90d9c297ab4ebb1fa53574eedff985869c045219797c96a11b111980f47488ab

Analysis

max time kernel
2773996s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90d9c297ab4ebb1fa53574eedff985869c045219797c96a11b111980f47488ab.apk
Size

21.1MB
MD5

fee1ff140a4667e06535b28dfda27f71
SHA1

295e8e66bd7c8677df2ec07108c908400d2ef2c1
SHA256

90d9c297ab4ebb1fa53574eedff985869c045219797c96a11b111980f47488ab
SHA512

3fa4f3ddebac9cafd05fab4e2d20fe0dbb51b17b2455775837114122cbefade6658bc1b87e7389e800a4b1c51de67ecad9132f1dc6e6bf86b1d90968e27a7db7
SSDEEP

393216:vQ6jmC9tIWE2Oq6tXeoUP1E3LIvwWZlbjLgUUjo+UDoMY7P/QHexFYf4K83z+nFG:vJmC3It2Oq6LUPOLmZEkg973QoCkKF32

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.middleman.ymc/.jiagu/classes.dex	4273	com.middleman.ymc
/data/data/com.middleman.ymc/.jiagu/classes.dex!classes2.dex	4273	com.middleman.ymc
/data/data/com.middleman.ymc/.jiagu/tmp.dex	4273	com.middleman.ymc
/data/data/com.middleman.ymc/.jiagu/tmp.dex	4306	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.middleman.ymc/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.middleman.ymc/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.middleman.ymc/.jiagu/tmp.dex	4273	com.middleman.ymc

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.middleman.ymc

com.middleman.ymc
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4273
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.middleman.ymc/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.middleman.ymc/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4306

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.middleman.ymc/.jiagu/classes.dex

Filesize
5.5MB

MD5
357ba91cdebb99f3a1e4d561e0744dfb

SHA1
4ec49321cc988f8d131676782822464a9d91c4b8

SHA256
4932adc856e3d0b0704cb4390eb83347ea0c6bbf8670b02a236a6e81d414d0fe

SHA512
e0cc74d7d9f399f1852bd7fbb358aff7c3ce1d91ccc3013b626d12790d5f98d77e34553b77c16f23f0d7604fe680d662e9489dbd1484bff1be8fe30f1d54b25d

Download Submit
/data/data/com.middleman.ymc/.jiagu/classes.dex!classes2.dex

Filesize
5.4MB

MD5
35cc116c0a02e0e7f35f6a3118bbe7fd

SHA1
b6c3ff479fbac89a80f98263459efa61c507278a

SHA256
31231212d88812cc6802dca2a37b93b9761ce8032134313b1af631b9fed9355c

SHA512
435e5404e6344254bb8ee5a5ad8ff2a7f8b48dc7bf42c614367247d8b93c87546006c2db5962532af640ca0df7cbbbf20a6f8fdabe86f006f17a06b393843425

Download Submit
/data/data/com.middleman.ymc/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/data/com.middleman.ymc/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.middleman.ymc/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.middleman.ymc/databases/MessageStore.db-journal

Filesize
512B

MD5
7af4e5d69d1ca43a7723c6e2d1500aa5

SHA1
de14f2969959bf61cea7ee35d275c6b29a7a3a79

SHA256
376b892f8703ea84ab88d9ecb05147814df6d33d9261432e51f921606252240e

SHA512
e4954eb0aff397612bd4724b096fc0099c759da858396207a0d39aa7af5d50fdad7404b5348c5e1d14b93153033a8d9a801db83ed46b492fd2b4d790a46f9507

Download Submit
/data/data/com.middleman.ymc/databases/MessageStore.db-wal

Filesize
48KB

MD5
89db4c544f72e8773ff28963276547cb

SHA1
61102ea5488d9406c0209ce6e5b3134640da1177

SHA256
ac6e12d36a6c86ff5bd01664382515dcf457a484fe19a1e11e6c6a885423fb3c

SHA512
bcaa8bbc5390247fb5ceee85b847e5e0675e5e69f59212353d34c30f38b4c4494c2891f3580d92f8115c22175ecebbacd93a8a23ccae0b5a46e9983cd2a3ed74

Download Submit
/data/data/com.middleman.ymc/databases/MsgLogStore.db-journal

Filesize
512B

MD5
fa0a7f45a493566e9e07338715ea35a1

SHA1
ff78ec83131bf1ab61e10ca130e7878bbda122c5

SHA256
fc785f8506e92b94329344f873e3643e77aedae8f57b13fa321d03d9b48a6f33

SHA512
629b39e2d5677f321f5a574fb4b41772023d76377b551b436d503ab2a2dc036733e42694fab11ecb8d1746b431e64f73214ca4d8b7789ec5d12402dc727c8af5

Download Submit
/data/data/com.middleman.ymc/databases/MsgLogStore.db-wal

Filesize
16KB

MD5
88a0f39a8b7f5e321757b3af377d1374

SHA1
484b8de34985129f9402a46a2eb5b435c9371c4b

SHA256
91c6e4fdbb16bae8b4b2e2ab9b9f06523486cd26eca8763621773795d1cd4061

SHA512
4eddef0fdbe89f74616d6bbebfba5fcacfcb8d6705fd2c4673dc32341ee229e4d43c340e00c43fc25b54c09dc61df5fde7e00fd2f4a6c98228462ccd518e2af1

Download Submit
/data/data/com.middleman.ymc/files/.jglogs/.jg.di

Filesize
340B

MD5
ff81e8ae9db66670d263ec3fc97a4416

SHA1
fbe3652b75c5c471bd51ddcd9be22d597bc7f2d5

SHA256
5a07f2aafccbc6560b788ae52d3be1fd42ea3f4d93281f0f1f075fa834a40cb2

SHA512
62bbb1e3aa8ff419b83c1c8d12e8df1c11f3c3d9eea4ae1abd4f6afd3fa187f094fe206e508ea8f26d8219319175b042847fb051cdca841b505808c6d188cae5

Download Submit
/data/data/com.middleman.ymc/files/.jglogs/.jg.rd

Filesize
73B

MD5
02f84b37cd6286ec1f0f2e1026b29f90

SHA1
9ae9b0a9eed3b9152ef285504078cf43da31ddd8

SHA256
3c53e83dfcaea62d1c73fc0d07d90c04c598c021374742e5aac17fbc276615b4

SHA512
7e3f6171fb59e8f1e0820eb864a7f195c5cf08c27600fa5d100159c99ee93e8b6932cca966121ade0cba9fcf8d12c937d4834a376d69b00e47e8d0ac0ff357fc

Download Submit
/data/data/com.middleman.ymc/files/.jglogs/.jg.ri

Filesize
314B

MD5
b4e2b909fa85f3d96cae644e41b8f9d5

SHA1
2a74d7f46cf8b16a6dc5c3db24dee67c5fdc7e65

SHA256
0f74974aa04b1fd0580fe4227f092e74ef730886212955a3770ada101d084f33

SHA512
d3e65ff40e96416107304a7248090cbe83c237dd663b2dd8078327883a3b62b3e40973224143928b6f7721d3bf26c3163f75e9613cf7c0f3d187ca2c40d263a7

Download Submit
/data/data/com.middleman.ymc/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.middleman.ymc/files/.jiagu.lock

Filesize
27B

MD5
26e7d7d0656772d38c51d0a58e247922

SHA1
1e75f51bbc5e830376f3edeee5663978cf268f60

SHA256
0266a76ff8b27575c6e3f3cd30374b2ff87c39ae0463c844de7ab88860f4cb34

SHA512
afe3f704929717b9a054055bfbb787d8c6681ec712941a0530c39abeba991c4cb01eeebfb067adf1509cf45997c7cba7276dfe3bb9b907fd8f1fd913ed77c224

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
7aa03828128ca3c6729d5b2e9ae68721

SHA1
9a29b829bc273f4212ae108036a83468dbb5720b

SHA256
2305bc55c7372bf537907868aba418101932968a42c4c820f066d4de42cfd4f3

SHA512
07ed49cc9467dbb21da2fd5c2eabc84e273b5d2eb51f39d35e16d3f75bf54bf13181a517e1385611666576e1c88559d21d58ae8811080455e342226d1e4dfc8d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
b16ac10cead3bac3530f0f4e051f96b2

SHA1
020fe194ef0b1cabd2ea15812d97b6dc84312b4a

SHA256
aae9634d252a887e4b6b2b4238aa3d23a89ddfadc1e21d99d1ae84b2fc2c48ee

SHA512
df8814dc25f4a7a4758136c3b5734e3e5aa98015edbadad3bf1fcf8868b973639a5b4586e703515045dcfed904648064762230b601afa8be107f6a0b458a12a8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
44202f7e3650b6e3f52ba9b1851061fa

SHA1
da909895efee6e97abac572c5e6068cfc357ae81

SHA256
b2c4c3aa84794a365ae7cda81fa096ce9d2d29ae1bd584a39420267a55f274d4

SHA512
093745b8aedd45d627c394d48d5f5c9c50021f4d7fb2b927175d75e770985dcc60446453196fbbcc6438fa3881ccaa8bb1095eba36b4c398de64d924ae41c98e

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
51399f5ac7870077a26a78ec32e7187c

SHA1
b48b02733de3b02a286884dfac6534259f42ba48

SHA256
9d0315947165bd0422ae1c77f73c126dadd55be38f5051dc1cac6466f7d76334

SHA512
2e647c0007069da4f6b2277a380e73fc02bb356abe5b8cadb02a287756e8dd4332d69d0c96c8e12b3dd4ae641766176720c3c64594913c80d92c42b876fc2746

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads