
2ae4dfddffb2d2c6a5a7ec1bfcf7f7fd12609e8435aef098e0ef44b0e4ae33c7

SHA512
9eb4ef4c8373c12ad196e45c6e1433b6d78abcf80980cce90733529d451db8103d7062844c5ddf286f50670b452673185e743ec634e49b7ffb76514038753a33

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
512B

MD5
3513a9b7bbb794c6e6aa5de34a3e0270

SHA1
2a8e91758d77150da76faea070faaadaeed4937e

SHA256
4d6aa4c031cd0e1781346a1ad2c7adb17a5a09ce613f5aab5739fb2758f210ae

SHA512
0d8c4610b9f0bd09922252366b993277c6285a4d47e171040a7da025ff804390eeb8eb2ed516c37bb40d9b9f421638da1fae66cebae7237accf09a9574a8fccc

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-wal

Filesize
76KB

MD5
153c550e31654c812c90b3fadf54d3bf

SHA1
c285f54d4e4a80e8b15a8a4c1703d6bee2905d68

SHA256
541c84bc8faf84992a6e07350e42938a38cc17e8e654497eab660b3b3b077aed

SHA512
94218523dab6158007577cc23d3dd467ceb936c108a1500a5002d707177ac439d5489f9f4272775012c0ff78e03aa609e1b91742d17f9faf3f1986c39fd5c079

Download Submit
/data/data/com.luyun.secretbox/files/.jglogs/.jg.ac

Filesize
32B

MD5
8641ef5e4c31722617a5e059a72ccd6d

SHA1
1ac2de5ed37ba2542624ccf607f22b75310b37d0

SHA256
097a15fb4674a4f7f35369c33088d8993b93ef353e8ac739ebf3e1d6b75239c0

SHA512
cdfc43118eee2cc2ded6fd2fba6cd79a526ff463d65e5d01010108636ede00d31aee7a5606274596c158ff63f84616e8e4d3cb7cbc89d7c4b3eb299d2ee66115

Download Submit
/data/data/com.luyun.secretbox/files/.jglogs/.jg.ic

Filesize
32B

MD5
dfd337bb38cbe984fbac4b21345b2679

SHA1
ae4106fea1b7874df93548c04c3a3e951fb961ee

SHA256
f27441715d4d34384fbedd850c7984ab523981985c1a10f17c12762bdbe11bc5

SHA512
ffb8f52a56d142e5d39355144327a9524d1dd9a4052e098495116a6998283823796cdefbd39e30f5ada9f0d90982e7ae64c983b65bfa974cff4d6d8ba01f8d2a

Download Submit