abbc87fa1439c09814c13498d4423edabf23d42a5ed6a031f95993fbaac45763

Analysis

max time kernel
12s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
08/03/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba054617f90525ec6c02424633718bfa.apk
Size

3.4MB
MD5

ba054617f90525ec6c02424633718bfa
SHA1

7e4c4ba87061ebd6f2f547940dd6b79158c160fa
SHA256

abbc87fa1439c09814c13498d4423edabf23d42a5ed6a031f95993fbaac45763
SHA512

828dab834391606ffe90f3d39efa2cfbe02719f217fbc8931bf2c009b0ad66ebb8debe9414add47fdf4a59ad48d312adf00ab7e10f9c5a4e0fcea656f441de2a
SSDEEP

49152:hrlA+arKyM+2Pb2TBK7JXHlGSCzE7hAjusadV6sFTY1VKb0j3TBYhtqKI5t:lbCKR9mWXESCz++jusaT1uyb0jr3

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.qqzzs.apps/.jiagu/classes.dex	4184	com.qqzzs.apps
/data/data/com.qqzzs.apps/.jiagu/tmp.dex	4184	com.qqzzs.apps
/data/data/com.qqzzs.apps/.jiagu/tmp.dex	4184	com.qqzzs.apps

com.qqzzs.apps
1⤵
- Loads dropped Dex/Jar
PID:4184

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qqzzs.apps/.jiagu/classes.dex

Filesize
2.8MB

MD5
c5ba68b07892bba8b0ad57b22fcd62d7

SHA1
d94816c11bfc367381f693574b4603fc67bff88a

SHA256
ff1d44386379ac1b596b109ca201668f40dac83287f7872bbc7814946ae8326c

SHA512
11f5c707aba6cbf346b190ac7b9f011a9b5402557c7f91a49df6f640f06ac332f561bdd7aec8839186d21877a73555161642c90e49e980acac4be37de263b42e

Download Submit
/data/data/com.qqzzs.apps/.jiagu/libjiagu.so

Filesize
562KB

MD5
d141f6661f27d70822c7021d752d8af6

SHA1
e545f7442dca4490cb67b745f6f13ed782b1971c

SHA256
e0313c66404c4fb7d023824265ae5a922079d422509d4b59c6fe45632c60146a

SHA512
0b2a4c540c077ed93561f249baa75a65344e75dbfaefdb3a68c0d653d79bb5152fcd42c13f34a87b09583f33f1a40231b4f31416b73c323859885374ca0667f6

Download Submit
/data/data/com.qqzzs.apps/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.cl

Filesize
32B

MD5
d562a11df02beeb52d645aa4f494c1a2

SHA1
24f391335e136535ec37690d641170814fcf25ff

SHA256
de88e6cfea3117994def70abb9c78cde8f12a548bdf4f76653532e9cce0ed782

SHA512
95f9e5ab4a91768fd8ec6cb53f30ea7b3dbcd07ad25f54bdae405bad9f0f06c06385502ae9e7dc5050845ef4cd8a681b5a7db6c07f1ccf12804e2077e4fc60af

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.ac

Filesize
32B

MD5
3b07adbf935b7c5ea1d30e37fff90a09

SHA1
a9e0e58eee56e73683331a63b52df2d082f53dc5

SHA256
fd9dd189f8719435402416f556fdcf078d645b0059966cb699f37ab7cd42f97a

SHA512
bd81133a7b9a2471e177a1dc3a910cc4e79a5b4b2e20e1f2462e19f75041f2d9264a623714ee2ba097c01a3b42629101f346bacbbe07593145850f226f890134

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.ic

Filesize
32B

MD5
23adbf4e7a687ae48a607303b62ea0b5

SHA1
872f301c09f61f1742b453ff909aff8d0aaca970

SHA256
3f3099ba39b84c8a4baa746b8143827b91e0d4cb0441d53fe932ecf97ef295e8

SHA512
2a937d5a12db71e27190863efeaaa9fb3a6460002fdff686065611cfa4e9bdedf6cdb58c63c4c34183e43cbd977cd63824d9371d77b30cfecc1f11736bd9ea83

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.pk

Filesize
32B

MD5
64cc9315ffc377ca5d53f8a656301912

SHA1
9962ad3170303f5f88c9d85cdba57caabc766a52

SHA256
712add2be148b9fc4f31427f50d70fef91bde6472a612ccaa1b7d8ec6a2b13c1

SHA512
c0e162f3c1606b5722fd00433fdb471b7f18f27165910311fcc0e0873ba812201e0a3338a77eef9820b75539d555fccaa738679873285b020ac57fe794352a89

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
91ae64ce7637dc2bd25d55255440eb4f

SHA1
dc1f5d3ce20092a72aa44e77a543d4518ba52160

SHA256
9c3a89fddc69e84998bf588c45ab95e0ea62e1c5155eed47f82587879bb62a8b

SHA512
4c306ba3a78fe3587ec3fb94f085434d2dbd66d618c17fd297bca74d632f86b5f87af7cf1a7dc60747da1756c719c785a99b48d1fe142013d65fc8b9ba838152

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.rd

Filesize
32B

MD5
d0b49e0bec4f50049eae5092cba7cbdf

SHA1
71329e9103d48dd1a40294b7276e9f13a031f305

SHA256
8fd05057af3079d27a332af136f4759125859c2e0977bd749b60ffd58814c8bd

SHA512
9a0899c654ca8405b79a54bfbdc06ebfbbda60052b002680290f8a504a69f35bbf921f5b110f69a6632b1bf3c12510e4659ae99fb93cd802fac0207e383bab39

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.ri

Filesize
314B

MD5
4aed406cf5dae00cc295ccc8b4ced7c1

SHA1
3655a0f1d50e26350f57753770a7ec5f33aac94b

SHA256
48ba9762155e5ae3c793ce275324a67bf56e11ae8f506d7dc416d1c9e0a6bb29

SHA512
71bf72ac110efcb3d3e8bb0ceb0ad3094e5931cf95f96826c0900af60c86aa8a9db85ac74384b91ebbb47cc3c9022a8a716c863ea580def4d9314a8e65761c9b

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.ri

Filesize
307B

MD5
5061d3329595402c995ce0249d117dc4

SHA1
db4280f66e7e7f3e02308b2da4bfde12ccb8e4f5

SHA256
67ec21a37f150a09b5ac4942c1975821540a867324280f1c4a7e92ad9a9f1c7f

SHA512
4484a68459c4a3fdc593906637c7ae10f2d227d0f4eeba31a70dfdfbca26f9856362ea851c5f36c83b3945b98854581aa43598e53930253b0ec8ccb63c0b5831

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.ri

Filesize
307B

MD5
0e63473bcaa9de630ab673ea9520a7ff

SHA1
a652d470f5bba88ff0e6c55a7235bdf5de73a734

SHA256
40f4fd3ae4e18736a32dbdf0cb5244f7f72271082975b4bb9cc6f0a29be19799

SHA512
0e82d2fd716e6949ff08f80be3e0eacc7c96d412db81275400cd5c4bec82d7a0997ccddcd17248eda3f6a37acb8c8b6d2000cea422ebcf1ea490ebffbf9ab62d

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
e850baab1eb093726801d73e3c9d80e8

SHA1
b6522fb34b7b7140e3a482fc407d9406f950217e

SHA256
021c697f4aaaccc7e64d84d3ec65458aef6de13bf08bf0e0b28983ceb6f33322

SHA512
51b17c2961e63d274316a58b5a000dd0590ab09d5ca57342024d2377e4cbef267d4bfed98c2524b554bf218ce3f4fbaaed7dbb777c6a6221690e31c967f6a888

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.store.report_cf

Filesize
57B

MD5
b8686ee3fdb2f574a1a6c977b6f32b84

SHA1
a9115f40aacb841126ace304dda2cb26392e7b0e

SHA256
962f281f512c9f1bc4d9b279b20a41bb8601b5b839f291b5764a1ce39e1f44fd

SHA512
b27b4fb0ee3f4c6744e38b11623cb9a3515d7a18323427ff4672a33c14c68b4c9c131d05835ea15b6a377f99ef92fcddb8f68b334db3fd4e40bf0e5cc04090ab

Download Submit
/data/data/com.qqzzs.apps/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
b347618718512b6b20272c16dadb77a4

SHA1
c4bd8a0a205593ce92b828ffa36c75298fce917e

SHA256
082c28469638ba5bde6baec549b783cf0c26655612a675359df00ca7e1d806f9

SHA512
a3739ee044ff7e7fc6d567cbed4c3f84e5d64dc3685c3ad88abfed2d62c4aa0765611bc79bf2349d2ed0e817d1e19f5b46bc7ed05a7bc21ec23598680059339b

Download Submit
/data/data/com.qqzzs.apps/files/.jiagu.lock

Filesize
27B

MD5
06e0048c6d496271dc8cca3196816217

SHA1
264058e1a1856030047f2e59d04594a7c173e780

SHA256
2d13b5ab10c590c82ed38a65ed376b20a50fa22babb002193885ced7d2412ede

SHA512
ee599d8c44bfe3b4f2128759c829380796d45df044e72c004bd1b7df612e0da302a744e48560037df14b8c31c1a7b22875e76e438a19f17443ed1fb95af81e61

Download Submit
/data/data/com.qqzzs.apps/files/com.tencent.open.config.json.1106567792

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit