Analysis

  • max time kernel
    3880421s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20231215-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20231215-enlocale:en-usos:android-13-x64system
  • submitted
    08/01/2024, 04:16

General

  • Target

    4a69ebf62a54dcdea0a0677828fa1a5c.apk

  • Size

    8.7MB

  • MD5

    4a69ebf62a54dcdea0a0677828fa1a5c

  • SHA1

    3ae2fdda5f450337ad4663bf9b3f1c794457cd24

  • SHA256

    98236fa9c330434da53e7dee5568213834921891e48b902a1a7ffa5a249cc4bb

  • SHA512

    c280a9cac89a080a95aa89b64393fb3ffbdea4cabfb01373eca3cf6262894ea818ac6d63dbc0085eb06eea97a04790f679a496b8f37431d47a18602c3b7c6d56

  • SSDEEP

    196608:wKuWp6SBx2PdjbORDYVw0SFunl+2QEi2qK4GiD:wjdamSFunl+2ji2qKyD

Score
7/10

Malware Config

Signatures

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.charm.guard
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4231

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.charm.guard/.oabugaij/.fsgkea

          Filesize

          1B

          MD5

          01abfc750a0c942167651c40d088531d

          SHA1

          d08f88df745fa7950b104e4a707a31cfce7b5841

          SHA256

          334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

          SHA512

          d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

        • /data/user/0/com.charm.guard/.jiagu/classes.dex

          Filesize

          8.0MB

          MD5

          688d6ba253ecbaff84e7970eddec3b1e

          SHA1

          02ab62864f8647bf631423df3c526a1da2a09963

          SHA256

          c06d8c4096525f6a2ca432940fdf8c9bb0b2ac7d70bb1de245683d7fb53585e8

          SHA512

          807a776a26f829ae8dae0c84e6a8e0c25a4f8970a54c5c6fe548c8951070768abce0ecd7f72f6f0a532ea96acddbce7a1d3d664a2293bca6614ae6004c08a2db

        • /data/user/0/com.charm.guard/.jiagu/classes.dex!classes2.dex

          Filesize

          4.6MB

          MD5

          13ed86c05ca106a5428b70bc954893bf

          SHA1

          f0a758c2e988a31417f02e3b251dc93152c19219

          SHA256

          2bfd6e69f3ddd6df6200df1e22640777ef24b23e9db2876b15fc573ed6d78852

          SHA512

          5d643a61d70e5c400f1810b59810fdfea88c6af14260bd30597f48fcc7dff3e54b0e3fdc4cf5c68761165f31dd837f4ea60e4dda806181414bd054dbc81b0190

        • /data/user/0/com.charm.guard/.jiagu/libjiagu.so

          Filesize

          63KB

          MD5

          ab3082f1b901e3e2018750e55d7116fb

          SHA1

          c92e11d792663916939846d0f23f4d2870c5c531

          SHA256

          2aa120fef404ea25119c4bd8a952e3cd2826f413e637892fe5e9be50834f70ba

          SHA512

          5741f99cfa0b9ed9af47294b344f6b8bb8b51ff1689c8e795d16163012ec63208baae4fb485cc4d976d82799a504d4f0d23b5d350041c8fd2506d3289727448e

        • /data/user/0/com.charm.guard/databases/ua.db

          Filesize

          40KB

          MD5

          7922bb0ea4498ea33da5c1b9a76d1c58

          SHA1

          7b202fec78249284e1033287b14608dd8cf2b39d

          SHA256

          d0d533814b0aff2e6615d15e7c3379132321eee1eeec64cd01627006fc00d436

          SHA512

          020acaca076a37abf4784be5ecc7e53644bdce442d7d825b58149f000d1537e87f46b6b44a67ab8f7c8d7695715f8872c8496baba7ac18db09cad6446e9efbe2

        • /data/user/0/com.charm.guard/databases/ua.db-journal

          Filesize

          512B

          MD5

          b107f28f89166699457285d18f687631

          SHA1

          e6feb909d8263233ddadc3c38169f921cd6e43ba

          SHA256

          2573c205fe200846984b807801ff108bad66e579a40277a66c652bf3b80bcd38

          SHA512

          90b6d2440866fd1a6c2181b8d139da3ab3a3f6319060ec311efb20e4a5a247796bb6ed75f69428fb55985d3cfdaaf39bafbf79321af408e9daa3aa0ff28b3266

