ba564a7186740991ccc0471df6285b02f787d2c631ae21bdf263f4a233a0a824

Analysis

max time kernel
2742613s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/12/2023, 02:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ba564a7186740991ccc0471df6285b02f787d2c631ae21bdf263f4a233a0a824.apk
Size

22.1MB
MD5

29bd1b9b1c2e15fd96f1e83d8ffbb746
SHA1

17849d84640f715984462448825ec36c8a8c92d4
SHA256

ba564a7186740991ccc0471df6285b02f787d2c631ae21bdf263f4a233a0a824
SHA512

53477da68baba7816c309fc258d81d87dd6cd4b9e862da33b63f07e6aac6638007990f7070f4b051b7889aba35e5f94d2011c756fcf94cbc07be66ab8f88a865
SSDEEP

393216:H9xOsT1GWm3lHraRAbfYNq7t2qOzs+T8kjTsYAVQ0Uq6QJ+n/E3qlQ4+n/PW1zgN:HWe1GWm35rLV2qOzs+T8T9pUq6QIn/Ez

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 6 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/bin/qemu-props	com.ouma.myzhibotest
/system/lib/libc_malloc_debug_qemu.so	com.ouma.myzhibotest:pushcore
/sys/qemu_trace	com.ouma.myzhibotest:pushcore
/system/bin/qemu-props	com.ouma.myzhibotest:pushcore
/system/lib/libc_malloc_debug_qemu.so	com.ouma.myzhibotest
/sys/qemu_trace	com.ouma.myzhibotest

Checks known Qemu pipes. 4 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.ouma.myzhibotest
/dev/qemu_pipe	com.ouma.myzhibotest
/dev/socket/qemud	com.ouma.myzhibotest:pushcore
/dev/qemu_pipe	com.ouma.myzhibotest:pushcore

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex	4621	com.ouma.myzhibotest
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex!classes2.dex	4621	com.ouma.myzhibotest
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex	4710	com.ouma.myzhibotest:pushcore
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex!classes2.dex	4710	com.ouma.myzhibotest:pushcore

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ouma.myzhibotest
Framework API call	javax.crypto.Cipher.doFinal	com.ouma.myzhibotest:pushcore

com.ouma.myzhibotest
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4621

com.ouma.myzhibotest:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4710

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ouma.myzhibotest/files/.jglogs/.cl

Filesize
32B

MD5
95f1689708ff1dd9a75b7d0bf4c61367

SHA1
fd9f2b98ace69d8f02a49bd06f6e6e586a193562

SHA256
75d396240e070547d5932173548bd0ac09af1d17e514ceda7efdba5f5d06ff2e

SHA512
30d43e93ec13393150656dce6622442ffa5cda1bd7ac63244c9514b2f8baace8847ef41dd3b458675849f24b576ebfcfd9da8fb57e19ce33bb63fe80ddfb4285

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.ac

Filesize
32B

MD5
ebd5d1e00287dc11bb3d5babd2cfdc78

SHA1
ceff3513765c091b8b2963e5b7455802974bd4a5

SHA256
90be083dd8ed2e9e622827bd2f5ad7e1d2c05c0f6229d34a5a5a03315f50ea21

SHA512
4069c5f32ea552d5283f5c9c7d800e3bbfee4cdb037676942b6e511db660e4710b5339400e05a2e54f18748c7ec8086c953f93582ab71009ac89cbf6e4ef61fd

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.ic

Filesize
32B

MD5
0400b39ebe3235fea9a89c7137dbdb36

SHA1
d670d37f5a287a7467f9f1b1a387c3ac655d6854

SHA256
781fa6ed3278c650235e0fa9dd59939af7e1661b887b832568a037859c45d84f

SHA512
9cdc90739fe1a5d55296a0a1eec41c47a416d36ed73072056a7d3a2d2b711c5c012f313742963206ca032766296871cd648c6f70d179658d7fb89a5e13a94942

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.rd

Filesize
32B

MD5
9831ed16e81fc3591b145e839082d698

SHA1
8e24886277e8c31dda57661a73ac28c81a4c85ab

SHA256
ae59816ba894ef3df04b842d0ed6fab7110fd86ba04243e79523b5c63c43d92f

SHA512
02cd874dfde840d536c0ab1f1c58ae43294660503bd3f23a70264f3aae3972653e9f14f7406d6e9e634f0c5738336c1465b3f98eb45c122034c9aba02c78c97a

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.ri

Filesize
307B

MD5
e3e322677989ba1fae6eb49039577601

SHA1
404da015dfa80e5442f7439bb9821d8ad23b7ac5

SHA256
4cc7cdd037a82d7ffe09d8e86e099ffea6165173e2797600619007f13791dc5f

SHA512
34ab948aace8d4a9795843a170f0cb7400742a9f73d7c09c23dff1267d10fd0e7af511eddf8a3cb07a4d4ef0d373838287231f2c5d0759d80dd066686d191584

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.ri

Filesize
314B

MD5
151dd04d819a0163bcb37870343e5ffb

SHA1
31922a69a5169bd8487b276bc0b34fc477464961

SHA256
e79a9f9b8d9378f157bf43cf736d717afc6e0c067f57706de12f6834147cb8f9

SHA512
1b18d672afc59ad0c2b9094c1d894474fc48e2b87263856a10afccdf29ebd07501bb2855c8948a58929a4a2fae5f5ee5d31b8ec315c7bf09cab6c2c50cdee8ec

Download Submit
/data/data/com.ouma.myzhibotest/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
fef03b6f241c58299822779f7adfe930

SHA1
34ac974a73f7c10f664d05f11edf159413763088

SHA256
e9249ecfc017b4c0b87a3f5cf825cccf869d92b7a6d3091e94e31dccd49234d9

SHA512
58fb63ffe93f69467d7714fc032dc02839618f87af467db1611689b747890e787245965f599bc0285c65564285f000302db19997916046bdf7f2eddeb7349942

Download Submit
/data/data/com.ouma.myzhibotest/files/.jiagu.lock

Filesize
27B

MD5
1c0af97738fdc34bfcc7e378cc7e8824

SHA1
28d2db753ba41052746a2825ce5c0598c1df00ad

SHA256
6a16f8de1e689db1b96b3d43a6fb14f3ded2519ebd6427c866921cebffc34712

SHA512
9e8f62f02a6aaa172ed48dd0a3319fb50bc45597386770ea80c692b3da508fc8f441c067f772dc026118185f30c8c73f1448ff9eb4ac2acb4fae3ed5c9d6b80a

Download Submit
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex

Filesize
6.6MB

MD5
3e9387c2271262a7e07321c5b8591589

SHA1
5c4bb0bc1692360c08cdccd72fdc879ec09f44db

SHA256
ca3f9e70e56540e8ec9e360b42f11a3cc96bfadccb649fb4856ce30cbd85482f

SHA512
98c98a7aa179e5ce540f9749765438106bea303926f76258264fac59ac68828c9bfa698b0d417ffa05b04c3e591ca3a2d392c2fb13a0c4d57937bae5360964e7

Download Submit
/data/user/0/com.ouma.myzhibotest/.jiagu/classes.dex!classes2.dex

Filesize
2.5MB

MD5
f39ce64c61389f4ea844956eb867f6b5

SHA1
965cdb05620cab1adad39e93051bab5d3478e117

SHA256
a76d3708b428a87e47f5253740aeacba9e5cb9702dc508f75c9b4b33466e0cfc

SHA512
f65682c30e514e7cfa482379394b1a4b037e89bd4a4561f4ff4df5405d51e0a2122da3364b50ac43683432a408acf3d2adb95d60de0bcdecd96f8e2bbbb3c952

Download Submit
/data/user/0/com.ouma.myzhibotest/.jiagu/libjiagu.so

Filesize
562KB

MD5
d141f6661f27d70822c7021d752d8af6

SHA1
e545f7442dca4490cb67b745f6f13ed782b1971c

SHA256
e0313c66404c4fb7d023824265ae5a922079d422509d4b59c6fe45632c60146a

SHA512
0b2a4c540c077ed93561f249baa75a65344e75dbfaefdb3a68c0d653d79bb5152fcd42c13f34a87b09583f33f1a40231b4f31416b73c323859885374ca0667f6

Download Submit
/data/user/0/com.ouma.myzhibotest/app_crashrecord/1002

Filesize
252B

MD5
f4c0894946401d96c12bf5fab28452b8

SHA1
b7b1361b547e9c4a59dda47c09c43e4967b78fee

SHA256
c4e820ed776e0415fe2897424a19fc5eb6420e807bca7019a15d4933392b548a

SHA512
e714a01faca122d84d398c49a1b822b15d74dc9831e4ed03e18270f6b4e46e25b05c409c00db039271eb9c9b0bdd0263f6be2f04f2fe442080eeb648622bf469

Download Submit
/data/user/0/com.ouma.myzhibotest/app_crashrecord/1004

Filesize
237B

MD5
61a5a220b207bbc45c5c288388d0f474

SHA1
5aec31d1734597589ddce375b20b61b50219bd82

SHA256
454c6ba31c10c5d10f66d24405ff7007d17bd4c4804bb6fae8bcea845f0ff80f

SHA512
7ecf398a0feb090a8ae394b1a8f2ccaa7b8c89a2af31f917f833df8a1ac840fd3b1804ea1e898b556f258d414ed2ecc5f3d05f5d38dbf06c57713478bd6b37f2

Download Submit
/data/user/0/com.ouma.myzhibotest/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.ouma.myzhibotest/app_crashrecord/1004

Filesize
307B

MD5
a8e46cc09dd0c6e63a948b0184b18cd3

SHA1
6a5e6c1101d24e2097cacf86c8b20511a504dd89

SHA256
4a2af5f828c871db8b9040ce2393272921a8df45784a7b344d885bc75497d7ec

SHA512
73497857e915eaecb0e583e7761c541c3ff1e4420b7fee2ff2bd5116ee0485a1e3f872d7cfa81423715262a563ca3fc8bb70f5a0d192c731bd00114c3ac96195

Download Submit
/data/user/0/com.ouma.myzhibotest/app_crashrecord/1004

Filesize
314B

MD5
5eebf089194f379a749a7991664b3ab3

SHA1
1797677d46a6df605462be6a922c60362bf8125a

SHA256
6561611445c0dae695f43b5bd50f28d400648707981251679d2a4c8291e0c7ed

SHA512
c83042bb5e06b549f5ad454e5f2a0cf6e6ff51973c14b279c032bb5c541174c2a9638120bb1f0f50dbff7234f6003f7d5438c918ebe7199e3defbc2bd5e4b4eb

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_

Filesize
16KB

MD5
6634bd46f40a026f051fad3448cee5e3

SHA1
3c456d2e140b2c18e2b7c14e1eb809bd7e08a12e

SHA256
a546111e86a35239de11885bafbd62c03697988c774195c812b81ae13a4c3fe6

SHA512
7913ccc9a215f8333557b002dbbcf6a281479808fe2ac2352dc19cf47b3594afefdbd594bb6f8a8c035615b093171ec4af07deb904fc08d006f9b630a10b10f1

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
8KB

MD5
c873f7086f641c7ec3abf922da593661

SHA1
79389679b13b6837fdeb1699e1989f873ff538da

SHA256
bd2cbb867b22b8e216e9e42272aaf4ddfdb5443cc307312b2ff54a7d5304987d

SHA512
16d24201105fa3a4d415f6370fa5ba6c4410f6fa071399dc97ed39787819095e3d05482852be84dc39dc92c4c7b12f7477c9cf1db6e8a8a5e249982a5f8b4656

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
8KB

MD5
be24148768c8751b5e8e0697ab606148

SHA1
2a89a4bfb2a8901e42cd762a4cbbde4aa718d385

SHA256
4d3ec79e56c1587720187dd1b6f0a92233b781adbf98bf7cc055b3739e98fc0e

SHA512
a127f33f9fd51c8c19bd79a776fa4b9495fd8401a4845fd1da2019069df2e97c02bf7c6cdf676cca59ff418138ca521c66c6309d71d3abc1f13907d453404572

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
8KB

MD5
8072d4c7ee687131203968a20bc5ef96

SHA1
88332df06dba9fbd79b03c47c21cd83e174a724f

SHA256
e7084d621a20b4ebb938271c5140dc27e0b42b03e26acd6dd56f02660ad095ed

SHA512
50e3e1421fdecb5dbcecfbbdcbb532ba509e0152a1fa79e78bd752fa1aeb899ea6602117a4ff8e7a7d2a49284579c9aef9129bbce168f44eaa034a1be0aa9ce2

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
12KB

MD5
034cc415878503cd87082c50d8034c80

SHA1
51db0ae84672fa2118a1af89233ebb0659e450b2

SHA256
ffe5741141981a5ab8dd9e3a0e620cfe013bc67d04d8c573c6b649755bdd86f7

SHA512
5438f94fbb2754a446fbd8dccefce55ce148730eca60f2516908bba6603b3a1881292e27ec5e03e7aba6258dc6cfe11fd90ded234ecd534e4c049d4369168588

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
8KB

MD5
ab379e5d41c40497750e053f9e81cd9c

SHA1
ce0e99162f994173aa8f746c45f746f46db47e76

SHA256
13fc0ff2cafd07d2c4d4db7eb99257abaa8f3ec4c4f38442f4befa6ee4b93eec

SHA512
0ed8738c9ab596b8e1761fd499a806585b17372560b865f8ce58e04f68f8f07b75edb33b0db08d2f10d8174cd47fa9d44b37d0fab226690373778b378772d2a8

Download Submit
/data/user/0/com.ouma.myzhibotest/databases/bugly_db_-journal

Filesize
12KB

MD5
3c46378467c7536f839f93adadd24480

SHA1
1095777a13c45d75b01f54dda37c5a1967b93d24

SHA256
252e6d58415240dc3ef7d5443046894ed7c63bfa3d28757e1d6dbef96ce88e9d

SHA512
de57df7ead836780c9f66c13e91a476083dd5305d99b69babbaf7ae2fa7568760d6e5f56873f28bed4f8ba1167fdadbde4df73ac9db1529e41de43cdc46007ed

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_stat_history_pushcore/920cf52c5e3493a793401472/active_user/nowrap/6ca40729-0716-4c73-9062-58a2a3464704

Filesize
159B

MD5
137e184d3d23adc61997f32262ecd180

SHA1
73375ceaadd7379a84f7e007841e71d3c6fd9f96

SHA256
70fea80cea23ca526b585fa5eeb49af4cac13cc049ab396671a8f863d460e156

SHA512
9dd17ab1739c30f6ca29b9b1df78dd251690d3110b9cf134286fc0660c009849c3292762bab8f008fd40a883f6bba663537e440b753fa0d48d18366a95034e5e

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_stat_history_pushcore/920cf52c5e3493a793401472/normal/nowrap/45e7b68a-1a66-4252-bda9-799d252721e9

Filesize
243B

MD5
e4866f9cec335faea6e301995fbfb6d4

SHA1
bfde39e08199c9d8c31e615715b450e8ac970f05

SHA256
8ff17debffc9424287b352bfbdf3e3ee013c74f368ff88eca7b550a018accee2

SHA512
00e1c1728777bcbc406f1cb04ef91b4f89414991c519e81b40fd83cab36c328965fb37b46cfb0d9d45e4ac90c5127ded7a507ede9acf45f3edc4d88982bc844a

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_stat_history_pushcore/920cf52c5e3493a793401472/normal/nowrap/71fc9197-7d3d-4484-9a8f-3ff42b77bb13

Filesize
155B

MD5
67e2ed843a13209add21519bc39744d3

SHA1
691283c7ffe59070a0646bd352e08c0fd2945c91

SHA256
45883c3b51913f0d49e6f58f94e5434a39e4db22b36ffd2267ab11fcaeb0c831

SHA512
b0206582a6d1a9d56f29104e10a3cd992be2455453ac1903276ba85e2e0b4a4e062094314e94a9f476fab150bad7726d5f99e1a133a5adf77be87c072f1f0c1d

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_stat_history_pushcore/920cf52c5e3493a793401472/normal/nowrap/7329047c-46b1-45d7-bbb2-b9cfe3c83a83

Filesize
73B

MD5
1119e14f53c1f730d53c519628839624

SHA1
0cdf654380a8a1da055fe9adef249c40754bbd3a

SHA256
d9ff821947c0b39ba804210b739ece7f9ffff4cf125293d03f28944f2e794cd6

SHA512
efb7080ba295841955273fb5e59124a12b439a796bf41637e9096cb7d1322beb92a99ba1bc6acb30d356beb1710417649517264170736a8bd33feaa7a3c4c832

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_uncaughtexception_file

Filesize
8KB

MD5
d1efa760df7fa8c02a68031014e49b91

SHA1
f9008f3b7628560c0905bffb5eb3d7d8faa71124

SHA256
80ed02f7640b4773af030af22751cd4d9251b4995d29a855d258b6889ffccec2

SHA512
f7dc94227af65a68de9f48ded8bc7bed77a7ba25688afd46a1be1cd611ef6f2607fbf440d944cfd04defdeb7d6d22c81fdb3ea8e5794c2504d1d1d19b96b5bcf

Download Submit
/data/user/0/com.ouma.myzhibotest/files/jpush_uncaughtexception_file

Filesize
1KB

MD5
db8d8bd0a3662bb00c2e0a446bfc97cf

SHA1
2f066bede479212751a7ee39b6464b4ad5c0700e

SHA256
81a389bf07ebdeaf60f4c15b9ed9d690a9eb5da94f743e4169835e50dad81944

SHA512
c45c6aca13136d448854569837d34c432c5f3ad2dba51ded241abf9df8a0dc8d1981f11412748720535d755c829973339e639d900add3fef44b2ad3d697ac2d7

Download Submit
/storage/emulated/0/Android/data/com.ouma.myzhibotest/files/TXLiveSDK.licence.tmp

Filesize
2KB

MD5
190cc121c9b8bdc6b507871e788d171b

SHA1
cd8c581461079b2eca4e49fd295bd8fc4ab63dea

SHA256
f5498bc9e5e2bf94d2ea400286d507a43ae02c0d2ba51b3b0c363a2bfc472119

SHA512
c6a2498bc6eabcf672f0f3fe6f8302f86d21a94b990bae6b338bab2065a12dd7bf21c63cd3a36fcb649f328558d1fa6070aa0ce9fb13aa7e11784ea108cd7e84

Download Submit