a20cbbeb133ede53993cec3757826fa642dbb83a5a8cccd19963def38a77fb00

Analysis

max time kernel
3045185s
max time network
150s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
25-12-2023 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

206db7f5b552136d53d6412e6cbc5d39.apk
Size

16.2MB
MD5

206db7f5b552136d53d6412e6cbc5d39
SHA1

b681dcf52a9741856e4a289e6e3731fcdb9f9c30
SHA256

a20cbbeb133ede53993cec3757826fa642dbb83a5a8cccd19963def38a77fb00
SHA512

a54efa8c7474ef6c8b84b0ff770fd5ca3e2161505011b93621a2b46b2fb349a757a64833e820d011f28e735dda388c248ba12daa0c15f6e1f786d94d679fbc4c
SSDEEP

196608:YYD6V+U+BBgnla52FOUZJ3ZNMvre2wlN921xPY+HgRUR2Hci9S1dwVZIJIS0jZWr:Y/+dBwa4FnZGOSmd8QgNkEDMOXz0RsJl

Score

8^/10

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.isenu.liyi

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.isenu.liyi/.jiagu/classes.dex	4487	com.isenu.liyi
/data/user/0/com.isenu.liyi/.jiagu/classes.dex!classes2.dex	4487	com.isenu.liyi
/data/data/com.isenu.liyi/.jiagu/tmp.dex	4487	com.isenu.liyi
/data/data/com.isenu.liyi/.jiagu/tmp.dex	4565	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.isenu.liyi/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.isenu.liyi/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.isenu.liyi/.jiagu/tmp.dex	4487	com.isenu.liyi
/data/user/0/com.isenu.liyi/.jiagu/classes.dex	4597	com.isenu.liyi:pushcore
/data/user/0/com.isenu.liyi/.jiagu/classes.dex!classes2.dex	4597	com.isenu.liyi:pushcore
/data/data/com.isenu.liyi/.jiagu/tmp.dex	4597	com.isenu.liyi:pushcore
/data/data/com.isenu.liyi/.jiagu/tmp.dex	4597	com.isenu.liyi:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.isenu.liyi:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.isenu.liyi

com.isenu.liyi
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4487
- chmod 755 /data/user/0/com.isenu.liyi/.jiagu/libjiagu.so
  2⤵
  PID:4512
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.isenu.liyi/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=44 --oat-location=/data/data/com.isenu.liyi/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4565
- sh -c ps
  2⤵
  PID:4715
- ps
  2⤵
  PID:4715
- ps
  2⤵
  PID:4759

com.isenu.liyi:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4597

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.isenu.liyi/.jiagu/classes.dex

Filesize
4.0MB

MD5
b5865bb1e9377bb45091a855318b57c0

SHA1
f59bd5339369dbf07198cce2bb06b8e1274499d9

SHA256
a8fca268bd1ce5eb2ee1fee5df4792fdcbd669a7a24f60465ea434bea6511cc4

SHA512
db0fc08674f6813586bc0bfac0d5d35cf926648ee1d027ddff5680d6d0d539814ec4c6050c6fde8880b5d003d53c84d2f9c7082bdc5d5b20a5cd4cc26d122680

Download Submit
/data/data/com.isenu.liyi/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.isenu.liyi/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.ac

Filesize
32B

MD5
008dbc571e780c938769984c3b5bf56f

SHA1
008da5654a987a1964a9cd4ee528408329a60b34

SHA256
09bf0136ecbf8dfe3ff73bfb0aa566ec5ce524f7c4ad9ec0bcc9b3da5875978a

SHA512
883ce1d03dff11b8c418662bb3ccb21dcdce8f316f3fe472aa02bb011628aea8eae37165a83a4ac37717e042c1db4d966688207eb1c12e38b41fba3f9cac48e9

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.ac

Filesize
40B

MD5
0b6b8a89f7c5d544cbd47520ca72106a

SHA1
f2e770df2d9d56f48fe024baec66b2b9694fec58

SHA256
2baff64ba348ebe7fc2e48c810e824bfd9244c4822e315047938eb44923d84b5

SHA512
b18e1ae17069a665a416015537462efec06dc3a67a234135f87164670a4f84445daba76084a110a2c57f461c473edb0b7ea9574add190e5ea022cca14ba4d711

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.di

Filesize
340B

MD5
7dda0a14ca9c6cb445c08e456296ff83

SHA1
f52e55d2a8f60091bb7b598628ed6b51226f048b

SHA256
ce55fda6462ca8d3e1b254291802ae00de806373f2f67b15311c3a88ead9493c

SHA512
2273ebc116767e601c2ea352a0bb6227c739e8524ee36d3761b2b3054b9de971c281f226018f3f9c78636e882d02936de8b0b00dc413a8da75d1b79dccc4b3a6

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.di

Filesize
340B

MD5
4d035b3fece7047cd0e0ef7eae908e71

SHA1
d9e826572c9ed17bed3b1c669976cbaab88eeacc

SHA256
c87eda21b4e063b667116c1226f1e390df19795110fd4e4e252982e9c0f0df94

SHA512
e9654635874452da726cba7f6a2afe7bc2ec84138af2a720f5fc9ec1ca042e51834529ea5fbee3788f8d3c611d244058c15cf850992e7314e30cf212cf5b048e

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.ic

Filesize
32B

MD5
9f0424f478153241c690f6af4555873d

SHA1
2eab5039c12b00b22f8148041a561add87144418

SHA256
2803c2700eb29f60e6d83bbc5b1f5eda9e74f2a085836a689d36dc2ef69dc517

SHA512
7ec3c8d6334a630619879464aa0b9fd1902a6f55204674d44daa9f59cf09641fa1924338fad423ef5c099d637dd22ee1705616b4c38d9f1d0bbb89dcd451000b

Download Submit
/data/data/com.isenu.liyi/files/.jglogs/.jg.ri

Filesize
314B

MD5
ff178b88f89b9f900a1c915442b95a5f

SHA1
1ffdd06c85792bd8728e3cacbd9bef6ea09d833a

SHA256
e08cb418ba9e992463103551a4725b8cbb0e0b1ec58a55ed88940a04f9111d0a

SHA512
8952456230cc1c6d4346d90b7a05285fbfc9a1df9e5c372e7d62b25994ba2974b49b9f6a4b4304d3d5fe70fd7496f5cdeff7f8a00481df279067325c24685e4c

Download Submit
/data/data/com.isenu.liyi/files/.jiagu.lock

Filesize
27B

MD5
88b0f96be2ed8b24a902378091faf319

SHA1
35ed32b58011e2c8155ea99448640b52d8278468

SHA256
2b1f3c82c7777e23839a5c4d047232af39bc77b86bfa86004df5bb02f129793c

SHA512
b333ac9d8591f312d0569bacf6c2e8eb025e816c7de79fec0bfa41c8cf5734a0feed1bfccd2e128bdf53b025da3a770de10efa4adf370a1de19af531dd4e5b57

Download Submit
/data/user/0/com.isenu.liyi/.jiagu/classes.dex

Filesize
6.7MB

MD5
ec85fc9e53d37530781e208ae6657e8a

SHA1
647f8fc02e9bc1c8f9d95f59511d47c31d562a61

SHA256
3d8722dc8cbae19d51c9e9fc05a0344f6e912a468ca59719071bfc0ecdb8ae63

SHA512
57a5bdfe4965242ae082f9a28fb5142536eda64ff03f0e87989f09927e435b883ee11bc76b48cc6efbc93ccf1218c7ec8b45dec8cd2d175519ceb9a4abf6fe26

Download Submit
/data/user/0/com.isenu.liyi/.jiagu/classes.dex!classes2.dex

Filesize
342KB

MD5
d666acb5fd61a7a23ee970464cb9f4b3

SHA1
95a631e43fb06cfba6d423d6e0ecb28120b0ac71

SHA256
1e1e2cbdab71971e989a0778c9fb84566bd665183b65dab2bdaaaa5a9cebb5b9

SHA512
3d033c000d56090ebbb964d72c187cbc2ee9b05e18fc32439474707bf29f1ae199fbb30afcafb8214f53c3aeac85505cee69d759aba9bebc6987fb0fca4930ec

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
263558a089a3185b58da5b590a5cd692

SHA1
3286d4e42342f7c0dec67792b4061d1f74a5185f

SHA256
53947f41bac4a7a695a2ed6ce317997bd8b59a48e001e04e9d2ae625a735e699

SHA512
e21cec334fb28ee733729ef647453573264c088745e8015f4a202dc1875a51b16da08dd3c0bc10e412b17fe8513ca3b10da86ccc08db3f93f145da2b9c5d9394

Download Submit