e43d1e07ca2202f3d7969f9d9ccf3af7e1531b770143260c79361d4780a9ae3a

Analysis

max time kernel
2786875s
max time network
156s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
24-12-2023 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e43d1e07ca2202f3d7969f9d9ccf3af7e1531b770143260c79361d4780a9ae3a.apk
Size

12.5MB
MD5

8a78c2e9c9675a107c79a1f3c4ce1f01
SHA1

7122475541fc929bd4ea1fc65bfe4d2c8d63cc63
SHA256

e43d1e07ca2202f3d7969f9d9ccf3af7e1531b770143260c79361d4780a9ae3a
SHA512

8ac9e3288c2b664e9811cd4b164e3ac7fe03ba7e3ea84569d5f23e15b21f79bd40aebfa8a2ac65b12ab15ed535325784db1f78e48b22f86397a5d8a2d5b05211
SSDEEP

393216:PMcvpuZSsmiyMWO9IyCZUKtOYvMa3MQ/VxpQiHI6gb:EvSsDwO9IfDZvcQ/lHItb

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yuehuan.yhreader

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.yuehuan.yhreader/.jiagu/classes.dex	4995	com.yuehuan.yhreader
/data/data/com.yuehuan.yhreader/.jiagu/classes.dex!classes2.dex	4995	com.yuehuan.yhreader

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yuehuan.yhreader

com.yuehuan.yhreader
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4995

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yuehuan.yhreader/.jiagu/classes.dex

Filesize
5.6MB

MD5
5b59d3cce693c050e51604d8ff803c20

SHA1
83f6e53853eb55c1ebe7d0f82c2218964e7c0570

SHA256
0756134df5cb9402fead11c7fe13d5162395ce4021e86f84b35de0ac87a5cd2e

SHA512
9f573ca1d141945912a4c6a3d3f08d2a88b9182d83ca5c4f25f7b0c836c0e7f8771fd4a9d26f4c4ca60f09354723a438c3f357f77edd1bbbd7a42fefffe14ac1

Download Submit
/data/data/com.yuehuan.yhreader/.jiagu/classes.dex!classes2.dex

Filesize
4.5MB

MD5
4d27ae4df079131e531ca5060688214a

SHA1
71efb1bab5091ef4fb27173d7c3add1cc33b0ef6

SHA256
858dde99aea27f45dbd312d590c64747c5ddfd5096a18241e4792b6d869ac226

SHA512
08f74de16c641fadce4d520519799312a5ee8d5c76fc5eeb9a9898473bd335619b82820d89b8f753303cead633c0c55e1ca2837e8d043019a8e4bba3aa9823c7

Download Submit
/data/data/com.yuehuan.yhreader/.jiagu/libjiagu.so

Filesize
475KB

MD5
f0f9ef36b67807a253b5932f865eae7b

SHA1
6a8d66c6efa2750b54cb763f4ad044bba4154e0d

SHA256
646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75

SHA512
e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

Download Submit
/data/data/com.yuehuan.yhreader/.jiagu/libjiagu_64.so

Filesize
510KB

MD5
c26350f8b4709f13c7adeac3c1ec791b

SHA1
0d773039deffff4f2bcab5cbc2ac04c4a2e7de9f

SHA256
947093725142dabf77b01a8c9020312dc4544403c0a86e8a55d0174e6808e87f

SHA512
56a1d1b7255a311317757850bfc7f5b4e59333c386f1b17555a2f03090a5bd5db66b6da2c59e90ed674f9bba1c991956877b95da8d2a75fcc1b8f3f6b9a979be

Download Submit
/data/data/com.yuehuan.yhreader/app_crashrecord/1004

Filesize
227B

MD5
ca9793ae123c1e79f9655b1433492345

SHA1
fb54f764e7c3ea3a81f21cb5f2a277c78af0110e

SHA256
26f1c13f8d32437d1f7a6644dc332ddff36892c4af7f3e49a95a1be8d6eae664

SHA512
6bcc1b262c52c10c048766171bd178d8915bd9f64ba65c22a1b222482db6ecdec6e4ffdca05523b36e2668f50b0d3250c702c75259fb535564d7c0db103160f2

Download Submit
/data/data/com.yuehuan.yhreader/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yuehuan.yhreader/databases/bugly_db_

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.yuehuan.yhreader/databases/bugly_db_-journal

Filesize
512B

MD5
413a9f58f64d3710cce63ef1c7380370

SHA1
f4db5f6e290b5e89656f1181ffa74d5d25f2de3c

SHA256
6aeeb7f2889864bf9c8bce40bc184ce4e5b173efdcd7bab7df12db90d66fb690

SHA512
4e164920872f598931f9e3d18b6185e6c867239dd7b96f775d9b8d04c5b3899d6bd821465042f6d5cd422018ca95ec36e28f06d9d3281c3d8dbb8545a087bcb6

Download Submit
/data/data/com.yuehuan.yhreader/databases/bugly_db_-journal

Filesize
8KB

MD5
708cb9fca4aebfaeeda57d605874434d

SHA1
6d7586bd0a09aef37fcf2a8343280f5f68c63480

SHA256
61185da62913adf177e3409d4c64e491fbef21ad871c14897308af7094901377

SHA512
8698f2a6730b597d29bdf7391b836f8a9e67630835f7ff348faf012b9ba21e34fd769c43b788bd58f4ae9414a1b550b4c4d0d1b728d7efc74dc47113132e9a2d

