403fee1353c5ce52b81d393d0f073e1f8fa3e2e19fca21377958b869e516b21e

Analysis

max time kernel
4070902s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
10/01/2024, 09:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

502ba55d85325fb191556cfa8c8b4201.apk
Size

26.4MB
MD5

502ba55d85325fb191556cfa8c8b4201
SHA1

58b453f5924b5a0b82a79085357c073002f5dca6
SHA256

403fee1353c5ce52b81d393d0f073e1f8fa3e2e19fca21377958b869e516b21e
SHA512

aca320f63c6cebcc3786449b67d82c6c1c6a0fd199c0314622c256342e0559899e7485f229127bacd84346268d20340bbd753ec42bd0b9f6ee7765a0b3b71e0b
SSDEEP

786432:IsrT7H8aMdKTma8X11TK3UZhiUMKkZhiUMKlC+XRCsk:IkH8tbaGk34A3lA3ijRq

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.shener.qulicheng

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.shener.qulicheng/.jiagu/classes.dex	4510	com.shener.qulicheng
/data/data/com.shener.qulicheng/.jiagu/classes.dex!classes2.dex	4510	com.shener.qulicheng
/data/data/com.shener.qulicheng/.jiagu/tmp.dex	4510	com.shener.qulicheng
/data/data/com.shener.qulicheng/.jiagu/tmp.dex	4543	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shener.qulicheng/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shener.qulicheng/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.shener.qulicheng/.jiagu/tmp.dex	4510	com.shener.qulicheng

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.shener.qulicheng

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shener.qulicheng

com.shener.qulicheng
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4510
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.shener.qulicheng/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.shener.qulicheng/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4543
- ls /sys/class/thermal
  2⤵
  PID:4583

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shener.qulicheng/.jiagu/classes.dex

Filesize
5.7MB

MD5
5f9c3c07029b97bcb41a89a928629f49

SHA1
d45cb2378502a81e8186180819e1cd8a44988f86

SHA256
e23f4cda6e9a89c4f925633611e74fa7023bf7af8272aee879aee80b3abde58f

SHA512
6a5dcfbcd8dd7c9c2c140fc14c6dcc563854756fceec079eb4a7c39efcffe971d477d348a08823566599d04001ba164bbf09dfb59c0392b5d79474e778bd3b41

Download Submit
/data/data/com.shener.qulicheng/.jiagu/classes.dex!classes2.dex

Filesize
5.4MB

MD5
1d9c74cb1d9f0afcd0be2529b466bc6e

SHA1
a887d10cc4893ac0785c21d83fbe16567cff71f6

SHA256
e83a24b172807a0fb4f532388da0550336de4f7cabef6d666b96ac164e91d885

SHA512
24b6a9ca37ccf4d29fbf38bed15bdcae2e91881044cd82432943d4cd7e050afa492401472065da8b29ad84c926411b10181c28f219773110d9b263c977f3bad1

Download Submit
/data/data/com.shener.qulicheng/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/data/com.shener.qulicheng/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.shener.qulicheng/databases/okgo_cache.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shener.qulicheng/databases/okgo_cache.db-journal

Filesize
512B

MD5
84e11ddf55425b8e48a1de3856ef8877

SHA1
a7d72b9be7df2557cec3ea40ca27773107c6050f

SHA256
e2ca279131717cd1a6d6ea5bfbd1503c6619d04a54283bc39c6e19d91f7d7300

SHA512
77cad660ee0e8d8a9ad22fcb88b8739435f7b5f357d6b930a546d3d6b05f759b9ffda4eb9a40626a0564f266a8fc536b7183565a0e42eab97c523cc599edd789

Download Submit
/data/data/com.shener.qulicheng/databases/okgo_cache.db-wal

Filesize
16KB

MD5
2833ec4cfb59aad03d53dfc8f868af00

SHA1
65de566256dff792ed1d07475201831d04bfee77

SHA256
d20d85c9d280d14bdf7549884fa067ce8da259d081b80f9853f50ce8867a9895

SHA512
4cc370101f56794a850f9df70ccb437f0b406960bfc2e0568f126cd7a237dbb7e750197ce68c4f2b112033f6139af8445a5b9ab9ef9801c9fc1a24b844f6d986

Download Submit
/data/data/com.shener.qulicheng/files/.jglogs/.jg.ri

Filesize
307B

MD5
1b0259c059b9c7a6a2f79d5222daed23

SHA1
1306626a18f9e2d3fe9180b4e3a2d2e67d8ad840

SHA256
a14cb3b6df403361075f96a2dba2e7bad0b03fdb191a18d0e7f18fedf9ba353b

SHA512
e8b250e6e468b18c230e7596bd6b50d036df4c56a1dcb55e17c9a318cd7687fc0c4e0c561c8c43b51fe1b2e9a4e9501c272179ca7db4daaab4f6922af8a5ca31

Download Submit
/data/data/com.shener.qulicheng/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
9880eaf2e3fb53d1d2804dca1acd2d82

SHA1
e1331fecd8401b71ef77c313141fbb36fe90006c

SHA256
a1327a183e395b92d84b946d146d47736bedff74841c758e9472a62c9fa164be

SHA512
386b7ecc5ae23d3d112336008b95550c9250aea49850ff5f121dae4ad1673be55fa513581d81fef4d4f93325fb2b2f6f6bb2278cecfb2905c9b6e9d5d503e278

Download Submit
/data/data/com.shener.qulicheng/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
7ec7e25156398a4e2f85c54e1fe3d77a

SHA1
0955ecc4fbd57d86bc987a7946e1b8efa6e586bb

SHA256
822d9eea3433e09fb7e697abf4ff8b906fdd8ad264f22db4c9b45a7d3c7cbf63

SHA512
6f03959e14dae95c720fc6f138f29c4219952b0c0ad133541b7c22df4b21314fe2883d1865ba8a6dc6743cfc6c3dadd9b0685df7add4a7015b15a0bb2c3bb491

Download Submit