42b80d815d3bd2244ed8004957639f1f7d981700d53b06e20e230cae0dc2591e

Analysis

max time kernel
3052095s
max time network
155s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
26/12/2023, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53718e80512b567ff2fc83ba1c062812.apk
Size

12.2MB
MD5

53718e80512b567ff2fc83ba1c062812
SHA1

56632b6b2f266a0997d74b1bad50a48096d94dad
SHA256

42b80d815d3bd2244ed8004957639f1f7d981700d53b06e20e230cae0dc2591e
SHA512

2b7cc517e48683f1f6d7766e827c3312f05a7701ad9fa64827a2525a604004cf6f9d80d2551cc7836ae42bfeacd8ff33d1a81551a9d1d7aed36a7f6e2613ba07
SSDEEP

196608:ojEHmPNfD6FF6uXEXyFeqMpV7gGKkia0jWqmH5Jyl+8ogq6SvBo5efquJ+qYkS/A:ojDkFIwEX0KVktXQeLBq6wfqubmqw0

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 9 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.kjcy.eduol/.jiagu/classes.dex	4251	com.kjcy.eduol
/data/data/com.kjcy.eduol/.jiagu/classes.dex!classes2.dex	4251	com.kjcy.eduol
/data/data/com.kjcy.eduol/.jiagu/tmp.dex	4251	com.kjcy.eduol
/data/data/com.kjcy.eduol/.jiagu/tmp.dex	4333	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kjcy.eduol/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kjcy.eduol/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.kjcy.eduol/.jiagu/tmp.dex	4251	com.kjcy.eduol
/data/data/com.kjcy.eduol/.jiagu/classes.dex	4395	com.kjcy.eduol:pushcore
/data/data/com.kjcy.eduol/.jiagu/classes.dex!classes2.dex	4395	com.kjcy.eduol:pushcore
/data/data/com.kjcy.eduol/.jiagu/tmp.dex	4395	com.kjcy.eduol:pushcore
/data/data/com.kjcy.eduol/.jiagu/tmp.dex	4395	com.kjcy.eduol:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kjcy.eduol
Framework API call	javax.crypto.Cipher.doFinal	com.kjcy.eduol:pushcore

com.kjcy.eduol
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4251
- chmod 755 /data/data/com.kjcy.eduol/.jiagu/libjiagu.so
  2⤵
  PID:4277
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kjcy.eduol/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kjcy.eduol/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4333
- getprop ro.product.cpu.abi
  2⤵
  PID:4366

com.kjcy.eduol:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4395
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.kjcy.eduol/.jiagu/classes.dex --dex-file=/data/data/com.kjcy.eduol/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.kjcy.eduol/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4599

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kjcy.eduol/.jiagu/.jgck

Filesize
4B

MD5
2e15697b6fb151075c03b2b4876ba1db

SHA1
d0cdaeff9c0249c9c0e0019183982a3c555b7691

SHA256
57c0b278374da056a559e8f063bd8bf8c7b81e95c56f798c7f41e2b3853465fb

SHA512
f769b4c5d2c71b5fbc3527e5f317117a822aca75308c5bd5bb12ea7a3ee58be3105f8b3f59f3128a7ec0194e95fde57b16d389c267679afa634d26fb0c9cd155

Download Submit
/data/data/com.kjcy.eduol/.jiagu/classes.dex

Filesize
6.0MB

MD5
3c90b8af90666872cadfebd990d301d2

SHA1
53fdf606db06000bcf454f7db123f36926991ce2

SHA256
5a10246ebea03c079501723ac59b87f73276bc80178fdd3ce237690a463a4ce4

SHA512
0e5e09e6bb068f992572ffcfd7715f1f2bc784552d3182e350993a1f23064d80f3a018a93d2660d9ac94cc124d7679d524b618c6bc952b9557308a9ae282b67b

Download Submit
/data/data/com.kjcy.eduol/.jiagu/classes.dex!classes2.dex

Filesize
3.9MB

MD5
7a95b6114eb7d443ea140a3bbc6f6745

SHA1
5edba48bd8acb6fe9574b7e1e1651e5c8704bcbe

SHA256
f81e052a7f69ef5433328569042e40543e8b0bbb6bdc5d6576f9dcb0b6e9741f

SHA512
1dc2f106e3d9c81d79e45f581ebcd0d9cf974198f815248c33a21794638aa2d9059aa9941b62859f8f6a64380822fa32426a860b330a46ec047bd285045fb171

Download Submit
/data/data/com.kjcy.eduol/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.kjcy.eduol/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.kjcy.eduol/files/.jglogs/.jg.ac

