ac0681a2eaa21fe58c567f69972a8345ed46dd1d948d5a4ca6caa30761f74d01

Analysis

max time kernel
3654928s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
31/12/2023, 04:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

287cbc9f887fd5274bad17ca150e2ddd.apk
Size

17.9MB
MD5

287cbc9f887fd5274bad17ca150e2ddd
SHA1

01c16892519419506b544208493544eaec35c85f
SHA256

ac0681a2eaa21fe58c567f69972a8345ed46dd1d948d5a4ca6caa30761f74d01
SHA512

708b35d4bdebc6775fe03a3147820ab232ccb80a4b538d4f29ee744908017fe6ae0444a488d58e73a7dc985d003ac9c4173c52789f6cbdf14aece36aaafca933
SSDEEP

393216:ZONPXBL3FFxnm1ucDS+N6cP+r2tF9Y83E7gf/dgmRYtj+:ZO5xpm1dbNLF9RUc2mWta

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 11 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4236	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4236	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4236	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4236	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4268	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4236	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4351	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4351	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4351	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4351	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4351	com.xgbuy.xg:pushcore

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4236
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4268

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4351
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.5MB

MD5
bc7b7cec4c2313b65f6d767a77164dd0

SHA1
f0a2fb5db284bc60f424c2084984c830cf4d2ca1

SHA256
84906c5a9b057b44e0df1fb8030d13110748ba30ef7a8017abdd3157ef349ffb

SHA512
379bec4a7a82a83c32e93cb3d5d0e0622d78ec79a5e17861f9600069283ffeac13340003fd2323c884a114bd45102034b3e5e609b3390ce099db6ef71a144432

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
f1e1513c1caa393fe8e9a3f9fff03e7c

SHA1
db053d40d0ead70c10b229d129359601a8b5debd

SHA256
4e81f36348e9d21ea9121450a9c68817efadedf40bf365af9d54a6033b363934

SHA512
e9c0cb206d14c55f3bf375fddd0d1edcf2e4540c24ac5df6e1c4884e87be9861a87b4fa5a49162fd054bafac7ed223e6f79686ffd71224f64f7336173298c03b

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
2.0MB

MD5
e0cdaf1a37a325beb335128a913ce71e

SHA1
1b4f9eda9ff72406032655f7a7f97e361d90bb2f

SHA256
444121cbd8f09a2461d84bcdecea5c61c0a5bc7b0fd3671d6a1ba5a91281cbba

SHA512
2f24d69d48c4cf889db9b6d2d5c867b8ea758663e0e83ce1e7ecf650a6b5850669d35d46df3355a643bb2732b590d4609eabbe4aa74d4a4b076c3bb8e8a17d8b

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
485KB

MD5
015df5724b50b4fbc6dd0caf7ccb817c

SHA1
980780e98c9958aec97ab7a0de8d28a4c5fd9429

SHA256
183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6

SHA512
fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
48KB

MD5
088f57cf9d12f12e23e43465b8f76740

SHA1
552d106627af50d3e5c425085c3cb6a7f22f3f04

SHA256
0b674a2c7148282d9f1ecdff7608b61518794a6387bc075af76204900fc855e2

SHA512
6588f6fb32e3733fef47aebcd5826ca6acd7731739e7de0d73fc8de584df810f293ca74b8b9ad9e40f393194c591ef4d4208fc834d1107ac93a65611a660320c

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
64c422598b6202154b5c9463d7c073ed

SHA1
bc72a10b56ff16040a93d9b1550c603898df89d9

SHA256
e03d700da87c9d30ba628e961debe000765038b0640087df1976928925b0844c

SHA512
dddd381f6d75c9d546ed74e709e9577e4cc1971c56d0b602b029840121e7eed1fb74497af101bca645f0f4e68207da6e6a263b3723157d1934e546bbfb499863

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd

Filesize
73B

MD5
1a5d276d1e61ef6ab8262f83cc23eeb4

SHA1
d0979b7b2304f4a8540b132a87ce728637359431

SHA256
54b74f17e1010d576783577bcc52009aeaae6f9c58f3b29f6becd0bbd248091d

SHA512
dc3ab8cdd7c8b549601253ecc5612c6efbd8bddd0fc26f7a463e94eadbea5c8c42e531996a3826bfa6760fd9676f5ece376d8020dda0896f024cd5427fa62f05

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
307B

MD5
1e2277627c029e3f8fa9d3f333a72a06

SHA1
5d193b2cc74614e6d22270d89fd5dfd0c6babcbf

SHA256
6fa9743dc29d39b4f5ff8691a3b7849b0e58db7ec3505c176125c60ea673337f

SHA512
bc8856f23499eaba112ce12478d6b99cb2be9a622d50aab14259b3d1055b2fbfa8383896e40db2f2555f849a64d09a08a3c285a5e386a331447da31839869e7e

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
17bc4234383c56e1786912220ccabafb

SHA1
ac264284d1427e9273364b73ee2e79ab94c74dce

SHA256
04998a58b27ec4e2e6d09c553915a9bcaf9276a5db2347b79846026b8bf0d589

SHA512
476db98cece919772e451165be393dde54a51322e47cc0a309c835fd4309bbfd301f0e3586d2473e8b5ebcc9edd3e5cfa11b41bcd48f28e5cc5024335b0d020c

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
57B

MD5
acc2a2f5cb76c41d2e97e0d409b53bdd

SHA1
ed06f22ff10e0912f50d53bc775ed2ae70f85d5a

SHA256
12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448

SHA512
faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
75bc1c5fc446d0d39b42ab0dcddcd87a

SHA1
a946d232747836340e9e3de5e3e4dac985fc04da

SHA256
022ee48574ae3615bd5d2bb14f2b1cffa77104ff6390f47f9ab0bbdc1c84cafc

SHA512
7d131367b15bf3d351460637a55ad72cfd87834c1e865f470b0d22127d3f14814a12367d607227e215a8f29bb5cabe345e9914fe07d4f7c8b274d80cfba2a57c

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
73B

MD5
7cef4bf7b995564773e94229541dfd48

SHA1
4270195392562f55dabae96238b59d535f5d35f5

SHA256
b599c40c0ae5855d3ebfb7b876a0390274d0432e41e5d58b4f347e941f2bbb1f

SHA512
74c9fdcf8183f798bfc0eaff0bf1b0950a72bce6689e2c00ecba8e98d975a4e0e872f8ea406f400de8f6941fcd56bf75820e044585ddb52df1d9b851cdedceb3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads