3bb626c101be0af520ba6a39fbd8848ad7bea05485e2426cb45663ed567135f4

Analysis

max time kernel
155s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
03/02/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8bb642a05ec860b6327a4986852dccf2.apk
Size

17.8MB
MD5

8bb642a05ec860b6327a4986852dccf2
SHA1

d9b393f59c0e245877919a294e12ba9c33883889
SHA256

3bb626c101be0af520ba6a39fbd8848ad7bea05485e2426cb45663ed567135f4
SHA512

ba3c34a723f79c851b90f3f6a91283624f20baeec4b38f894843fc759e40a7789ed6448afcbdb387f3deeb6acf036cb3192ba56038e00e8f641a27903498d704
SSDEEP

393216:iNiaP869JyaEuZNWL6jaU1fLdR827+XZHIYWB7H8TNIL:BaP99JFRn4SfLI2y1IYW6TuL

Score

7^/10

Malware Config

Signatures

Checks known Qemu files. 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.zyy.rzzl
/sys/qemu_trace	com.zyy.rzzl
/system/bin/qemu-props	com.zyy.rzzl

Checks known Qemu pipes. 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

ioc	Process
/dev/socket/qemud	com.zyy.rzzl
/dev/qemu_pipe	com.zyy.rzzl

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zyy.rzzl/.jiagu/classes.dex	4501	com.zyy.rzzl
/data/user/0/com.zyy.rzzl/.jiagu/classes.dex!classes2.dex	4501	com.zyy.rzzl
/data/user/0/com.zyy.rzzl/.jiagu/classes.dex	4580	com.zyy.rzzl:pushcore
/data/user/0/com.zyy.rzzl/.jiagu/classes.dex!classes2.dex	4580	com.zyy.rzzl:pushcore

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zyy.rzzl
Framework API call	javax.crypto.Cipher.doFinal	com.zyy.rzzl:pushcore

com.zyy.rzzl
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4501

com.zyy.rzzl:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zyy.rzzl/.jiagu/classes.dex

Filesize
6.6MB

MD5
e125d8d62b63b049bba63d9c496b5f24

SHA1
7fdc5d7caadf5df214c846b25205941825562ff0

SHA256
e2e76974158a2d4d55952374e16d1f75e098135199bcd4d29bc7c0800577d166

SHA512
3b23ed9a266cd9837ac85a07d17e4b71f3b8abbdd42e8521c6d48ee8aeadf48e8ac90bf087a7cf40d8ec0065a61ce2edbad63f55bed7060bc3000078781308f9

Download Submit
/data/user/0/com.zyy.rzzl/.jiagu/classes.dex!classes2.dex

Filesize
5.1MB

MD5
c9ec70af14d2211512dabc7eb8c8303e

SHA1
8e6a25005afecd6b060b6d05e496ea29edfc32d1

SHA256
b9e9791764d473ce2d2396542a319c9fd43874b609b1eb3df1b8806a60f567da

SHA512
a804fd2b7fd977fbfa345a0fe589b65d8a82b4a325376ac14179ce6f35b6e8f9d2d39274caf745b69caf024803841beba140d2dbdd61532b8e4a3033030db9f2

Download Submit
/data/user/0/com.zyy.rzzl/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/user/0/com.zyy.rzzl/app_crashrecord/1002

Filesize
229B

MD5
5e36c3e3b2c9c78672f8c5477765abad

SHA1
46d4dc08e05effc0beaaaac04ae519163f3c192e

SHA256
91b2cd5635cdd0fa95a474ea4c26732f86be5dff0377437f7d2143c01e0a8af0

SHA512
de323747daa83234ff00f6dea9624b1c95677b58a01d8263d5055503dc9c5e7eeff1c0833c22a7ce8cf00292e2c0558d1ce40e131e8c26518f850c4e46768e52

Download Submit
/data/user/0/com.zyy.rzzl/app_crashrecord/1004

Filesize
475KB

MD5
aa0bd3145fa2796f7cb34175a88e28a3

SHA1
5258a0e4e15c362b379ef99dce688fafb53202a2

SHA256
313a56c9244aae6a400228554ab288d4f0ee044952e7c57fbc9cced627978749

SHA512
ed3023065064adbd7b4f6a486863004a80e2a1cdfcd16d29b4efbb9424563977aa3823e906c4da49ea466913aa0771836c872f2d70ff117bbe81cab4ea09f51e

Download Submit
/data/user/0/com.zyy.rzzl/app_crashrecord/1004

Filesize
229B

MD5
d4abd17f67c24807a65e662365b42caa

SHA1
785f9efc2f183463fdd738f3056f51b3af59ede7

SHA256
93d751c6f866abf0668edd05843ec2f33e283191973fd2bd7ac6aa88e38c1109

SHA512
e5bbc9bb2a61b97203f4c81817a09dfa0634a0b0dc86cc199d551221063ba45d0d0a769412b3c9ddf04f357595e577f0e3baa1fc06c124b1a908073a6d402e1a

Download Submit
/data/user/0/com.zyy.rzzl/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.zyy.rzzl/cache/image_manager_disk_cache/9cd9a0acd4c1067f07808f972ac29163cd9d296800cc928f9dbefe2a19b52903.0.tmp

Filesize
19KB

MD5
220ed8b6d24940b819d39d43fae3c0f5

SHA1
d36fd70006a13f5e0f55549927a2c8d6c2fd8b5c

SHA256
cb57ec1c35c8d1e2dc6aff977cc7948132b06fd064f6c209e708012d4cbdcaab

SHA512
fb73e09fb627a0643c46c221753d0ad4c5b98de99b747a82c0b733a8514ce2614539e3cc9874754ec1025d7e2bfadd9e4dfa3b7d6516bcddd1f31596445f1c43

Download Submit
/data/user/0/com.zyy.rzzl/cache/image_manager_disk_cache/b3e71aa4f6a2f49c64367c0ee26943088ebecda2f77da9d0d7967a352eff6517.0.tmp

Filesize
20KB

MD5
39b78829a4e41c1ca98563faef5c7d9e

SHA1
6a9f53abeac34aaceafe7826398aedfac364d2e3

SHA256
a69fe06d5a4b1ff137172b28b097a83f2a8a68677caa0bfab6520d502f8cefbe

SHA512
0b4c3e917e1f033a4506568e3f3d465c27fc1ff3be088d94ff5ce97e87eee0b3b0f3c2322ed141ead833cdabe17fc36d852814a03f7422df54a596ee8e49ce6d

Download Submit
/data/user/0/com.zyy.rzzl/cache/image_manager_disk_cache/cfa03669df08d6080d86e45fe3cda518d84b13c7dc2eb404352a735127b6df89.0.tmp

Filesize
19KB

MD5
2efe1af6ed91acadb8d7700de9394741

SHA1
4985e9de78a9587125fa4298111ec75be6aeec55

SHA256
46e18eae188e216b884f422e3bf81ea4d1f5c16b25ea2f391334ef20c42674af

SHA512
72dfe0a65bad030106b3bc67a9b93d99d0b3108a1f5aaee52c6942a37f403d67462936dccdf72a81358a74edf3f5c405947deeda061db799590ed17dbb76b26c

Download Submit
/data/user/0/com.zyy.rzzl/cache/image_manager_disk_cache/journal

Filesize
71B

MD5
9802e0b43871715a48611fda095df0e9

SHA1
3035fd112e5e7e01744cce1eb84b3f74129e92f1

SHA256
93207962281a493c236ae2dccf3b82570f8d40f5dfe603086b8b4c16d14b6e1a

SHA512
cfc65ac4148fb5389fedbdd3205d87011497fc5476bcbda33ad36f279c8a6d93b19a904612cc75cbe7c8ea839a8a6a69dde6f67e6db42da42d5361b6647d4641

Download Submit
/data/user/0/com.zyy.rzzl/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.zyy.rzzl/databases/bugly_db_

Filesize
16KB

MD5
992a5bd149b116c6f4dcea50c1bfeb68

SHA1
7c16afad883efc33f83587338b70c31b1ccff86d

SHA256
4a1d700423323f27da5122e350a3006a23ff13e3b9e3a13233646c2d4958e7af

SHA512
13cffb706b912b8f8b09dedf10cdd026acae382baf184e93afb11f2f7d5def6a4ce643ad589392a4310ef086d9d15d5a75de1d53ed6178d92801e9941170f15a

Download Submit
/data/user/0/com.zyy.rzzl/databases/bugly_db_-journal

Filesize
8KB

MD5
ef89d6e9e8923ffa94df55a17524780d

SHA1
fd90801a1f72f9b7e097015a7c620a326e36ea05

SHA256
be04942b75818e832364889be55a52d64e7935eb8f34e28e0495791f94945adc

SHA512
4301b8093955f496311e4d86999fa6e09a7d5f089a0470d03ae53fb889838490c27d200e8bc550c2f314bcfcf11227e5228e491d11b450ceb178409912890b5e

Download Submit
/data/user/0/com.zyy.rzzl/databases/bugly_db_-journal

Filesize
8KB

MD5
e89daa7cece50181d06165a7929bb6ed

SHA1
70a0e2546b8f591f209b61405c91ff42bd1ad447

SHA256
b6d756c06edf2c83f17fbbd6fb32910ccb0b5493b43f0399fbc190d561491fde

SHA512
1a805d5da306fe020ab72f91cf9139ff078e89978a8e4ada9397a7e8022d1110467e26a27479afd5ed474f18460dc979d295745017d0cb62c2c75aa812163258

Download Submit
/data/user/0/com.zyy.rzzl/databases/bugly_db_-journal

Filesize
8KB

MD5
f1f87a684e85cf24126aa7821e99d232

SHA1
9f36f95198ac9f36260180c3f1dad07f9d6e80b0

SHA256
3ed522e7971560ecf5029f3b5bf853dd4901b49c0b691e17d192cace5b20fea7

SHA512
b55ec257af1f32d0cc280210728b087a8bab5cfbd77427643736420e5f5e54e089084f70d8ccaa56cd9cc7442a8a2ca26d75aef0e20f2374382a1240db26386b

Download Submit
/data/user/0/com.zyy.rzzl/files/jpush_stat_history_pushcore/d4dc38e223f6c5f35abdad1b/active_user/nowrap/80ea9e20-dfb5-4bb9-ac31-107ea0f68d76

Filesize
159B

MD5
b195894eab00bee1ca94d67316a20cb2

SHA1
cfc958c9b36b69dd212173476a26f41987aad7a0

SHA256
83dc72429a9143ad6c617e7eb1af86d3c0be588a0a9043e087df19fecd1a4f02

SHA512
f5082e59c4f1d2977470d977f655880c9d6576752e37447baef64c74f0e390d6c05ceaf09f0fd237bad1ccaac4f6adb23afcab884fb557364cfcebea74386223

Download Submit
/data/user/0/com.zyy.rzzl/files/jpush_stat_history_pushcore/d4dc38e223f6c5f35abdad1b/normal/nowrap/9ab294a5-a330-4782-8cc8-3d4bd3f932b9

Filesize
512B

MD5
dab2f6c87f1516a330ffc06cf8fa145e

SHA1
3f412fc1f1f80769db650752edb2b269ab145894

SHA256
2a2689a0aaec4c40c45b529a8d83936f807fa46f17956c7371b2b7f91e7819f4

SHA512
3c793889de07f0eade4e43b2a58d33542b8fedb8a34c5e95089c9ee09c5833ed7129fe14b8c6f1da00bb9a454e4e2b4e0fd4ada37a234939ff578f311827a610

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
52KB

MD5
ba81f9f14671fdd15db5bd4ba69c7179

SHA1
067a91debff179078f8739e302e2237ba7709ea9

SHA256
60bdd89bd94d188789e4b466e318032cdfe7dc4a91796df5a1da72e22887f319

SHA512
3ab49985b872bad5e7bbdfdd1c684659531ca0c0d04258b777a6ea47c27287f2a915fe25d4282ba19e631314a91d19e7de738836cfb67aabfbb85328ae9ceeeb

Download Submit