        • /data/user/0/com.charm.guard/databases/ua.db-journal

          Filesize

          8KB

          MD5

          57483f18966221de90a4f6cfcf8201df

          SHA1

          8a167a9550738f17ac9d73c189c9089d9a1b1387

          SHA256

          e2bdcfeef2928a5e7f86f8dbb029f1ee8f92b21367949e0b0cd3ea3b22e7bd33

          SHA512

          cee00cf99fe57afb2bf300ea4fd15a656f151700bfa1a08d18eb0e233c2af20492c532368e132d01bd48c365fbceec53c48894a55ddf314fe81ca8350a7cbbfb

        • /data/user/0/com.charm.guard/databases/ua.db-journal

          Filesize

          8KB

          MD5

          99292ce9277934c4286043322a028543

          SHA1

          ba3a4405c7766c87b0bd6291492320ad8371bb41

          SHA256

          e35600730f66e00ddba58069c02f3eb29b0a4a81461e27106496775b199e4d82

          SHA512

          974051922f440ab880bcca17117a35e064cdc01c6a666792fe117f726eeb6f996af3d69853427508bc2a0a53c598636bb39fc948c4ad43f99c8f51477a89b92c

        • /data/user/0/com.charm.guard/databases/ua.db-journal

          Filesize

          16KB

          MD5

          277d841c142fba86753b2ecb22d4066c

          SHA1

          7b8bf24685ee8f3fe9059031fb4714488313358f

          SHA256

          6a5d9a9b45613e26eb327c36777ed5e173d7d32346024d3efdf0aadaf3962511

          SHA512

          e6f18a83d7b8a8755a233199719ab33ad97dfec08e15ae26fe7bface4df7fbd9a94a7a4d0d3b812cc001df5144498bcb23109fd8bc2ba675daac5be0b96d24b3

        • /data/user/0/com.charm.guard/files/.jglogs/.cl

          Filesize

          32B

          MD5

          069441a3fc54cca1712a2e5df80d7b6b

          SHA1

          5e91d593123d58d118de297409b7767186264487

          SHA256

          6474ce3dfa7163a26aaee71e03229676df925c40bc72b03be1d1ed5c24efdcea

          SHA512

          952e6326e9e036251e1a19dc320f2c9626fa89114edc500bf67d7dc53607b7610a998c982c0a14fa774b29cd4ea96e9649ca53942b7bdc4eabc187520aac7781

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.ac

          Filesize

          32B

          MD5

          b39e54e49797c995fe34bf62b4882d17

          SHA1

          e16add4955875311f445e47265d8b77aa68c8d28

          SHA256

          a63ba0873f380359a083cf4aa3b83dfa40039f38c0fd258ab841981ca5304dbc

          SHA512

          ff35617a848799607a044aaa2688693796c97740c3075a90802c9a6f3172d774a45f0021cdb37a943faec7627d52010f5381020ff3d8d0783823cbac30f7a7c3

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.ic

          Filesize

          32B

          MD5

          f20f4961e89c23f712cbd9d6042b5977

          SHA1

          509b73c6d6faab2039b5605ee9cbc2aa2b13a557

          SHA256

          6ef19e2e20538b30345a82957d0ec37efddf22c017693bd2e26ffb99abc085f5

          SHA512

          f2c7d05d0d91bbd571441532aef3e25191fd7f8e246605a10cd73183ca7811ff98bdf32da77912d2e25dfac337c6c3ab16013af0d89c1774f12fdc1bcc20d768

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.rd

          Filesize

          32B

          MD5

          a8816d6fe3561e387d6fd23044e1188e

          SHA1

          e0de618f82e3ad480bdc20f513af276244d57c49

          SHA256

          c7d1475d480f836adb530f497b6597cd0e7150a3298999c834063fc80a113b8b

          SHA512

          d4f1e6aa335c138722406b7e8c74cc08547ae6e316a18cde278718bdb574a3325f9d9343a8a7cb02f750a726454ce8f8d53971dd65ce036f943c0cb259a9c21e

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.ri

          Filesize

          307B

          MD5

          98aec6859e5eb198cd2cf54c07bcae93

          SHA1

          b46369bead93e8b236f6d2cb6b2d60e5f7e49434

          SHA256

          c4f7f63ac45b5bbaa6e8dfd6ac3aae127d970ccacd521101b545a808a0527019

          SHA512

          a54b6ba9478262ff35e7602cde610218492bca1731661e781edd37ba48670f45cdecf6cc9ead013bbb16df42c8d8eb3d47c6d85315391bcce004969c534b6a3d

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.ri

          Filesize

          314B

          MD5

          b6abfd39c0bb94a41fb781da2a42fb6e

          SHA1

          19495c6d8a6649c9db236651568503d8eb131ece

          SHA256

          04b2fc3e5a4ea99207ad9f615025586d693ed9c419b95a8658523ec5e592912d

          SHA512

          38b9e6b182ae8eb3d786d0c4328ff6281dbf79f923980e9d72c7ee9c9c55cf19d306a46b468c4c9bb3df07748819e6b1188e2f84afb20237b87ffa3adda259a3

        • /data/user/0/com.charm.guard/files/.jglogs/.jg.store.report_pid

          Filesize

          32B

          MD5

          a840c5a793d49940b43314608db57b45

          SHA1

          5458a7e6b39b0bb77b1a9853bcbeda0f108513d9

          SHA256

          e2b3869eecca6c561f22787253fa77ce5a248363a93e6ddd601cdd1ab1092042

          SHA512

          4f7dcc4c00eaa25d4f3ca04fbf9c3d9fda3349707c05259195de70e235b731feacea1df4986e36139003ba96466e2561eaa7f5526f7f3eab3ed59f76f85bca09

        • /data/user/0/com.charm.guard/files/.jiagu.lock

          Filesize

          27B

          MD5

          14215ec964d6fa42efe5a29559e9a0b6

          SHA1

          5bceb8a86f50e23012aeadc969511e6f5bd6125c

          SHA256

          f4e91d7c2c0d56a6ef1954a80fa09c5d5555b7ba5e092df062775eea1a2b8ccd

          SHA512

          4313bea7f80fcee667a954b9f002a95f8014cf55aebc8d2c41ab6ab44101c3cb24d07ef11758e643a0885de312b6d086c76432e8fbe3fd3980a9fde0243e86b5

        • /data/user/0/com.charm.guard/no_backup/androidx.work.workdb

          Filesize

          4KB

          MD5

          0eb157e1a86d4d00aa601dd2f6ff3ee3

          SHA1

          fee434f784e73cc7916322e949f727caf8363102

          SHA256

          b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

          SHA512

          b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

        • /data/user/0/com.charm.guard/no_backup/androidx.work.workdb-journal

          Filesize

          512B

          MD5

          19a7dd6626ca4ffecc4a28f989eed243

          SHA1

          561b49a418fa8ade6ae9d7370db4b8afb05f680b

          SHA256

          e61252da465c133f9814fc8db4567d5c52a03b93f440d76cbebae8f53e361354

          SHA512

          28a61c731a7abebd17518d8ac4081615d2483ff5c474c540149f7181976a7572ea43d29abeda1a5ced59255b5a22f1aee0682c5a108f5587c64e8b087aa425ff

        • /data/user/0/com.charm.guard/no_backup/androidx.work.workdb-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/user/0/com.charm.guard/no_backup/androidx.work.workdb-wal

          Filesize

          16KB

          MD5

          c768b6e2e1108ac63874f3bc552ef7ec

          SHA1

          10d55aecd86f6b65167e018ed9a192bf88e393e2

          SHA256

          0e386aa37dc8b4ab44b38d16b9d9458634fc8db76bc13724bd503cacd7ed9ab6

          SHA512

          1b1c50a315798afe94cbbfed58901f221985a44bdad11352a8e15c535e43c4e63f0c0554226c2c755ff365898ab7268e1f6dd72789c4d4e9b58633332eccbcd9

        • /data/user/0/com.charm.guard/no_backup/androidx.work.workdb-wal

          Filesize

          108KB

          MD5

          0de8e50d168d75acd25b81f70cc80473

          SHA1

          f1b9bb834f06e4876ab91c57b01d730f576df85f

          SHA256

          dfb918d0d0b103649842026c3d4fa93868b8c48d1dcf476ba09315d05a7b461e

          SHA512

          5c20d079525bada72905e28020a1e65efd12d70c79eee5232c21ed15687da43f614afca047e8065447c9b455909fadb9a67fd537c25f36f99730cfb11bfee3de