Analysis
-
max time kernel
3348462s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
30-12-2023 10:01
Behavioral task
behavioral1
Sample
1536ced1400689a94861c7219d86046b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
1536ced1400689a94861c7219d86046b.apk
Resource
android-33-x64-arm64-20231215-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
1536ced1400689a94861c7219d86046b.apk
-
Size
29.9MB
-
MD5
1536ced1400689a94861c7219d86046b
-
SHA1
f8d178d0b09bd736f3a26b67e7aa96b57504c543
-
SHA256
fdfa12c4bebd06bd696a8773cbe25bf96e455251cf9ed81868d7541f38726b0d
-
SHA512
8b52b56e87449168973da3651a35c44e3104fb79e01026885cc021dc608bedd5e43b6407a4e622daa2fc9fbf3d52d406669a5243d15b847b0ea67d0f857b66fc
-
SSDEEP
786432:LCiOIpjppDFYMJQmeOXcScSAtGabljFU358cIg5E+owagXV:LCi97DFYMJQmeOX8a3NIgqbcV
Malware Config
Signatures
-
Loads dropped Dex/Jar 11 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/io.dcloud.ekp/.jiagu/classes.dex 4271 io.dcloud.ekp /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes2.dex 4271 io.dcloud.ekp /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes3.dex 4271 io.dcloud.ekp /data/data/io.dcloud.ekp/.jiagu/tmp.dex 4271 io.dcloud.ekp /data/data/io.dcloud.ekp/.jiagu/tmp.dex 4311 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/io.dcloud.ekp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/io.dcloud.ekp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/io.dcloud.ekp/.jiagu/tmp.dex 4271 io.dcloud.ekp /data/data/io.dcloud.ekp/.jiagu/classes.dex 4470 io.dcloud.ekp:pushservice /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes2.dex 4470 io.dcloud.ekp:pushservice /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes3.dex 4470 io.dcloud.ekp:pushservice /data/data/io.dcloud.ekp/.jiagu/tmp.dex 4470 io.dcloud.ekp:pushservice /data/data/io.dcloud.ekp/.jiagu/tmp.dex 4470 io.dcloud.ekp:pushservice -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal io.dcloud.ekp Framework API call javax.crypto.Cipher.doFinal io.dcloud.ekp:pushservice
Processes
-
io.dcloud.ekp1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/io.dcloud.ekp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/io.dcloud.ekp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4311
-
-
/data/app/io.dcloud.ekp-DLW55WlUTwIDFRpGWoC6OQ==/lib/x86//libweexjsb.so 139 140 1 /data/user/0/io.dcloud.ekp/app_crash/crash_dump.log2⤵PID:4602
-
-
sh -c ps -ef2⤵PID:4661
-
-
ps -ef2⤵PID:4661
-
-
io.dcloud.ekp:pushservice1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4470
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD5750f3db8bcb77a41f95c8847d7da4e34
SHA1c27fc5e38200d0a6aa6a49a8fe30487c60cce298
SHA25685f2a076e4e82ceb8f302696e06e8172ab2854846b218c945db3580554a61b7d
SHA512db9021a69375772492e88ebc00458400545783704e0ac4ad20dd1ef601c5b1da57ec0491841e745c72e38854d99ab5f6589eb57b24770787ce9a2acdd5e6612b
-
Filesize
6.8MB
MD5d6718bacba6c337bf1b649d6898be3a9
SHA18df7c719e23cce60c44bcc7c7dec34f6bb796efd
SHA25602c4ff0584da1fca8cc4c8c44fcd00144f821b79e7a212f4abe26d05200e8366
SHA5121d49d679361fc4d459c0c2af5556aebaa19651ef52dce58de981da26ee73ae6d388eb6a2970323144f1acc86740f59a50541d5ec3d748ddce45b2df2263342ef
-
Filesize
329KB
MD5c6d1e6e5a22113109586de7231b074a0
SHA1f45f633c2a83bae58e756c5e712e12df5be2ee53
SHA25655a2b1cd9c0a608461bb52ec6e7070390ca9cac67faa0acd8b2865b3f7fdb697
SHA5121d637c2c1f78a2a78e3265005c9b01b8e5233f2f1ae875e99b12c5f67a2441d6f4197f45fa961189124a505bb91320d608a868d6f68da94b4abd3cfb1f5f06ce
-
Filesize
487KB
MD5610a895c4a71bbeeaea16eddb1422bbf
SHA19f919de42ed1e80bfadfef48f8202b202166f869
SHA256baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
6KB
MD57daa126a59a44091b737186c77697355
SHA13d0edde6aad106a18b3c5e139bc5b17872544920
SHA256075f5431397263562da0a61835f543ff13c708f4b5c4a4588a93f5ef08254c5a
SHA5121dff58d4598278d53a4f571152142de312c2b1494b0c9f6a908e281845a041bfd4c864726fec0ece1c6d3994f13622ac7310aef479bca71e42a071f8d2307cfe
-
Filesize
40B
MD57fcb8688bf3c07944c8278cb2e67b1c8
SHA10425ee026aa3e3ea65cb571e9a56b6ba51678d53
SHA256a92b6b173d00740e3923774a6c8dc2b1f7b271d1582eac728bb7f9f033e62def
SHA5120428e8dda8ba797750d5ee6ab24d081bfbacbdf35c46b4755d177dea7d7997bb40a43c8f889c918669f94cc84e15f8dc21ea266ae4f80fe7be977bcb8d0ebdb8
-
Filesize
32B
MD5eb050821c30949a41f28db526ec03e11
SHA130eb990209c9547cd2b66171394e983af9049419
SHA2561beffe2f6dff5faab0a097970fd61ebaa3fbf4e82d37374975cafea373bc52f5
SHA5123d519467d9745bc4d81db0169e44f3ccfdc62628299e3acfc94c9c5e5fad92ee16b406e5392256fdfa7cd8d6fdad65c3172a5bd3b152a5af42be1d11366b9d41
-
Filesize
32B
MD526ae41c121c7195b392d72a44999b4ab
SHA19bba8d14f1155e305662366572779243e04c7010
SHA256d81ca94f5292e82ebf92eae3990b7b84bb49c97f33cc8b783ae0f757ecc20b18
SHA512c1762e57c427af6588eda5fca7e082788d1983b8f4446525dacdabd52072791927004f7475cf881e30c58fc21fefc61b3da0afab17e31ad57c1dfd7c1879c1c4
-
Filesize
64B
MD59ab52a29123c1aa9f1070410147a2509
SHA12a4fe289fcde58f605f0379bea4d4f8586f63206
SHA2564cda722bdca2f9bb9ab13e28119fee1b2efd5bd7bdb4a98511baeecd7a279d18
SHA51270e83da3b47b29aa699795e4a8a057460b4740fcae8bc7cc6b54d12e2c53bf6f139279ea446bdfd2bca13aabc8a1c80d082ee08f52d43eeaa456c9ae2b6aaf12
-
Filesize
73B
MD5119bb97b994bea548c1065ebaee3d3a8
SHA1fc9865e65b073ba606a68bce3d6a78128785ddcf
SHA256e212cec3c472b8d1bf11e4e9b9026c8e4da4d1a87e5ed46714279f4a40b815d6
SHA512ba85c57da8daac334c24c9439c42f84dae7b4fa7af3df2417e3bbe191cc59206c56e7c374290c313a40379bf6d31ab575c1953fd20f989804b090558ff32affb
-
Filesize
307B
MD52bc77bd68a43c601ae447aac8032950e
SHA1fdf2e18f2e1338ce319f80d5a93780635550bc71
SHA25602b589c0e9a36a74b5630a21b4fc78a5904915c11b37204b058c18dce3c09845
SHA51275fea19f51518cfbc36c8658b75fcb6721b642595e6d72ba3bcf93461949c75b15d6dadd16530d167cf638ad11a634fb025a637646054872233bf82287e223ab
-
Filesize
54B
MD575ad8783449b8e39f8d8b381945d9b4d
SHA1bc82c3a2614d307fb617325c17b02ffa39679884
SHA2567bf07db318d18dd0c3f4f5ff174a0adbb496408aee8352bd804fc71aac14c2ad
SHA5125d49a638aad1db828074fb5f8a2e4e30f653ba31ed0cbd462a54fcb0349ed0937e349f21d3f851072e0b5fe3b7e0615635a156e6ba935f74f4eb626ea60fd669
-
Filesize
32B
MD50024b3bf04bdd42b98f04691871e884a
SHA16d19a2c88dd7111ca8d5f3566beb394e01a5586b
SHA2567abc3d8a567e148a862ebf0fb29e2c84b2284d1d2620b561c7fdeb37d1aa3a60
SHA5129ef1dfc7e9c7cea5a580255d8aac3a5505d34b14781d3b44d517646a9a72549ceb5a8cd9f8e681ac3791111f62f757d0043713057b3757be886112df1343fbe1
-
Filesize
54B
MD5439a80628985c24e4ff8c020b2e3f5c7
SHA1fbe06d05c7a3bcf148cfee8173a2ea3fe8c495c8
SHA256cccf6da4b703f9bd2eb4e3df3f6b5a06e1501e89b32fa9f0349853a3a96e6bc7
SHA5124f69bb9d48fdcc97777114ef30d8c89c74b877749450ce6361af95fd0606207ea613e9d77cdd745a52a49ac90973c299aff3d20bda906888991e6c8b871fd177
-
Filesize
32B
MD5959268306b52013570bb68aa60980a37
SHA174226b40908b501e1a3ef13e5ec27851ca125b3b
SHA256a3968468645ff7f8a7a941c78caf8fcbafc8a38c7d8dc48ec004815bdcb6e16b
SHA5124915af49aebd73c2742d1e1db4528ef9d33f8f07850c346977f4409daffc2afb927428207c244ef5b034b178c030b776ecc162cf2066db2b47caa7eb7e42bf70
-
Filesize
27B
MD548dfe03ffddacaf5ed340d117c2d96ec
SHA13d32baa81d6be1b11d40101720e73efd87fce5e4
SHA256a86434e6bdbda733b56db235965632432a02782e06c88d8a74fa7a0f49b4f630
SHA512db92e699c612162268774544b6cebbb8d16c484b314e94f336dc5d93a7e7fc057f1daf0075a20c9b7b768a430fba46aca51d0ba054d40ec30c0bfe6a36a7d84f
-
Filesize
39B
MD57769d4507985f59116153463f09235a2
SHA1b081e84d14300ac7a7947aade9c025fa83bc17fb
SHA2565ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf
SHA512ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f
-
Filesize
284B
MD504233b4a1b92b603fd5a5b11b322153f
SHA1912bc6dac84d8c7802cb9d3743710fce0ecd0e63
SHA256c1bf9df6aada2d5118c0f2c9f90b0331ee2e7a03289a347fb15182025cc8c360
SHA5123b3845a86144968464d6e6c637a7cd20fb8caf6fdf578897dd398c1a8618cdf262bb050d8650a48d41b11931e09f05c41213ba710d1e4f2aa7fe9d6ef971a0b3
-
Filesize
268B
MD5ddd3580cfb128e4be8baabccae8172b9
SHA1ef34e4bcc6142337fcdf65499123068547a50842
SHA2563dd35f7038c91bb0c82c055784954254c33e530f42d4c67036915ea61d3ebfd4
SHA512be51310d743b77b8b7dfee609748b0944d743fc95978a7f0cd9b6bc6002d24cb48c52016e134a1d39fa8fd687a5f65691fe89361dbe71ad5cd6aaba0ed961731
-
Filesize
5B
MD5c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA51229f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339
-
Filesize
29B
MD5fea64b779b5af6ea3213c59e0af972cc
SHA1130257e90ec596b94d6e4d28316649c21b500844
SHA25616d77ed7a5a7ea181e482f671f4d8b4c90c7a34900ff334530a1553aef238cab
SHA512dadf1ad32d1bec3fd9858a8b95c8e5746d51af06a6e8cac2c586862b47ad6d9c4f8a9d1368af681c0c60b77ed98ded7ee2d058037248829430d57e434496b53e
-
Filesize
32B
MD5bf9dafad780fbfb4bcaaf6790c9639ae
SHA1c75f88a902b63b5b1ea08cc1da9d6ce1d8e48be9
SHA25657b6133684fe6263d281566b49e2af05cf1ea733a8a8b10edb4724539c66db81
SHA512c3b061c3a989dad95f91f50b7c5cbc9c271cf44145430548c9c6860bf03eee44669c84b4ecde72156433a6ab579027afb91d3bf439f51ce253a664e63851a821
-
Filesize
931KB
MD5c82dfd369d83795f0c6d63123b267bcb
SHA175c81f4d2f8d9a15f9004f0b0f34d22b863ebb85
SHA256a0341cdcb704b1573855d07b49128bd16c20e06ef8476d5adc3b9432867d6cae
SHA5120b43fbd574cb8372890786122c88812694e9b6b684950827063cea84b13e11b00f6cde8e126f6d2b1c5044869f155140c8d4154ce7a721b562b38b8b89ff8077
-
Filesize
2KB
MD50b456d381a1d99684e17ada888535d16
SHA182603e334f19cf32b14064541628b8d4fa7749ee
SHA256117e6a8f9c6387c91936c997d6d53240af74be18c3ac7da82f954be3bad041f0
SHA512ea90fc3f048ac917e5e87fb6fef82f32ca1d4cfa6d2c8350ab02444d19e023f6acb57a05c3f4bcc373f789841b085567a3df9acafdaad89e83754a1252225056
-
Filesize
2KB
MD520ef593815bff1fc79fa29ec8dcda796
SHA149725612a4d97517f92aad6304dc35ef5950d641
SHA25654ecaf004b3a68a0646bdcbe18a02848c575772db7f98bc4e62f632d8914181e
SHA512a22785e93496441a5bea187bcf7fcefb024bdad2aecf2475847d12c1539bd6aa0092fc5c7f60eb844d465769b564cbaf6f794a32482981ab074723f71bec6460
-
Filesize
2KB
MD5796d5a1b97a18760ee18ebf0b2f7a50e
SHA122e360c11948d8d60326416327565efe8e78edbb
SHA256c83c6bff5b2d09f0607f9153d8e8c74bf5433c6cb57a0bf63518691d9461e234
SHA51230a2afe5a362aeb30292ef6433087158f9fc3ec98b4a2b24d2f2192836057d658ee3957e0aa83017412047424af1f9cda12e58af88921997903e56f07a374241
-
Filesize
2KB
MD5ba0c9b1e7d0058e3a3f723b85854c39c
SHA1912eb4bbef6d22d14674f755513a616ca57c9d9d
SHA2569c55d12cea7c94d38894a3bc8887cf8a4246b97f2b20655f997609749e206b8e
SHA512d0e14a3d5a67fa2e6c2a9f4f3cdf69d85e266cf1e020fc8e5c7080e06eeaaf8302e4194e15859ce71c09c6115d2f2e0a4e62305156b628a8ca86ae12113fa710
-
Filesize
974B
MD5550987e30c9fff571f949dfe96412e77
SHA10cfd29ef3c0ebada211a864930e9a7316674fccd
SHA25634d18f592cd1903318bde2407ce6f9a0d60ecd1bb0195941a3a8a01ac25506a9
SHA5128c0a8cd74eea1208451f06896319ba36522fa311ab09c76f511c622085ad7dc6c35fd574329b3e21a36cbbf6b67491be70d431a95e5e1c1f0f1b077822f87d77