bbd8321c9617ae0c2a5d2fa5d62c28bc339e8647c64d16cd1c236d87ee4cd038

Analysis

max time kernel
2951436s
max time network
154s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbd8321c9617ae0c2a5d2fa5d62c28bc339e8647c64d16cd1c236d87ee4cd038.apk
Size

12.7MB
MD5

27dd9789bb3e6f387b4b05653d792d05
SHA1

5bc39ecfd4cb509bff7f99806b766707b0aec368
SHA256

bbd8321c9617ae0c2a5d2fa5d62c28bc339e8647c64d16cd1c236d87ee4cd038
SHA512

085556f45d8a0013068d682d4cf20acdab89c37022eb550a90a45fb50c06ae94187a242e8ae2c1b78594c880ba51e13c7028d5c65b72cfe8be5309c2c5f67a25
SSDEEP

196608:bohE0XAUcHrVlMtnSzfI5DiBoUha00hPr3gDkyDP0g2u3PdXH9JZd9kHn:buXhkPcn4IIWTLykyDPj24hZMH

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 7 IoCs

description	ioc	Process
Accessed system property	key: ro.serialno	com.FishAccount.az
Accessed system property	key: ro.bootloader	com.FishAccount.az
Accessed system property	key: ro.bootmode	com.FishAccount.az
Accessed system property	key: ro.hardware	com.FishAccount.az
Accessed system property	key: ro.product.device	com.FishAccount.az
Accessed system property	key: ro.product.model	com.FishAccount.az
Accessed system property	key: ro.product.name	com.FishAccount.az

Checks Qemu related system properties. 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: qemu.hw.mainkeys	com.FishAccount.az
Accessed system property	key: qemu.sf.fake_camera	com.FishAccount.az
Accessed system property	key: ro.kernel.android.qemud	com.FishAccount.az
Accessed system property	key: ro.kernel.qemu.gles	com.FishAccount.az
Accessed system property	key: ro.kernel.qemu	com.FishAccount.az
Accessed system property	key: init.svc.qemud	com.FishAccount.az
Accessed system property	key: init.svc.qemu-props	com.FishAccount.az

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.FishAccount.az/.jiagu/classes.dex	4205	com.FishAccount.az
/data/data/com.FishAccount.az/.jiagu/classes.dex!classes2.dex	4205	com.FishAccount.az
/data/data/com.FishAccount.az/.jiagu/tmp.dex	4205	com.FishAccount.az
/data/data/com.FishAccount.az/.jiagu/tmp.dex	4279	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.FishAccount.az/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.FishAccount.az/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.FishAccount.az/.jiagu/tmp.dex	4205	com.FishAccount.az
/data/data/com.FishAccount.az/.jiagu/classes.dex	4325	com.FishAccount.az:pushservice
/data/data/com.FishAccount.az/.jiagu/classes.dex!classes2.dex	4325	com.FishAccount.az:pushservice
/data/data/com.FishAccount.az/.jiagu/tmp.dex	4325	com.FishAccount.az:pushservice
/data/data/com.FishAccount.az/.jiagu/tmp.dex	4325	com.FishAccount.az:pushservice

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.FishAccount.az
Framework API call	javax.crypto.Cipher.doFinal	com.FishAccount.az:pushservice

com.FishAccount.az
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4205
- chmod 755 /data/data/com.FishAccount.az/.jiagu/libjiagu.so
  2⤵
  PID:4230
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.FishAccount.az/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.FishAccount.az/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4279
- sh -c ps
  2⤵
  PID:4434
- ps
  2⤵
  PID:4434
- ps daemonsu
  2⤵
  PID:4460
- ps | grep su
  2⤵
  PID:4479

com.FishAccount.az:pushservice
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4325

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.FishAccount.az/.jiagu/classes.dex

Filesize
6.1MB

MD5
ee7238800db1a067150cc1af49b3d947

SHA1
8441e32ccf4a26f987b94135a3fcfc182c891dc8

SHA256
b231d7c36f574a5ae80475fa8191e2abe59a60714c19a48f09439e9122499e2a

SHA512
a758b1fa4246a2efa028586cc14028a23830ceb42fbd8e7850169a74b2544ca33d20c8535705cbc5ed82d8f8b292e38cc012006114342452460d1b4b0d575188

Download Submit
/data/data/com.FishAccount.az/.jiagu/classes.dex!classes2.dex

Filesize
4.1MB

MD5
65ece23e3ad9b102e91babd3a43dedab

SHA1
9ce6d4d4eba50fcda28abfc0dd0561e233402d06

SHA256
b7c3ee7412762566565696f9f06835a173ce959b85737cd533f1fb7feeb8ab72

SHA512
ae4f19cfb8e9f488804b7b5a430282cadf85862207750b7f99086999032bea47df73b55b93d878833fdf065745f0fee835f9660ff2644693adb7696c987bfd51

Download Submit
/data/data/com.FishAccount.az/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.FishAccount.az/databases/kf_10075_ISME9754_guest39822334572446008315611873351314750

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.FishAccount.az/databases/kf_10075_ISME9754_guest39822334572446008315611873351314750-journal

Filesize
512B

MD5
1f1462a5db6976d588e0b298698eb740

SHA1
6bc60d1ba6edcaeaf60d6fcdf5195dfe4a1e9623

SHA256
157ba27390cfd17dc9ff6c8326237f5e058fe88db9b7784e417689bb1d247c09

SHA512
3842e7035c36c34ad00b7f7280486351550b8a865a58220b712b2735660f69826244a7d9e4a2b2b532587dc51e8083d6ffc85bae8b141fdb1a33b7256d7e76fc

Download Submit
/data/data/com.FishAccount.az/databases/kf_10075_ISME9754_guest39822334572446008315611873351314750-wal

Filesize
48KB

MD5
a4ac72636ca628f923c911713ff14644

SHA1
3a1825859f43c0eaa30e1dbc5ce6ac9ff34f0092

SHA256
6cbbe3fac7eae89248b96b781c2c26ee989f80a2bc60458443107c247fc21e4b

SHA512
a227628d108af3a316a952a68222eb609fb2b8e26a172e21a8eca6e981f354c99b5eba1910b7f2319e44cc972be62dd372e3288f5f088a08fc0fa79e64319ede

Download Submit
/data/data/com.FishAccount.az/databases/pushsdk.db-shm

Filesize
314B

MD5
3a14d951a41e5b295dec89806b0c4dc6

SHA1
d7c1013672851cf418dfd46db666a72bd4ed08a2

SHA256
1e48345223b84274a3e658708695ee905ef1d82605c0c7c22a997b8b819933ca

SHA512
21a00e10048cab3a81a1b78caa672715f6c0b42dd83bc50d2c6eec31aad97736d557aacd7f64eb1b0738e3bfe961a7f5d2f8bb8bf8e3534ff5f0413f04201ac6

Download Submit
/data/data/com.FishAccount.az/files/.jglogs/.jg.ac

Filesize
40B

MD5
71b67931d29107a6e59c00ba7792de95

SHA1
56278259c95065a113ae54c08fc47ea73e55ddf7

SHA256
89a570455ff58d54deb0ed7b6bef187995d8c79aff9abc441805763df37c010b

SHA512
47062fe44b8a362415f3079df36e266cadfc0c1a9cb71706af5761bee869bf9033d5d3ef2c451bbe40e6917ff623c96eaea3c488b7d01796a561ad0809348b47

Download Submit
/data/data/com.FishAccount.az/files/.jglogs/.jg.di

Filesize
340B

MD5
3f3b01a59c9e0ec812f7ec13ed540583

SHA1
a9b7c38b6ae9b724f50e9ad06f11f1815a814e4d

SHA256
97d98e25e8d6b4fb0466a3004c5f1afd99924a899d1a8ccc57ef2cc0a12eb828

SHA512
740dfa7d292e6d2cbcf6a1bf8ee994b1df4ede1ef6952783a236ee9d54bb30c2ee0c99477940e608dd1a68096bcf2be3101f0f03e79222afc3a38634c519fd52

Download Submit
/storage/emulated/0/libs/com.FishAccount.az.bin

Filesize
340B

MD5
a3377e9ab40cc83878218d54e776f490

SHA1
39ccfce7d7f6e874e8884b756c271e888359a206

SHA256
cb925ca8fb6dbf5233ce56650194da9e614c7acedb07f3a25cc6ce053e1344f9

SHA512
3b266cfc9ede4ef16673bc004db5a698b081c9591c7b147cfe98a4aa2c9d5860a9e10bc9e18712b0ab738795af3891791ab78f37d183fb9a932923605e27de54

Download Submit