Filesize
32B

MD5
e6d152c5aa0e78ef8893c6dc5f441025

SHA1
ec43e298ab1893a07b6b7a3afe9268ddb8a517c6

SHA256
b3e6ffffc54b7f82dcd3bf7672a570712ea9bba6ac325e57e402bbc439813fae

SHA512
9cf6d33869d7861bd32b267ac5fd3d481cad9ab7172bff136864c5c1b233e534a8c78059353f88873a7ee230fbe9338d7bdc4a63d58f4b196d8f5f67a5ddc587

Download Submit
/data/data/com.kjcy.eduol/files/.jglogs/.jg.di

Filesize
340B

MD5
71b7422b190de8529c421ccaf2751b58

SHA1
e8f681183c33d5431c71786bfd88e7c282558287

SHA256
d478b212294615382260177d54fdf4a35486447c531f86dc8dc4fa673e951516

SHA512
3b0bb68bc02d450ccad253a825687f8d767782c7cfe4011a293bca05596ef87a7de88fc36e2870b507ec5be46e083e39cbe8d11d11a282e215ed73c5e568f118

Download Submit
/data/data/com.kjcy.eduol/files/.jglogs/.jg.ic

Filesize
32B

MD5
d870f9f19c69906ac1b5ce7b6f5cb2d5

SHA1
27184833554142332842aa8c11e30548ec5b2cb0

SHA256
e87b04dcaa21419d4163922e24dc40e8a8f20399e30903f9b209c61e2fa8a392

SHA512
0de664e13dd2aeb14bef4481ae07550f21982fd3d57caea67d76f12617868604701c07706af9a4e1cfa3894b44cabc971f6d8c4d87dd19cd613f753f271b4ceb

Download Submit
/data/data/com.kjcy.eduol/files/.jglogs/.jg.ri

Filesize
314B

MD5
47b19dc9c4f8b374a78e8c37fb1d95a3

SHA1
92d74ced751c550db801f39d78aec8147f8fc83f

SHA256
01bbe693635bf2365b9b64f26fe13c52dec217014fa5fbe5f778181378e10bc8

SHA512
10cf174bed5b4c879f4f018e82a6a2d07f9c56125c8055c0dbc64bf1a7bececbad9faf2f62d922d570f7c47e10b1fc71a5f7db747e7331012060aed955ae289f

Download Submit
/data/data/com.kjcy.eduol/files/.jiagu.lock

Filesize
27B

MD5
53189f2ae5f60b2afcbdfeb0823f2cd8

SHA1
f4db7fa15f7a13d2a06a2b1d4fbc41ac38be5585

SHA256
a399ac794b0b924ff1cd35b324ce4bf6fe024251f24dc457510bd20c0ec15ac8

SHA512
63196de5b3d29118fb2079927b2916cbe95c6374ca65a9f480235f3fa1130bbfe392b597a5b1b4881ce37ad00d638dc022d7789c60c19dd611ee99e171447871

Download Submit
/data/data/com.kjcy.eduol/files/jpush_stat_cache.json

Filesize
119B

MD5
517d6c0298c090d0e7fda4012514eb0f

SHA1
aad28638570e35552c6743f236d6fd3561e448e0

SHA256
87967060242e79a8bea39a6b38d72268ec21d0af4da3d44f634b61546fe46e54

SHA512
904e554dbfa32d768b05059091b55259a0895cffd2fb5570cf97ebec1f31f8c2648d3f2f0385f1f306d741d155baed224715c8a9dc96d83ddca7bab12c274925

Download Submit
/data/data/com.kjcy.eduol/files/jpush_stat_history/normal/nowrap/7a13586b-160d-40f2-9364-d57e7f61800b

Filesize
159B

MD5
840a28d0f408cc4fdac4729ec04abf5b

SHA1
163962d7f7b28f882e41377cc57736ad5a401bba

SHA256
04c6e45da1e36199259370673c7369a16a07398b5c91469318e6bff977ab63af

SHA512
87d09888095a5ee6ef0e556533a4e4cbe6ecfa3498e0566bffb4f0574d147d1b4ae7789f74b209cdd2f89cd8c87c9e4aa7130e6b635e4b3e803f5719d21684dc

Download Submit
/data/data/com.kjcy.eduol/files/jpush_stat_history/normal/nowrap/ca9a0c4d-956e-4189-9711-3b5de8878190

Filesize
620B

MD5
56063546ffef919034e71528c5652f68

SHA1
53c719fee2cfca5c6e23a2b9f3451ac528fd1f88

SHA256
5778eca68cd368009ee2b0f046e1a111e8eeb6fa1f58604959452a01e071a4b4

SHA512
c45b0aa83af7a2c8174a7833f669a6cf27db77ea5d0c8b07d2696c852268d05d0c611ee1eac4815d3f1a7a2735f7f728bd7c11d7532318424ccf685305dc6940

Download Submit
/data/data/com.kjcy.eduol/files/jpush_uncaughtexception_file

Filesize
4KB

MD5
352bb53b1fc752ac07b974848e66d69e

SHA1
8f7d26dc4e872df04090ca8de809a83a546d8ead

SHA256
13f699b46ae9103497b2777c2b5cc31b7a56f256378e57d7b8d60d68b4fea22f

SHA512
c6000204a8d5acad03e3b6814e7714aa12f91c3ea4233085dc605f0f18d36bcc630686ecd53402cf6c9fb069dbdfe1fab8924ec629b5d33a4520332e6acd79ef

Download Submit
/data/data/com.kjcy.eduol/files/keycursession

Filesize
592B

MD5
8e40770d66e8f94adb40774f0f176907

SHA1
64480f738bab75de2abe969efeb12322719a4698

SHA256
53616fa14e3918def96b20aba9d1f2da66d074afc40bcf258aa1dad9e20a1ba5

SHA512
ef8f7c79dfa8abfac678a6dc49f596324d353c8dffae5f4bb645119bf674efa6810b23c86722f20b9d712bc1a262843306eced215bdab7d6f4edccfe2c4d5edb

Download Submit
/data/data/com.kjcy.eduol/files/keycursession

Filesize
951B

MD5
1df603b2a5c25db904022a72ae7aa690

SHA1
2e90640cd4ce5eb17d393421f3427a3cc60baeca

SHA256
ad4801d6d524ed4c9ea0f263447588d3cdd2578289bce275923e05f194126676

SHA512
e25efb8119ccd06616bd74982c7c99d58563baaacb33766e1a5837b8b758fcd9408a4964d5d36c59ca9e4182222daf13867ebf1e02585e95962e56a0038127cc

Download Submit
/data/data/com.kjcy.eduol/files/keycursession

Filesize
946B

MD5
991f53f588147fdbedd4ee161fc71e88

SHA1
ef9e77666b4f2ae22c42b7ef12259aaccc183d11

SHA256
a12701211e781d51f5648412c78355f07e8e9960795df879e5f251e04a12ba89

SHA512
3810b85b46dbdfebbef860437db6e63d79c7855d532ba162af7bfbee74ff882b5131da3ef6fab16614d6c7a083d42683f3c68dd59eeb2d7a390f3115196f1278

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
a9fded97b8105045d1ad56b5b6285669

SHA1
4afe12e3b067e05b72c48863c00fe082c81cdc2d

SHA256
3ba6f02fc27d02637c64225e9b62793d64d7480330296280d7d980c7c05b8588

SHA512
f2977eda680cd6298e6dd4829ec252c619b085fbd3e40f275b02bea7868807b02df9fe95dd40d8ca32933d5b0e50cca1ba272a7b7a8a9a2e7ed74c9073208f6b

Download Submit
/storage/emulated/0/Android/data/com.kjcy.eduol/files/tbslog/tbslog.txt

Filesize
2KB

MD5
86c09bc31b4ebfa811de95687d497469

SHA1
7825874947655002f3dc4a97826bb1b4521803ea

SHA256
91710e66ef572f34cacfa29a996ac0d8557c95e08086695678812cf30f47fc7b

SHA512
04d4c23f55ad5d751bf61cbc985661789009964096a53b61d9ac51d85d9f93d47f9759bede5b126f7ee972d94156f60163f8aecccd07ee8ab7a3572db57f9040

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
c24a1de77a67e2c81224fa7acb648864

SHA1
d266c94335eb9bb823fab3e945d238471f3b5b55

SHA256
fb7f2e91891f8efb50d03fb2ef3e802872087ee32d1d71357c99d128923f7f81

SHA512
c54d19c7f56eb4fea65c17ffd0eadb502f054d1a606df1523dedf2a7f0ca2050cbdad9db2731dbb5383017faf9798722ea82979d18f9d29b004392518e9f54d9

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
0acb712c367130a09bf6c04e4e0ea584

SHA1
db3ee9fb72b183d948cd02b27ee2026b0a3a3bfd

SHA256
e0b256f98826f2dda3842d3302b0748e4db76b821b32d8c79f873297c72b6b80

SHA512
7c72a7aa97f8c71d639eb08522afc17ae8b0ac5a3ecdfab42d10c06feeeb25aaf3c8b395e9693e915aea22ca180acb0816a131c7e2ac0d092192f9cae5fc1a08

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads