e1993b49f09b43e92293b5129a0fbf035c3c84865079de6e0bd0ca56159ecffd

Analysis

max time kernel
3022419s
max time network
39s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24/12/2023, 05:54

Sharing

Reason

exit status 1: "{\"level\":\"fatal\",\"error\":\"emulator exited with error: signal: segmentation fault\\nWARNING | userdata partition is resized from 6 M to 16384 M\\nERROR | resizing partition e2fsck failed with exit code 8\\nWARNING | cannot add library /opt/android-sdk-linux/emulator/qemu/linux-x86_64/lib64/vulkan/libvulkan.so: failed\\nWARNING | Requested adb port (28043) is outside the recommended range [5555,5586]. ADB may not function properly for the emulator. See -help-port for details.\",\"time\":\"2023-12-29T05:57:51Z\",\"message\":\"Execution error\"}"

Report Analysis Logs

General

Target

e1993b49f09b43e92293b5129a0fbf035c3c84865079de6e0bd0ca56159ecffd.apk
Size

29.1MB
MD5

639bbb3c90354c2094065e1e84863455
SHA1

38f750d5fb04e9f8b0f8c76a3462cd88df9781d0
SHA256

e1993b49f09b43e92293b5129a0fbf035c3c84865079de6e0bd0ca56159ecffd
SHA512

e470aac35cadb568e91e4b363f6723b7a750a7875b7353399649e7f3f80dd8e7f8c13e076df9e6177f292b2e3dbc8965f704e886fdbe57c86784c2f9e709c746
SSDEEP

786432:94RW04m2+UeG/0f7unHag9gT3HM0nwtxY:2RW04m2+UeGqPTLw0

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/classes.dex	4219	com.hlys.qsjjssy.qihoo
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/classes.dex!classes2.dex	4219	com.hlys.qsjjssy.qihoo
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex	4219	com.hlys.qsjjssy.qihoo
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex	4219	com.hlys.qsjjssy.qihoo
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex	4251	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hlys.qsjjssy.qihoo/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

com.hlys.qsjjssy.qihoo
1⤵
- Loads dropped Dex/Jar
PID:4219
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hlys.qsjjssy.qihoo/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4251
- sh -c ps -ef
  2⤵
  PID:4396
- ps -ef
  2⤵
  PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hlys.qsjjssy.qihoo/.jiagu/classes.dex

Filesize
5.9MB

MD5
50f3e2a7fe4be74b2b57f829254c2ccb

SHA1
3d50f47e4a7cdc12fafbded9aea238d11ec1cbc3

SHA256
b6ec72777cbea5403f208843905b1dce940495b464c301e2b163442a254d2387

SHA512
6a4b927d1a077b155c23651148009b3802839b5013726bd8d7c77bcf37db87e30a480eef1db982b003e98b5bac748013b0f4d890b3e6909053911e81b21708dd

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/classes.dex!classes2.dex

Filesize
63KB

MD5
4889e8753df569b37bca8116efc02f6a

SHA1
d3b9e93aa14d4a7ab07aaa237aba8d052df2467e

SHA256
ee42729f7c1d5c51a067af34d028e535f11c5cc2c72dc1356b8c9b1eb34934b8

SHA512
e1d366dca503264ec1658a090cadb201bae9221cb5def83abd28f39e0d259b0c26c1745ed5e91d7da4a9778852acd8a3d58a126505b56614f63db9f08435ef07

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.ac

Filesize
32B

MD5
5157f4fcb80a8ef5140b0405af896e6c

SHA1
b64c6e224095d650338f9aceaf28d0ab79e8fab6

SHA256
0defd26f43fbd3d324830435c1fb34a35117c9b3f1906f3a13932af53c047c08

SHA512
a2c456506972ae02018e37617423b28a59fad61710b2ce88abdf4148016a752b3d36bbff97d52e4a371d20c7c07560d66b261b0483329d380c41e56848fa6006

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.ic

Filesize
32B

MD5
110b74284ba8224e3d3fb69903e034ea

SHA1
9eba06d7f66cd0148fd20cf327fcbf55c5ed0760

SHA256
a857da6a1d10f4863db5a8b7aba6ee8104a7853e089a828be958be3061e59cf6

SHA512
171e2b46544b470568ce92d77b2d059dd28f56136badc49b82b5dfcc0a3ee1f83bf03120d9a88ee072c47282e8b758a16d0d7c1f251d84a65167e040834569a7

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.pk

Filesize
32B

MD5
fbc576e5b2dee0a60265a2f5aeea1b7f

SHA1
ad121f70f54a9fea963a816f22f8252ab6219469

SHA256
d48561759e17515052fe9c82e7e9eced1b9fa2227482765b312fbfa279a2cbba

SHA512
10e840ae3ee0760b114cc7fad2d0a10646a18506177943dccee130915119a6d854a84ace387f99f39541b64321537e94e5722c8f3eff84841821d067c17a5d3c

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
6366cad580b2c505be35730fce30f8c3

SHA1
7e0c868eabae6ce917d36ef51cef9dc2ab726f1f

SHA256
d8256f60101a09302f9f44781a7ebeaff6b1de9847c66bccad6a552bf55ec051

SHA512
bb130a0e4226e8decb484b07d58f0e0fcff12d8ee264b05bfc9d4e0c5cea59f8a7b01d9af59239d96418e142b76ce6530ede508226737f7b8a3242ae1c6be84e

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.rd

Filesize
32B

MD5
9cea487a8f95f305d1875183e029ff38

SHA1
b6951f8b5433f11c613f16b81867343d92301720

SHA256
dacf9ba51aa3889731e375d5a8f814ff53fb66ffa86cf320c799b3b05b2be236

SHA512
a325799811cae0940a2ad4a1a95bfb1f28e21b5e3ecab3cb0c8c346ce4e1a6a3dae988d717c6338ad338711d2e75fffd21d77a699291569a24f9ff5828b14029

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.ri

Filesize
314B

MD5
6bf627f1ca22b354a0ee7cb591e2a017

SHA1
ef7fe96a34651a04d1176e82fc97b2ae7f85ae02

SHA256
178ef86eb62e1ebd34a19cf8ee7c572c91836500d52ee1cf410de0699bbcb975

SHA512
978a68d2e24c262d6596d3e4c20139886a9289a8caebed6361fd2c866cab98629c85693b4c72c614759e6fdbf4eaaed0e86f7b60d84fc5b9c04d7dc2beb8394e

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.ri

Filesize
307B

MD5
641e2f781b9530eef3736d80b66bd261

SHA1
ab7d74da337ca2c3601f9ef2e233b504356ac880

SHA256
1c97d3d42f9e9a9a0df4bddf1434809fcced20e12de115987fa45f7e6d781984

SHA512
9b115068e9baecc688413019b2c000f06819e7316d8dc0a36e2765525e18946bda2f4d6b97f1d1f578016233a9f6656b8718193ab14b7445df883de46bdf5c98

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.ri

Filesize
307B

MD5
f0db364c70a05492a3b8067946fd315f

SHA1
f3e4efce603ff0acb33863667688af60881930c0

SHA256
d58e1d348baa218b9aab7be1638054edb2a281a114eb8732e5d0233154308d26

SHA512
db7d0797735001cc847e85b2f53871290b2c95d6b9dbfdd7cbb02435c8ecd69d97c01d18025d51bf67b53a00149d1dd2f941a794319b1eb5d80a48c7605b835d

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
75c75d9fda67cb8a0ae563b250d149da

SHA1
b3a63611108859fc17cdfe9230d605a5a921c397

SHA256
eef2c13bdf849186067497a3758d480f58e4d230c8013a03399d6847edc77023

SHA512
b7b8412dc4e73a3d49c00cfd809ca655635968e62b8c0470e15fbaab92ec655baeda14d63972f6b65aafa2ddc3114a9a74a41451fe97e1f20059d28d69ea17fb

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
01a8495d19bc3dbac22279a697792c19

SHA1
b8a9fb60be28b4367bfe5a9e7f1a928b699a297e

SHA256
e5b2780332f4fb2959fb2f607a69dbcfe769bbecd9ad412360ab71af2d01bde2

SHA512
7f9680b59647566f0a421cfc0749d4bd135fccce86ec0279211a02fecfc6a60bcff802fc6425a107b29edfd145b08eda629b0ca5fb11ee4a4f51bd09410098c7

Download Submit
/data/data/com.hlys.qsjjssy.qihoo/files/.jiagu.lock

Filesize
27B

MD5
1a32598f788adb8aa2064fab9b68cc74

SHA1
ece06ccf1bd9980960a7484470f621b193dc4e16

SHA256
d4baf9cbdcee9d555308080e9eb4b2666d7aa5debef5d2c958fb682c5845f879

SHA512
fea0a7bf4b26593674312c7cc97cbd340a47d2ad211c5249c2e45127927b54e0a308990a186c6f8b57ed26fbec855e2248161ad2376cf53f816f8c0e5b0989c5

Download Submit