c9303359b3e0e97692bbc686dacd25d8f6590d09ca7cab8fd8c667f71c96399c

Analysis

max time kernel
2991589s
max time network
130s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c9303359b3e0e97692bbc686dacd25d8f6590d09ca7cab8fd8c667f71c96399c.apk
Size

15.9MB
MD5

1e4191138df408aa89ee9b4217e1a80a
SHA1

c188df24590660fd1739b725ddba4182a9ea208d
SHA256

c9303359b3e0e97692bbc686dacd25d8f6590d09ca7cab8fd8c667f71c96399c
SHA512

63054c5dc631ad38f28f70aa292d55f197897cb56ca0c218947128cc1740312b089efc6b64a4cfe38f65295b503dcc537cdde70bb165cde9dd4569b137e85b31
SSDEEP

393216:pjPkcbJQqpl1FchKrYitBjEf3BcUYQWqjdws9:pjPkIQqvw4htBjEf3BcUY9qqy

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iyuba.wa

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.iyuba.wa

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.iyuba.wa/.jiagu/classes.dex	4253	com.iyuba.wa
/data/data/com.iyuba.wa/.jiagu/classes.dex!classes2.dex	4253	com.iyuba.wa
/data/data/com.iyuba.wa/.jiagu/tmp.dex	4253	com.iyuba.wa
/data/data/com.iyuba.wa/.jiagu/tmp.dex	4302	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.iyuba.wa/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.iyuba.wa/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.iyuba.wa/.jiagu/tmp.dex	4253	com.iyuba.wa

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iyuba.wa

com.iyuba.wa
1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4253
- chmod 755 /data/data/com.iyuba.wa/.jiagu/libjiagu.so
  2⤵
  PID:4279
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.iyuba.wa/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.iyuba.wa/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4302
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.iyuba.wa/.jiagu/classes.dex --dex-file=/data/data/com.iyuba.wa/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.iyuba.wa/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iyuba.wa/.jiagu/.jgck

Filesize
4B

MD5
a8a3adf2b20489d2ff9aee15e3ecd386

SHA1
ea30ede6003f16ca32b116cdd00d60898b73dcb6

SHA256
a235a3507f5b6120da8f0acbd8dbf4c4984779b4b1004779784b2c13b5ab2c8f

SHA512
374d8cee156aaff647bc6170b62e1cab8a4e59012a7f046603e7539b9cc17321c8d3704249a06904fae86c41c3b739edfc5ce62ae68af343d8d850aa19e0e3c4

Download Submit
/data/data/com.iyuba.wa/.jiagu/classes.dex

Filesize
6.4MB

MD5
dc554c6f6bf3639bb59287b57a5c6b2a

SHA1
bf33513fc92e19f304b2bb1268f16de9d06853ae

SHA256
7357db29e5a4ac72010d5139a97183472a02405441ff8ad9f06685324619edd2

SHA512
6d08664e4e3b3112aa77a49f55c02066ab7942a675898bd95f47d371de286ef1cc5d8d0b44af13002a4ea47b38e4c4c5264acfd721de7e8b0d680543de0dfa68

Download Submit
/data/data/com.iyuba.wa/.jiagu/classes.dex!classes2.dex

Filesize
1.3MB

MD5
468f4100dd40837638b94e45ddc535f7

SHA1
60b83f2655fc07f51b205de8f74bee2eb18abb1d

SHA256
fc2fa3aaf9a4f7cbeae3a71dab68beb8fad6c3cd26739a393632e419edb51a5a

SHA512
5eae5d8bd769f5c8208b91f7d322dd52de4a34d7c848fed798b61c2e1330665c7d8ac4fd1b262e0f05439456b1c32d7936b32f3e9d478b62d95d932e8316ba70

Download Submit
/data/data/com.iyuba.wa/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.iyuba.wa/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.iyuba.wa/databases/UmengLocalNotificationStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.iyuba.wa/databases/UmengLocalNotificationStore.db-journal

Filesize
512B

MD5
5791fb71efea5174bfe3129cc0e3e5e8

SHA1
d1c93d1d1775ecadbbff9b47e6edd54059e559d9

SHA256
1dd7671646c847fce87349e908e19ad00dd51dcdb381c71eef72f4c448a963e0

SHA512
3b7d48993034e3d5cd063489d5be90e7a34544270951e932c763974322e2271ed87981bed986de8a91662235ed9ef540966d64caa81994e0e4ba820ebbc9f2f4

Download Submit
/data/data/com.iyuba.wa/databases/UmengLocalNotificationStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.iyuba.wa/databases/UmengLocalNotificationStore.db-wal

Filesize
40KB

MD5
12fae211a15b9b17490600af906d0148

SHA1
a2358541be46d25182c8f832709562e2a5a2fe9d

SHA256
6f2d7fdbaa1151d6a10467eee5efef8b585bf13d35b55a83028692abbde1b7a6

SHA512
d4b9f729646e84a18983d50bf8f11d45990039edc19ef3fb6ae69a42e0a367f8e992c108e28a05411bc6b90906d4624814d3261e4fc0922c40d485371ec21f34

Download Submit
/data/data/com.iyuba.wa/databases/cc/cc.db

Filesize
36KB

MD5
985cd72dcd0123e16de3591ed5b86b35

SHA1
815d6f3e9e5b58922eb57578a29cce4a471e2c93

SHA256
029fbe6ccea0e6d7676f5cc9c5ce7e1be127884a4cc705a2cd4d6a59b3092821

SHA512
d9fb29aee81f7bde7084ea27b3c0a5f767a3e219dc3b25136e7ab27534c86049ab6fa561ff82a1c7887ec58cb7e6232fdcee444a706b6949d1e9a383a29c9457

Download Submit
/data/data/com.iyuba.wa/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.iyuba.wa/databases/cc/cc.db-journal

Filesize
512B

MD5
9804dcdb21bb6e33e63615ff49cb3c75

SHA1
12d341672cf01426224f3edec8c4e6e46aa66f03

SHA256
8322a045b7be02d52ec0a0030b4221005960685b0be562a8a83070a1689dfe7f

SHA512
357368bb24c85db2b2bf19f001d9c7287001a5897001abd2c8656759e4b427bcb2780da73b87bdb554cfa65787ed14ad908e76650bfb1ac015d876055823a201

Download Submit
/data/data/com.iyuba.wa/databases/cc/cc.db-wal

Filesize
48KB

MD5
8148df61af17e41ee1e09a65a136df10

SHA1
87bb1e4fe342f2c23766ea5f7e4648c4693f65f1

SHA256
8a4f9161fb9560157ba442c8b4e4ebd9257f1fbbdd0fb595cbec21e59b501431

SHA512
26de873d94cd75d9b543c1b1fddae2edd0ebdbdee49bc5ae49085215e0418204255a7c117618a8435e3eaf985cb786578c1141088f2edc869a08dce5bfd7c30c

Download Submit
/data/data/com.iyuba.wa/databases/cc/cc.db-wal

Filesize
16KB

MD5
0b39cfdc79d8762b0c08fadc8379a146

SHA1
32151e9c4a643d185cefc0c5d5fe1e463a973996

SHA256
86aae10c5607fcf635ce2bd6c9564e5a2a2ad099a9b5d9256d115276703971d6

SHA512
6dda3671aa4d1bcf585f81a9495ae774a401fd59c53b6ef7ffeb6edc542ce9c045f8d6ac92e4c055e3e5d86c5aad6290f9e883e498193bd7708f50b1546a091e

Download Submit
/data/data/com.iyuba.wa/databases/music.sqlite

Filesize
6.9MB

MD5
4bde9fef07c193b26c44ee9209e319bc

SHA1
727fe269fc8a69763f4b565feb8634698f7d86d6

SHA256
478151dbbdc2d47c4c6d561db679133a7fdb8841de842a4725a899d8703dd185

SHA512
88f4918e9f12cedb29f3ad62a143e4c25af94a702780e0f48a13ee9bfb3ce116b75927fba8a4391420818f00b117fc1eba7de6553e96ae63f7e9c996be0ecce4

Download Submit
/data/data/com.iyuba.wa/databases/music.sqlite-journal

Filesize
1KB

MD5
a2c87bfe729d1ff002a865ff307cce16

SHA1
8951b68aaee6afc9535682878a2b5ea7d4faf760

SHA256
09ea18d8cfc7ea00ec2f90d5ae03a7748d50bccd5c83ecde85fea1508b6ccffd

SHA512
01754f2d5d1a2a2de9911389de9a1dfc6ee979df09e71a8d25c3a04bd55681bc10d5d573ee0e1afc36e8c348d0fbd8d951c991207b59feb8b3402bc24a6129c0

Download Submit
/data/data/com.iyuba.wa/databases/music.sqlite-wal

Filesize
5KB

MD5
7031cebbd80ef65e4d5fdab5509d2ac9

SHA1
00e7eb04125f4ad9dd0dedcb137b1625b1adde11

SHA256
e2c7e1ee91a0b68e28ff26e58dcb49188a540efa5afd2b69915fd34eae3abeec

SHA512
9d2cc05b98b87eede9f112bc66cb2b60e5e76b6f509fcc9ae2ba34a645c18e921072b786b3c349720ccc0a9b1d1f531840c7c6fffb659231a29302bb42b36d51

Download Submit
/data/data/com.iyuba.wa/files/.jglogs/.jg.di

Filesize
340B

MD5
4e4f8a72ebd1b43feef62d70033e31b4

SHA1
c69b1ecd4f4401c98f37bff6f664f4f2232fab46

SHA256
c90413bac854a9e6f40c24ac17a0d488d5379f4f0f61e11bade914c1a57dfeb2

SHA512
5b1aba5066ae6b54b6e088d77ef78fbba272313f591650eda20c406551e030af5a47d36141564602210069187d2f55ac1e9d89b6f4fd9e5ffc8bc24f56d42787

Download Submit
/data/data/com.iyuba.wa/files/.jglogs/.jg.ri

Filesize
314B

MD5
affdcaab8d12f283702345d821d344e7

SHA1
8fffd0a752438d587c86ebe1a579c99e46263b7d

SHA256
95988d0bee93e11a05849981fcac21d3917eb2a28994ab73b424a5fe76914977

SHA512
3d53895b7b25cf26805ce898d249101a71201304adbbe38e15bf71219743b3664f15708c20c00f442d70dbb1937e5adf7ba4c7fc0c5583114a9b30aaeb5e78ea

Download Submit
/data/data/com.iyuba.wa/files/.jiagu.lock

Filesize
27B

MD5
15b4be2ec02441387ec69f01813cf7d8

SHA1
b04cf56f34833ba75f731e9f59c84ada96e0fcbb

SHA256
0373870ca456fac5a24351d4a555804d56c011b1b804649476d83e9772331692

SHA512
0654c82d8bae29373407b4888b3f405f2b7ea4b0e45412501297bfe3bc16a58ca73ddb956fc4836ecce5ca9ae7ed6ed26ecee392a0a1cf7fd9483017e2ca4313

Download Submit
/data/data/com.iyuba.wa/files/.um/um_cache_1703798590194.env

Filesize
1KB

MD5
29860a350614060db55a9fd1fd6701e2

SHA1
1dd6bb78ff97cc1e2c990fb83f6eff4ac06b4461

SHA256
0bd35b31404a65090f2cbbb3841c4165864e7dc5d960d2441e98213e934d2d3f

SHA512
3b31ca7c80299ee12e8901dc12665a72afa39816f00e6ae88e1d547991a0b0a9a6b1ed378045da9b92ae07e8073965302fdff213dd8fc62566925c86a5bee4b9

Download Submit
/data/data/com.iyuba.wa/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
fe6ba024284f276ddb74b24cd86519fa

SHA1
ef28bfa3293b8ebe74c8a8e03b9fa7b1d6776510

SHA256
68e0afbb35bc09eb6200644d7f7f87882267ecd732348586ceebc5b73287fcd7

SHA512
88d56abac435025c820f050838afaf7ed7907a5e0ce01e9e6f8036266b621ac6cef72143ca9866f87949da5b88df18cab3f6a677807f826c8584c8082f9ed96e

Download Submit
/data/data/com.iyuba.wa/files/umeng_it.cache

Filesize
498B

MD5
e6e6dea7eae33d44bd27e085329d5a31

SHA1
77fe441dd7eb5994d2a7aec425b56e38c1a381d6

SHA256
0d8e6cca63926d0d54d63a508f6f35526e057912801054f6530f2e767a50912c

SHA512
07fc43282a2fff7358532713c4ed79b24701c8c91c62ad985365215a08faa2bd15c3c6b26f0a5deffd9233a03294bf16a5565fad3e3b6cb5bda2e1a2dc6c8a19

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
4d3270bea6b6f006688e8c47aeae6219

SHA1
f4cab8df0fbb5e13bbf43756257fc1edffafd99d

SHA256
e646a6e662f676ba09db06f3d3012908f0d70a6474c111133e595ccebee912f9

SHA512
2ea30504e47588fd32c084011b2bf1abf142ae826176640e80e5b31c40ad9452ebc785e281df461d86906c039c53d3c47bf7bc303ddb07a279a33667647cb2f8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
a786f56c1fce24ba08176c6267bb1e00

SHA1
31eda4b4af1387109a79cb7b1320e84c95e749a5

SHA256
bc9e324d6b68a3a2a38e43657883a07a4fef1190249d555d54796bab74fbf18b

SHA512
fa605f4d64c69ec93eab903f9fa80414de941e2a45d11339df833a92d9643f5a012a0fde97b7eef2330654da40561441b90edd8ca772ddf6d35153b7a6e115ad

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
20bee6efac722cc13831e65e6c65b994

SHA1
3f63b34ad7a722754e366745a9983d8a06820a98

SHA256
dc6bbb00098897ef85265bbb58a25ea5244942071aa060f7f92f40beee0da4f6

SHA512
06be998dac237e8054b8d71b03d6229cf82674683cd34e9a5c2445c52371997f1f3381a1291de16568f9799c42b22441033fbf2e2dadc8373371b84c4a7a404e

Download Submit