c644866d54229e6468725ae34b4ebbddc76396a6eeddee92f30905c73cf7e0d5

Analysis

max time kernel
146s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
15/03/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc236cb4e4ffccce92ddd8ee5366df13.apk
Size

17.9MB
MD5

cc236cb4e4ffccce92ddd8ee5366df13
SHA1

e0eb2dfeba81cf99c162a9985633c0f8ae4bf155
SHA256

c644866d54229e6468725ae34b4ebbddc76396a6eeddee92f30905c73cf7e0d5
SHA512

372b81bdedfbe00d31b4552f390bb4421f687fbe057039435a72feacd4769cb3e6af40e2bfe2dfaf9cf52f6fa69393b41c479020300f969ec263b884b507ef0a
SSDEEP

393216:ZONPXBL3FFxnm1ucDS+N6cP+r2tF9Y83E7gf/dgmRYtjC:ZO5xpm1dbNLF9RUc2mWtW

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 11 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4281	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4281	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4281	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4281	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4351	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4281	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4407	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4407	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4407	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4407	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4407	com.xgbuy.xg:pushcore

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4351

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4407
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4559

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.5MB

MD5
bc7b7cec4c2313b65f6d767a77164dd0

SHA1
f0a2fb5db284bc60f424c2084984c830cf4d2ca1

SHA256
84906c5a9b057b44e0df1fb8030d13110748ba30ef7a8017abdd3157ef349ffb

SHA512
379bec4a7a82a83c32e93cb3d5d0e0622d78ec79a5e17861f9600069283ffeac13340003fd2323c884a114bd45102034b3e5e609b3390ce099db6ef71a144432

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
f1e1513c1caa393fe8e9a3f9fff03e7c

SHA1
db053d40d0ead70c10b229d129359601a8b5debd

SHA256
4e81f36348e9d21ea9121450a9c68817efadedf40bf365af9d54a6033b363934

SHA512
e9c0cb206d14c55f3bf375fddd0d1edcf2e4540c24ac5df6e1c4884e87be9861a87b4fa5a49162fd054bafac7ed223e6f79686ffd71224f64f7336173298c03b

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
2.0MB

MD5
e0cdaf1a37a325beb335128a913ce71e

SHA1
1b4f9eda9ff72406032655f7a7f97e361d90bb2f

SHA256
444121cbd8f09a2461d84bcdecea5c61c0a5bc7b0fd3671d6a1ba5a91281cbba

SHA512
2f24d69d48c4cf889db9b6d2d5c867b8ea758663e0e83ce1e7ecf650a6b5850669d35d46df3355a643bb2732b590d4609eabbe4aa74d4a4b076c3bb8e8a17d8b

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
485KB

MD5
015df5724b50b4fbc6dd0caf7ccb817c

SHA1
980780e98c9958aec97ab7a0de8d28a4c5fd9429

SHA256
183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6

SHA512
fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
6d254f48be1558d5db69ac1d034df2fd

SHA1
8c86cc85bad8a60a5b896546d5dad10dca561b99

SHA256
cc20f0e6efba2da573aab484e0328be9b7968e25764dcf120c91748064477e19

SHA512
774df0a71f4b468cbbba8f50078d5d16f304a165fc7c323e12f0003fa9a08c8da42c1cfbffd7e96fae26665792a670fc675dda2ff0959866e9ce0a2fc93a3e82

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
941e979cffacf49ded4fa9d826e78dc3

SHA1
cb2939a4c67a457c0b9058c61c4e09ea1e47d7af

SHA256
86adaf8d65a1c795f1984d94787ab4987556d38515b0023cab3b9002136548df

SHA512
9f6e57d82ec4b6eaece5350a722b5368a531ae18df4256379d050c3a3bfa5559f48fc457b86b125d0918baa63746e89cd4b9f5925e2df8815ea17cb41787fa3d

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
8c25356fdc389c95fc3c31cadd715b8a

SHA1
ac50f59d8904c29b754d8934ecb7561611d579fa

SHA256
e833b822e97988b41af6b31014e73c64ee5bd8b86c3c456cc06197dbd33fa952

SHA512
28994098eb60c9b924c15b200a042e3ab86a2508f4b196ab047514ba8620bdcb83b8b60e027cd779b761c22c2ab776ca806d6869128e5f0afef2cf2a9e4d44c6

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd

Filesize
73B

MD5
578831178a1e55179b81580df54b357b

SHA1
b2331c9378558ed29b4452d6b11c2df49bae4b51

SHA256
53da0b776b6357d460ee17e9dde4fed16a46e935c6b754bbe49d807c26d477e3

SHA512
cd04cbd54c297d91cc6be8f7850b5f2e42b60a6f5aca5d49cd3373c118c3058216aaf40633ba9eda2e0fc01af69a5bb63354256fa429232e6afae0a99641e7dd

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
314B

MD5
aeeba4f9c694bfb322873bc73275a65f

SHA1
0200088b81b62018e34f93c52f85aa3f3077a648

SHA256
cf9b78b93f8305cd5dcaeafe4eaff86b55714c3a4481d70499f5c7babc576286

SHA512
6f129a87948fb82f5be48b96542430ffe45656aaa3efa084facf35522875e13702d2a0c5948446a332a3d5c25e62ad5fe7972079dbc524fa8c72d37699567534

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
db0c24084815ec07e24554c87ec405cc

SHA1
d7a50ccb099d0479322af537c09e5354aa0487ff

SHA256
5ce0e807bd4d672954828b0d70833c7f2fc3c9ed1b4781f6fb2883972838c813

SHA512
ffd2a5f91a056c2c6b70ecfe6fa780ab2d118a56c439cb03681189570e4b71272e0cffeeca452b50f4cedb5c03a36b1f5b3286c051020d004be15437266b4367

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1

Filesize
66B

MD5
093d6d3426351dbbd68f2a6f70dfae8e

SHA1
9fd1d9088b5b354c772f7ea865ec8450c09bbdd2

SHA256
7065930c425107957a2db95b13c8b4bc1b7225c945a2a1fd941f833933af395f

SHA512
4926afa7a570010742fd2e92f9b5813b82e4370c8d44f8e0ff897313a120c2a0e0b14b52629da31c16171c4ec1a435e83efe368dba7535c4ced8a4081a8e2984

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
8e21a854a64b173ffc83a6fb2812a2b2

SHA1
d336dfeb6e2add323d1654f53f2f3c00a84ad666

SHA256
580da58051ff6113411fe856575d7f6547eda1aef15b7222b9199b020d598874

SHA512
c1ee50903d9f32d428a9db180b580e9a6d87ba4b71f655fad7bb05b50b2d7f889c90da80b87df4d6d278595a38f467d98227434f270de26c55b474792c6cd32a

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
73B

MD5
7cef4bf7b995564773e94229541dfd48

SHA1
4270195392562f55dabae96238b59d535f5d35f5

SHA256
b599c40c0ae5855d3ebfb7b876a0390274d0432e41e5d58b4f347e941f2bbb1f

SHA512
74c9fdcf8183f798bfc0eaff0bf1b0950a72bce6689e2c00ecba8e98d975a4e0e872f8ea406f400de8f6941fcd56bf75820e044585ddb52df1d9b851cdedceb3

Download Submit