ddeb26152cf346555d6323bf562438544a35eb5a70e523bf41a2b1f65a4f65c8

Analysis

max time kernel
143s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24/01/2024, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7221820610ce7caa1ec63b69e3d00331.apk
Size

5.4MB
MD5

7221820610ce7caa1ec63b69e3d00331
SHA1

1275479164fb175cd27c1368346169aaa9de648c
SHA256

ddeb26152cf346555d6323bf562438544a35eb5a70e523bf41a2b1f65a4f65c8
SHA512

d57c39a9b0a3d42043425b61d364baff42cb5abae9e855a23dfba8accaf25cc150453c22d0414d64708d588cd4391b402ca947e29131e8f9525aeb90befd3405
SSDEEP

98304:zlH+AMSxQrZf1bjvB86RRIYomcA6prm9yeX8JVYpqTgHQL6BR72eTw72w:ZeAkf1bNRymcJpq9BXwgwL6DSeuZ

Score

8^/10

evasion

Malware Config

Signatures

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.hequ.mall

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.hequ.mall
/sys/qemu_trace	com.hequ.mall
/system/bin/qemu-props	com.hequ.mall

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.hequ.mall
/dev/qemu_pipe	com.hequ.mall

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.hequ.mall/.jiagu/classes.dex	4630	com.hequ.mall

Queries the unique device ID (IMEI, MEID, IMSI)

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.hequ.mall

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hequ.mall

com.hequ.mall
1⤵
- Requests cell location
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4630

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hequ.mall/.oabugaij/.fsgkea

Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
/data/user/0/com.hequ.mall/.jiagu/classes.dex

Filesize
4.6MB

MD5
ab67893708ef85594a039c76b03c3255

SHA1
2c80f2f3ee05f76ad27eb76017c12a1ea1e2cf31

SHA256
87d4ef77ddd9cc35bb7447cd3cf224cc2494c92510a6b6eb9c44f087857c615a

SHA512
b29c9a1975f1c05fabf0633b9872da7a5f8fa0e755419787b34e70adc1aac7a21c3622fd72d19ed300801a0d827bc6eef4ed9818b219dee84ac9c22b1e3e0155

Download Submit
/data/user/0/com.hequ.mall/.jiagu/libjiagu.so

Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/user/0/com.hequ.mall/.jiagu/libjiagu_64.so

Filesize
525KB

MD5
198e8f0e9b0d80997fde430f9973c1a1

SHA1
dec0b84b06072ad07d44b445d7e23587c0bc7f02

SHA256
dc9d0faf8652513f0a1eed698b9559e0bbfaefe12c203d239f551ff557abbe5a

SHA512
2868fc26e0bbc32e6f7c7d6e56ed6e9517d0ea4a7d8021a5f50af5945d6ac27fe87f500e32eed5143f37d484ba95fef481c9d5c11b652bac2a26d267358252ea

Download Submit
/data/user/0/com.hequ.mall/databases/bugly_db_-journal

Filesize
8KB

MD5
fd262f6419c22cef44bfb820a7a130e2

SHA1
dcbe466bbac6c3f107ba0ef5304a9a8ed5257488

SHA256
1abfbb6b575c7c594856dc420723130972790abaa5b8bcbfc7ece305eac7aa52

SHA512
8268f87fa84ce97e2c83e034b650519b2fe42a3a87bed6d23f14d1c49b73c5613f3e856891bcb6df8a715b445fc7f76d26fc5604e4e492047e46f0a686679fb1

Download Submit
/data/user/0/com.hequ.mall/databases/bugly_db_-journal

Filesize
12KB

MD5
8e7ee418a89e180ae5243f2c3fb2f005

SHA1
ae45115e5da2043e0fbc1d65a754c04e2541a1d1

SHA256
f9fb5bb955b01434309cac2de9a3d023069f81b9720135c8028bb2f0495ea696

SHA512
e4832a573e682ff5d0ea0405379236fac7af38590b5fe59d7d8933c3fc0938e98af4e41c89437419af8bb967c1b96c0d032f95d9563e94a686c8fca17bba188d

Download Submit
/data/user/0/com.hequ.mall/files/.jglogs/.jg.store.report_cf

Filesize
54B

MD5
78f50c1e5d2616b80082d45a3feef846

SHA1
a6c541db2862248847e663c447c94d0c5008f96f

SHA256
84f7e573ea2f2568ce916d7de32cd07a1792a2e3c42ca3f101bad4be43867741

SHA512
b183dc05ddbefab91258662aa627261cf1539672dac9a85ddb2c2495223728fe736169c3b9867cc7e4e2e1684b3773f85ca7a72a839e200218580337c022ffec

Download Submit
/data/user/0/com.hequ.mall/files/.jglogs/.jg.store.report_pid

Filesize
54B

MD5
8e861b7e77d3d78f3c92ccedf55d36e3

SHA1
4644496736c75345287ef254eccf751cdbb31a2e

SHA256
81b2e3315854cd47ca058ba7afa8fd01a67feb762614f4703f12717fc7cab9c1

SHA512
a9d290076c2c1def7262aaf7b5f4d44e0ad87aff8b0247fed59ec90a7906cecd1f967754fb9757fe8f9506a995d9cbb52e876822ab071d02b1e3282c7191a36a

Download Submit
/data/user/0/com.hequ.mall/files/.jiagu.lock

Filesize
27B

MD5
41a3bf2d6f01854dbaf8fa1b83956a93

SHA1
c0b65a14a4fdcd0dc09362024c3b3671fa50de72

SHA256
e5e3c0bcb0a07d86b83658f13afffb1f0056c717b49175871e82d7a8774b2b9d

SHA512
b72498d06b99cb0300bca579ad17f16aad26af8bf6bd0e2c942c3513c5dc21dfdc5452382c58dc68026f87f3dd055f1acbfab595774b29eb60bd138bbe36c9e8

Download Submit
/data/user/0/com.hequ.mall/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzA2MDk2MDgyMzI0

Filesize
1KB

MD5
762c1b38f2fc544024780b7f00842c3f

SHA1
6687b2d49a3f70e8c18d626378471728eaa4e290

SHA256
eb4502a4505ace481249ae4b25f859e360bd7a4c24a07d56539826cf35d7fa85

SHA512
7de5a39dc2b79134f5b7904ca122e3698150edca74bed100adbcf1fbe08b20b950f676a896af22c808dacb9e809f41d970e988b2a6f545897d6cbdf4932b7f76

Download Submit
/data/user/0/com.hequ.mall/files/umeng_it.cache

Filesize
433B

MD5
871939982abfac5df23928c48c9efa3c

SHA1
0cb5ff4020af797436b5e8079f01cc2d8e122269

SHA256
2c32b5b77bbd19bc971cd11f3f42a30085bae66993b35b02cf5ef3e23d043100

SHA512
e64ebf1c9414dd2ece9ccd9a71294968b3d6399df97f4e35fa79ec7a4b78241b7dae14115a2b8fb05ce80424d428602e822c06f57a2a919c8b4df59272615b3f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
d3e4eb3f4862985baaa3124af0c390b6

SHA1
da5a6b6afb1b20d2fbcb6c31ee97743a830a6dac

SHA256
dd5fb0ff5cee6e6a223f40cfc77164314be9bf6e176ae8ac163f28e99a583e8b

SHA512
2429b9b8ae015307b3225c42a56ddf0227af5a817ca76be4ac352142ebe97676cc5d2f9d89a43ec8ce647f0872e1c8829ca6b1743b331d7c124cdbdd7874bf05

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
7445ee49832d2bf6109b128a83c7c071

SHA1
c7280c7c0d4f4f749fc5059a1e68e5889384fe13

SHA256
01c452b789af98aaad74e8e98df9c7d30ddaad850aa473abc29d2c77d48a4350

SHA512
b5b6489251853f2841a8ee7bbdfc15e8b8d6d6d8f00e5912138546322f96f2a674d4573dce461826509ced40e5e6a64d726ccf5033ce7b9d19fa31a5efab2b8b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
bdc2f287b7de3bad8900ae9bf73aa728

SHA1
01f6c836ee16c8d2ac59338ab023a5545f37ce3b

SHA256
594741f09bd70158dcd45a041f1121e97f52b0bf53950bb7db91bfd0251b90ae

SHA512
32354cacf8222c1fdf9a994d8049ad8ff97aef6cb2bfa6e311bd460e24dff3453df837b10f703316efb9dca13c9e4cebe075838e932f86eb050ae60401f5ca9e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
ace5f917d0d580f6c068acb8bbad7537

SHA1
2b1ca45220c2af47694cc0dd16d62656563e318e

SHA256
0902a309a6aee9866d6f492191da3943e42913bd5e19fbf2f42139dad7cd1ba3

SHA512
c975b60fc139e84dbcced962e187aaabd27527f2433c59e7129833bad167cb3518912d2083e646213ca0b71a94f2c3b079e6995c8e5e8af89b0575cea1f622bb

Download Submit