c64f0d2eb390b5664ae38d61350e3c5d7e8fac245f0ad5923ffd0d3273bf7554

Analysis

max time kernel
2972620s
max time network
144s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 03:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c64f0d2eb390b5664ae38d61350e3c5d7e8fac245f0ad5923ffd0d3273bf7554.apk
Size

12.8MB
MD5

77a0b7a7a87e76e02e7e4311d03d87bf
SHA1

7116495f50a5ca1424deb50ab6d05f881e86f591
SHA256

c64f0d2eb390b5664ae38d61350e3c5d7e8fac245f0ad5923ffd0d3273bf7554
SHA512

f517225e18ea376022d445709c78f88cf41384f9acb9f70676ba1c0e41daa46e19a410234ce6a3489f453c35e7aa33a91949479d9d6930d51caa0ecfd7a74d22
SSDEEP

393216:Wj2kcusadqiUQ4y1ZuGyYQrXuj5gmV9sl5kr++:Wj2kvLqJybKra5gmV9JL

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 7 IoCs

description	ioc	Process
Accessed system property	key: ro.bootmode	com.app.yz.zwfsproject
Accessed system property	key: ro.hardware	com.app.yz.zwfsproject
Accessed system property	key: ro.product.device	com.app.yz.zwfsproject
Accessed system property	key: ro.product.model	com.app.yz.zwfsproject
Accessed system property	key: ro.product.name	com.app.yz.zwfsproject
Accessed system property	key: ro.serialno	com.app.yz.zwfsproject
Accessed system property	key: ro.bootloader	com.app.yz.zwfsproject

Checks Qemu related system properties. 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

description	ioc	Process
Accessed system property	key: qemu.sf.fake_camera	com.app.yz.zwfsproject
Accessed system property	key: ro.kernel.android.qemud	com.app.yz.zwfsproject
Accessed system property	key: ro.kernel.qemu.gles	com.app.yz.zwfsproject
Accessed system property	key: ro.kernel.qemu	com.app.yz.zwfsproject
Accessed system property	key: init.svc.qemud	com.app.yz.zwfsproject
Accessed system property	key: init.svc.qemu-props	com.app.yz.zwfsproject
Accessed system property	key: qemu.hw.mainkeys	com.app.yz.zwfsproject

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex	4201	com.app.yz.zwfsproject
/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex!classes2.dex	4201	com.app.yz.zwfsproject
/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex	4201	com.app.yz.zwfsproject
/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex	4285	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.app.yz.zwfsproject/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex	4201	com.app.yz.zwfsproject

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.app.yz.zwfsproject

com.app.yz.zwfsproject
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4201
- chmod 755 /data/data/com.app.yz.zwfsproject/.jiagu/libjiagu.so
  2⤵
  PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.app.yz.zwfsproject/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4285
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex --dex-file=/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.app.yz.zwfsproject/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4347
- sh -c ps
  2⤵
  PID:4372
- ps
  2⤵
  PID:4372
- ps daemonsu
  2⤵
  PID:4398
- ps | grep su
  2⤵
  PID:4417

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex

Filesize
3.5MB

MD5
b8a5dd44ba806b993a3036f3efe2330d

SHA1
9b098592a1b9c0ca7e439d131311ab74a4d54fcf

SHA256
0c9ae89a34d627caa8574db17d1862fd416cdd0b1176df15f13c6a7f4981ae69

SHA512
8da8dea78a998692a4ab86f8780b07fb913c286692dae76200d3c472e3cbb1879c73b6f2ec608e8974cc5d7141e0655df2c516550958fee6994ee28dc22b9e85

Download Submit
/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex

Filesize
5.5MB

MD5
13d72a7cd37950e14f52f6470ebf3c9c

SHA1
ee4d7350fe1b5078f6208548188463f6c0f547c1

SHA256
313e875311c6bf9f45be6027ede053ea8e26334ada3623ff33667d54bae9cace

SHA512
ce31d98fb59bede4a5392246573b12e06ef797a1d11268240805de60361f9ad88d73185ffe2fead9d492e2d684202ac082c2663502b138ce99bdced93736ca4e

Download Submit
/data/data/com.app.yz.zwfsproject/.jiagu/classes.dex!classes2.dex

Filesize
2.5MB

MD5
260789bf8a0ed7272f4874ba2e3bc1bd

SHA1
e310e0132ff6d7eba320835959cbce8f290bc39e

SHA256
ecc289139eb0bbee0fe4a00c2ad623840e2b0a539237cd4d414e423c16f825a3

SHA512
88f5763a7f4e5b1fb0d1ea409d6cfa872beff05551762e2566971b69d86a887275e9d84c1438c67a6e778c0d8d5ad868bbea32a564f5034fe5cc3056c4ce65a7

Download Submit
/data/data/com.app.yz.zwfsproject/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.app.yz.zwfsproject/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.app.yz.zwfsproject/databases/cc/cc.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.app.yz.zwfsproject/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.app.yz.zwfsproject/databases/cc/cc.db-journal

Filesize
512B

MD5
9528fbcaea17b188dd02e580b765229f

SHA1
3aec64a2030ee9eb28e215bd47f43124f5e63955

SHA256
c5f51212e0ecfa66490f343d381634c4bf46c98f1b438dd80ee235992ca6bf32

SHA512
ac9599def9f60c0ac821fe1283f7891922ab09b055e2b6e6729121c517fb13873052f182a21225e0ce5631171a1377b643c18748eb8d4f34b640c540bccca684

Download Submit
/data/data/com.app.yz.zwfsproject/databases/cc/cc.db-wal

Filesize
48KB

MD5
337d77d049b79d2e8953a5c5d8d33e00

SHA1
a4a5bffec3138e8c1dfe48627e477b08752897b9

SHA256
5d21b262d17aae4534c0bdfecdb32e995f44b9583d129c8bdb9dd086e19f144e

SHA512
de2faa10569e643b200df623981160d046719f8a916bb4b68f314f8c606f179c97152c04446053f7617015dec04a26958fbf73072a158b0d8372f355d9d327c8

Download Submit
/data/data/com.app.yz.zwfsproject/databases/cc/cc.db-wal

Filesize
16KB

MD5
e3c2c859387d433e7f35bb29a4b0b90e

SHA1
72a16c6b4e04989cb23051cdfe1cc4a838d460d8

SHA256
b308c86d3426a64152c4277d5b494c2a7a96d4701f5556094eaa1abc4e2d5a56

SHA512
ce9a1ae9234937a334596d6a49d99106c77725757229fb44867ad5924df29b50de5dfff9a74bcdc856ed7af8447acf343150d2dcee5db438b4e3bfb67156403e

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db

Filesize
32KB

MD5
1d6e309a731eda5d2b0a76b01e2679ae

SHA1
90750d673fc88b5e72a3af0d826becea8cd0c759

SHA256
56d816209cfee4f22b7c99f834cbd518cd6fc45eed84c410652af670f4d4b52e

SHA512
0cc529944f83dfbbd693461b487603a9f896e86089fa4ce74ddf90c1cdf9ca59cbe21ef255aa184c8a6176bdf78513c741c41d772e3f3161cdefbb42ba193349

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db

Filesize
16KB

MD5
d0285f3197a0aae9c1e0259836b53b3f

SHA1
e932a5e1f088a59c47372a339aa2cb1548955e5d

SHA256
f3539cc7045babfa8fe35cb1b696ca97db49a971c48db7bb035edf5fc2f4516f

SHA512
e7d53d097da442911d598f4d206f03560b7568d6ce8ec0f726cd9cd22e341f5a6ba1e0cb4f98716231fb4320123319312c0222c9d22900621a296e0dfb29150e

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db

Filesize
16KB

MD5
e36455bc053b4b790448203763d5ded3

SHA1
18ab520278bbe11f0fc50f2c52b059d247c7114e

SHA256
386f20e039f7592c8bae76b4cc50ea7ea0bdd260433c8b036a57dafc0c81d2b2

SHA512
b9b820f2bc02f94da602cb8c854f127c1c14fe0124fb2dbdf7e0a52f02785c12cd17fc9ef24404de22e7c68f31320766d0514e52226393187388b92938b08c40

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db-journal

Filesize
512B

MD5
785b7a8a5960ec4be5eacc16fd258a65

SHA1
2eccefc18fd86c109b3873761066b34c0fb7af8a

SHA256
870874660b7f62451ca95c6498df9e98c1fa4c5b29635842642b3e04afb605bc

SHA512
3d7f7bf239d82f1bde7cf653e9e4670c2cc69c2dbc66c002eb6db6250d911ba3739655e833e5ec7502991b5822f863497c8b19b74fb1bb373b8e9129f828b4d6

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db-wal

Filesize
56KB

MD5
6cdd80573e5601fbaed7099e8b30da20

SHA1
09abd2ebbfd3de58fb02304671db147d17799d6e

SHA256
83a46db6b9fa6f9f77da95c608fd5faae5038ac8ec4dbce2795a9fb6ba954815

SHA512
dd0c63b8f209da1a88ffcb1507d12d791553b26f0205119563a13b61ec60f31fa40030f641736995d8b4e857310022396b009814b22d90b6c1cad694c8380e49

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db-wal

Filesize
4KB

MD5
264ef456cdf72028ed35358b4da15c89

SHA1
31589858b6231cdc1d9fe8433d3b4bc26f7ea772

SHA256
44c5f49dce005a4b0be33ee3c4c18a71da659de3b85a5dfe82b2b6c9fe0d9d03

SHA512
a33e27b4c16ee0d239059e983db4370b251fd23cdf053bd9614c5c3fdc0ec6161b7b5403876ab0845e824ea267c97e98e3a508296c399b2a879e82921c0aacad

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db-wal

Filesize
4KB

MD5
1e9307d3550c8c36cc2281b74453e914

SHA1
5594cd7e6953752f0bd3a39483db3a25d65a7035

SHA256
80e2d87b7737bcc624d2705fc20bae03cd80286d315c46f386be49679727a620

SHA512
e6a06d0b5d7cec3839f5d3e7237987cb4d14dbc1064b3d7d98922bd49d4a32eb64135266f2ea549e109788051219eacf5bd6b74768128f7003f0ce55acd26fa3

Download Submit
/data/data/com.app.yz.zwfsproject/databases/ua.db-wal

Filesize
8KB

MD5
b493171d7f9b3d6ffae989fdfdd18cc4

SHA1
3b6507f021522a69a6a1855877d44eb9a09a0b8b

SHA256
13633664c880b7a7de21a6a472a00fafbfdbad9189c917d4d7cd26fb275838f2

SHA512
f5e11308bd99cb22e264031236ab510bfa47013eadc868d10a46a3257753f8dfe62903fe76b6767c3c4e99ea9aef9887e3c56406dc160399a25e8a7538cb22be

Download Submit
/data/data/com.app.yz.zwfsproject/files/.jglogs/.jg.ac

Filesize
40B

MD5
46fa3c999e3764456d210cdbfd0c53bb

SHA1
1aac0a39fcd9d68a14b489c6b4060906c340335e

SHA256
b28650f47d5fd6160b1c36b7ad21e7dbc6032b86f392b19e583357a505b55daa

SHA512
5190cc3006ce59fe3123eb85c91590a6f686b2466fc641993a30d90c42e3f60aa1df0ca2f9a5ad17d5bf34e21d40101f1516d6fe905989ab0dbdc9b47d1c1199

Download Submit
/data/data/com.app.yz.zwfsproject/files/.jglogs/.jg.di

Filesize
340B

MD5
98dc7d706c56d5511894612b8fe3cc5b

SHA1
7a50a1fafec901d97dcef44e07c6fcaf87171d7c

SHA256
6970f1cdd1e792a1aa70e196196eabfffe18208519b7be76bea5ef2df9c70dd3

SHA512
a16ee4ccb128ae87f5d440f1c9e1da69da759280401faca6fcc3dfc12ce4a7bae4134fd2a7aa76e5c204057e1d289b03fe5e36dfea27b04b26e7ed6b6476f710

Download Submit
/data/data/com.app.yz.zwfsproject/files/.jglogs/.jg.ri

Filesize
314B

MD5
ca6f32b7183cfaaa0e9cd9d53278c366

SHA1
43879669321137bf7e5b979369d4ecfdfb4c0e96

SHA256
d43644315d4722185c944b2e5886aec3c1d81e73ef2499e913142612ead7d287

SHA512
5786da09d182c45027007b661ce94231571af7c4de506a3797ea019f98075a47743fcdae2573a92a0ef583464a3f746668bd061b37d03c49d35c6150e337008b

Download Submit
/data/data/com.app.yz.zwfsproject/files/.jiagu.lock

Filesize
27B

MD5
69ae97f0f85d84b0d8c30e85b1708188

SHA1
aacc3bf516e2c1bab3f6a34fe6bf0b5f56b71f73

SHA256
3f680582a4dd43b0f16dc6216e639e7e131dff628d66d434be8516d3b9c5ba35

SHA512
ad19d1396f5143cd64075d70bf5cd526130610ac9444c60f8437ad8bf0358f2ceb912022d17cb2020aeb74b1e3290bf9d3bb39ae2eec36cb4c0ef514ea735f57

Download Submit
/data/data/com.app.yz.zwfsproject/files/.um/um_cache_1703779669831.env

Filesize
1KB

MD5
0f2a4112fa2c0feb9c925b742f1e8891

SHA1
9dc90981577822cb3a0a0edd285b53501b4abe2e

SHA256
20c8acbf4517cc4c8ca6c2c7a0fe31175a2b6a31a6eb3f327df5d70192fb0bd4

SHA512
dc7622496083ba8bd0fd819d344fde452a197e683f22228a6138e08145a01e7614af68285fb243a40ea832743042032c2a5b3b5d8bc9790bcd9fede2723dd657

Download Submit
/data/data/com.app.yz.zwfsproject/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
cde8eace02729470f882c05db977430b

SHA1
c0678d6c34f2680ca2d6c7b06b5ab182cbc8e6dc

SHA256
9edab2778085a452d37380440a679575e16e3f1ad569730fb0f8f162bd5b7000

SHA512
324e2273b23cb1d06ecd5044648503b1c9802cc1f021290d486af1f28fdf30d3ad52a44abb6e4311e078b7408fb8de0ddf9655c267f18049a8ec15aa578221d8

Download Submit
/data/data/com.app.yz.zwfsproject/files/exid.dat

Filesize
54B

MD5
456053b411626181f86edbf72f450659

SHA1
26be13a2653c2add002e209174c5f7ecbba9f859

SHA256
5f573db975545f409685c5816ad03a4e4237e481304621df257428fef3c04f15

SHA512
48c543d026f07758c0a884cd5e67a206a6edb7f6605a63104f395d7fbbef6e9fbf2afd9643728d0b3fa5600bfdab0a952bfc0a6437d854a321c95064edfe5c36

Download Submit
/data/data/com.app.yz.zwfsproject/files/umeng_it.cache

Filesize
413B

MD5
99a9bc03666438f1c0c56db24b7af2e1

SHA1
f0072e7dfefdecf4aef2ab74b953d161bbbca94f

SHA256
fccf6e7a027b045efb84251157391f5c21ffd314c0d3af74617ff22c4571883f

SHA512
c545c0e8f62b106d786c8d7c4c4ba6cfc42c9f7177441726e7c0c26be7252c6163248ad9954b2ef136261e9257afda53a0fe368acce374782b8ea70709b666c9

Download Submit