Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

82b363af7b...55.apk

android-9-x86

8

82b363af7b...55.apk

android-11-x64

1

bdxadsdk.apk

android-9-x86

bdxadsdk.apk

android-10-x64

bdxadsdk.apk

android-11-x64

Analysis

  • max time kernel
    2739896s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    23/12/2023, 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82b363af7b141729fd2fb7c116f48ca92a1497548780e990bbdf4ef940549d55.apk

  • Size

    7.2MB

  • MD5

    b4ed99fbff39cdc7a1987869427ae533

  • SHA1

    707a1ba98d8b85b0f73e34dd49e5eec219f8650f

  • SHA256

    82b363af7b141729fd2fb7c116f48ca92a1497548780e990bbdf4ef940549d55

  • SHA512

    a27a8ad051d067f619868bc78e6d61f5f49a41ae919ae47253ea13b5f42e8e85962b569af0cab15bc35bb73b797fd0c0b015c5ae854cdb9fbe0fcc2f80089525

  • SSDEEP

    196608:Eu8jksDa1uHYvXExS+VwBtJdPgvrkEmoGrJBfvZ/Eh0j4ZC9F:Eu8jkkcfvw/OtHPgYTJ3jP

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell location.

  • Checks Android system properties for emulator presence. 7 IoCs
  • Checks Qemu related system properties. 7 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Loads dropped Dex/Jar 7 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tommrowapp.cl
    1⤵
    • Requests cell location
    • Checks Android system properties for emulator presence.
    • Checks Qemu related system properties.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4253
    • chmod 755 /data/data/com.tommrowapp.cl/.jiagu/libjiagu.so
      2⤵
        PID:4279
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tommrowapp.cl/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tommrowapp.cl/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4303
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tommrowapp.cl/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/com.tommrowapp.cl/app_baidu_ad_sdk/oat/x86/__xadsdk__remote__final__running__.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4435
      • cat /proc/cpuinfo
        2⤵
          PID:4510
        • sh -c ps
          2⤵
            PID:4589
          • ps
            2⤵
              PID:4589
            • ps daemonsu
              2⤵
                PID:4614
              • ps | grep su
                2⤵
                  PID:4636

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.tommrowapp.cl/.jiagu/classes.dex
                Filesize

                4.4MB

                MD5

                7b2a8b70c83ac03aba4310b5fd6c7fa4

                SHA1

                7d2b6e6a4efdc7a1f62874fd52f2f283350f42fe

                SHA256

                8cafeac5d81ded264a8ac00038cb1f6c1d8dd762e5de103288edc836d26869af

                SHA512

                db4d95661970dd32465121dfd5685483343375c3e1b3a83757031d779f2bef935c36610a5f66801f2ede28f7ece3d6e83b121efdba9a753ecb20953a5a80f898

                Download Submit

              • /data/data/com.tommrowapp.cl/.jiagu/classes.dex
                Filesize

                7.1MB

                MD5

                14d25caa408eccb7669bdbfab36dba43

                SHA1

                e8f5b1baa5436231c568209243ad42b8421d356e

                SHA256

                042a538a5041fb9a66da8b441331068334e8800513b221b79f4453919bb4d1a0

                SHA512

                5fbaba27e440430179c84ce36370340bba24e357746e8c873bcd2dd45458cd9f8932f67f9df6f2dd070933467a4ad5987887392fed684989c63541f793949177

                Download Submit

              • /data/data/com.tommrowapp.cl/.jiagu/classes.dex!classes2.dex
                Filesize

                783KB

                MD5

                8f28e89768d632241eeb6ee7fea8d1ce

                SHA1

                1a333c0ae53b626d7837d4affcb5e591617bdf3f

                SHA256

                f1bbacd8592d4383e3423b8f2e7687fa116e895ade86012eaf7b20b9e74d8b3e

                SHA512

                7686476548c3e6bac086ad090538b6444ea98ab06586854783650ba0dad59733b9274889413371c64b8f7cc92f5aff673a15f04a87e2d6b8d51109728901bd84

                Download Submit

              • /data/data/com.tommrowapp.cl/.jiagu/libjiagu.so
                Filesize

                455KB

                MD5

                e5a53000766ebc433b27d6a66ec4f555

                SHA1

                2c8f53f1c03aec2005bcad67d731f07261dabde0

                SHA256

                78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

                SHA512

                370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

                Download Submit

              • /data/data/com.tommrowapp.cl/.jiagu/tmp.dex
                Filesize

                284B

                MD5

                f1771b68f5f9b168b79ff59ae2daabe4

                SHA1

                0df6a835559f5c99670214a12700e7d8c28e5a42

                SHA256

                9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

                SHA512

                dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

                Download Submit

              • /data/data/com.tommrowapp.cl/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar
                Filesize

                18KB

                MD5

                55580562d1a418b9d45167b5f3204a40

                SHA1

                b3221e38c8a4b60749ae17aa98376b62123c8d99

                SHA256

                87565855e53d3491a70cb66c6f8e64bf399385299b907975864e903078e541f5

                SHA512

                455e11aa9b9714bbc45334c958852b60486339d1a3ebacbce2b46f049f01417ef35c1a2f6577ce3faf6c8f11c7874ba3b42d1721717e8e22ef29fa43f2b3c0e6

                Download Submit

              • /data/data/com.tommrowapp.cl/app_baidu_ad_sdk/__xadsdk__remote__final__builtinversion__.jar
                Filesize

                143KB

                MD5

                e8537ed09e1215ba0a1b9f5a0993a552

                SHA1

                ad4fa6902e3736ff09ea3f92c01d47d3edc91371

                SHA256

                0e260da14716135a3a0f619fcbf5086f72ed5b73c409c358b8024414c15fd701

                SHA512

                21d590072a7e097acc525f5c440f2b7433c586178d924970e7752a498661dbe7a1cc51a3fb789be1a69904781189f8814d7bb238abe07858907dbc14069e78eb

                Download Submit

              • /data/data/com.tommrowapp.cl/files/.jglogs/.jg.ac
                Filesize

                40B

                MD5

                232dfc77c681b8c699ee16999fe31a20

                SHA1

                cdf46456fb726d53c74eb3920c7d5783fcf9d397

                SHA256

                988fe4394215238ab7e21b24332f666d6d142acacf29b36be5f539d70ab80cbc

                SHA512

                db7ce61452c002a773a4ae622f57cecf5745f480cfbded565e0ee3f2056f898cdcb50062d527b0f7dac6e0ed4d99527836d066c13b6a98427f6a768ddfd2e201

                Download Submit

              • /data/data/com.tommrowapp.cl/files/.jglogs/.jg.di
                Filesize

                340B

                MD5

                89fd728198e1bf48006501bbdf9c1409

                SHA1

                1577f47ab4ae1259dfd3f41a9884f1560529d366

                SHA256

                a3b18509ce84bf757a27eb3a194722c383baf1a395d3d103b736de2e865369a3

                SHA512

                96a4dde3b6ebf553ccc46fcb2675adc8b84c40d7ebfa2a2a20dbfa22a0c2c9aa6f242fa4a887b6be53ec8609cb371a4219aa476037536f7308b7eb1f20347e18

                Download Submit

              • /data/user/0/com.tommrowapp.cl/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar
                Filesize

                429KB

                MD5

                bd5ca0a3026e1b19a4d7e443560b5272

                SHA1

                3b87f9e471b354e4b0f0085b6b44fc6e03a78a31

                SHA256

                82628303148eb79eb4cf2537a5029b27be2c2c3740f1175f2774b21681ba2e79

                SHA512

                666bc259bb5defb299fe2156e01a52d7f6e12c4302ea8a932856e4ae5d3eaea0550cad408d453e91c50f865a5d6935959dbfb9d83b84e138a3a7676d9f9fce5a

                Download Submit

              • /data/user/0/com.tommrowapp.cl/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar
                Filesize

                429KB

                MD5

                8d75473e544f4527390664dbc051ac1c

                SHA1

                25175e7a487ff8ddb649cfb43123fa602bd77c55

                SHA256

                99f30aa3b68809e24fd5cb9705b004eb72b5c0d3dc25ed74c90e467d3b888501

                SHA512

                fa4f25ff97b34948836554bce8260a1ad9e597a5eca3b4c013d9f9f019bc47133e9b32b9d81d2e8a267f62279d5dfd8cb3bcf4ee73e1c9f2f00efe0e3f0be2ea

                Download Submit