Analysis

  • max time kernel
    3348462s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    30-12-2023 10:01

General

  • Target

    1536ced1400689a94861c7219d86046b.apk

  • Size

    29.9MB

  • MD5

    1536ced1400689a94861c7219d86046b

  • SHA1

    f8d178d0b09bd736f3a26b67e7aa96b57504c543

  • SHA256

    fdfa12c4bebd06bd696a8773cbe25bf96e455251cf9ed81868d7541f38726b0d

  • SHA512

    8b52b56e87449168973da3651a35c44e3104fb79e01026885cc021dc608bedd5e43b6407a4e622daa2fc9fbf3d52d406669a5243d15b847b0ea67d0f857b66fc

  • SSDEEP

    786432:LCiOIpjppDFYMJQmeOXcScSAtGabljFU358cIg5E+owagXV:LCi97DFYMJQmeOX8a3NIgqbcV

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 11 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes

  • io.dcloud.ekp
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4271
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/io.dcloud.ekp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/io.dcloud.ekp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4311
    • /data/app/io.dcloud.ekp-DLW55WlUTwIDFRpGWoC6OQ==/lib/x86//libweexjsb.so 139 140 1 /data/user/0/io.dcloud.ekp/app_crash/crash_dump.log
      2⤵
        PID:4602
      • sh -c ps -ef
        2⤵
          PID:4661
        • ps -ef
          2⤵
            PID:4661
        • io.dcloud.ekp:pushservice
          1⤵
          • Loads dropped Dex/Jar
          • Uses Crypto APIs (Might try to encrypt user data)
          PID:4470

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/io.dcloud.ekp/.jiagu/classes.dex

          Filesize

          5.7MB

          MD5

          750f3db8bcb77a41f95c8847d7da4e34

          SHA1

          c27fc5e38200d0a6aa6a49a8fe30487c60cce298

          SHA256

          85f2a076e4e82ceb8f302696e06e8172ab2854846b218c945db3580554a61b7d

          SHA512

          db9021a69375772492e88ebc00458400545783704e0ac4ad20dd1ef601c5b1da57ec0491841e745c72e38854d99ab5f6589eb57b24770787ce9a2acdd5e6612b

        • /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes2.dex

          Filesize

          6.8MB

          MD5

          d6718bacba6c337bf1b649d6898be3a9

          SHA1

          8df7c719e23cce60c44bcc7c7dec34f6bb796efd

          SHA256

          02c4ff0584da1fca8cc4c8c44fcd00144f821b79e7a212f4abe26d05200e8366

          SHA512

          1d49d679361fc4d459c0c2af5556aebaa19651ef52dce58de981da26ee73ae6d388eb6a2970323144f1acc86740f59a50541d5ec3d748ddce45b2df2263342ef

        • /data/data/io.dcloud.ekp/.jiagu/classes.dex!classes3.dex

          Filesize

          329KB

          MD5

          c6d1e6e5a22113109586de7231b074a0

          SHA1

          f45f633c2a83bae58e756c5e712e12df5be2ee53

          SHA256

          55a2b1cd9c0a608461bb52ec6e7070390ca9cac67faa0acd8b2865b3f7fdb697

          SHA512

          1d637c2c1f78a2a78e3265005c9b01b8e5233f2f1ae875e99b12c5f67a2441d6f4197f45fa961189124a505bb91320d608a868d6f68da94b4abd3cfb1f5f06ce

        • /data/data/io.dcloud.ekp/.jiagu/libjiagu.so

          Filesize

          487KB

          MD5

          610a895c4a71bbeeaea16eddb1422bbf

          SHA1

          9f919de42ed1e80bfadfef48f8202b202166f869

          SHA256

          baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

          SHA512

          ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

        • /data/data/io.dcloud.ekp/.jiagu/tmp.dex

          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        • /data/data/io.dcloud.ekp/cache/jsb.version

          Filesize

          1B

          MD5

          c4ca4238a0b923820dcc509a6f75849b

          SHA1

          356a192b7913b04c54574d18c28d46e6395428ab

          SHA256

          6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

          SHA512

          4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

        • /data/data/io.dcloud.ekp/cache/libweexjsb.so

          Filesize

          6KB

          MD5

          7daa126a59a44091b737186c77697355

          SHA1

          3d0edde6aad106a18b3c5e139bc5b17872544920

          SHA256

          075f5431397263562da0a61835f543ff13c708f4b5c4a4588a93f5ef08254c5a

          SHA512

          1dff58d4598278d53a4f571152142de312c2b1494b0c9f6a908e281845a041bfd4c864726fec0ece1c6d3994f13622ac7310aef479bca71e42a071f8d2307cfe

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.ac

          Filesize

          40B

          MD5

          7fcb8688bf3c07944c8278cb2e67b1c8

          SHA1

          0425ee026aa3e3ea65cb571e9a56b6ba51678d53

          SHA256

          a92b6b173d00740e3923774a6c8dc2b1f7b271d1582eac728bb7f9f033e62def

          SHA512

          0428e8dda8ba797750d5ee6ab24d081bfbacbdf35c46b4755d177dea7d7997bb40a43c8f889c918669f94cc84e15f8dc21ea266ae4f80fe7be977bcb8d0ebdb8

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.ic

          Filesize

          32B

          MD5

          eb050821c30949a41f28db526ec03e11

          SHA1

          30eb990209c9547cd2b66171394e983af9049419

          SHA256

          1beffe2f6dff5faab0a097970fd61ebaa3fbf4e82d37374975cafea373bc52f5

          SHA512

          3d519467d9745bc4d81db0169e44f3ccfdc62628299e3acfc94c9c5e5fad92ee16b406e5392256fdfa7cd8d6fdad65c3172a5bd3b152a5af42be1d11366b9d41

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.pk

          Filesize

          32B

          MD5

          26ae41c121c7195b392d72a44999b4ab

          SHA1

          9bba8d14f1155e305662366572779243e04c7010

          SHA256

          d81ca94f5292e82ebf92eae3990b7b84bb49c97f33cc8b783ae0f757ecc20b18

          SHA512

          c1762e57c427af6588eda5fca7e082788d1983b8f4446525dacdabd52072791927004f7475cf881e30c58fc21fefc61b3da0afab17e31ad57c1dfd7c1879c1c4

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.pk.h

          Filesize

          64B

          MD5

          9ab52a29123c1aa9f1070410147a2509

          SHA1

          2a4fe289fcde58f605f0379bea4d4f8586f63206

          SHA256

          4cda722bdca2f9bb9ab13e28119fee1b2efd5bd7bdb4a98511baeecd7a279d18

          SHA512

          70e83da3b47b29aa699795e4a8a057460b4740fcae8bc7cc6b54d12e2c53bf6f139279ea446bdfd2bca13aabc8a1c80d082ee08f52d43eeaa456c9ae2b6aaf12

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.rd

          Filesize

          73B

          MD5

          119bb97b994bea548c1065ebaee3d3a8

          SHA1

          fc9865e65b073ba606a68bce3d6a78128785ddcf

          SHA256

          e212cec3c472b8d1bf11e4e9b9026c8e4da4d1a87e5ed46714279f4a40b815d6

          SHA512

          ba85c57da8daac334c24c9439c42f84dae7b4fa7af3df2417e3bbe191cc59206c56e7c374290c313a40379bf6d31ab575c1953fd20f989804b090558ff32affb

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.ri

          Filesize

          307B

          MD5

          2bc77bd68a43c601ae447aac8032950e

          SHA1

          fdf2e18f2e1338ce319f80d5a93780635550bc71

          SHA256

          02b589c0e9a36a74b5630a21b4fc78a5904915c11b37204b058c18dce3c09845

          SHA512

          75fea19f51518cfbc36c8658b75fcb6721b642595e6d72ba3bcf93461949c75b15d6dadd16530d167cf638ad11a634fb025a637646054872233bf82287e223ab

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.store.report_cf

          Filesize

          54B

          MD5

          75ad8783449b8e39f8d8b381945d9b4d

          SHA1

          bc82c3a2614d307fb617325c17b02ffa39679884

          SHA256

          7bf07db318d18dd0c3f4f5ff174a0adbb496408aee8352bd804fc71aac14c2ad

          SHA512

          5d49a638aad1db828074fb5f8a2e4e30f653ba31ed0cbd462a54fcb0349ed0937e349f21d3f851072e0b5fe3b7e0615635a156e6ba935f74f4eb626ea60fd669

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.store.report_cf

          Filesize

          32B

          MD5

          0024b3bf04bdd42b98f04691871e884a

          SHA1

          6d19a2c88dd7111ca8d5f3566beb394e01a5586b

          SHA256

          7abc3d8a567e148a862ebf0fb29e2c84b2284d1d2620b561c7fdeb37d1aa3a60

          SHA512

          9ef1dfc7e9c7cea5a580255d8aac3a5505d34b14781d3b44d517646a9a72549ceb5a8cd9f8e681ac3791111f62f757d0043713057b3757be886112df1343fbe1

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.store.report_pid

          Filesize

          54B

          MD5

          439a80628985c24e4ff8c020b2e3f5c7

          SHA1

          fbe06d05c7a3bcf148cfee8173a2ea3fe8c495c8

          SHA256

          cccf6da4b703f9bd2eb4e3df3f6b5a06e1501e89b32fa9f0349853a3a96e6bc7

          SHA512

          4f69bb9d48fdcc97777114ef30d8c89c74b877749450ce6361af95fd0606207ea613e9d77cdd745a52a49ac90973c299aff3d20bda906888991e6c8b871fd177

        • /data/data/io.dcloud.ekp/files/.jglogs/.jg.store.report_pid

          Filesize

          32B

          MD5

          959268306b52013570bb68aa60980a37

          SHA1

          74226b40908b501e1a3ef13e5ec27851ca125b3b

          SHA256

          a3968468645ff7f8a7a941c78caf8fcbafc8a38c7d8dc48ec004815bdcb6e16b

          SHA512

          4915af49aebd73c2742d1e1db4528ef9d33f8f07850c346977f4409daffc2afb927428207c244ef5b034b178c030b776ecc162cf2066db2b47caa7eb7e42bf70

        • /data/data/io.dcloud.ekp/files/.jiagu.lock

          Filesize

          27B

          MD5

          48dfe03ffddacaf5ed340d117c2d96ec

          SHA1

          3d32baa81d6be1b11d40101720e73efd87fce5e4

          SHA256

          a86434e6bdbda733b56db235965632432a02782e06c88d8a74fa7a0f49b4f630

          SHA512

          db92e699c612162268774544b6cebbb8d16c484b314e94f336dc5d93a7e7fc057f1daf0075a20c9b7b768a430fba46aca51d0ba054d40ec30c0bfe6a36a7d84f

        • /data/data/io.dcloud.ekp/files/cnc3ejE6/eje3cnc

          Filesize

          39B

          MD5

          7769d4507985f59116153463f09235a2

          SHA1

          b081e84d14300ac7a7947aade9c025fa83bc17fb

          SHA256

          5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

          SHA512

          ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

        • /data/data/io.dcloud.ekp/files/init_c1.pid

          Filesize

          284B

          MD5

          04233b4a1b92b603fd5a5b11b322153f

          SHA1

          912bc6dac84d8c7802cb9d3743710fce0ecd0e63

          SHA256

          c1bf9df6aada2d5118c0f2c9f90b0331ee2e7a03289a347fb15182025cc8c360

          SHA512

          3b3845a86144968464d6e6c637a7cd20fb8caf6fdf578897dd398c1a8618cdf262bb050d8650a48d41b11931e09f05c41213ba710d1e4f2aa7fe9d6ef971a0b3

        • /data/data/io.dcloud.ekp/lib-main/dso_deps

          Filesize

          268B

          MD5

          ddd3580cfb128e4be8baabccae8172b9

          SHA1

          ef34e4bcc6142337fcdf65499123068547a50842

          SHA256

          3dd35f7038c91bb0c82c055784954254c33e530f42d4c67036915ea61d3ebfd4

          SHA512

          be51310d743b77b8b7dfee609748b0944d743fc95978a7f0cd9b6bc6002d24cb48c52016e134a1d39fa8fd687a5f65691fe89361dbe71ad5cd6aaba0ed961731

        • /data/data/io.dcloud.ekp/lib-main/dso_manifest

          Filesize

          5B

          MD5

          c06857e9ea338f3f3a24bb78f8fbdf6f

          SHA1

          c5a0a2529d2deb60fec041b4fbd722a2ebe31702

          SHA256

          957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

          SHA512

          29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

        • /data/data/io.dcloud.ekp/lib-main/dso_state

          Filesize

          1B

          MD5

          93b885adfe0da089cdf634904fd59f71

          SHA1

          5ba93c9db0cff93f52b521d7420e43f6eda2784f

          SHA256

          6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

          SHA512

          b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

        • /data/data/io.dcloud.ekp/lib-main/dso_state

          Filesize

          1B

          MD5

          55a54008ad1ba589aa210d2629c1df41

          SHA1

          bf8b4530d8d246dd74ac53a13471bba17941dff7

          SHA256

          4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

          SHA512

          7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

        • /data/data/io.dcloud.ekp/shared_prefs_ext/test_app

          Filesize

          29B

          MD5

          fea64b779b5af6ea3213c59e0af972cc

          SHA1

          130257e90ec596b94d6e4d28316649c21b500844

          SHA256

          16d77ed7a5a7ea181e482f671f4d8b4c90c7a34900ff334530a1553aef238cab

          SHA512

          dadf1ad32d1bec3fd9858a8b95c8e5746d51af06a6e8cac2c586862b47ad6d9c4f8a9d1368af681c0c60b77ed98ded7ee2d058037248829430d57e434496b53e

