Analysis

  • max time kernel
    3880413s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    08/01/2024, 04:16

General

  • Target

    4a69ebf62a54dcdea0a0677828fa1a5c.apk

  • Size

    8.7MB

  • MD5

    4a69ebf62a54dcdea0a0677828fa1a5c

  • SHA1

    3ae2fdda5f450337ad4663bf9b3f1c794457cd24

  • SHA256

    98236fa9c330434da53e7dee5568213834921891e48b902a1a7ffa5a249cc4bb

  • SHA512

    c280a9cac89a080a95aa89b64393fb3ffbdea4cabfb01373eca3cf6262894ea818ac6d63dbc0085eb06eea97a04790f679a496b8f37431d47a18602c3b7c6d56

  • SSDEEP

    196608:wKuWp6SBx2PdjbORDYVw0SFunl+2QEi2qK4GiD:wjdamSFunl+2ji2qKyD

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.charm.guard
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4202
    • sh -c ps -ef
      2⤵
        PID:4317
      • ps -ef
        2⤵
          PID:4317

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.charm.guard/.jiagu/classes.dex

              Filesize

              8.0MB

              MD5

              688d6ba253ecbaff84e7970eddec3b1e

              SHA1

              02ab62864f8647bf631423df3c526a1da2a09963

              SHA256

              c06d8c4096525f6a2ca432940fdf8c9bb0b2ac7d70bb1de245683d7fb53585e8

              SHA512

              807a776a26f829ae8dae0c84e6a8e0c25a4f8970a54c5c6fe548c8951070768abce0ecd7f72f6f0a532ea96acddbce7a1d3d664a2293bca6614ae6004c08a2db

            • /data/data/com.charm.guard/.jiagu/classes.dex!classes2.dex

              Filesize

              4.6MB

              MD5

              13ed86c05ca106a5428b70bc954893bf

              SHA1

              f0a758c2e988a31417f02e3b251dc93152c19219

              SHA256

              2bfd6e69f3ddd6df6200df1e22640777ef24b23e9db2876b15fc573ed6d78852

              SHA512

              5d643a61d70e5c400f1810b59810fdfea88c6af14260bd30597f48fcc7dff3e54b0e3fdc4cf5c68761165f31dd837f4ea60e4dda806181414bd054dbc81b0190

            • /data/data/com.charm.guard/.jiagu/libjiagu.so

              Filesize

              562KB

              MD5

              d141f6661f27d70822c7021d752d8af6

              SHA1

              e545f7442dca4490cb67b745f6f13ed782b1971c

              SHA256

              e0313c66404c4fb7d023824265ae5a922079d422509d4b59c6fe45632c60146a

              SHA512

              0b2a4c540c077ed93561f249baa75a65344e75dbfaefdb3a68c0d653d79bb5152fcd42c13f34a87b09583f33f1a40231b4f31416b73c323859885374ca0667f6

            • /data/data/com.charm.guard/files/.jglogs/.cl

              Filesize

              32B

              MD5

              069441a3fc54cca1712a2e5df80d7b6b

              SHA1

              5e91d593123d58d118de297409b7767186264487

              SHA256

              6474ce3dfa7163a26aaee71e03229676df925c40bc72b03be1d1ed5c24efdcea

              SHA512

              952e6326e9e036251e1a19dc320f2c9626fa89114edc500bf67d7dc53607b7610a998c982c0a14fa774b29cd4ea96e9649ca53942b7bdc4eabc187520aac7781

            • /data/data/com.charm.guard/files/.jglogs/.jg.ac

              Filesize

              32B

              MD5

              b39e54e49797c995fe34bf62b4882d17

              SHA1

              e16add4955875311f445e47265d8b77aa68c8d28

              SHA256

              a63ba0873f380359a083cf4aa3b83dfa40039f38c0fd258ab841981ca5304dbc

              SHA512

              ff35617a848799607a044aaa2688693796c97740c3075a90802c9a6f3172d774a45f0021cdb37a943faec7627d52010f5381020ff3d8d0783823cbac30f7a7c3

            • /data/data/com.charm.guard/files/.jglogs/.jg.ic

              Filesize

              32B

              MD5

              f20f4961e89c23f712cbd9d6042b5977

              SHA1

              509b73c6d6faab2039b5605ee9cbc2aa2b13a557

              SHA256

              6ef19e2e20538b30345a82957d0ec37efddf22c017693bd2e26ffb99abc085f5

              SHA512

              f2c7d05d0d91bbd571441532aef3e25191fd7f8e246605a10cd73183ca7811ff98bdf32da77912d2e25dfac337c6c3ab16013af0d89c1774f12fdc1bcc20d768

            • /data/data/com.charm.guard/files/.jglogs/.jg.pk

              Filesize

              32B

              MD5

              9e49174d58fd344acb6fdccd31360247

              SHA1

              7e76bd89096f9f1cf124c67b712ee9c7fcc80c21

              SHA256

              4d977ff2d95d91b6053b099bc0d33a0a07c005409f9f3e5e4a290ca4340c21db

              SHA512

              4faf1bf914445558ea5c20e5285c7861fc9432aca4a8ef961d3abd0060d6a9a9f0666c71016a8c92ea75acd6e85096e8f70a5bb937fa339c4bfd38ad3ab02424

            • /data/data/com.charm.guard/files/.jglogs/.jg.pk.h

              Filesize

              64B

              MD5

              f309d61bff35f9e63c5af590672a0ab6

              SHA1

              35cee5ef1b511314be3d336828b9202e3d9f9557

              SHA256

              a157624741059cab581838aa547ada725c9aaaddbe1102a33b6a8931ecd9a221

              SHA512

              26305baeb3fd7f0e0a7f392360271a93555b488c141922416809cb30f0f851b4b9915b34a04c1f3384effa2f5ad60b43d7f3978d39170064c9ecda7b4b057d87

            • /data/data/com.charm.guard/files/.jglogs/.jg.rd

              Filesize

              32B

              MD5

              a8816d6fe3561e387d6fd23044e1188e

              SHA1

              e0de618f82e3ad480bdc20f513af276244d57c49

              SHA256

              c7d1475d480f836adb530f497b6597cd0e7150a3298999c834063fc80a113b8b

              SHA512

              d4f1e6aa335c138722406b7e8c74cc08547ae6e316a18cde278718bdb574a3325f9d9343a8a7cb02f750a726454ce8f8d53971dd65ce036f943c0cb259a9c21e

            • /data/data/com.charm.guard/files/.jglogs/.jg.ri

              Filesize

              307B

              MD5

              b71e1a9c36f489ef54c180157dc6a7fa

              SHA1

              1daaad692b1990eaeff5b7a3d8d98a3c89f0797d

              SHA256

              6139314e34b30ea2b9c4fcc240da1f3beab7fc866288ff60066844a0c39d2f09

              SHA512

              260c48b963ac8cd6f47591c22c97c448c1f533fd37bf00d8099ba77c6a7c1d865b42c4a7213e615b8807f2d0c1e02bb160c9faa8bd2c4a21c7f44b62df89d66d

            • /data/data/com.charm.guard/files/.jglogs/.jg.ri

              Filesize

              307B

              MD5

              6e361bf28466b7a572f8f8a0c7f3e4a2

              SHA1

              83cddb5885925db23bc43b694ffa2b345a3086a2

              SHA256

              1ce4b118c7c0b1741431801caa29b1ffb0a1317d5656d81b8d77a7958c0c8072

              SHA512

              d704659e668ff4e0aa9e91639209af1cda4c7fb4e24254818d5a3a7402a8dbe91a0d7d7f11fbcccc51b04f31fd9cb7c0baee6b75b689ca35ed8bdde4e445cc15

            • /data/data/com.charm.guard/files/.jglogs/.jg.ri

              Filesize

              314B

              MD5

              963d31f49ce46fa99dbc868cebbcb971

              SHA1

              35cd8d1db2f4c62e1bcc741711fcad761553ce24

              SHA256

              b585450b838a35cdc996ef20d8caaf64c850db81381e8435a8e50bb70abbeec4

              SHA512

              c616636fd3bb0ae57ebae7eea4ff30caee3a94cf7789389cfa1dc37c5d40a98093c0c64ef141d49e0c8f185e718b8233cd4934df4424bf3c7f739b7fbbc14baf

            • /data/data/com.charm.guard/files/.jglogs/.jg.store.report_cf

              Filesize

              32B

              MD5

              4814d63b5a64f7565e6ded7daea31d9e

              SHA1

              f12a30c5651faa9361bfc33843c816e98b3848a3

              SHA256

              745503df22304a5a831c8ad79268aa912c2b1a2d4426c7d07197b35844868392

              SHA512

              3472383463b64c42746f9c74b61f85244bccd3a52c54464fd14c1ae4d3009440219797bf72511cab8ce461b4f58e8a4abd6d8f20f57eda1ff45601e4bb18a885

            • /data/data/com.charm.guard/files/.jglogs/.jg.store.report_pid

              Filesize

              32B

              MD5

              a840c5a793d49940b43314608db57b45

              SHA1

              5458a7e6b39b0bb77b1a9853bcbeda0f108513d9

              SHA256

              e2b3869eecca6c561f22787253fa77ce5a248363a93e6ddd601cdd1ab1092042

              SHA512

              4f7dcc4c00eaa25d4f3ca04fbf9c3d9fda3349707c05259195de70e235b731feacea1df4986e36139003ba96466e2561eaa7f5526f7f3eab3ed59f76f85bca09

            • /data/data/com.charm.guard/files/.jiagu.lock

              Filesize

              27B

              MD5

              a2039497f5f1795fc395402b35f77345

              SHA1

              91867a1fa8a3946d302b60e3530901d6b170e90f

              SHA256

              423ee9918acf61882eaf8f47d27ab3e14b44d08ef3a57cbe4350f620920e2e79

              SHA512

              69a53e2ebea3e1cf962c57f26f5c5e4030daa1af049312766bf7669a90074bbbca5a74b5cbc021879f574e6dc29b3bc7a5dc92d632d1e4fa061b6f5d327ecf8c

            • /data/data/com.charm.guard/no_backup/androidx.work.workdb

              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            • /data/data/com.charm.guard/no_backup/androidx.work.workdb-journal

              Filesize

              512B

              MD5

              9c9d9e6553515a5140e46ff352c5241d

              SHA1

              bd92842d36a253a1cd2ee38e9f6bac56d1aabe68

              SHA256

              e54a390e144d688748492520825eebfeebc33e3c02872bf5c92d6a7e4458bad7

              SHA512

              934b67f7f95991e7d6e8a195c826e8d3c99c1ff77843ed346ec1255da568f84abed9da9718ad7218a6ce78bb948694302f797defae93e4d5c570864847291793

            • /data/data/com.charm.guard/no_backup/androidx.work.workdb-shm

              Filesize

              28KB

              MD5

              cf845a781c107ec1346e849c9dd1b7e8

              SHA1

              b44ccc7f7d519352422e59ee8b0bdbac881768a7

              SHA256

              18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

              SHA512

              4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

            • /data/data/com.charm.guard/no_backup/androidx.work.workdb-wal

              Filesize

              16KB

              MD5

              7cb22d73269127382dbbeb78a4006f99

              SHA1

              27a4f1a74e3306a06bf970cfc73f9e5d3a788f7f

              SHA256

              218dbcbe6e520616fc32d9598794407ffb02fb08feb7170e483fc20bf56a77d2

              SHA512

              ab3a8c09ac98a21a30ea4b1ad44077dde492d21a6196dff8175cd08f985425824ee2ae163b81ed55470a39cc3f9b9601b2df8535858c00a83086de48ca8a113b

            • /data/data/com.charm.guard/no_backup/androidx.work.workdb-wal

              Filesize

              108KB

              MD5

              10d956cee9c784ec0f617cc3133d5486

              SHA1

              e4567bd0e8558fdb786ecc04c4203288e3dac185

              SHA256

              a1921a38d159f0e6cb6986c0201c1278372bc14f2bd27dade395386989789275

              SHA512

              3510cb4ff9748446938cd830b03afcfb3d565d8493e066827a0827379b9147974c1089b402206fa39edd602946ac6303faf1366383cf31934ac2cbbc4ab7e1d9