fdfc98e0a5de5250d4691392506c651326f2335cf9a24711b9c7c837e548288b

Analysis

max time kernel
145s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
12/03/2024, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3269d82e42fc019a0c7c8f8e56d81cc.apk
Size

9.9MB
MD5

c3269d82e42fc019a0c7c8f8e56d81cc
SHA1

2ec5dc948075b046fb1fa30d6be45b9db8d76016
SHA256

fdfc98e0a5de5250d4691392506c651326f2335cf9a24711b9c7c837e548288b
SHA512

32374d173f1e8b5f565f3fcc135b365b925dbdcbb99608f5cf83d1cc5aa874ae4964a813aeee3bff9fd628b3edfa4a2766ec21d67418537f0de70db64d868867
SSDEEP

196608:kjTsDa17HsGBseyfCrSJbPHGstK1G60pcGnGWU5XDtG0r:kjTkcHWeBybPH6/0GWk5

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.hardware	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.product.device	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.product.model	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.product.name	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.serialno	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.bootloader	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.bootmode	com.sportstouzhu.langxunwangluo

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.sportstouzhu.langxunwangluo
Accessed system property	key: init.svc.qemu-props	com.sportstouzhu.langxunwangluo
Accessed system property	key: qemu.hw.mainkeys	com.sportstouzhu.langxunwangluo
Accessed system property	key: qemu.sf.fake_camera	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.kernel.android.qemud	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.kernel.qemu.gles	com.sportstouzhu.langxunwangluo
Accessed system property	key: ro.kernel.qemu	com.sportstouzhu.langxunwangluo

Loads dropped Dex/Jar 1 TTPs 8 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex	4188	com.sportstouzhu.langxunwangluo
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex!classes2.dex	4188	com.sportstouzhu.langxunwangluo
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/tmp.dex	4188	com.sportstouzhu.langxunwangluo
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/tmp.dex	4188	com.sportstouzhu.langxunwangluo
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex	4275	com.sportstouzhu.langxunwangluo:pushcore
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex!classes2.dex	4275	com.sportstouzhu.langxunwangluo:pushcore
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/tmp.dex	4275	com.sportstouzhu.langxunwangluo:pushcore
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/tmp.dex	4275	com.sportstouzhu.langxunwangluo:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sportstouzhu.langxunwangluo

com.sportstouzhu.langxunwangluo
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4188
- chmod 755 /data/data/com.sportstouzhu.langxunwangluo/.jiagu/libjiagu.so
  2⤵
  PID:4213
- sh -c ps
  2⤵
  PID:4495
- ps
  2⤵
  PID:4495
- ps daemonsu
  2⤵
  PID:4521
- ps | grep su
  2⤵
  PID:4540

com.sportstouzhu.langxunwangluo:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4275

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex

Filesize
3.9MB

MD5
e88a8bdb1d4150e3a59e243e2992f4f3

SHA1
841ad6605692356e7900bfca9c5b505ddad7308b

SHA256
981455c9cfa13942ab9c6c47cd8f9ca329cdba870fb58fe0b11430379030f40b

SHA512
8c557df9e74d9036c7c4c142da26089e3098a9f65fd0f81e076136cc69309bab001c04ad2406071592e5873509303f6438e25971d4ec817c9ae750204832d04f

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex

Filesize
2.9MB

MD5
8e5c7af4390317f2afb01a0addb58db3

SHA1
ec482bcb865a2e42dd8caf56a67230012cc44795

SHA256
f9639f4d51844603c7dae6e98b96b02a7cffea9606820632aba403182458bca3

SHA512
14f244fb855ef6538780a3a1bd16b625de79e0102c13024d557277280796dfa7252bc0d40f304a520ca031b11840671150d402ea8395a5c11bb10314912b11ec

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex

Filesize
6.4MB

MD5
8e33f95dda788ff3ca82deeeff61fbfc

SHA1
2f2552c77f11aa892759326019746770098e37e3

SHA256
7f8e294100a753baa721e7d888c04a816f7a37e3f087c242049d37f02cb216e9

SHA512
da5aa64267c7d77d7bcfc6191be7f15366edfeefeda7f482cd125965ccda5387dad6cb9ab30ad955f1a03178d4d1252322df3ec596385514726a12fd1be0ceb9

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex!classes2.dex

Filesize
268KB

MD5
ca16dbd79af404ba9dc3bf875e55d17c

SHA1
490f27b7522c9510e4350691b1563646bcb958cc

SHA256
12e5e5cf274a44b7c759b58fcef5a28eb368aca033602574816ecef13ad70ccf

SHA512
9296268dea4bb18c08ee3e7fd770f4b2a84776024afdf21626b9d2016b2761665d70f4961f00b16e4f12d5b1215874eb1a79ec00cf0a2e832bce014d4601040f

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/classes.dex!classes2.dex

Filesize
668KB

MD5
a23ae1cfa177f586cfbe57d9293f63c2

SHA1
be851f6e857e3d2fc83341e6f3b1e36f1d3ef6db

SHA256
47c7603c0e6d62b729519bf5585e53099fee7060d2055afb2e0d317e5eb105ee

SHA512
d75a329d0018f3103025506eae36faa73a4cbbd47dcd6a37d3b69e972f8bc7ebcb900a3747368dd8ab86327f35de38b5341997160423d2ec86fbf6c0dbd7c2c6

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cache.db-journal

Filesize
512B

MD5
cdc0ed0bd0144ae2da23ce501d254f4c

SHA1
96dc49855730f53bae30f14cde1a883b04f1db3f

SHA256
558f5083b3cf124067f020f843a9176cf187c8c0a155d01afd63fb84ff9e3850

SHA512
c533fc2ac3f7c544c1f2a8b872444bb4a8351534cd976b7654db4e76d85fc83ffcb963d8c74d1d8a497ce1c69103dfb1e75d16e96b1b7965cc1a20fc61db84d4

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cache.db-wal

Filesize
16KB

MD5
81235539cd86512ea3fd1cfed4d3661f

SHA1
8e2717a01bb41424508146ddb3c5fe65b771e869

SHA256
c61ff53fd30fa8d10f668c715bc28104c98eed717b0d7ff4f19025a4960bb9d5

SHA512
8ac513aa6639cb47e1d8fdcee977b0433f8b23d56f93d5ff86eda6245f841d38ce019c3812d1bd339f98e88bad389bbc14437220a01c6b3ef5f059a5d03c4e68

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cache.db-wal

Filesize
4KB

MD5
f0134e1bbb294328c739f53b14f006bc

SHA1
5dbdef0dbafb00bc6cf8757a6d1e5f0777595b7e

SHA256
a7186d7b08f9006b0fc2fd3950c4773cbc90c2ed7f59a1d5d2a30ee23e07e301

SHA512
3984aeb966ceb598c317287192e58df563216ad177ef7ae93eaccf2511e6810f633f858b615fb57161f4a07a2a304aab767034679564cecaf18a3657ec3ffdfa

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cookie.db

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cookie.db-journal

Filesize
512B

MD5
ae685e55840962a76a247ddf90aefa58

SHA1
3712d405197bd0801ea5adaad2c3f373118e8668

SHA256
5f8b847ab5f240e01ef488a5a776cfc59a2eef6a30d8e3de65a05d7991103f3c

SHA512
06dcbca56dbf0204ee841a1ea0db37d27b9ed0223ecafdb7a74ac2d270c4750e57bf205de44048c9a00fe3c7bd23f37d2ed303a5f50a2b5ea17c39ade6e0da99

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cookie.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cookie.db-wal

Filesize
16KB

MD5
9d2eedafcb1940bf2e36afe316a7b00b

SHA1
da8f410977b81950050d88b13c72694ea40f6055

SHA256
dab557512f5bf9802a663e9a22208097881b345b6f1e8c1658c4099981c29fec

SHA512
af12f6c0469f14838323b2d56b33639868f03ebf5c4e16dbda64531efa99fdffba802d3b7e82df14f73790d2f59d55558db39d057bbc6b7d19d3532ee2fef240

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/databases/xUtils_http_cookie.db-wal