        • /storage/emulated/0/.imei.txt

          Filesize

          32B

          MD5

          bf9dafad780fbfb4bcaaf6790c9639ae

          SHA1

          c75f88a902b63b5b1ea08cc1da9d6ce1d8e48be9

          SHA256

          57b6133684fe6263d281566b49e2af05cf1ea733a8a8b10edb4724539c66db81

          SHA512

          c3b061c3a989dad95f91f50b7c5cbc9c271cf44145430548c9c6860bf03eee44669c84b4ecde72156433a6ab579027afb91d3bf439f51ce253a664e63851a821

        • /storage/emulated/0/Android/data/io.dcloud.ekp/apps/__UNI__B1529FC/temp/1704155375551

          Filesize

          931KB

          MD5

          c82dfd369d83795f0c6d63123b267bcb

          SHA1

          75c81f4d2f8d9a15f9004f0b0f34d22b863ebb85

          SHA256

          a0341cdcb704b1573855d07b49128bd16c20e06ef8476d5adc3b9432867d6cae

          SHA512

          0b43fbd574cb8372890786122c88812694e9b6b684950827063cea84b13e11b00f6cde8e126f6d2b1c5044869f155140c8d4154ce7a721b562b38b8b89ff8077

        • /storage/emulated/0/Android/data/io.dcloud.ekp/icons/-1161227462

          Filesize

          2KB

          MD5

          0b456d381a1d99684e17ada888535d16

          SHA1

          82603e334f19cf32b14064541628b8d4fa7749ee

          SHA256

          117e6a8f9c6387c91936c997d6d53240af74be18c3ac7da82f954be3bad041f0

          SHA512

          ea90fc3f048ac917e5e87fb6fef82f32ca1d4cfa6d2c8350ab02444d19e023f6acb57a05c3f4bcc373f789841b085567a3df9acafdaad89e83754a1252225056

        • /storage/emulated/0/Android/data/io.dcloud.ekp/icons/-137212512

          Filesize

          2KB

          MD5

          20ef593815bff1fc79fa29ec8dcda796

          SHA1

          49725612a4d97517f92aad6304dc35ef5950d641

          SHA256

          54ecaf004b3a68a0646bdcbe18a02848c575772db7f98bc4e62f632d8914181e

          SHA512

          a22785e93496441a5bea187bcf7fcefb024bdad2aecf2475847d12c1539bd6aa0092fc5c7f60eb844d465769b564cbaf6f794a32482981ab074723f71bec6460

        • /storage/emulated/0/Android/data/io.dcloud.ekp/icons/-585292344

          Filesize

          2KB

          MD5

          796d5a1b97a18760ee18ebf0b2f7a50e

          SHA1

          22e360c11948d8d60326416327565efe8e78edbb

          SHA256

          c83c6bff5b2d09f0607f9153d8e8c74bf5433c6cb57a0bf63518691d9461e234

          SHA512

          30a2afe5a362aeb30292ef6433087158f9fc3ec98b4a2b24d2f2192836057d658ee3957e0aa83017412047424af1f9cda12e58af88921997903e56f07a374241

        • /storage/emulated/0/Android/data/io.dcloud.ekp/icons/511245915

          Filesize

          2KB

          MD5

          ba0c9b1e7d0058e3a3f723b85854c39c

          SHA1

          912eb4bbef6d22d14674f755513a616ca57c9d9d

          SHA256

          9c55d12cea7c94d38894a3bc8887cf8a4246b97f2b20655f997609749e206b8e

          SHA512

          d0e14a3d5a67fa2e6c2a9f4f3cdf69d85e266cf1e020fc8e5c7080e06eeaaf8302e4194e15859ce71c09c6115d2f2e0a4e62305156b628a8ca86ae12113fa710

        • /storage/emulated/0/Android/data/pushSdk/defaultLog/2024-01-02.log.txt

          Filesize

          974B

          MD5

          550987e30c9fff571f949dfe96412e77

          SHA1

          0cfd29ef3c0ebada211a864930e9a7316674fccd

          SHA256

          34d18f592cd1903318bde2407ce6f9a0d60ecd1bb0195941a3a8a01ac25506a9

          SHA512

          8c0a8cd74eea1208451f06896319ba36522fa311ab09c76f511c622085ad7dc6c35fd574329b3e21a36cbbf6b67491be70d431a95e5e1c1f0f1b077822f87d77