abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3

Analysis

max time kernel
2917304s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3.apk
Size

14.0MB
MD5

423484f42cba58793efa99734a542c84
SHA1

55d85c5466ec9819b8f4c0b4bf6cca0fa042d1d7
SHA256

abb53f4903798699213553250779d4500668645761375995b436d44a06d0f7c3
SHA512

376b26181a95bc11850b7b1f674d41a32881d24632bcf98ca667c050ada6781ad52e897c76dae4df2815d34cc3a515812f2628053c5f0188112f86c538fc1663
SSDEEP

196608:4bxggqDMys8FRC/FwB9vFVuVljN/MKWr+wk2QqpmXHwS8nXzRoDqW1BPeqkNpr5c:MR8wiBJal5MPrc2voHKnXiDNApr5d9K9

Score

7^/10

evasion

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.yinglink.caseshare
/system/lib/libc_malloc_debug_qemu.so	com.yinglink.caseshare
/sys/qemu_trace	com.yinglink.caseshare

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.yinglink.caseshare/.jiagu/classes.dex	4244	com.yinglink.caseshare
/data/data/com.yinglink.caseshare/.jiagu/classes.dex!classes2.dex	4244	com.yinglink.caseshare
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex	4244	com.yinglink.caseshare
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex	4281	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yinglink.caseshare/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yinglink.caseshare/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex	4244	com.yinglink.caseshare
/data/data/com.yinglink.caseshare/.jiagu/classes.dex	4346	com.yinglink.caseshare:mult
/data/data/com.yinglink.caseshare/.jiagu/classes.dex!classes2.dex	4346	com.yinglink.caseshare:mult
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex	4346	com.yinglink.caseshare:mult
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex	4346	com.yinglink.caseshare:mult

Reads information about phone network operator.

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yinglink.caseshare

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yinglink.caseshare:mult

com.yinglink.caseshare
1⤵
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4244
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.yinglink.caseshare/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.yinglink.caseshare/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4281

com.yinglink.caseshare:mult
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4346

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yinglink.caseshare/.jiagu/classes.dex

Filesize
5.8MB

MD5
5b83e51169936fc7ecd684d57b47763e

SHA1
94077f8470809a1b645cf32a9b19928bee0a30af

SHA256
517ed8e348b6f4f58b9e3cd3747543055e5639109f16633af129842a1c75a733

SHA512
4ec2f7f80d223025e95b11268e6d8bb7e1c1f9014a39473daaa0c86e186793d6c5fc60deb7a95b7f524e3016dfde6a8c3cca903589136caa191f19ae7026fca9

Download Submit
/data/data/com.yinglink.caseshare/.jiagu/classes.dex!classes2.dex

Filesize
5.0MB

MD5
c6c2a302c53b69a26982478dbca49af8

SHA1
7df5d7463f0203095d7560cf9cce186e134acdb5

SHA256
bc72b88e559d273dd6675b1529442e84f511bc1f37bb1508ba80b4f034ba59a9

SHA512
1911b54a49443ee3ec8149e02a0520135644409dc666490803b815f066994d85fba4f75d29f0b36ffad3f9dbf0bf29c94caf90686c7e9ac177bc9c622bd80f97

Download Submit
/data/data/com.yinglink.caseshare/.jiagu/libjiagu.so

Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.yinglink.caseshare/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ac

Filesize
32B

MD5
7c07c00418883fa6f2a6cc11b0b33f91

SHA1
c24afd00b294e83a2ac2bc1a27c97513b4a7db5c

SHA256
b3ca00696567e5867b0dcc313f1d6b7d0ce14bd783b3b61ba89ba9846a715ad8

SHA512
d6ebab6e8b61a883ab350b7e66b6c8a6ddfd234354afeebf9270972adf636a196701f4ed7cf0b67583e38f9a9846397a26c1f9b1fa38387b6e984430f9ddc67b

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.di

Filesize
340B

MD5
3554474c3d4e63bff2a290f803e25bd7

SHA1
8c8b4685abbcc0b494b5b86f2579ebc4263128e9

SHA256
3a7e0e364901f27a54f130c1f75e9b7cf2cb1217c92f983e150b9c2e5ba8024e

SHA512
4b8459e00343ecc42309f04eb409a44a636c4baf109b82180a22072d48b73a02980f9aaed6434ebbc2f76116a8310fd16bdf77e334b2a967b59ff41b800140d2

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ic

Filesize
32B

MD5
747922132731e5df517f88ced5a552c9

SHA1
15dd7ce497634e593624ebe7b3d042b26c2c86fa

SHA256
d2d387380b1da9bf377dfe670a6a1382eb50b8caf44aab3ece52d31719489c97

SHA512
f87c90468fd03acf449464f552446ff0eb081f53fc023b6a85df1404a14197e2d48b8468c92ec7881a8731e0984ababe5d96df1e811bae9d7fd559579b3ef025

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.li

Filesize
100B

MD5
2de1c3308836b142edd813a47a8241a9

SHA1
28ec047035745b3212e86294db9f3095d0046dc9

SHA256
9c177d92659bb36b3d15f1997aef258ea8e09d4724574f6ef3181aec0f96eab9

SHA512
0593e4f9d0455519acb6807f29014f8eec7856b69e8cbfbfb45820776c5b4e39609096965fe6ec9038a08f75dab8d86cdce0275eed937dbcea9335783f9487e7

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.rd

Filesize
73B

MD5
96b238dbaec302819f8cf7a3379f5362

SHA1
6694a3b34ce785c0b6f7eeba5fbcc6272e6b9213

SHA256
d7037086b09556b2751254f14d13ea6e2917786b2aef9a6aac9be7ed829b7d6e

SHA512
0ed6044f14c2cc9d6b7ea45fc96698febac07e4957d0e11e580de9b9dc867bc18b1a317a64072d3f901608fb8bc71d5a08e9a453aded56be814990f00bb9cdc5

Download Submit
/data/data/com.yinglink.caseshare/files/.jglogs/.jg.ri

Filesize
314B

MD5
c31b5f70488fc454d0186534702d6db7

SHA1
696c1c7df749306abc40c9f80901c42d332ca2c3

SHA256
57a77e79dbed36663131d7947d10ba9e26f9800800b809341d02684b230a83b4

SHA512
329ab13f78cb0fdd57734bb5cd4afcae8649b866d03bf23c3a32a945a477074facf6312c526c5e0e0de75449bb825d9307ac04ad35af5e9288d99aeb2b3fbc71

Download Submit
/data/data/com.yinglink.caseshare/files/.jiagu.lock

Filesize
27B

MD5
e171d803998d26ff11a87d4db310b498

SHA1
66812919ffeb878e1970cf5563bfc043c7ffcfdc

SHA256
a947c235ca9cc7aeb42895fdb14f285e6e17608263804da509b704e509f5a95b

SHA512
67b5d18b8c3f8cb0ebf5df6a76fabb06e2003a388a3cc19b55048d264822c55f0c5a3d0a70a7536c864085ca4d834b58fd4eb091fb834157fa58f97b1deece86

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
34eb59e2ab181c5d511b4ab99b473888

SHA1
61e6025378ae0675e395d4e8390922e01a2df541

SHA256
3d0294f95613e7950b94a063ff94d1122e6d5df49e61194729251eef7bd14980

SHA512
5197206a4cd2dd5ec18caa72e530c13dfc3e8736fac0c8ca788228ed5cd1934f1208bc0f55a0aa9f43f636dfb6d9751ef8498ced9505a7b658ee6c3853754b6f

Download Submit