Filesize
4KB

MD5
e23c502bb38a22caa7c0b2a17d7ac080

SHA1
c919602476534b2163e97286b426b8032a85b018

SHA256
5c0be1a6b9964d010590d135e53275bb4e747003714115bc5e28efd4e3fcda9c

SHA512
76a679496e7c467d5a8a276c371f4106adc9570515f113fd307c9d0cfb1d3c345225e8c7996e4a3fe1df4af77677e346ee9c4ef19930cd08360dca3731f89a94

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/files/.jglogs/.jg.di

Filesize
340B

MD5
a22f1f2b067680eabe0cc9f53182996b

SHA1
c61e7907dedcfac7075550ca75fb1d24ddda7f30

SHA256
4e0f0eaafcbbd5da1c321a1d3a9447e220038e9b4d62774e25679498ef4b3ee2

SHA512
9c713b09f63e0a5fa40ec66cf9816e8a960ab3019d9544e7c7524bcc29c74292b4300b13545774ec88ac85de91e8253f4582c9e23917f11d7fbbefb4d1aa0e88

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/files/.jglogs/.jg.di

Filesize
340B

MD5
1bfddc00f8e5cf83502bf04285d92442

SHA1
4787fbbd32f0b290ead79d45344ae3b1d3471605

SHA256
f04c53c0bd536a972541320801d16ef67aa34a5e87858218434f3d7e5ba6a6e5

SHA512
d0a77203ba11c4cbed94cd5774a1ba2041c44ee97ca10775f0de24bb6d31b5c7c1c63f4804639709e232e096dab56df8ecd0d78ff6aa7f307adb4f7e4ec256c1

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/files/.jglogs/.jg.ri

Filesize
314B

MD5
ce369491b1260a613d161348bd4ff04b

SHA1
5a59a67d6618903e4863dbab7a6ac0973813d0a2

SHA256
4697faee770318a5551f0ac699a27ec92ee030ba33abe2fdcbbf2b5ca18b2016

SHA512
965b9d0f6002bae5dcb06c94d7a20c93583bbf4044df106d72664b0e06fbc1a5ace28601e23e1410e813ed2a9d142f963342dbe65814ba54e71c61733441045e

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/files/.jiagu.lock

Filesize
27B

MD5
a27a7a6ecc4270cdc7eb96ddaee3e838

SHA1
d82dc740302c03ddddddce0c2c7fd40e56e82f4d

SHA256
07fd0f489914e61df0b0a8e4be8410f5228ae06cf5e183151a47fa526fcd2d4f

SHA512
fc1e91dcb951f3245789cbdaf6d3003bc60a1b57ab46e1b10fdc8d57aaba6474833c5d6b374ee769a18c1bae63f105538cc39e2b34557c70c8a041ca45316118

Download Submit
/data/data/com.sportstouzhu.langxunwangluo/files/jpush_stat_cache.json

Filesize
151B

MD5
cce1d298d1444578e7efd919e7bd533e

SHA1
4bf32ac0ae55f3409a12c735e38392765451fdf7

SHA256
d0b8d079a06a91a2892040a634f3d0026c9467a094e2ec032a7aeee01b7f6ce8

SHA512
c31a270f351e8db2e748c8ac871925fb956bfd0e5e23632b71c39c71438a7b02a3dd97bb8422e5c0f7b95b4ed9dad0c81a61224e402b40b5079e31512fa09d0c

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
80f6804561d7d7ee55dde6602e23d8d4

SHA1
ecdc192ae2cd8ef6bed46b17811d422a2eada3f8

SHA256
388674ada38a5510e7b735384ab0f8e7c9ab56a340e0a42e68f366de8d727d00

SHA512
41bc7d7e6fa967a98f1b155e891f14db918b4834768d28cf2f70ef3caf6aad22d3f48061946b34cebd2cbf6a54f77a946b1142c4f6960650a75a4cf94ea7b9ce

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
bf5b52d3ee6a164e4e4ef5a52568797e

SHA1
d4b0ede5c6f3eb5b097454ab99c3872075aee090

SHA256
c57fb0faf13f80cca759e6c0627e140cde2c4161cfe8bc22245a288de986c48a

SHA512
cacd5a9d49badeb20bb072b4ed3adfb528a5c4dd961b7279c8dba55091214d0eac51f0a5fb238b1f7aa3b7cfe2773de9bcb33437e3ed52567db808f69ba1d080

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads