b7ebe24517cdd860b17151f5c420290e5444ece1d215ce2dd452281d4b8fbe5f

Analysis

max time kernel
7s
max time network
145s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
28-02-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac62a56b37ada17642f9ece330750ff2.apk
Size

22.5MB
MD5

ac62a56b37ada17642f9ece330750ff2
SHA1

b290d9fe1777a96c8a1c3ec4331515bf0a265855
SHA256

b7ebe24517cdd860b17151f5c420290e5444ece1d215ce2dd452281d4b8fbe5f
SHA512

ac1f92a2de28298761236ca157abd11d0c72f27715c0f7703f85c7c9b6652d78222bbac8b4039408b12556dd03e8c51eff09b41d4c067c5aa4695d488492b268
SSDEEP

393216:vQXmZVfO1+cVvpPPbUsMjSUylbz5Zmicp+r2tF9YM3c7gf/dgMRGA:vWmZpi+kFQjkp3mpF95sc2MAA

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xgbuy.xg

Checks known Qemu files. 1 TTPs 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.xgbuy.xg:pushcore

Checks known Qemu pipes. 1 TTPs 1 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.xgbuy.xg:pushcore

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip	4474	com.xgbuy.xg:pushcore
/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip	4474	com.xgbuy.xg:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs

evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.xgbuy.xg

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4427

com.xgbuy.xg:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xgbuy.xg/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
522947eaa37b029a247e3973f3be3621

SHA1
31c88e0d7c9b51904c0f598e80245bba41b1c7d9

SHA256
d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156

SHA512
f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

Download Submit
/data/user/0/com.xgbuy.xg/app_SGLib/libsgmainso-5.1.81.so.tmp

Filesize
591KB

MD5
c85e8919765cc22095d1b8e40601e34d

SHA1
22d48933b9f30a028cf4c9d993f59c767f9e8e35

SHA256
f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e

SHA512
6715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e

Download Submit
/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybody_312768000000.zip

Filesize
10KB

MD5
f59597732a9069b73e16c027faf78d05

SHA1
e3558f4e5041a6c6d4372001bed847f2ef77958c

SHA256
9e416ffbeda9461f3efca490dfaaee955f68fbc1f3e455f2394bf4c4310b83d6

SHA512
7a8dae723cf5fff494cb2fc16a75bf347732ee3da99f1cbda99d8c6d26a47e4a7526c5340fa33bf9ee98463a84c1fe276a3683ca8e7bfbc50206e589a82aa6d2

Download Submit
/data/user/0/com.xgbuy.xg/app_SGLib/libsgsecuritybodyso-5.1.25.so.tmp

Filesize
225KB

MD5
10760142380b34e358c396ca8d606a91

SHA1
b8d7f379c3e25bef6f24636fcb243d3baf2cbe46

SHA256
8a25b66e15f4054d677ad667d8eeb4db31ad09188884ae20cff78bfcafdd042b

SHA512
72105e76a0b2252434453074a966bb0f2ba849399bd9b3093004f3af47663003af614ec87ee3dd6d12cce0de9816bc1504a9859ced15c389c18601c36d66f9c5

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou

Filesize
96KB

MD5
1ea3595b52a7a974e8c7205a3289f6e0

SHA1
f03862af99757f4076be173506943aadd03e75d3

SHA256
fdf04a6d3f2e0dd87a1ac588798ead414adeb189d3f24262b860905aaaae03a1

SHA512
a8f5f39777d226189bab2fc7b337f68af9d24a0a13c0491d935781c121c44adeda53054c0247b3651bdb46aca6ea843b5fe7bbd7971770cfc38c5e84af3966eb

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
512B

MD5
c677178f48e9c2a015d3473c41b6160c

SHA1
78c316015df2706481b3898fb143500c6dfa6356

SHA256
d7fafc8d4d60ff554c7100c4a52ed48d28b46fce61f88dcc9799c4fb78b3e546

SHA512
1644987ef76b4d3c2d67b028bebd933c068c41f6b6263fa0e2c960dbcd3fcac252259e90dd430fcade8ce2f5bc10da1f0aa39811313de34dc45f29e64adbaa14

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
8KB

MD5
bb7478fd0d0b009f2b619b753fdc2eee

SHA1
87e51f278ce265e2f2b069afc56fbb39af46db0a

SHA256
56f66852cf7cb78950a4b12c353fc7a5249375518c4eab872c5d004a8945ea37

SHA512
09eee7f32e712b54aad0faa2aa067324146f61444490df86013a6300abf3adf2b215e7fa3f56a95480b4e6d281a4c2bc7ef249daf0610c0e7e075791e94bd7a5

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
8KB

MD5
ac326c8a6dc4393205c16247d0f566b1

SHA1
d2cd9f6bbd61b864b45a99de4c507e16503d3fde

SHA256
1ccdcf2106947cd2df4a37b9dcfbd439b8983f74e8ead3d37394851ec1ab3658

SHA512
8543963c4fa6c46b6a569f53db19df336acbf61eab7f745b99b76796a7b4eb8f2e0ad5d59ec62f582ce88838cb04d897fe83ffa3e7acff49dd9094bb0e02f983

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
8KB

MD5
e24622cec1033baae047450375f41680

SHA1
ef70a69710a07d41a916f732ca46a4d23ffc97f5

SHA256
b8a8a01afaa79cac7e9798c1bb8f5f06fcffb768100317197178b361ca98ee13

SHA512
f08f30058f483e3b87432a10bfcafa035dc637ee10fe7a0bc9f11f88e29c80b48587b085f354a281e202e8c03a132612e32328bf9f1ce67e25a5d4bd501b9e0f

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
8KB

MD5
7756b2ff699def196c16405eb57ef4fe

SHA1
4a9c6f06ddda36d64d33651a20edd8a0524a1cf0

SHA256
2818e782f5e0829f24997c18b6f53f32000b69aa751a449dd07971ad159a0694

SHA512
03f59993c872293288d596d7fbd403de8c1e999ae0f054d1d22738f55be6f72c56484f54887dfc7202c4fa4cf6632913c9adb4394f7fd978d0a9cfccc4874554

Download Submit
/data/user/0/com.xgbuy.xg/databases/xinggou-journal

Filesize
8KB

MD5
734f6fe626018f177e19a6dd63d1c328

SHA1
e7f4cc55d4ee4204dbe0bae878cd9c271879e91e

SHA256
06b9b694a420176a83e14a5b87753198ad4d228831319d374115aa28c947ec27

SHA512
e3a7a0890146c2b2ae9d84ed6e2cee896875aedb61f21f5f4c016190ff699397b97c41f1db613e0e279e09500fc028020f599adbee1a8f1b37e492dbb540a99a

Download Submit
/data/user/0/com.xgbuy.xg/files/SGMANAGER_DATA2.tmp

Filesize
52B

MD5
facccb5618a685965d4c70503057761c

SHA1
5c9e1ee578a42c7296c3667f4a01b8041ce166b5

SHA256
d29887475c32673328f510b47b0ecb306c585955aaed852386eaa4675ca738e8

SHA512
4bbd5f3df97d8148ead8e41a866ef6164f0dc47bf4e33bd99a47e30a452b0ff44871d8d9c48303f156c59c7450dba7e46a802a51412eb5a89202602a89f2c086

Download Submit
/data/user/0/com.xgbuy.xg/files/SGMANAGER_DATA2.tmp

Filesize
98B

MD5
b8acc88d64abed1f8a80704226afbbb1

SHA1
2c83ac6e68902f984d8a2563b7bd2485dfdfab75

SHA256
65e9fa35b2da9f3d61d2186fd91014b9cb97c3a3378ccde2248e4b796bb30ae1

SHA512
e4e92c6026823b4b7daa0dd13a9c3ca59b62607eb8a2a742c95eadf7ab528d294c9ac8970206b8ef1d538f140d6a84edc0d032c97ed55dd66a9e0ca096671597

Download Submit
/data/user/0/com.xgbuy.xg/files/SGMANAGER_DATA2.tmp

Filesize
171B

MD5
88a8b939d4ac78ebbbe3f6581b981232

SHA1
42d15ca91d78ffb8ebeb1d1a0be7b409281cea09

SHA256
925a018b891c5539f53d8cb4f6235dac7592fe112e449befb00b219608f49ac3

SHA512
63f6ad42e87150e7e9880a29e43636f772346f818cf0704c3b8b7300e3ca828ac8c3085dcddb5a9651ee2db90182700d6fb1ef7a5459a02ddfaf96b03bbdfd84

Download Submit
/data/user/0/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/cd0fd7f6-39a9-4aee-a983-be9d40b0882a

Filesize
187B

MD5
778c98bf2cbc6422de02e4ebe6baf634

SHA1
b8d9c6cd7a15811eb83fc60edf665224b573040d

SHA256
15b856a3fb8864aa8f94aec1c8d19e0fbbc4c5e421729e95c024db1720cebacf

SHA512
8c9545f1eb07c562a0e7173f90058da306382ab4838cfd25245c2e364bf3644a1389f5d5a9c4dc49192d7edf122b9585727708119f9e4940e566cc09c8927ef0

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
f86054eebdec45fbe8ea64eac17c642a

SHA1
fd4454431ae2d58f2752b70f2cbb0aee11b2ebda

SHA256
2316ab25b217867f7ba50e8c18aee481f3897a489695fa53c5cc3671e5713b17

SHA512
a925dcb45cd83d154db049d91963a3cd18a590cee68eb804907258abe74ff7d337cf8ed0fbb7a1e9dee3f206036dc8186426cfdaa52af9e06bcac8c47211ba38

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
25256c3abbf998722bb93197d280bff2

SHA1
bb9dde0342b833126377fd8960f1febd167acec0

SHA256
6dd7939f1a6635d349dfe917461d8467b71869a0378843a5f8be491ebe391b0f

SHA512
50d692d81ed068fb4cbf16110ec468e89ac2a9864058a16a4dcac13655f93a2fe61801e2a6aea7a8a97b78f7edb864b1f2f91901ab745f221f13d2dff6e08067

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
9179913a44c15060eec1945df9f49d7e

SHA1
87b0d945ffe04080015a07b92af982887bcc1def

SHA256
795f42b9bf8a3ab6667a0edae37358cf3a8818e0961f50d04901e9f3800b5b43

SHA512
0b991776c87383de21448a09886856448c435c3c3a666e821edeeaec8a33cfe0a474a707e126f4cdd3ad6dcba6fc4f705a7e8ffb9b76a53c832386d5096658bd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
338e329c0e5d362bf50b95dc66c3ce3b

SHA1
01823dc7b8b6ebf2c1fdae43eacb1217022a9e7a

SHA256
ea25402bfd92d18ec462d934120b4825bd5747a30d9622b8aee83d9686549c1e

SHA512
d2c39110d586156b22d3d589576fbeeec165d938766da77387adf41abc85750d6ca261f8002d91fa84358276836ae78fdf5d6a23fd48a4f5b8608281b347d90d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
fb84dcf970d8fe85005aeb1727dd7f3d

SHA1
0daf3d78c2ecc9e3fc25efa66a2a4a862d02df80

SHA256
cc772f9de31377683147a127b9ef902de01b41492803bc11794a97391376a774

SHA512
5e7775fd34f2a88486a9a07644dbf536e8026fcaec662cb526dc3a39117b937540ee216a0535c51b472ea53a0f4c1d8009fbc3e53f542d58afaac31430667a12

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
e7d2f6692467a007b8f34cdd85fb6f4a

SHA1
dcd5d8a1a222cbcf4d87f10c777aa5b8b53ad2a1

SHA256
f5f3c4eb67bd4ace514b3d420c534884afe94ed34b2537a1ed95efb982e6154e

SHA512
c0f9d7d05ecba46f8993f479e1d349de2b005f238deef768fc5c526470ad6cf493d3a51677e7849beeb14593557fc43a2804d67646c01e03f39c3b77b8071c72

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
65B

MD5
003d1fb5c23812ea65109433b70ca61b

SHA1
5377cbfccacfbc031660f0fcd03ed025a4edc2df

SHA256
096d46d6aa2121e02b81bb9ac85b24a274cc9c40622d589f12e1c4a134594383

SHA512
60d9eab8d20c64b3f1820d2e577f02320ff84e91fb31fc0b2482521e780029a9c9cc0548287a2bdcec160cce2710335b038fe06ca343142a611a36f33c3cb644

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads