6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1

Analysis

max time kernel
2593875s
max time network
157s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23/12/2023, 18:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1.apk
Size

15.3MB
MD5

215034ea81518214ae34c86c7afb4cf4
SHA1

1ec064422beebf0e1d01c0115b78c71743055312
SHA256

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1
SHA512

951e1b678863cebbf567c1ed051a06000f097b454eb6bda4b624e92ac38cab26999c3e9f58689cfbddbb3230334b4dcdb5b2969ab08ddd6452f752d84246eb91
SSDEEP

393216:wQ6wxmEDeygHuabv9wP1V31E/6xXlb18u5lOVTU9wRZoERo:wcxmEehHzv9wPDSyxXn8u7OVTt/W

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.luyun.secretbox

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.luyun.secretbox/.jiagu/classes.dex	4993	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex	4993	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex	4993	com.luyun.secretbox

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.luyun.secretbox

com.luyun.secretbox
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4993

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.200.8
DNS

android.bugly.qq.com

Remote address:

1.1.1.1:53

Request

android.bugly.qq.com

IN A

Response

android.bugly.qq.com

IN CNAME

ins-9fciednc.ias.tencent-cloud.net

ins-9fciednc.ias.tencent-cloud.net

IN A

129.226.103.12

ins-9fciednc.ias.tencent-cloud.net

IN A

129.226.103.217
DNS

api.weibo.com

Remote address:

1.1.1.1:53

Request

api.weibo.com

IN A

Response

api.weibo.com

IN A

36.51.224.49
POST

http://android.bugly.qq.com/rqd/async?aid=d583ea6d-fd52-45d0-b0b1-671baff3a59b

Remote address:

129.226.103.12:80

Request

POST /rqd/async?aid=d583ea6d-fd52-45d0-b0b1-671baff3a59b HTTP/1.1
wup_version: 3.0
raKey: KjKrHRbmNYu7krzT3gQ2VOnc4IK9f643ELOecdcpaGHNFhCmgBsSkua3De16K6pIASHvxPLib%2BHD%0AJf07%2BLHT%2FwVG19W145P8s8JH87NuDYO88PwVy3OCld7HHYoOvSkl%2BTr7gTr%2BtjTuUvxuNpE2%2BKbj%0APIkLI9ZwwzP4qAFaZxE%3D%0A
strategylastUpdateTime: 0
appVer: 1.3.9
bundleId: com.luyun.secretbox
sdkVer: 3.0.0
prodId: c3931ef4b6
cmd: 840
platformId: 1
A37: LTE
A38: LTE
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001)
Host: android.bugly.qq.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 990

Response

HTTP/1.1 200 OK

Date: Sun, 24 Dec 2023 06:55:31 GMT
Content-Length: 336
Connection: keep-alive
Server: Resin/4.0.27
Bugly-Version: bugly/1.0
status: 0
nstat: 0
POST

http://android.bugly.qq.com/rqd/async?aid=f16aeeb2-705a-4de5-878b-d3eb44a886d7

Remote address:

129.226.103.12:80

Request

POST /rqd/async?aid=f16aeeb2-705a-4de5-878b-d3eb44a886d7 HTTP/1.1
wup_version: 3.0
secureSessionId: d583ea6d-fd52-45d0-b0b1-671baff3a59b_SZ
strategylastUpdateTime: 1502182652000
appVer: 1.3.9
bundleId: com.luyun.secretbox
grayStrategyUpdateTime: 1703400926711
sdkVer: 3.0.0
prodId: c3931ef4b6
cmd: 804
platformId: 1
A37: LTE
A38: LTE
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001)
Host: android.bugly.qq.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 798

Response

HTTP/1.1 200 OK

Date: Sun, 24 Dec 2023 06:55:33 GMT
Content-Length: 127
Connection: keep-alive
Server: Resin/4.0.27
Bugly-Version: bugly/1.0
status: 0
nstat: 0
DNS

sdk.e.qq.com

Remote address:

1.1.1.1:53

Request

sdk.e.qq.com

IN A

Response

sdk.e.qq.com

IN A

113.108.27.88
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
DNS

plbslog.umeng.com

Remote address:

1.1.1.1:53

Request

plbslog.umeng.com

IN A

Response

plbslog.umeng.com

IN CNAME

plbslog.umeng.com.gds.alibabadns.com

plbslog.umeng.com.gds.alibabadns.com

IN A

36.156.202.68
DNS

ulogs.umeng.com

Remote address:

1.1.1.1:53

Request

ulogs.umeng.com

IN A

Response

ulogs.umeng.com

IN CNAME

ulogs.umeng.com.gds.alibabadns.com

ulogs.umeng.com.gds.alibabadns.com

IN CNAME

alog-default.umeng.com

alog-default.umeng.com

IN A

223.109.148.141

alog-default.umeng.com

IN A

223.109.148.179

alog-default.umeng.com

IN A

223.109.148.176

alog-default.umeng.com

IN A

223.109.148.177

alog-default.umeng.com

IN A

223.109.148.178

alog-default.umeng.com

IN A

223.109.148.130
DNS

ulogs.umeng.com

Remote address:

1.1.1.1:53

Request

ulogs.umeng.com

IN A
DNS

semanticlocation-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

semanticlocation-pa.googleapis.com

IN A

Response

semanticlocation-pa.googleapis.com

IN A

142.250.179.234

semanticlocation-pa.googleapis.com

IN A

172.217.169.10

semanticlocation-pa.googleapis.com

IN A

172.217.16.234

semanticlocation-pa.googleapis.com

IN A

142.250.200.10

semanticlocation-pa.googleapis.com

IN A

216.58.212.234

semanticlocation-pa.googleapis.com

IN A

142.250.187.234

semanticlocation-pa.googleapis.com

IN A

142.250.187.202

semanticlocation-pa.googleapis.com

IN A

216.58.204.74

semanticlocation-pa.googleapis.com

IN A

142.250.180.10

semanticlocation-pa.googleapis.com

IN A

216.58.201.106

semanticlocation-pa.googleapis.com

IN A

142.250.200.42

semanticlocation-pa.googleapis.com

IN A

142.250.178.10
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.179.238

142.250.200.8:443

ssl.google-analytics.com

tls

2.0kB
6.3kB
11
10
129.226.103.12:80

http://android.bugly.qq.com/rqd/async?aid=f16aeeb2-705a-4de5-878b-d3eb44a886d7

http

3.4kB
1.2kB
8
9

HTTP Request

POST http://android.bugly.qq.com/rqd/async?aid=d583ea6d-fd52-45d0-b0b1-671baff3a59b

HTTP Response

200

HTTP Request

POST http://android.bugly.qq.com/rqd/async?aid=f16aeeb2-705a-4de5-878b-d3eb44a886d7

HTTP Response

200
36.51.224.49:443

api.weibo.com

tls

2.1kB
5.8kB
10
11
113.108.27.88:80

sdk.e.qq.com

300 B
5
142.250.178.4:443

www.google.com

tls

1.2kB
5.9kB
8
11
36.156.202.68:443

plbslog.umeng.com

300 B
5
142.250.179.234:443

semanticlocation-pa.googleapis.com

tls

4.1kB
14.4kB
16
21
142.250.187.238:443

tls, https

857 B
40 B
1
1
142.250.179.238:443

android.apis.google.com

tls

5.1kB
8.8kB
22
22
223.109.148.141:443

ulogs.umeng.com

300 B
5
142.250.200.42:443

semanticlocation-pa.googleapis.com

tls, https

1.2kB
40 B
1
1
216.58.213.4:443

tls, https

572 B
40 B
3
1
216.58.213.4:443

www.google.com

tls

9.1kB
10.5kB
35
33
223.109.148.179:443

ulogs.umeng.com

300 B
5
223.109.148.176:443

ulogs.umeng.com

300 B
5
216.58.204.78:443

520 B
10
216.58.201.98:443

520 B
10
223.109.148.177:443

ulogs.umeng.com

300 B
5
223.109.148.178:443

ulogs.umeng.com

240 B
4

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.200.8
1.1.1.1:53

android.bugly.qq.com

dns

66 B
146 B
1
1

DNS Request

android.bugly.qq.com

DNS Response

129.226.103.12

129.226.103.217
1.1.1.1:53

api.weibo.com

dns

59 B
75 B
1
1

DNS Request

api.weibo.com

DNS Response

36.51.224.49
1.1.1.1:53

sdk.e.qq.com

dns

58 B
74 B
1
1

DNS Request

sdk.e.qq.com

DNS Response

113.108.27.88
1.1.1.1:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
1.1.1.1:53

plbslog.umeng.com

dns

63 B
126 B
1
1

DNS Request

plbslog.umeng.com

DNS Response

36.156.202.68
1.1.1.1:53

ulogs.umeng.com

dns

122 B
229 B
2
1

DNS Request

ulogs.umeng.com

DNS Request

ulogs.umeng.com

DNS Response

223.109.148.141

223.109.148.179

223.109.148.176

223.109.148.177

223.109.148.178

223.109.148.130
1.1.1.1:53

semanticlocation-pa.googleapis.com

dns

80 B
272 B
1
1

DNS Request

semanticlocation-pa.googleapis.com

DNS Response

142.250.179.234

172.217.169.10

172.217.16.234

142.250.200.10

216.58.212.234

142.250.187.234

142.250.187.202

216.58.204.74

142.250.180.10

216.58.201.106

142.250.200.42

142.250.178.10
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.179.238

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyun.secretbox/.jiagu/classes.dex

Filesize
6.4MB

MD5
439f6a37b69f69adda7e47c61d10c9cc

SHA1
e6778c9574459b13f5d2a1705169fda84408c2ba

SHA256
def488972cad642a88a80623968f4b691c6000f0dc24548c2726fe5c8070a672

SHA512
d3021d3586fd30e336b44a3ef69d3e84a952eb1bc71cde24305b67d95a737b3e7ebbcf5a76a976f38fcde76fa846b4452e971692efba0e57b4604888e24ee33d

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
1c60eb009eeedc30ed664abd5b60fb37

SHA1
c1e13ea5cc90c92f2cd4fd21d4a92d61a5c40872

SHA256
95a769115d0c4c6f191d331c666a148f1bf5b05a832a67dfe115b56444d5e478

SHA512
4e2dc50b3771413e5092de7d2fb7de94028dec7c6452d6644662ab02df8d7fa35524a581e46efc26149d5c91b731c1af76600b57579261196fad6ee000d50094

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex

Filesize
210KB

MD5
a82101e597b6e42a3524ad597ddfa5d4

SHA1
085f405ed768a1eef4f1b451bf9e90864b8952bc

SHA256
288ad666e23ad2465f1cbf42b005f7b58f9e1013d158e983a08d79cd9bc21f62

SHA512
4bf77e2975120683c45172063c9f232a9af3bc648809c828e19168292f591df929d720d530e680f4f552f41bff8da8df91c6fbf6af270e622b0ffeefeff8ef46

Download Submit
/data/data/com.luyun.secretbox/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.luyun.secretbox/.jiagu/libjiagu_64.so

Filesize
509KB

MD5
289fb443987b114ee4237b4dd97672bc

SHA1
9b898410845dfaeae3af212b5df41177ba9b8f34

SHA256
a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210

SHA512
debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1002

Filesize
229B

MD5
bc47e89c41ffb735c67cdf1198e83424

SHA1
812cd1d6ef15b88757cc95095836468986299295

SHA256
e8ff581d6ff633f444540dadd1261f11095af88d35a7b3d80732ad9675ce35b6

SHA512
bb301e46ae7bf67b66129540153fd0466ae13c0eab211e92268375a30cbc35b874c94729e0c62daad13624af1405026d2e29177b1bfe930ffc12d710e781f769

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1002

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1004

Filesize
229B

MD5
20b00a438bf87d03d2f548c527674740

SHA1
a76b77042e4e4275d1a9ce55288718072b72a0ec

SHA256
1b5828f154fa4ff929274bef631876c3ec7082bf3baf93eafdc1df7911a57274

SHA512
d1255051e00636c1e1ebc4f5f1a8d94caa30b63770f79f15e9502206dd7515b18e19df37e50597d22fab5ec088785686c0094c91c65cbd0de6c8e8d5336e93c9

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_

Filesize
52KB

MD5
0cc4ef56f1a62f9a65ef7f2c121f6da2

SHA1
830fea9b323e5821dd88bc968b2200f66ebfa593

SHA256
f9b2964fc10d570423243e9b3599b52e68efc4687b5de7110fa395c274554981

SHA512
3ca4db83a0893ca0b69795dee6ac1e6170783dd7b363a9e762a63c632f8f5de18d2b12d507bf79b4f406ef0b23fb161dd8697889bbacce9c94506df52f50ec4c

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
512B

MD5
220cf13c3dcaa0736937c32e25f9549e

SHA1
d3d1cb9ad0ee8ea1d90a5172f35c09f97ae4880c

SHA256
389e8c985a8436394d2fb7271c1bddfcf5436e224dd3cf7fb5830bf3cc3d1223

SHA512
9fad53f2df0e979363233785e63225e6bf4421f9b673927c07b9c3ddfb9e3a08b39705eaa910be2373450edd1f25f42e88b02cdbddf18c155c1af83219535826

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
47b9864d098ea242823a3fec4491a8b6

SHA1
c095a91291d6aa4a5ae5c05d26ff7c6dc671ed8d

SHA256
98eb565b6f976841d13fed8eb2fe2e2fb6a43a2ae32c1c62845069ddcacf44f3

SHA512
dae971dcf6b6c08f58176e5ffbc89129bc86b80dac4e058273c920829c1dbbdb12a2d35e700b8074bf19ea2d03a45a00794adfdd46d6fb85e13a919bfd20f069

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
287c98ca482dac224309e6c93d2cdf0e

SHA1
c95604bfc1ee6c5ef1636c1dda78e858cc8c4acf

SHA256
d205121a9809b44f592b10bc262453aa0446fb0824c56ced52d4275ceb398ed1

SHA512
c8db8da218384bdd9a5a3a036c7fa61767f7bd66cb1ff75f7000b5b881db178f51cbcbacef081ab0ac57751024a7f1c70c580f1db0884bd7a637d35beacd9753

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
12KB

MD5
1c552895a7b78d570b82860ad9b4719b

SHA1
a8f3659467e401dc4c48642ae907d27a5342e824

SHA256
27e6d17ea51b7a38a56b46bf999d0f36438ad371c8d71148b0f9e32eb5a0d4c3

SHA512
5e4328781fbbea2420430df332566dad5b4007b3b80a746887a958fe3f6b3f9a0c7de3e9c09da3bca6afd010749f85090ed95874dabd86eed223114603a99456

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
e62be09ac2d26c4b966b1c3035f50f7b

SHA1
006c24b49f11d4f9865bc40d8d411ab4caab0d78

SHA256
cdf48010dbc08fc84a8e673119839863f600d0d2a7a06c352a7d4993d71c9f1a

SHA512
548afc817c2be5578302915a441f49c9de89b7259bca5d9b24aeceeda3af24d153e0b81201fdffa4b3b5cb956564ac9e82a9d8dccf3e6de73659bb8d3e33fde5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.