6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1

Analysis

max time kernel
2593875s
max time network
157s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
23-12-2023 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1.apk
Size

15.3MB
MD5

215034ea81518214ae34c86c7afb4cf4
SHA1

1ec064422beebf0e1d01c0115b78c71743055312
SHA256

6aeea3a3ebfa448f5791aea3d9f20f9ad45683bd300f18b7eede0c130d8776f1
SHA512

951e1b678863cebbf567c1ed051a06000f097b454eb6bda4b624e92ac38cab26999c3e9f58689cfbddbb3230334b4dcdb5b2969ab08ddd6452f752d84246eb91
SSDEEP

393216:wQ6wxmEDeygHuabv9wP1V31E/6xXlb18u5lOVTU9wRZoERo:wcxmEehHzv9wPDSyxXn8u7OVTt/W

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.luyun.secretbox

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.luyun.secretbox/.jiagu/classes.dex	4993	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex	4993	com.luyun.secretbox
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex	4993	com.luyun.secretbox

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.luyun.secretbox

com.luyun.secretbox
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4993

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.luyun.secretbox/.jiagu/classes.dex

Filesize
6.4MB

MD5
439f6a37b69f69adda7e47c61d10c9cc

SHA1
e6778c9574459b13f5d2a1705169fda84408c2ba

SHA256
def488972cad642a88a80623968f4b691c6000f0dc24548c2726fe5c8070a672

SHA512
d3021d3586fd30e336b44a3ef69d3e84a952eb1bc71cde24305b67d95a737b3e7ebbcf5a76a976f38fcde76fa846b4452e971692efba0e57b4604888e24ee33d

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
1c60eb009eeedc30ed664abd5b60fb37

SHA1
c1e13ea5cc90c92f2cd4fd21d4a92d61a5c40872

SHA256
95a769115d0c4c6f191d331c666a148f1bf5b05a832a67dfe115b56444d5e478

SHA512
4e2dc50b3771413e5092de7d2fb7de94028dec7c6452d6644662ab02df8d7fa35524a581e46efc26149d5c91b731c1af76600b57579261196fad6ee000d50094

Download Submit
/data/data/com.luyun.secretbox/.jiagu/classes.dex!classes3.dex

Filesize
210KB

MD5
a82101e597b6e42a3524ad597ddfa5d4

SHA1
085f405ed768a1eef4f1b451bf9e90864b8952bc

SHA256
288ad666e23ad2465f1cbf42b005f7b58f9e1013d158e983a08d79cd9bc21f62

SHA512
4bf77e2975120683c45172063c9f232a9af3bc648809c828e19168292f591df929d720d530e680f4f552f41bff8da8df91c6fbf6af270e622b0ffeefeff8ef46

Download Submit
/data/data/com.luyun.secretbox/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.luyun.secretbox/.jiagu/libjiagu_64.so

Filesize
509KB

MD5
289fb443987b114ee4237b4dd97672bc

SHA1
9b898410845dfaeae3af212b5df41177ba9b8f34

SHA256
a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210

SHA512
debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1002

Filesize
229B

MD5
bc47e89c41ffb735c67cdf1198e83424

SHA1
812cd1d6ef15b88757cc95095836468986299295

SHA256
e8ff581d6ff633f444540dadd1261f11095af88d35a7b3d80732ad9675ce35b6

SHA512
bb301e46ae7bf67b66129540153fd0466ae13c0eab211e92268375a30cbc35b874c94729e0c62daad13624af1405026d2e29177b1bfe930ffc12d710e781f769

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1002

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.luyun.secretbox/app_crashrecord/1004

Filesize
229B

MD5
20b00a438bf87d03d2f548c527674740

SHA1
a76b77042e4e4275d1a9ce55288718072b72a0ec

SHA256
1b5828f154fa4ff929274bef631876c3ec7082bf3baf93eafdc1df7911a57274

SHA512
d1255051e00636c1e1ebc4f5f1a8d94caa30b63770f79f15e9502206dd7515b18e19df37e50597d22fab5ec088785686c0094c91c65cbd0de6c8e8d5336e93c9

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_

Filesize
52KB

MD5
0cc4ef56f1a62f9a65ef7f2c121f6da2

SHA1
830fea9b323e5821dd88bc968b2200f66ebfa593

SHA256
f9b2964fc10d570423243e9b3599b52e68efc4687b5de7110fa395c274554981

SHA512
3ca4db83a0893ca0b69795dee6ac1e6170783dd7b363a9e762a63c632f8f5de18d2b12d507bf79b4f406ef0b23fb161dd8697889bbacce9c94506df52f50ec4c

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
512B

MD5
220cf13c3dcaa0736937c32e25f9549e

SHA1
d3d1cb9ad0ee8ea1d90a5172f35c09f97ae4880c

SHA256
389e8c985a8436394d2fb7271c1bddfcf5436e224dd3cf7fb5830bf3cc3d1223

SHA512
9fad53f2df0e979363233785e63225e6bf4421f9b673927c07b9c3ddfb9e3a08b39705eaa910be2373450edd1f25f42e88b02cdbddf18c155c1af83219535826

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
47b9864d098ea242823a3fec4491a8b6

SHA1
c095a91291d6aa4a5ae5c05d26ff7c6dc671ed8d

SHA256
98eb565b6f976841d13fed8eb2fe2e2fb6a43a2ae32c1c62845069ddcacf44f3

SHA512
dae971dcf6b6c08f58176e5ffbc89129bc86b80dac4e058273c920829c1dbbdb12a2d35e700b8074bf19ea2d03a45a00794adfdd46d6fb85e13a919bfd20f069

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
287c98ca482dac224309e6c93d2cdf0e

SHA1
c95604bfc1ee6c5ef1636c1dda78e858cc8c4acf

SHA256
d205121a9809b44f592b10bc262453aa0446fb0824c56ced52d4275ceb398ed1

SHA512
c8db8da218384bdd9a5a3a036c7fa61767f7bd66cb1ff75f7000b5b881db178f51cbcbacef081ab0ac57751024a7f1c70c580f1db0884bd7a637d35beacd9753

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
12KB

MD5
1c552895a7b78d570b82860ad9b4719b

SHA1
a8f3659467e401dc4c48642ae907d27a5342e824

SHA256
27e6d17ea51b7a38a56b46bf999d0f36438ad371c8d71148b0f9e32eb5a0d4c3

SHA512
5e4328781fbbea2420430df332566dad5b4007b3b80a746887a958fe3f6b3f9a0c7de3e9c09da3bca6afd010749f85090ed95874dabd86eed223114603a99456

Download Submit
/data/data/com.luyun.secretbox/databases/bugly_db_-journal

Filesize
8KB

MD5
e62be09ac2d26c4b966b1c3035f50f7b

SHA1
006c24b49f11d4f9865bc40d8d411ab4caab0d78

SHA256
cdf48010dbc08fc84a8e673119839863f600d0d2a7a06c352a7d4993d71c9f1a

SHA512
548afc817c2be5578302915a441f49c9de89b7259bca5d9b24aeceeda3af24d153e0b81201fdffa4b3b5cb956564ac9e82a9d8dccf3e6de73659bb8d3e33fde5

Download Submit