Download Submit
/data/data/com.yuehuan.yhreader/databases/bugly_db_-journal

Filesize
8KB

MD5
b1775986fbaaca4803f50f8026f519f4

SHA1
f2b1361f5fe745b4e718a343a7e88de6bf41ce6d

SHA256
b30fece3b8051214abff40289d330ef23c6b84fb25f6dab33063e4c3a0ea3da9

SHA512
fb36fb4b950eafcb8597eae441fd77a38bef43e0b85c96e08de31512a1d135760a0472b3a18d553ae349853352fdfb11ec29cca92ddebe4a167ab08b34c0d9d9

Download Submit
/data/data/com.yuehuan.yhreader/databases/bugly_db_-journal

Filesize
8KB

MD5
ba5eb56cd560872fbd8c714388a1fcc2

SHA1
6906d5610d8879555e74a889f5077f453136451d

SHA256
ff4fa5ff1bd52d066eb4be8310f1e0ebfe941da758af5eae3c520bb428dba95c

SHA512
a08b28ab67e128a8ec91241dafef22cb6fa48ccf10b4f41af2cd2d28f58bbb02b2bba7fc80ebbf258a0ca18dee701f7064ac9a86bcc6ff9d7b1b44fd4d03382d

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.ac

Filesize
32B

MD5
09e7374684d4a8bab1d4a4bafb1e5e38

SHA1
38098ea6edbc5b5d7ad97a5f22001aecd99c3f8a

SHA256
abd176ed4b07a2d5d0b131bc95adeecbb96c85e324ddb91779f55d7354fa5b8d

SHA512
d497f57162df8316b60d3c99ad27efe8b9f1278708cce887fbca444c49cf24913e6637283c924b1a2bd38b0389a706b65458d8601d1780be9594770c068252a5

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.ic

Filesize
32B

MD5
f52baf5602f97e7bb099d19606d87e66

SHA1
19dd7f1531f4cdfa22d7e9ca597ee711f1851591

SHA256
f7339714c445d2f6fff4d07b9d94e1dba653ffe797076c2b0ec6e3f3ebca88d7

SHA512
7420d8e038f8e0122b5cc899e4372372f521d2c63074dbf9253f72f63ba9b2c460b1bfb7f58d25b066ba094ec3a8912dbcb437043bab6bb2e750358db2b5e5a6

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.rd

Filesize
32B

MD5
6b42aadf4a68b56bdbe1c38c7aff8ef0

SHA1
cfb7bfe83e862141b24c76008c34860f5c1ff1bf

SHA256
7f0ad224c0b0f2b324f0ffa2a1bfe18430daed3cd7b9d5f809ae59d78a114a4b

SHA512
d7c5bcf30ff2eb38299c9de44f5016ad8c9aca6dc5ee335d3a6653bc613a580237aed2bb8524bdc641b2fb3b2df0ac95e3aaf5c6c587f451579961489c203f3d

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.ri

Filesize
307B

MD5
77c1868ebbbd873f7a372e22669442a6

SHA1
42b7457a311635da588db77461c9326ad5346b59

SHA256
6a9c8525daa3398051ec64d7b6a7efae511352b96956b2ec3a2df9a18194ca9a

SHA512
f6d598befc0b714477e0c104849e69ffb0cd13be69c0c31ac432af967f8d8f3fbab2dfdf88b9f7cc19bf44ad2af92d33950f9a5e1ca84718a5abcb0edc0c4789

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.ri

Filesize
314B

MD5
d102f999af571aeeda7e6c4e3aaf7d32

SHA1
e319d56ee13b641dabe5d8e1f05aa1ec186118eb

SHA256
999f60fa929b59877b459b07315b533058f1ef167f04be71cf0db02a54689931

SHA512
5a5c429331c12190bc4bdcf35c4c3e56d4d4e220fb951a72e4ef1734c69c4e1358c11ef6c4ef6d197990eba8417385a35fd7dfecd24875971e94a40a788c9d36

Download Submit
/data/data/com.yuehuan.yhreader/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
674d0eaf7741cb0e92421ed6f335cacc

SHA1
bdd98ba35a88e97b23856cb130a1a214fa5e41c6

SHA256
c23bce0c2ef0245d5c29ea76ec58a125aeca045426e8e5023f9653ac7fc1ed5d

SHA512
bbdeb95d5613b163a80881e9ae92a72c5b49a8cc26596999f0d85afa6e73aabc4d09d683cf789957f7b6f21a0419c048da7c8105c52c40fcd1751f481d50284d

Download Submit
/data/data/com.yuehuan.yhreader/files/.jiagu.lock

Filesize
27B

MD5
abcc104160e580746142b6cac2e776da

SHA1
a2ac9dfd495e7e2bd28ab0afa25181a62cafbd51

SHA256
2c9853c878ae79a039e411a59ca48234afb8792e2833a74003b00ceaa0137036

SHA512
34903ec7adfc9e81c6665b9eb82093a0c36be151e4dae0c86f5d100175b6a7362d8f8309b25380e672a4ddfa76dc5d420e978a565aff63061763508154c06860

Download Submit
/data/data/com.yuehuan.yhreader/files/com_alibaba_aliyun_crash_defend_sdk_info

Filesize
222B

MD5
89f8026df0cc2879b62141ee83b45c20

SHA1
51863e2845d7fe465893aedba6a003e194bd0a35

SHA256
c138015ca8765d260512bc4fd03f1c7c114ae183fe73a706dd215c542b6bc1d7

SHA512
09a53fb5d5509a3a67380977abc6e20a0970a0dc387f6ecf4646e9df837124838dd552a54cef2e016fc05ebb1e3510d229038b17f5b48a632356e2b12d538e36

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit