Analysis

  • max time kernel
    2907257s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24-12-2023 00:10

General

  • Target

    a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804.apk

  • Size

    27.0MB

  • MD5

    465900610b326e379f2374056c8e29ee

  • SHA1

    b1a06a4654db13fc7a4563c24b319cc8e837bb93

  • SHA256

    a687bd624841c2e68ada4816298e572c8525aa0108a0bcbd8291547e5af49804

  • SHA512

    6bd447c29e7e340fb4d7e8477ae94342ef5a26ca714a568ca360e034fcf1a98177ba262b6df078aef2989b66c86b16f72f453d48099d10a324ffedc3124a7069

  • SSDEEP

    786432:vOa1rdTc7Am4r+B1VXIGeeRWweP707z5ACqbT:2aBdTckKntJsPg7z5dQ

Score
8/10

Malware Config

Signatures

  • Requests cell location 2 IoCs

    Uses Android APIs to to get current cell information.

  • Loads dropped Dex/Jar 11 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • bangju.com.yichatong
    1⤵
    • Loads dropped Dex/Jar
    PID:4251
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/bangju.com.yichatong/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/bangju.com.yichatong/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4282
  • bangju.com.yichatong:core
    1⤵
    • Requests cell location
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4342

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/bangju.com.yichatong/.jiagu/classes.dex

    Filesize

    6.1MB

    MD5

    c6295ffa10aa46ef45cdc7208bea10e2

    SHA1

    398be373ae45f5faf605803b150e5d8d30e53fe1

    SHA256

    3022f798eeecd7da1bc82245990686b19d62d9a25938a191511e6391174bde67

    SHA512

    da410e2b4820a38ee808bebb920da9cf4faa7e089ab870f6812306aac200149d33356900c5400a98794178e87982232538a5dc948a67725e1b0125becddb2894

  • /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes2.dex

    Filesize

    6.3MB

    MD5

    ba62bfe887dc765939e6ec3e48752ba0

    SHA1

    af85919d481f9db3c078b390f36e0de0184148ab

    SHA256

    0cb6c0cf6a93571f204072dbe2f8cd1ce2210ec80301002627bac6d182970173

    SHA512

    9314cac549488393570f0e741f57a6faa4953aa5e60066cb0c36921c3476ea102454314b56f85f6b6db61957d5653c5f25cd53f047aa4d3ab700aba39004e61c

  • /data/data/bangju.com.yichatong/.jiagu/classes.dex!classes3.dex

    Filesize

    1.3MB

    MD5

    1c8802ab5e440482b4c147d2d6e987c4

    SHA1

    2a775971c8fbcd3f8ce7bea32d76073202ff455a

    SHA256

    f34dad66b6a4c33fa49940d9432bed25033473cafa9904fac0f392f2d2490ecb

    SHA512

    6bb55244ad9dd60bf303e32a2561e68703d7d1d153c3ed0321166a5f13917640236bba1d1955a9796b7716bda6de31f8d746f50a2e583538e6ccb907a56ca277

  • /data/data/bangju.com.yichatong/.jiagu/libjiagu.so

    Filesize

    485KB

    MD5

    2c1a490890ff15348d2fc3815b2cfb3d

    SHA1

    922e1e5539c40ad5bed578a9cea9f076df02eaee

    SHA256

    4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

    SHA512

    3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

  • /data/data/bangju.com.yichatong/.jiagu/tmp.dex

    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

  • /data/data/bangju.com.yichatong/databases/logdb.db

    Filesize

    340B

    MD5

    4eb4cd5f77a40883078766ad60a28afa

    SHA1

    95143054d0bfe4b0e128d7e0483f18e67be7c06b

    SHA256

    a2e01dea84c8d4a2c4ab485b974ff8bc5ee5c20625688e13504f0e65390ce8bd

    SHA512

    c026858cb59eafd7e95aedd819e506c9d269466d975b2422ae2d2e80727fc4036d391f7f1e81fcafaff1f502be2b0cfde9b441967fc5b267a07d755fc9f40c8a

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    284B

    MD5

    6fde3667f3420d8f9caa7e9af11dfc71

    SHA1

    4ea52d82c917492c7f9bb4c18aafe09deb291703

    SHA256

    ec9b9361f4e060059ce599d621982f0332539d83c510f79c3dda0d8d6a8c0e62

    SHA512

    400162391131b705e2cde45363ad9994537b27b8aad6aafc88f733447ac565779b28df64ae73538140073214760b666a0f992eb26be6b384af7a83f64e930e4d

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    97B

    MD5

    2fa1ba5593c49ee54de05515872c0d8d

    SHA1

    3a8cfac0f418f77c57a5963d96e3688f82948336

    SHA256

    fbd73e912626e971a9d6a0745b0f53dacc9cabca8f5c6c3117d1a40e81aacc19

    SHA512

    d6ccaf4cd7097ca2771c6a6d71abaa467b98fe9568524efeebe6cc33600de0f6e435b717512a9fb43609947b5c9a20db14ec05d7bb1fa2a02b7973fcb6529e7e

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    45B

    MD5

    b374f9a150cc01d29d19885fff910510

    SHA1

    f04975b53341cc35b813499fd2b25991b5bc9e50

    SHA256

    cc1863324c7118f80b54e58a4727555b50a09cf3e4d7f16641f82b4ea46cc80c

    SHA512

    439832c8a795f278834864121947a5a989ed2daec9fdd7a77938375802f614beeebc6c721beccfd57d2d881ba09b4d5c556cf5b61324db3d6f01c338c0a8f3a3

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    80B

    MD5

    793af89704d3711d423a86b8793b2195

    SHA1

    839682db7cebe35e042df338a3cdc675b023e0dd

    SHA256

    d7328b7ce87e802a1af5f6722a3da20e9f6547b92d87e0d5a0b537f3dcc35e0d

    SHA512

    5b749fd715afd8cc09b056106211dd0cebd7147a392e10b213512b8bbdfc41b758df75582bbff25dc315728b503a3fa1b88d5a598276b6544741a83a78c643f0

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    314B

    MD5

    5984f0ce339bd163ebe537ba9151195a

    SHA1

    ed0af7fd9e99e2f67c71caaea7817c28ab1426cc

    SHA256

    a02f2a60a98a3dfbc063ce4fc31f6e00707f823ae08c92a0e83a5c734b012c99

    SHA512

    47b4301a869be0fee36b4777bd1653ac4208b8b03bc7476c6a345d0c1d6500e3f52afb6d76f36ba9489a39a08811370bee938085371b983bdc52b007a6583695

  • /storage/emulated/0/Android/data/bangju.com.yichatong/cache/nim/log/nim_sdk.log

    Filesize

    95B

    MD5

    89b319c6f40cc5d0dc982e908833ffee

    SHA1

    935b8176d5783d72748f7ed37013197b59a84a44

    SHA256

    b3890cf1c5a28b80f1b66e61de3b5cac2f39943d80b37d7d868a58561e5cc640

    SHA512

    9b1176e9d12d2d25da7fa26e73c0c3e7bbd1967019087a8ab7a90d2d8a9ed3de4958e3500df9232be3644e7213fbd22424674bf1df0c4b5819c576a65a8bf27b

  • /storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-shm

    Filesize

    4KB

    MD5

    620f0b67a91f7f74151bc5be745b7110

    SHA1

    1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

    SHA256

    ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

    SHA512

    2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d