6b7399cc68e7e377205735506c2e239f1e26fd01ad8b9d7e22ab9eb17e2df133

Analysis

max time kernel
2647631s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 18:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b7399cc68e7e377205735506c2e239f1e26fd01ad8b9d7e22ab9eb17e2df133.apk
Size

27.8MB
MD5

5dc18821b80cc6e9d642524797a796ed
SHA1

c34996f28e9161199c90f3b989770ce5224676fb
SHA256

6b7399cc68e7e377205735506c2e239f1e26fd01ad8b9d7e22ab9eb17e2df133
SHA512

af04969ad5077b5301954880efe7f63a3d7d5ef34e0b9111419a409650d067f2818580828a9292d4813421ed89a45e3a91dccc30757c9f050b8f9cbef328a943
SSDEEP

786432:498h0tIgYk66ncVK6U1lBGiWWUaOlQiIt4MbJucCOh:4WMIgYl6ncVK6yzWWUaOlTIpQBO

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex	4256	com.gonlan.iplaymtg
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex!classes2.dex	4256	com.gonlan.iplaymtg
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex!classes3.dex	4256	com.gonlan.iplaymtg
/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex	4256	com.gonlan.iplaymtg
/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex	4308	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gonlan.iplaymtg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex	4256	com.gonlan.iplaymtg

com.gonlan.iplaymtg
1⤵
- Loads dropped Dex/Jar
PID:4256
- chmod 755 /data/data/com.gonlan.iplaymtg/.jiagu/libjiagu.so
  2⤵
  PID:4281
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gonlan.iplaymtg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex

Filesize
6.2MB

MD5
4f669d33502494cc13d0c1e60fe0f895

SHA1
d0167bd06ab7630540400a43b3a09bf0096f2771

SHA256
c4ba9ba2b732a9485aaf1341b6f1473be6fc6a2adaa22b803879c0dc3fbcce36

SHA512
df1ea576771e55a52d2a68d35f00e36c7d75c5cc26713b9b6a4c4528d1eedd9e8e139dca2458b304d57e4e91141df39185f5594657ea551b6c3fc1033a27f708

Download Submit
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex

Filesize
6.0MB

MD5
ff2477f0d97de0b714979f9516106164

SHA1
d26ac0fa19206ed96178f0a18e5a1992bee4a518

SHA256
b9dcfa8008343dbe4ca816d925694bc382b00512ba537a90dd21f9a4d57a13d4

SHA512
193adb71461454d1ce79f2aa7ae5eab9491de954328f8e2623d3848df05b3f6adf6f86b8f15d8947bab035cee384bf84ae65dea9a216b3df848fc465f5cbcfa5

Download Submit
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex!classes2.dex

Filesize
5.9MB

MD5
3405dbc2c20d213b0539847b5fe4fab9

SHA1
c86bc7c7b53c61848a91bdbf864a93ebd69681e2

SHA256
96299faa6242de2de675e0e28dab8f06183c51850263db55d591dca08ae57aec

SHA512
66f2130309770c422b79b0fb899041d03f0fe1acb7939b36e8bf1e787b5ed7e81e22a8c4486891cb38ef4567342f98a3718b4d647aea246307c6e1f0f907b3a0

Download Submit
/data/data/com.gonlan.iplaymtg/.jiagu/classes.dex!classes3.dex

Filesize
1.2MB

MD5
14c4f6b8fd4dd7935ec5cfdcb4e6ca10

SHA1
a194162420a1e645165c17cb1a4ed8199aea5dce

SHA256
0211d68adfe84baee673ed4d98b64f39dd262e342c8fc5b514038e74338d8008

SHA512
0ef3789f119bd9695b061f925662f76a5c46bef3b28e53a7a880638f87f58734dc8c3a296d016919a6dd2768136d53308a4a81ecb9e9849be6346cb704f827b0

Download Submit
/data/data/com.gonlan.iplaymtg/.jiagu/libjiagu.so

Filesize
446KB

MD5
8f55d5deb281d8aa1a0b9f72f7185e58

SHA1
5ce262af6a74a11931bf4b1e92a59b9acab27f37

SHA256
b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944

SHA512
4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

Download Submit
/data/data/com.gonlan.iplaymtg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.gonlan.iplaymtg/files/.jglogs/.jg.di

Filesize
340B

MD5
f97516e745b728ed7aaeb2046842b8db

SHA1
8abfc6f6397a80caa71066e68a8c1a75fa3a5e4e

SHA256
f672769b361910741496b8e0e8c07ddd31faa9d2fbad361820ccf9f8bc7512f0

SHA512
7098c84ad5d5193ee1666745efd1dfa9f43d536f35820b34dcf50ec2157be5e5486fbdd020a01acdd1e4de0846a0b1543dc3c1c39f71fd9e8a0968232a5d1025

Download Submit
/data/data/com.gonlan.iplaymtg/files/.jglogs/.jg.ri

Filesize
314B

MD5
34ef8bebed1603f4c22a3e67235a56da

SHA1
27f4df188ad6294200ebc845c609b14dfebea383

SHA256
c17c404f4ac97390e0bf4e33453fd498b63561ef5ebd612ff22b2a7739cc74ff

SHA512
060a57946965ad8ea3e43842aec82dbfd84831293cc3f071e71135748cbf6496aa9648d0bfea6a744b91b44531768cde4356dda057353e43e6692dc2676772b2

Download Submit
/data/data/com.gonlan.iplaymtg/files/.jiagu.lock

Filesize
27B

MD5
da8598b3ba01eae8f729f7ef27830bd6

SHA1
4ba254afb362d4098ef399b0d30833e99c35148d

SHA256
f0cea1651f42143a9a1906ede85512e6369aa822449b1612ee512db9441baed3

SHA512
4b9ee5bfd369a1c46ee6440552df8c5352e8467cbee71007a0f9214b7ef27104cddfedd38380b83d16d5bbce23655f5e67621b2bc5d7c07822373e75d5785074

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
6b5f19b11cbe8446129d23884644f26d

SHA1
0590720ed9a67b34fe921aac092ee82b865db60d

SHA256
597f2b24e2afb2508974eb76c46fb2d98a35e40b49338c71a05ec96a07416960

SHA512
1498858b962e2db1fbe0dfc446bdd73337970a5b93cd7f27597ad5374026005803af1a0c9707d6957c76a596a2a36f9a687949876be9bcf0222dff6da461a2ff

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads