91ed38a19e6e4503caabce1c57bfc86f1178493873e28ad7bf27a47b87b6fbff

Analysis

max time kernel
11s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
12/03/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2179ebbdcc5150b9493ad79e2f10c64.apk
Size

11.7MB
MD5

c2179ebbdcc5150b9493ad79e2f10c64
SHA1

2538d0ec38995f1a9aeb757aba3919568edd3644
SHA256

91ed38a19e6e4503caabce1c57bfc86f1178493873e28ad7bf27a47b87b6fbff
SHA512

be753ac8027e7b620a0688b41b57caf833ae53b79f623074355f12e5139b956d8a6f993cf925e6fd28e752c6d14d639f7ed51cd18cfdca3baf6e453c98807098
SSDEEP

196608:IuDHDPN7ER6w6hF1MeA8HPRA/420n7gjZzTWoy7F+X3N2Sun3BppdeEIUH:IuDjPBXf7Meu0n7Suog+X9tunXpc6H

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex	4481	com.moyun365.android.zkchemistry
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex!classes2.dex	4481	com.moyun365.android.zkchemistry
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex	4481	com.moyun365.android.zkchemistry
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex	4530	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.moyun365.android.zkchemistry/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex	4481	com.moyun365.android.zkchemistry
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex	4560	com.moyun365.android.zkchemistry:pushservice
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex!classes2.dex	4560	com.moyun365.android.zkchemistry:pushservice
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex	4560	com.moyun365.android.zkchemistry:pushservice
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex	4560	com.moyun365.android.zkchemistry:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.moyun365.android.zkchemistry:pushservice

com.moyun365.android.zkchemistry
1⤵
- Loads dropped Dex/Jar
PID:4481
- chmod 755 /data/data/com.moyun365.android.zkchemistry/.jiagu/libjiagu.so
  2⤵
  PID:4508
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.moyun365.android.zkchemistry/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4530

com.moyun365.android.zkchemistry:pushservice
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4560

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex

Filesize
6.1MB

MD5
9eb1a27e2f54b7811c6c823a1a06b018

SHA1
7288d58ef939df07a6583165cb4a30cff2d4aeaf

SHA256
f3c1d074e55009b7d10403a8d48a5206a9c9f0364b75eb088316602b94d1fe17

SHA512
62dfecad5c1ae49ffa42e9c50e106df488da549a79c7bf65291cbd8490e32e414c3df894b6937aa56fbb1f94fa0788c43085f55089a935c8e7e01cf860e85b46

Download Submit
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex

Filesize
5.6MB

MD5
b6771ad013008a0b5fc22e5e65ab25c5

SHA1
be369f18cfa6f4280a183ed6fb2b8958d7b0df67

SHA256
a1445e5fb3779194ceb7c35d9e9cb0a505e784abfa570cdf0fec1589ca03c6db

SHA512
f9b61ef6702c269254de93580eef26a506a3b3f8fe6b8e0f80969b4d979c12d7a6bcea09d422db282bc345bb8c2493f054bac62e8c7e5d4cfa4a24614a983081

Download Submit
/data/data/com.moyun365.android.zkchemistry/.jiagu/classes.dex!classes2.dex

Filesize
2.3MB

MD5
c3a59c58aa12b7cc2c6297d65893f4c0

SHA1
c5cd5807dba5406aadc150b456284b5021a90f7f

SHA256
ad79f9e8a5448806f44915be97a703ed96afe5b0ec84fb7079674e81ed5ebc81

SHA512
6dac64bbc07350e388c4b0cff48f0bf2cc5b67fd78dd84b9216f6e9052de5915f5378b6248a3e47a08c5c717e8563165b915ab9705ce4689c782aec4f2e7d914

Download Submit
/data/data/com.moyun365.android.zkchemistry/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.moyun365.android.zkchemistry/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.moyun365.android.zkchemistry/app_plugin/PlayerUIApk.apk

Filesize
12KB

MD5
e8532b871ab3f90635cedd5a5050a05a

SHA1
0b64bf7763f101e65ae0535ad67feadb87c4e016

SHA256
da5897eb27faf984e39d62bd26dab972e916b9eea69a2bed6ed31119c9c10750

SHA512
4238f533fd322cb023a48d4c547de90d459bf9269ef305d7fd1f938c2b05a1da2de9ce8de2024f346beb829762c419d6e695d545e0532806a085f5e412d65b49

Download Submit
/data/data/com.moyun365.android.zkchemistry/app_plugin/PlayerUIApk.apk

Filesize
3.8MB

MD5
266c07e5b8b5bc1326d0af4d12b8060b

SHA1
ab520f97260fced786b6d6b4f9605dddc4e71e9e

SHA256
d93b91cc67329fe0f008818bc3227d4c283e6daefcae41f8f2599e693fc7851a

SHA512
18e3b1182564c483e84aadc98753c8923223fa1e2d1cd1cb41666ad907e22fccd89453d4330482682bc6f1e91b97cf42a707528cb15e6dd34508b49a23d40515

Download Submit
/data/data/com.moyun365.android.zkchemistry/databases/ua.db

Filesize
44KB

MD5
966ec17ae2454e0402508dbdf9d4dbd2

SHA1
e0cd6a510ef01fe3dca46c984a5d55c754facad0

SHA256
17778d0c2aed63661db3bd52ba3da5a2c4a004e252963c660fa59bf99c7e3e5c

SHA512
766baead7fbb1f3a5f95781cb3badc2eedc023630d295433470fa0133fd13f2bd7a7d0c6d16cbab70a0c4aeb522ae8c708f620b052c07f75369cebf5e6a3f7f7

Download Submit
/data/data/com.moyun365.android.zkchemistry/databases/ua.db-wal

Filesize
24KB

MD5
e6654993a8adc743dde634940fa0f9f8

SHA1
6cc16ae7d89b291859b00453357c6a6bcee31643

SHA256
e0c6e335ab5b515bc803b99d286d5633310fdf7a762ecd8f667c8465bca5cfa5

SHA512
d6d12864317fdab5561fe9ed3c2f210862b9fd92ba1836774132897398e94c73812453e4c39b340eb49af11b157e940e9752ad4b07575936d3f9e7970c6f208a

Download Submit