Overview

overview

7

Static

static

6

b4a4ebc10b...09.apk

android-9-x86

7

b4a4ebc10b...09.apk

android-11-x64

7

Analysis

  • max time kernel
    2943360s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    24/12/2023, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4a4ebc10b4c377f59e6c243a849d291da58001f70e092371f7831fd74416709.apk

  • Size

    23.7MB

  • MD5

    6c9e55130f5d1522cdafb814f63717ed

  • SHA1

    531ec263851fde6037f6867e05bd0522b38dd30e

  • SHA256

    b4a4ebc10b4c377f59e6c243a849d291da58001f70e092371f7831fd74416709

  • SHA512

    b491717728b19051231a5f74940eb00097985cd3c2d026fcf7de9391e8e529cd66010ad477f668efbca670907785cc1a0b466f3a5e91ac90e2ddbdce1e172296

  • SSDEEP

    393216:K1gONiEqYMcrJifwp3/pdJz3PKx6XUXZWQqk7Cxx3lqPtuxbLFAplnCMdjatkqhX:Ig8iEOcr0wpjrKEkJiMYxbLFAPfjao65

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 5 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.hxyd.ntgjj
    1⤵
    • Loads dropped Dex/Jar
    PID:4252
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hxyd.ntgjj/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hxyd.ntgjj/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4314
    • sh -c ps -ef
      2⤵
        PID:4404
      • ps -ef
        2⤵
          PID:4404

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.hxyd.ntgjj/.jiagu/classes.dex
        Filesize

        6.3MB

        MD5

        f5fb4b9a9d250c11e44947cae1e9bc05

        SHA1

        734bba5bc78725aa5ffa94aa9d2db8447305e2dc

        SHA256

        7de2b817320d69fdedb7897719be4038056cb3451e71a92fff9e1af7fcafcdbd

        SHA512

        c503a1c5ec30237ff16431163390e2a852eadbca00c022277cc54284e219aaab94fc9f4b9e2dd274159a7456baa4328940ac40cd01fc03e9fe27e73377bdd295

        Download Submit

      • /data/data/com.hxyd.ntgjj/.jiagu/classes.dex!classes2.dex
        Filesize

        1.2MB

        MD5

        f338de5771682d565b7c00f9107a110e

        SHA1

        0dfd32ffb47bb309627175e43f72569a3e6754f8

        SHA256

        967f823d43d4d3e84eb2fa38782d463ba373a9310d734456aeef8726bcbe985a

        SHA512

        8a0e337687f97b5f868c53baf39e4b8c97bfa4a029a89d4f8acd95d84e2f7f4d00145969ca95abdaf47dd0f48aea896afa2028dddb485ab37c79aa391ee0b7a9

        Download Submit

      • /data/data/com.hxyd.ntgjj/.jiagu/libjiagu.so
        Filesize

        491KB

        MD5

        940317093cc329d45cf45ea8713b1c1f

        SHA1

        3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be

        SHA256

        57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc

        SHA512

        3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f

        Download Submit

      • /data/data/com.hxyd.ntgjj/.jiagu/tmp.dex
        Filesize

        284B

        MD5

        f1771b68f5f9b168b79ff59ae2daabe4

        SHA1

        0df6a835559f5c99670214a12700e7d8c28e5a42

        SHA256

        9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

        SHA512

        dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.ac
        Filesize

        40B

        MD5

        75b7872f9fcacaef792ee65e70479966

        SHA1

        768398a8a2fa2964d5cca8e5701a464582da5d88

        SHA256

        e6859cb41ccae76247119033aadfbc13ed2f6424f62e553b5d7ede63eb95e512

        SHA512

        21533590458a17b8e163323a490cd0e542a94cea253fd3a1d7b116527b3709be04a774324c4e379e379bf6c0156ef0a9be4aeff1e0f3d9b4aca380ceb0a01c54

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.ic
        Filesize

        32B

        MD5

        8f1322a096f662a85871b90696abd544

        SHA1

        46dfe4b1b8706f3c83f91b2f4135ce1e9e8437c1

        SHA256

        de7453c1dcf7760b15143fdc19b27278d31df4bed66740a82bbb694ae1a7fc35

        SHA512

        97fcaccf8e6ea4604fc466589a85124027daa5cbdb844d8e34e654c5a506cc447df5f165f35be614d11a966e26ff25584ac027461e697e212f9fa4b5730bcab9

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.pk
        Filesize

        32B

        MD5

        92a0ac5e5570995ad78f1c45bce4f5f1

        SHA1

        998dad5ec1b3709dd9631bb80b5348f51fc73b53

        SHA256

        9abf50a892c2bb9a31cf96da77e80ee8531213ad2e7de9d8e7b6b1cdec7b105d

        SHA512

        0bdd400bb46cec1d56fa316786eb1803b92e8a2e7d3c460d0a0d7af47b44889c75158d936623317de835bfa7b8d12302d9684b84b89e5aa66f153c0a96d060a3

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.pk.h
        Filesize

        64B

        MD5

        1c392c1a2e38d684229b5a88e4ecd1db

        SHA1

        02475573ae1d074596f642e0fb40e68e58c21cd0

        SHA256

        466091b7296fc537d460d9241c66fb232264534cda562ace5e2b80bd08f80c16

        SHA512

        a72ad36dd6029ba3b4c3d9f808beda687ce1cca16f65779a37ad871f283d1ca858765154bcd94d172c9cc5ec9b28af2202131181430556c435aed24789cb232f

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.rd
        Filesize

        73B

        MD5

        06d91890046a5417fb39b6aec2a15e3a

        SHA1

        1064953e7933269fb6a6cd268d667c928d9f26c0

        SHA256

        0cbfb0e7b8e07808e5cee7253ef7b5ca815ba31a36fa17b277cfb0bba2aaa25c

        SHA512

        c9eaa41fb7d06d08cd1e834eb897a07c576108a3781befe731f7072d982f53ced54f426cf097dfbd20aa94464d20c237b893828f6fd5a0037cf6158b534113ae

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.ri
        Filesize

        307B

        MD5

        3f8938a347a1c09fd7046fe6a763a222

        SHA1

        2911281f83295e00dc52cc54017068d573942863

        SHA256

        78260ebbdff332c5d26e517625aeab51100501d2751195009f77091c2f1554a6

        SHA512

        759530db78f5370ec05ad73a3501f752c14e1848aa0cc41986c413acaf72a0b934712259edce7b2eb7e00dd34f95783a0605d9b3f12f23e1dd924ba9689a4120

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.store.report_cf
        Filesize

        54B

        MD5

        eb68cf385352e121014c7de3ce3d447b

        SHA1

        76be7f3f2e4f0dbc21d1a04e17ab41abc57a255c

        SHA256

        97df300b98d6199aacc8c5ee5698ee7673ba9d19bc102b463fe84a09029f2433

        SHA512

        acbeec5dcf086a641ca0cbe2f72265c464a8c852b7704877ab4fe635a89804ccb9c5d1a39c3b60756e280cc851ada77f1eed4f91b778d2553bff96af53ea76d9

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.store.report_cf
        Filesize

        32B

        MD5

        6f58ccf23a035acf4ddacde905ead162

        SHA1

        0b63643efcc876442a191944585c507fa18518c7

        SHA256

        6da23317fc7e7520c038a3f9a48e91b680431d580eb9857243342beff58ca492

        SHA512

        7f638a13bd309ccfac113ad2d933dbd17db38624405054c64d4eff2708dbc31e90f3c985ece50b1e6069fd42953a6a7aaceb5c6b8ba4389d8104d3244a46e7cb

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.store.report_pid
        Filesize

        54B

        MD5

        b6531ac43a05125663c030e269a4a620

        SHA1

        f5099619ddbd53cb0c0aa974f305507c1fa55db5

        SHA256

        a39d6538865e6892db6fed406699323113d8655ce14ad704a56b368e37b87c64

        SHA512

        1f2ff3f72f7aec3925a442512e5c3965bb085c1640d868294957e77311ac41602e36fa5d8b7624443af1f120ae905efc68507e434875991613aa311ca2d6ea0b

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jglogs/.jg.store.report_pid
        Filesize

        32B

        MD5

        dd6e810b355d28dd54217b453abea004

        SHA1

        398d9505a8f87043187ba3134154f6cb28eab460

        SHA256

        a63aa0478931d687dca19902660696942bcf15f7182ce1ec7fc644c3be6c0a8c

        SHA512

        27a4b9fd1103b024ac56bb9098da4775de8bbe8deee3caeb61e3ffe4008ee6c5fe6edd7a80a596703d8f5b36ab81fb87e8251238811bde505898209da701e6c2

        Download Submit

      • /data/data/com.hxyd.ntgjj/files/.jiagu.lock
        Filesize

        27B

        MD5

        4ef913d12edcfec10a11f2aa1bba02b2

        SHA1

        ba33e4e2b7f64431f375a013a61839c305e9078f

        SHA256

        f4d55f37b48ae7b221eb8dc13eea355b6d3059eff9001b2fc1c24c7adcd6bdde

        SHA512

        acc2e0cba9ab238430f8590d5196f3e6e6da4a4fabde70c5c9c438d2d0dcf800ae6151f773553dbaab11708a5f7524490cf7000cf96eca9e73c13d0d9c946ba0

        Download Submit