Analysis
-
max time kernel
2907257s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
24-12-2023 00:10
Static task
static1
Behavioral task
behavioral1
Sample
a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804.apk
-
Size
27.0MB
-
MD5
465900610b326e379f2374056c8e29ee
-
SHA1
b1a06a4654db13fc7a4563c24b319cc8e837bb93
-
SHA256
a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804
-
SHA512
6bd447c29e7e340fb4d7e8477ae94342ef5a26ca714a568ca360e034fcf1a98177ba262b6df078aef2989b66c86b16f72f453d48099d10a324ffedc3124a7069
-
SSDEEP
786432:vOa1rdTc7Am4r+B1VXIGeeRWweP707z5ACqbT:2aBdTckKntJsPg7z5dQ
Malware Config
Signatures
-
Requests cell location 2 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo bangju.com.yichatong:core Framework service call com.android.internal.telephony.ITelephony.getCellLocation bangju.com.yichatong:core -
Loads dropped Dex/Jar 11 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/bangju.com.yichatong/.jiagu/classes.dex 4251 bangju.com.yichatong /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes2.dex 4251 bangju.com.yichatong /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes3.dex 4251 bangju.com.yichatong /data/data/bangju.com.yichatong/.jiagu/tmp.dex 4251 bangju.com.yichatong /data/data/bangju.com.yichatong/.jiagu/tmp.dex 4282 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/bangju.com.yichatong/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/bangju.com.yichatong/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/bangju.com.yichatong/.jiagu/tmp.dex 4251 bangju.com.yichatong /data/data/bangju.com.yichatong/.jiagu/classes.dex 4342 bangju.com.yichatong:core /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes2.dex 4342 bangju.com.yichatong:core /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes3.dex 4342 bangju.com.yichatong:core /data/data/bangju.com.yichatong/.jiagu/tmp.dex 4342 bangju.com.yichatong:core /data/data/bangju.com.yichatong/.jiagu/tmp.dex 4342 bangju.com.yichatong:core -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal bangju.com.yichatong:core
Processes
-
bangju.com.yichatong1⤵
- Loads dropped Dex/Jar
PID:4251 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/bangju.com.yichatong/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/bangju.com.yichatong/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4282
-
-
bangju.com.yichatong:core1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4342
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.1MB
MD5c6295ffa10aa46ef45cdc7208bea10e2
SHA1398be373ae45f5faf605803b150e5d8d30e53fe1
SHA2563022f798eeecd7da1bc82245990686b19d62d9a25938a191511e6391174bde67
SHA512da410e2b4820a38ee808bebb920da9cf4faa7e089ab870f6812306aac200149d33356900c5400a98794178e87982232538a5dc948a67725e1b0125becddb2894
-
Filesize
6.3MB
MD5ba62bfe887dc765939e6ec3e48752ba0
SHA1af85919d481f9db3c078b390f36e0de0184148ab
SHA2560cb6c0cf6a93571f204072dbe2f8cd1ce2210ec80301002627bac6d182970173
SHA5129314cac549488393570f0e741f57a6faa4953aa5e60066cb0c36921c3476ea102454314b56f85f6b6db61957d5653c5f25cd53f047aa4d3ab700aba39004e61c
-
Filesize
1.3MB
MD51c8802ab5e440482b4c147d2d6e987c4
SHA12a775971c8fbcd3f8ce7bea32d76073202ff455a
SHA256f34dad66b6a4c33fa49940d9432bed25033473cafa9904fac0f392f2d2490ecb
SHA5126bb55244ad9dd60bf303e32a2561e68703d7d1d153c3ed0321166a5f13917640236bba1d1955a9796b7716bda6de31f8d746f50a2e583538e6ccb907a56ca277
-
Filesize
485KB
MD52c1a490890ff15348d2fc3815b2cfb3d
SHA1922e1e5539c40ad5bed578a9cea9f076df02eaee
SHA2564a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da
SHA5123a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
340B
MD54eb4cd5f77a40883078766ad60a28afa
SHA195143054d0bfe4b0e128d7e0483f18e67be7c06b
SHA256a2e01dea84c8d4a2c4ab485b974ff8bc5ee5c20625688e13504f0e65390ce8bd
SHA512c026858cb59eafd7e95aedd819e506c9d269466d975b2422ae2d2e80727fc4036d391f7f1e81fcafaff1f502be2b0cfde9b441967fc5b267a07d755fc9f40c8a
-
Filesize
284B
MD56fde3667f3420d8f9caa7e9af11dfc71
SHA14ea52d82c917492c7f9bb4c18aafe09deb291703
SHA256ec9b9361f4e060059ce599d621982f0332539d83c510f79c3dda0d8d6a8c0e62
SHA512400162391131b705e2cde45363ad9994537b27b8aad6aafc88f733447ac565779b28df64ae73538140073214760b666a0f992eb26be6b384af7a83f64e930e4d
-
Filesize
97B
MD52fa1ba5593c49ee54de05515872c0d8d
SHA13a8cfac0f418f77c57a5963d96e3688f82948336
SHA256fbd73e912626e971a9d6a0745b0f53dacc9cabca8f5c6c3117d1a40e81aacc19
SHA512d6ccaf4cd7097ca2771c6a6d71abaa467b98fe9568524efeebe6cc33600de0f6e435b717512a9fb43609947b5c9a20db14ec05d7bb1fa2a02b7973fcb6529e7e
-
Filesize
45B
MD5b374f9a150cc01d29d19885fff910510
SHA1f04975b53341cc35b813499fd2b25991b5bc9e50
SHA256cc1863324c7118f80b54e58a4727555b50a09cf3e4d7f16641f82b4ea46cc80c
SHA512439832c8a795f278834864121947a5a989ed2daec9fdd7a77938375802f614beeebc6c721beccfd57d2d881ba09b4d5c556cf5b61324db3d6f01c338c0a8f3a3
-
Filesize
80B
MD5793af89704d3711d423a86b8793b2195
SHA1839682db7cebe35e042df338a3cdc675b023e0dd
SHA256d7328b7ce87e802a1af5f6722a3da20e9f6547b92d87e0d5a0b537f3dcc35e0d
SHA5125b749fd715afd8cc09b056106211dd0cebd7147a392e10b213512b8bbdfc41b758df75582bbff25dc315728b503a3fa1b88d5a598276b6544741a83a78c643f0
-
Filesize
314B
MD55984f0ce339bd163ebe537ba9151195a
SHA1ed0af7fd9e99e2f67c71caaea7817c28ab1426cc
SHA256a02f2a60a98a3dfbc063ce4fc31f6e00707f823ae08c92a0e83a5c734b012c99
SHA51247b4301a869be0fee36b4777bd1653ac4208b8b03bc7476c6a345d0c1d6500e3f52afb6d76f36ba9489a39a08811370bee938085371b983bdc52b007a6583695
-
Filesize
95B
MD589b319c6f40cc5d0dc982e908833ffee
SHA1935b8176d5783d72748f7ed37013197b59a84a44
SHA256b3890cf1c5a28b80f1b66e61de3b5cac2f39943d80b37d7d868a58561e5cc640
SHA5129b1176e9d12d2d25da7fa26e73c0c3e7bbd1967019087a8ab7a90d2d8a9ed3de4958e3500df9232be3644e7213fbd22424674bf1df0c4b5819c576a65a8bf27b
-
Filesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d