Overview

overview

7

Static

static

6

8a88ebe485...58.apk

android-9-x86

7

8a88ebe485...58.apk

android-10-x64

1

Analysis

  • max time kernel
    2758682s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a88ebe48535d25efc00b86cbac54cbec76e25e390ff06f41af7c551c6108b58.apk

  • Size

    12.0MB

  • MD5

    bdf783c1c013e49466e87133fa84f1c1

  • SHA1

    542a3c1d233ee1b6413d67b1b6cb0d261650995f

  • SHA256

    8a88ebe48535d25efc00b86cbac54cbec76e25e390ff06f41af7c551c6108b58

  • SHA512

    1689eff9d26d0cc49f7c74cfdcb6eed0794460b5d44ea6ca91e34e4b018f9daee095d704e273380be4c5e6b4e9dd6d6d8b532c853821743c97462089c2dc0569

  • SSDEEP

    196608:4J8OFny8GrbVw0gxQpgaWi8YxyEdFMf0kVzS+Gm/ixiNmI36KG9wSpy:C8kxGrZPgxQiaMjeFVaGmyqmI3rGhpy

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.xili
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4191
    • /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --debuggable --generate-mini-debug-info --dex-file=/data/data/com.xili/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.xili/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4247
    • sh -c ps
      2⤵
        PID:4306
      • ps
        2⤵
          PID:4306
        • ps
          2⤵
            PID:4330

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.xili/.jiagu/classes.dex
          Filesize

          6.3MB

          MD5

          dccda939eb47a4c63dad44d28abc3063

          SHA1

          62e832481baced682da48b5433234e01783ea78d

          SHA256

          f4405e25f57fa50832bc2d43a688e7c92db4ccd04e0c966e1c18ae69f400848a

          SHA512

          3248effb29188da2290390e84bbd08b6c4f7e9752a7270ca2c5eaab4cad50b8a05666234643a8bb4c350d22dec1427e883f1682b5a1801a3a48db4db1be85ee3

          Download Submit

        • /data/data/com.xili/.jiagu/classes.dex!classes2.dex
          Filesize

          461KB

          MD5

          e7fdb362b2982bbffc7968eed550385f

          SHA1

          50f20555ef9f65ef37227511563bd434cab4b7c9

          SHA256

          20ba592fbe252606265ebaf74e05418505c0e41ba80c655001e93919478e7d5d

          SHA512

          7f536e496120d2365ea5c5f84c8fae87dad101a058531e796e28cc8e8a6d9393ecdd7b549c243d02b23c299b840408893904be78bebaca3d858693f319d3e8ae

          Download Submit

        • /data/data/com.xili/.jiagu/libjiagu.so
          Filesize

          485KB

          MD5

          2c1a490890ff15348d2fc3815b2cfb3d

          SHA1

          922e1e5539c40ad5bed578a9cea9f076df02eaee

          SHA256

          4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

          SHA512

          3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

          Download Submit

        • /data/data/com.xili/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit

        • /data/data/com.xili/files/.jglogs/.jg.ac
          Filesize

          40B

          MD5

          0f374308c7eed4880d3c8870baf1e68b

          SHA1

          45fb46605bef533fd6bdd6e5fa7a3defe89e29e4

          SHA256

          49fc7962ba08355c4d2a1a632d11ee55afd77b8bba27c05d233b848570881a6a

          SHA512

          955240a33ab5d0a0a9a0da33caf21947512db95568cdb5a81086ecc25d6512aa6e31c21ed8d9feb0b93a145f022fe96e7dbdb922dff3aadb8fbc041c5b3258c3

          Download Submit

        • /data/data/com.xili/files/.jglogs/.jg.di
          Filesize

          340B

          MD5

          ced04c78bf8a5c8ffad961c9607d545b

          SHA1

          49cf9aa351d4dfd75aa7f69fbc397b2c4c2a27f4

          SHA256

          c79efd5d58f0f2872ff80d97a586c3de454eadbe47220c5d2eb3fae0eefecd46

          SHA512

          225b9d8e82576e6963cf5a8fe21037e9bb0fd1fb3514932a103f310f120eabd52621c66ce5a1d34b9b1fcd1df1d10ca32facfd626d289e59da4963008ce08318

          Download Submit

        • /data/data/com.xili/files/.jglogs/.jg.store
          Filesize

          127B

          MD5

          cf4dbd3e92e654e73fb16572f70d966e

          SHA1

          78c0f2219ef3516d08ce1e2da942e34f1a76c2c0

          SHA256

          75cb95d524fe06a9d23e01886f1c085d053f9f60db0dc356e7634c1221cd00dd

          SHA512

          d85932c3f618fc735a0ea281c15c71dcd835f1104a0d342531373929e422d757559e4d037c100fbbf2c6b0e48e0ae5d73822784a33127a02b354535c5e8e7940

          Download Submit