efad64c824558659d819effc5c82967b70ef727875e5cc206e03d7de0e533d8f

Analysis

max time kernel
105084s
max time network
138s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
14/01/2024, 04:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a4d0e9f2fc81fbe78c9e4f33066934c.apk
Size

6.0MB
MD5

5a4d0e9f2fc81fbe78c9e4f33066934c
SHA1

3b8407e6e8ee4b9983a6ec1943ceab3bf277c06b
SHA256

efad64c824558659d819effc5c82967b70ef727875e5cc206e03d7de0e533d8f
SHA512

98174e1c13f409399148e0f16b15d9add1c220a4f760574e32de218076a63e3c7784af21f1b3267ac469c8d2803bf9712a6a10536e96a60f90cd001086b1f813
SSDEEP

98304:9xh6arJnXLS/ef58dmnKo4bcWoJ5r+Wm4KO2mb/l5SE+THMQX9dzI/qC9z67yi6g:9C4hLGrdmKP5ofm4L7PCxw/Fz616Wwq

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.leigofg.cs/.jiagu/classes.dex	4252	com.leigofg.cs
/data/data/com.leigofg.cs/.jiagu/tmp.dex	4252	com.leigofg.cs
/data/data/com.leigofg.cs/.jiagu/tmp.dex	4279	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.leigofg.cs/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.leigofg.cs/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.leigofg.cs/.jiagu/tmp.dex	4252	com.leigofg.cs

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.leigofg.cs

com.leigofg.cs
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.leigofg.cs/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.leigofg.cs/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4279
- sh -c ps -ef
  2⤵
  PID:4337
- ps -ef
  2⤵
  PID:4337

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.leigofg.cs/.jiagu/classes.dex

Filesize
3.7MB

MD5
8621b13eedcd2e5691c91894dd124e01

SHA1
a4867efa1b73d0fc8b622f7f9e50d536143ece66

SHA256
1405439ef460121f66e5ea0d2e7268a1c63cf35da479c69e8283a68e298f1927

SHA512
495e5f2b6fa246244de7999ff4667800cf228341ab4093b96ee7ba8340b986ce53dadb83e511c9457ea440b9a052a66fc0cad9ce03f7b14cedd9a64899df9cda

Download Submit
/data/data/com.leigofg.cs/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.leigofg.cs/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.leigofg.cs/files/.jglogs/.jg.ac

Filesize
40B

MD5
3879216812f56412b1b711224e55aeae

SHA1
fce974e77030ac2b93f4a0eab5b765f7c1b50934

SHA256
60d89aed29f77463b2e5753c122f185721945aafd6e75c68d96cdc21c0ce8838

SHA512
8ceb573ac1294ee91f7d43ab8d3e59bcf4ca6be82e07093154ada15880805eca7873832f62b5d445b5c75c9f9315df1a3a8bfa2d1933a3cbf675226843b96e59

Download Submit
/data/data/com.leigofg.cs/files/.jglogs/.jg.ic

Filesize
40B

MD5
a7834c40ce2e4974b4fb89bbe6637664

SHA1
25e36b1f7b36160c685534ed3a699089f5e2cc64

SHA256
db3a583cac57b83db556ae2601b741ff873df64d161a9441c272c6701f4aa191

SHA512
431ed7bc3291929afe8800c0268870eddb6f50c3fb9d6d92cfbb6e74977a5b2abe4bd06535e3e7a5e65154628086a4aae91ef055717a851be4d893f7bc00f17c

Download Submit
/data/data/com.leigofg.cs/files/.jglogs/.jg.store.report_pid

Filesize
88B

MD5
ada037a9b6eb9af92210d8c5db38101a

SHA1
dd1f4207b66a1a4e7e5b28997e291a8eb372799f

SHA256
f4301df1edff51281300feeeca80b6ce6672d47ba81dc9f7ebe08a7989a5d890

SHA512
790fdc377a748394ee812cefd36433f8f1c15cd8581a267b0f4eaf6590f48d40af60c9b7abe12e36cd3ae1439f1430375a0b96d28e25de4e2e56741c54aed200

Download Submit
/data/data/com.leigofg.cs/files/.jglogs/.jg.store.report_pid

Filesize
101B

MD5
2217e5e9fb5549ab1176a0223a5c457e

SHA1
b8589512fa4858fef682876131788d16bc5183db

SHA256
0a9d1e7bbd6cbbd1b279aa94c53a74e4ffd1b07f73364fe9357685b47ee84318

SHA512
482ee39cf747ef561c6c03deae41fbe39e2385e399a2ac5d90ebd554788760e5a215f3ff52313afda7fc1b5f3772b75b80c959edb8908d7fcd9f8eee69d11498

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads