bd98e2b77d1fd32616f4322fda3cacf6ade979fda083d9fbed5811016bd8dda6

Analysis

max time kernel
2747134s
max time network
152s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/12/2023, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd98e2b77d1fd32616f4322fda3cacf6ade979fda083d9fbed5811016bd8dda6.apk
Size

26.1MB
MD5

caa753c640a5658ec79550ca2b45dfef
SHA1

3f790c6229470195e331b94e0fb5f7026ca58ce8
SHA256

bd98e2b77d1fd32616f4322fda3cacf6ade979fda083d9fbed5811016bd8dda6
SHA512

653d6df2560ac0d995fc7aa18c3592488fb6fd1ee08c4ee2fc7518dd7169d5c34d63dd56efaee3f9f0fc766f425106fc53672181eb23cc5230d1a9c959d72a3a
SSDEEP

786432:DL18iG0oy06hgwC9ea8QctTWh8VrLLn5VRgLCv/Qv:D6iloy06FNHQ6aeZrRgLCnQv

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.pcncn.jj

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.pcncn.jj/.jiagu/classes.dex	4477	com.pcncn.jj
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes2.dex	4477	com.pcncn.jj
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes3.dex	4477	com.pcncn.jj
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes4.dex	4477	com.pcncn.jj

Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.pcncn.jj

com.pcncn.jj
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4477

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pcncn.jj/files/.jglogs/.jg.ac

Filesize
32B

MD5
6f201d2d128d294c64a3682549ff4cd2

SHA1
f8d5d992575e40033cff1d89da282641a5ef5c52

SHA256
d8223cf818cd445faf433f13bded7e5145eccc0857561a0ff7658e532e2a3b94

SHA512
7acb1111e9f853aac4d3bd5ef5b49cd1948d9516b081659effa8b1a8154766538f035c8497b9ed09f2b01ca25e5c085ebe1cf49b24f3413bde595ecca049ef5a

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.ic

Filesize
32B

MD5
a2072c95c3272aa9726c9385f360411e

SHA1
3a82dcb4c27e5e816bc14e56e4e3d2e7af8ca5c8

SHA256
bcce008f477d5cca58535dee7e404a971bb2465e29b2fec6013bed19f7466259

SHA512
13b7b63358af9093670ca219d17620cbe9ab085fff7eedcb5d8f7ebd9e8d19ca0072cbb33bcf4f915f1d38c720fb2bdebb4f1ad9be8f0342cb6faa1bd3e1401a

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.rd

Filesize
32B

MD5
c55cc1fe06c8da03ccea6a33434af915

SHA1
b0512f856c9691652d115869dd8439dd228f1129

SHA256
8e7771e657cbb71da98244110a7a2411bd5f355a7de2259f303a19dd3a7aed0d

SHA512
9897366a719afeb1c71fcddc6ec7b3fb06808cd7e7d423277e9452ff5cffb530e14cb28e997dfba3cda8da1bb35385cc647d1c1b42cba943cb1e4758c510d4dc

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.ri

Filesize
307B

MD5
ba25ccd384741e8910a95abc82ef8853

SHA1
a6f7d4a7a312c501fd4b762875520d1080540389

SHA256
7c513a517ee86a9c2a3ed51e0a8b00d914fdb2d23f08e41c007910b56dfe1aa3

SHA512
7d9dbd31397de73d058025c93b5c8c871622caf16f3c558d1a5a41818aa3f11f00e10fe72fadf710beb2ddca676cf17016e87c7e3e951a2f9d809ca3e54036ce

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.store.report_cf

Filesize
54B

MD5
c56a1b0e42c1dc9035c50ebec99dafa4

SHA1
579b45babdff921910485263af878862413c2106

SHA256
c9f589d17cc8a630b3c6dcd7318ce53de34c5ebd65d2379de44129be17a2aa60

SHA512
bfe15f5ff45cce13c00f595568bb1e7e430c02e889c87770318dd9f1c2a829da5545b988c046565d81f8fe5928ac266cdeed3897c5980fd5fadd84d978231aaa

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
8b5e9a7e5b6ea8f579076692ae604627

SHA1
9aeff7d6942d49712f1ed35a6245a72d8c6803ef

SHA256
cc87f9e182ce5aa43a9b8a57bcf0650da4592fe7c4df7c88c8f419bd330ee075

SHA512
14e87ff70e8314c31f50f4ce73fde72a6c73c40b9666494e1bc0ae5c8284c3173d0b826556bd127d161edc21fae217d65e4cea18ab0e853adbc2d426215356b2

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.store.report_pid

Filesize
54B

MD5
d7c320c4fc93b38a2eb47b2364d2f600

SHA1
cabe3ddfa42fda1f0a8fb19f1a8fadc1d8711420

SHA256
a24dd5e753d50acb59eddc6d4a905895099d77eb40b8ac026f4507c90730df19

SHA512
b594495ab49ecb5007415167de004fb45ece1e56d8e8befd1254f323e8e510baf7daf09766356d8bcef3dc703350694380f4cb6d74e7706e4273307df033e01f

Download Submit
/data/data/com.pcncn.jj/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
869a54fd2ecc62ae2ae0df45ddd0980f

SHA1
9d7f7ce66ecc47a2ab79be4955f63df439fdd657

SHA256
a1905fad4e16781cd63fa7ef88c8978ef8ebd1f0ff6d720d88ec3d0424cf7f98

SHA512
0864b1e599a49492c42020692a26978c6a0532add6cacc64c55446e626f48311562dbc597c2cfcbdb206b06087dc23f377fff9c78ef306606fca2bf102193039

Download Submit
/data/data/com.pcncn.jj/files/.jiagu.lock

Filesize
27B

MD5
ed563624c26b04153862c79e8d65b7dc

SHA1
d7767b5d2e54abda404852745327b1e684042af1

SHA256
51c2f662ea4e6fb4d0bc7a969feb55eb26c3028922a9f29079ad4d17dacea774

SHA512
ad613afa8a293e3e2a0575af2c20bb294d796b484bf66f695fa426e878f7d8e5e330cd823033ff489fd8c53d003b4f9e8b88e610e37dc40077ca8434b3112e45

Download Submit
/data/user/0/com.pcncn.jj/.jiagu/classes.dex

Filesize
6.4MB

MD5
82f58600d8517d4556e90456ed277452

SHA1
0395125c1fd68fc16dc7bd53a61b09239260716f

SHA256
df232d6ff6b5a51e40e1d01eef1f0c9e0286df8d73dff90cad3685f9821b0987

SHA512
a7eee542eb6e7e5b1500a1e9c3bfc5016e9cc7a6fc30bbf17558a19f7db57877240efb5cce718bc25e0fb499c74f5b9b9aff06f252a3699985fef3a12e56d5c3

Download Submit
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
90c1f068e4c0da2b830f85d816afd981

SHA1
75a46eaaea0005657db60bce37a3660c30b4c495

SHA256
eea44fafed2f63db33604d32b04d1c4650a5fa70dc844de61c92d707e51be159

SHA512
11bcc8357a299ecfc840dcd729c61e4d574c3198390e914a6a4f60b23ef5bb2939dac0ab3a27514fc73521af43086cdb73196905dd23f333cf8c80ea57ce7a26

Download Submit
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes3.dex

Filesize
6.0MB

MD5
6e6b2ba8c71dcc0456804ed5b08e3119

SHA1
755cbbc6aef7b6603753ae5d65a4784c218cb7fd

SHA256
d9535f4949103805402ef3528015f03a7d3eff9f7e1ea5711bf8691ca0470739

SHA512
40031abe05bf5bbcab4eff1f4a35000601a5dcc05df0fbb23384bbc0b772817ae097dd1875ba75c2837bed7dc557cb09ee989fe55aa22d01e5b784e4b3e1ef8f

Download Submit
/data/user/0/com.pcncn.jj/.jiagu/classes.dex!classes4.dex

Filesize
5.1MB

MD5
a6a1bb28f9722bb57a4204f7de731bec

SHA1
be704b24b8639f1705806000fe81ce4a3a4c5bfd

SHA256
917140d217be7bab8b2e084a5944c69470e7d5e2b85c5b2d428afae583e2a567

SHA512
91b89933fe32804205ee45345e3750c7d1e980c9aa8e75a3cc405bc65de237d7058e3d6f69fdcf3610ae54c4e1f1d5bc4d4ff798857133502c96129735991a95

Download Submit
/data/user/0/com.pcncn.jj/.jiagu/libjiagu.so

Filesize
491KB

MD5
940317093cc329d45cf45ea8713b1c1f

SHA1
3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be

SHA256
57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc

SHA512
3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f

Download Submit