bf9282b381fe0cf91baa36f13268e88a7cc613b00cc1b47f2e43a4d8362dc005

Analysis

max time kernel
3676576s
max time network
153s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
31/12/2023, 06:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2be3ea5365a1a64479f1e3f816cea63d.apk
Size

26.1MB
MD5

2be3ea5365a1a64479f1e3f816cea63d
SHA1

0b6c63afaafc7b2e916081b577a55994aff8f9de
SHA256

bf9282b381fe0cf91baa36f13268e88a7cc613b00cc1b47f2e43a4d8362dc005
SHA512

02297abf6de3650c33665d35e6b909e784252e93c1cd093e0a8836711304af516d0cea1e8b34cbc973c83a73b8a07eb52d1fa61862a704c28bb641f9b45d2757
SSDEEP

786432:YDUsKOEce6lidKiKDn1cnPMUA3FPQV8gwn8uLK6:4UsToZKiqKyhQO7nb

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.example.starworld

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.example.starworld/.jiagu/classes.dex	4982	com.example.starworld
/data/data/com.example.starworld/.jiagu/classes.dex!classes2.dex	4982	com.example.starworld

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.example.starworld

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.example.starworld

com.example.starworld
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.starworld/.jiagu/classes.dex

Filesize
6.0MB

MD5
0631f0ec6518e919c5acc160bead2f28

SHA1
a3d742ed166cbcb6a0965733b4261b247853152f

SHA256
e2ec77ff2db5451c8aa099731885f34b677e8e7536710d555fdf7a2d95ad90ae

SHA512
50ad6131bf11831af42568ffc16bba2419523c8c21321f4c7dc8249e3c6e5c0d0a83759243f0dd2bedd933d92c9afd0b752579deaa46683d39f0e2157774399f

Download Submit
/data/data/com.example.starworld/.jiagu/classes.dex!classes2.dex

Filesize
5.6MB

MD5
e916d300a35a383fef24aa48d7c23cee

SHA1
3d5ab8d1ea6854bde5ca1d80a2baa6ae4d2ad3ee

SHA256
dfcee7e566dcebcb2cc9bbc11edc8c85b6f9051877f42b7a89fc5e3336d4a90b

SHA512
d37c867e843b385cf08a446c8ef9de05e625b4e8cd60c1cc6632e6de561d34d39e6a326cb3e4b6431d7caa337dd5f80f24cfb2b98165c9b7ca3378172e673b59

Download Submit
/data/data/com.example.starworld/.jiagu/libjiagu.so

Filesize
562KB

MD5
d141f6661f27d70822c7021d752d8af6

SHA1
e545f7442dca4490cb67b745f6f13ed782b1971c

SHA256
e0313c66404c4fb7d023824265ae5a922079d422509d4b59c6fe45632c60146a

SHA512
0b2a4c540c077ed93561f249baa75a65344e75dbfaefdb3a68c0d653d79bb5152fcd42c13f34a87b09583f33f1a40231b4f31416b73c323859885374ca0667f6

Download Submit
/data/data/com.example.starworld/.jiagu/libjiagu_64.so

Filesize
573KB

MD5
42abe73319c2521e0fbda052b9d5f1a8

SHA1
9ba99e9d00782c0cd94cfee590dc5f540c14c737

SHA256
7f33251c6ad0df0db7d313803a1339cd2ee1ce91f832fd7b0bbc651bed74d32a

SHA512
0a5362cd28aed0db67bbda3e12e8afa24ec0edd722df732d3b8c645c6351b1864909be9eb155da2ec195ae7d4c42e0bc0b1db083232cac82e39fa4c79dee1792

Download Submit
/data/data/com.example.starworld/databases/MessageStore.db

Filesize
36KB

MD5
15669eb47bb19111cb64fa7508b227d7

SHA1
c7585424afeb0fc7051697b771eb3d81e0e3aae3

SHA256
ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071

SHA512
13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

Download Submit
/data/data/com.example.starworld/databases/MessageStore.db-journal

Filesize
512B

MD5
18aeb9563ad0ba72cf7931bc26b8da02

SHA1
23bcdaa7ea8f78f84c4a51a3afb11b6087a89b15

SHA256
3783d7eaeb50fd43ce8e47c7ca5dba2905377f497fdf5f3fc8126781cdcc0de3

SHA512
c2ee8062ed9f5e0bb96f9e1e81e4f1109cc9ea46215a7e9f8751f2bc2b4fe35780859760c296d1ac3bd51b6fae03fbce97efda92f3d27435b667da2bb779bccb

Download Submit
/data/data/com.example.starworld/databases/MessageStore.db-journal

Filesize
8KB

MD5
66d175539dff6ffd82cf590b261a645c

SHA1
bb79a0e4a524d715f8923f313d73309f8b0f8780

SHA256
48642744931225b5645d8a938b27cacd2c1b938f24c4fb3f89de0a491b9c14f4

SHA512
d204b21f99f8f6ae7ed67d6b4837785ae69e0ac1c6182d5792b0854d680492bace80f9b141db11eac1d9fea9ead76834b85e9340ffc9c9712f2de82897ec1bd7

Download Submit
/data/data/com.example.starworld/databases/MessageStore.db-journal

Filesize
8KB

MD5
ab225ca1b65dca93f656f97755b04647

SHA1
48d0bd8eb37d5c566c92912c66b0fec6113d9dc4

SHA256
a0531e28a4bc8071251a88423e1dea4aa6a604a25ab3d68865aff714f2d974a7

SHA512
1023d42d7594491d7cb087060a7e1d4f560bae526c081591847b4b05363a626b9812dfd4f1264b43d3571f31105f85c8194df92a9789558a914611ec86bc126e

Download Submit
/data/data/com.example.starworld/databases/MessageStore.db-journal

Filesize
12KB

MD5
392746647d5f1e9304a2e297d25f8281

SHA1
0b303b2c91e5dc130c60a7df1ec25683406c63ad

SHA256
5a7819dffa61c72b88a8c660ff556e63c57a65738ed955bd44be159918c6454f

SHA512
598d91f3549cbfab5446a7a3580ec52b23c20af91f6f0f45f6a119c455b8d8b42eaa199eace0c95911544c2e7e3c4e75c6c205962af4c4f480d4e24ace4ae4a4

Download Submit
/data/data/com.example.starworld/databases/MsgLogStore.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.example.starworld/databases/MsgLogStore.db-journal

Filesize
512B

MD5
178ba8d84c45b5d5dba302ca69dfca5e

SHA1
5aded39f5601225ffc807d2caadb25d913c3fd04

SHA256
77f377fe1e0baac8282c36ec5dbb48cf57ade333dde0bf0df52e8191dec316bd

SHA512
230f503ff6bf6d8604bcb6f82b6b5346cfe6a8d8b053b6511957e9769d17961df5cfc9a11ecedde72d5e49b6592dd0c14b086b22a7b958cf466f04ceff7625ef

Download Submit
/data/data/com.example.starworld/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
1060620b05b3aa1551dc2b0f84dff7dc

SHA1
81ff8abffe4e0ef1cdfcca4fc7500671c23f29b5

SHA256
b5e6ecd277b0f6ec893c38c02e680166776d63382b308e9118c3269b653e2c7e

SHA512
6b7fa6d055ddf35798135187775948f7187d93276237cb89901a750d9017d4de144f35d27e5527e1495cdd20cb47a5267e0b454492dd85200ae9eaf54b2f4c92

Download Submit
/data/data/com.example.starworld/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
0a8214233ed801886907dc5a9c8cdea6

SHA1
956f93427a086764a8cdbccc696ff0454b89d605

SHA256
0dcb9c6106f64c3d541aad7b4c7f20471586592d4ba84619cbeef72dfb21b573

SHA512
11feaf365207b682cc5f3d8333842334cb196a7f58dda527c2b2c2409cdf7d513b9fe43ebb3ac4b8f9dccf1417d41debd935b23216a19a9289086248628a41b2

Download Submit
/data/data/com.example.starworld/databases/accs.db

Filesize
20KB

MD5
d95e1280cc553509d7b5b7851398db12

SHA1
121eb76ea37f3407d0f3b56392f6f67893fbe649

SHA256
58e0eeb309805e54342d5ccb3f9006751543d5a1306898dad2c09048b294153c

SHA512
f52c432894144ad581d36d447ed61ac50485dbc931ddd9b2ba5ce399642dcb361502e6492f28e05dc7cdbd5f19126bbc6cc09e62586b73bf449da950a6de1284

Download Submit
/data/data/com.example.starworld/databases/accs.db-journal

Filesize
512B

MD5
5a13b5e891693d565aa4f11fb35e4656

SHA1
06b923f9cb45a9b3f1ce9fd770031c1169deebff

SHA256
6a885e5ec59fb24d91b37a55a7715688146b162ed0419fd216a89c0118a83f73

SHA512
12a6795e030859365751eff674ff210b73c89fbe97abfc1b86c3fdca95692058e37d1b90a789368a84f68609b64b8b1ec257664934024803b93041e0cb3a9d72

Download Submit
/data/data/com.example.starworld/databases/accs.db-journal

Filesize
8KB

MD5
461bcbd1814be0c49a550ce583206929

SHA1
46dd9a578349744dc606f8ee5d2130500f01a088

SHA256
16593633d0df08e21e8d9922268b76c0151a5475e22ab3a4fe56da36e65aab74

SHA512
3fdaa72ff8132ea0c1cecb138b720f8cda13d8e25c8ee04256cfb59dd785b00206c89f77917410bcb30f9dfad225764ccd7fc7661df03636b63a8128112658e4

Download Submit
/data/data/com.example.starworld/databases/accs.db-journal

Filesize
8KB

MD5
c924d0ad1062c32b0b5bb2822bdd051d

SHA1
bd066256069d06a3bbfacaa1aaf6924fbf8e0d80

SHA256
baa9fb13d55131185018e727e4f35d82f37a5cccbd8f5add1573919021b827ad

SHA512
8eade415c1f378c0fd46c700749d4309218fd26045e41f9143f653573cb5369c40044b2913dbcec6fb1295bc29c80f0de215947d47036bc36485bb70dda6e20f

Download Submit
/data/data/com.example.starworld/files/.jglogs/.cl

Filesize
32B

MD5
c8774588f5d4556ef397a72afdad520d

SHA1
04c0da3682911892dacf468340f2a721926037a0

SHA256
ca28a9987df55572537987b3406d31cd7ebd815c4bcb0d32086f6a3ea2a1fa2e

SHA512
b2bd6dff554527fc55d0054ce40fff54d8a513af7a6b49918f542ec7b5d29bd47ef2d654bc7978f4c9d220c9efb840e00121fe6835c2df252086ef0fc3bbd2b2

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.ac

Filesize
32B

MD5
7bdce143873b4abb289268ffaf1299ba

SHA1
937435849e3134537a1b3d53b62a7a1591ffe361

SHA256
adc0bd2c7081cdbd1df94582d561df764fd354caf3a4141c78606179053efa92

SHA512
e6f6228aea40c4466a90ba3883d6c2f42c05c0ca8be4adb8ca1b25c8c7e1021177525879c22d25fa279eb45b62f1624a6be48f52b1092fd4a8b5bec42513e8df

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.ic

Filesize
32B

MD5
d874383e13cbb8d90e736501427b40e6

SHA1
9b3805f19b925efcfc97277c652aa3805f40fc54

SHA256
4beb1de590d702d8c923d4d69fa4e57a3f56da64c8d2d182b8de551e38777c9d

SHA512
c49cb815a49d22087e249390b83544a4f1549f4ede8f3d6ce7ce745bc461798ba6a63198c4320621a2dec1eac757c420a26afcb044d3290f409364675ba52f38

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.rd

Filesize
32B

MD5
6c807b27473557d10969a66a8f7977cf

SHA1
baed43d87fd124946a5d52771cd1be4fe288785b

SHA256
6b86f5b969fbf1cbb0438b0d87c73b3128f2b1fcf5713a27ffffc3f8c92bdafa

SHA512
5a7809125312843ba84ce8a615ff0a05f5185d2d3ec15a4689fab2337cb31598ca74b250b9973fd99f7226796ae4d06b4a565d3875681caf796e68a66c073812

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.ri

Filesize
307B

MD5
394a06e81552560562649d67dbd8f892

SHA1
bd0e8beba5256057446ad8e4637219686de25474

SHA256
1b393a4e396e5ab377bbe55741b9d04877aa1e67e454294c9d4b34889c275259

SHA512
62f1a3299d4c63e44023aed09bd87f33c2deae681d22e22b5db58b786dbf3aafa26c17c5a8511ba3171a46b09a1daa4048bacc07a5d1c46e3e0817ad2ced04f8

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.ri

Filesize
314B

MD5
f62cc7901e4b0bc0830b8cc1a3f33002

SHA1
e105258eee6d42c2d19d329afa6efc3010a5406f

SHA256
98464b5f91f930b1e4c57b807b4113375ea31de73fe5005bc0862e29947a19c2

SHA512
cc479d20f671e0ed1cccd347dff0158d622a1a40c0bed20eb5efd6398f8fef73d0a46319abffc46bd32c09f5f18fc6a05013dceeeb0cecdc7de286f9c497f4e2

Download Submit
/data/data/com.example.starworld/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
c65c5ddfa40ecb2d831c3026644ee08f

SHA1
755e3b4835508229175a1780ddd512cad8b370ef

SHA256
98f02a49bc05f61edee20f17dca7bf8b03d6b2e1b9b66be2469bb1bde7dcffc3

SHA512
bf67cbbc60cb3f2e24078f338ac881e474e39d1ce547649fa920ffde04c1d0d05fc7e662e540b87752949097a27707fc02217aeb75af69a7d5ebe25920595e05

Download Submit
/data/data/com.example.starworld/files/.jiagu.lock

Filesize
27B

MD5
21a2dbaa4c3f571ab280bb0eb8ee2334

SHA1
f334c60c10b4bff78e328e843a4b966c09572788

SHA256
0007e1e824c093f3abca0383b0cd58d72ee546ed423873ae7b25b102e7b0d73a

SHA512
3c7d8f90c237aacf8aeb20ef794a7783f98c99ed38b2f918ccfd18c13a2d140cb4aa502855fcb4bf1f646fb34a554cd11c02296fa8711b57e7ab091b630e9413

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
5f799c0c6f84e4dc7f2ec38c1c4296eb

SHA1
c65ca1cada3da28ae30784a7c67a31dacbe262ea

SHA256
0ce4d98fcc60bda51f83e48c37237af918e26d2fb7e036cbb8917c27224c2b74

SHA512
9203edae37bcb0e4df53efc01ac73736f6eb9fdf77d6d46c4dd28e67e46e38b75c99f366cb0997618de364471e039b5d37722f5b55062acaea1a9e4c753199b9

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
4b0cc754f2e4e1af0586004178b7fa18

SHA1
73b7fddf90ef2eb4ff42429ccf260b56f32a9945

SHA256
c10fb4eb535da6adf5138fbf7e4aa55abf7180ec0d03036db33c8b2b53545085

SHA512
468caffd550c7e147b4a25b9537dd6a8a787edcd1d0ea286c0e9f955ce165a3ee7be5d99a06f07b8b50e3b4fe6664915f134df7c6ca0c430412a6eeda9285ed2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
5f2bde40a6acdee3f48ef2b6518f08ab

SHA1
d91eed0854e4a61b55d25e04f19364171994e8c7

SHA256
e09f5361197c62b6d9be99addfdb505ac9908a3f4427816dbc79acc42196dca0

SHA512
beafa16266b2278261c6cf1a8171178886fa8c82f8a56920a98494d2457a8cda0af5bee3f895da28afb258c8087495a185c392c10e9b2fe238400fcffc7197ad

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
32457020a2f6bff98e3a00bd36fc83f8

SHA1
dd2c637456f7429db96c10e03f5de26134a0c5a3

SHA256
3b53446f0c527dd0dfa88ff873e7301cd56bd365c11b2b2b9fcca27d98f7f477

SHA512
7a3d422bba01dc825bde5e5241fe959b139967b9cc8d0708b8903de053c856674eb1b37c112ba27ff98a7b0e7736bd904422ed6927a6e9033e795ddc56534532

Download Submit