2cc15527421fc2aad19de2c9d4272f39cd144300bdd93bfca6ab7e104e6741f2

Analysis

max time kernel
65s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
26/03/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df1fac3308770c0342972e6d60cf9c17.apk
Size

3.9MB
MD5

df1fac3308770c0342972e6d60cf9c17
SHA1

7d0b90e3bc19d697d956a8bf9911f0a23348cb7f
SHA256

2cc15527421fc2aad19de2c9d4272f39cd144300bdd93bfca6ab7e104e6741f2
SHA512

86349587781daee68c83f6c4fd517901a7f36638e69ec39e51d98f5088fbd6556eecc821b660895ba2c1a073fea549031aec8c1cd85c9f1f74b58e9720b86aaa
SSDEEP

98304:EtIybAZwSUxJ3wO2GrtJzn4i/HXT/Jpc71NqR2BakGEdiSU+QE:EIybAOSUX3wOtJbPj/Jpcq8EkGEdiSUu

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.just_soft.apk_sign
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.just_soft.apk_sign

Checks known Qemu files. 1 TTPs 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.just_soft.apk_sign

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.just_soft.apk_sign/.jiagu/classes.dex	4479	com.just_soft.apk_sign
/data/data/com.just_soft.apk_sign/.jiagu/classes.dex!classes2.dex	4479	com.just_soft.apk_sign
/data/user/0/com.just_soft.apk_sign/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar	4479	com.just_soft.apk_sign

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.just_soft.apk_sign

com.just_soft.apk_sign
1⤵
- Requests cell location
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4479
- chmod 755 /data/user/0/com.just_soft.apk_sign/.jiagu/libjiagu.so
  2⤵
  PID:4503
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.just_soft.apk_sign/.jiagu/classes.dex --dex-file=/data/data/com.just_soft.apk_sign/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.just_soft.apk_sign/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4598
- sh -c ps
  2⤵
  PID:4621
- ps
  2⤵
  PID:4621

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.just_soft.apk_sign/.jiagu/classes.dex

Filesize
2.9MB

MD5
ecd15c3095b95e689bb096d9ec4fd764

SHA1
9ab891a70140a3f6cb6ab44f4a8fc6ac8441c0e9

SHA256
756b2079f49f054a00f4ef332f1f738690028e1d8a9ea4743e00e02356c18f28

SHA512
5156f95a038386f6a78c19c24a651acbf620696e529662a5a29850e3658018e03e8e0bce41640f8962b19e5136ef605e189a86a41653487f9c06b9a5563c005f

Download Submit
/data/data/com.just_soft.apk_sign/.jiagu/classes.dex!classes2.dex

Filesize
83KB

MD5
a50b845d9b6d88adc371b95847a8e3ff

SHA1
a7ff13e6e66e37a5087a740bcd0eea6bae4aa7fb

SHA256
c21ddf68d8677f0efae7ec91ed834405aadaa649e645ca02b89365302807e054

SHA512
abe6b5eb5f86bbc666300ff95aa73fcff7e9f5a2f27f008d6fbc15cb7430149da24786309f6fb12465d2592f11b51996fff29b9c75eda4af891269c4de9f585c

Download Submit
/data/data/com.just_soft.apk_sign/.jiagu/libjiagu.so

Filesize
217KB

MD5
1449aa0204a2f95fae1c7d561e6a2d44

SHA1
4e007590908bea66ac1c56ab88f45df742023118

SHA256
5184cc64f3382a04254e161e6100f9e5ac5fa1b0d6751221603ef35270e5621c

SHA512
14865a5fb75621fc81343e7ff355551f103c55f680d148dd528cc041e1c4d9c0ed659deb8cddcdf123853d9500dbde1bf3b0fc24c7069ed6d98c390ccb768654

Download Submit
/data/data/com.just_soft.apk_sign/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
141KB

MD5
2731d9a2935e4160c5d21a1120458a08

SHA1
d30107b88123d57b4a7e9f86267750154553eb72

SHA256
2b17314e593684aa054f156d01fb5a95c3a8fa9e11ede86b0c2683e68582e302

SHA512
a8afc38428d3ef7ce1747e0caf299233ba9ada9f01eed4805bc7e024592c47a3ece1912ae8c7bb209557430c299eb04f404ceb3d643abac9b3ea147004a810b3

Download Submit
/data/data/com.just_soft.apk_sign/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
135KB

MD5
d0d08cfc14d89bd13ba379e201247d99

SHA1
84e1b8c70b485ca61dcecb022add70b5e3ed8ef5

SHA256
18a064383d4bcdac32ed536e5a6dd053d1b0211dc4e0dd3db299de8350f2b56c

SHA512
f20cb574e993395933ad98ccb9378697a4f5a5c45037169cc6ab739d2f9febac3e7f009c80f8733f562e762eb414c0dec884d97a186bac1cfad316e36b1206b1

Download Submit
/data/data/com.just_soft.apk_sign/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar

Filesize
141KB

MD5
9bf32f061c390419d0bbeb12b31cf978

SHA1
bd309f5dfa24a38457d2c8bed48f5bd2a553bf25

SHA256
91f5bb129cd82e49c8ba505321ec33c8da5e2c6d2286e32e3b45ef8686d43b47

SHA512
889606a1ac2758d0b4f2346845f3fe059997c58f1756675d45d3eaacc521026a259d0f65e0d84f1de5bc31f3305e21a9cbc3f4f06e97c5fa544706c90a31e65e

Download Submit
/data/data/com.just_soft.apk_sign/app_baidu_ad_sdk/oat/__xadsdk__remote__final__running__.jar.cur.prof

Filesize
200B

MD5
1ba4e9a7d0446ee30f5e2921df622ea6

SHA1
0887361ef65c63971b04685ac9a56a3ce7814572

SHA256
3c89d88751f648702d546e333d89c306ade24363d15bf8f85d67cf3d61319550

SHA512
480a2efe8adc5c9e745da97e7fb2673ab83c7ffd0f57a89e519855c0eb5981f2a693d97c8de9bce79e360f6a05ef7b203f37202af6f65146bb959621c800ea45

Download Submit
/data/data/com.just_soft.apk_sign/files/.jglogs/.jg.ac

Filesize
32B

MD5
05bb752babd63dbcbd4637e88273fb44

SHA1
3e51dfe44b8fc0bae97fedb0e2180f298f6b0016

SHA256
0cff2c6b153c342f32d570957b964c1059e5ffd0f0376a5391bb73eef99d5cc8

SHA512
0266fafe80600e83a788a211670f67638e14d0c43040f89847497bdc3b00be1357d8ae3b0541d769d74ecfff5f5f497b2a189cec393de63deeac5cc594b2d235

Download Submit
/data/data/com.just_soft.apk_sign/files/.jglogs/.jg.di

Filesize
340B

MD5
7f6e998a7f21a1a1dce85fa82e9d6cff

SHA1
af04b022fd2dad1d0619db2439ef8620f38d805d

SHA256
c1685aa6c9ba7f5d4518aef8aa6bef5744af2dbf5d8c92ee64df1005fc141148

SHA512
28e415f442a0c72552f39b6baceea4a9d64817819705d5ac818df3de586cc384fbb0b13df4c6aea9453154511a9fa744bbc8cb2d6ecd6342e47f2463c7e29853

Download Submit
/data/data/com.just_soft.apk_sign/files/.jglogs/.jg.di

Filesize
340B

MD5
b80e83fa66912bd017c70c23ed333e7d

SHA1
561bad0c05cf205d159eabc2b27ed3eea7f49599

SHA256
250e8b7156d6d3e2a4bd5ad1a02f2e196696d56bbd279d9bfebcbb497e03cbda

SHA512
7ff4120b6ae23a7fe3cb723fd45ef21622b2a6ff44683f79e21763902440be42b89271b3292c7dd53dc7c1b09959a81abd62ab1fc4c34ce9842bad342ca869fa

Download Submit
/data/data/com.just_soft.apk_sign/files/.jglogs/.jg.ic

Filesize
32B

MD5
3f68d8dd57ef3e89d01c4ae8a8e278ce

SHA1
2beee3848faa8e22e0c35a84f61333b99b63f325

SHA256
893f4a746389779bfdc22601a93442eadb84b873067d8e216d44cd0c48afa679

SHA512
15d8fde361244355cc8d8d0321beb42f98f810ee5ab26d9825caaaee47f4e78eacb5eb5acd6b57f13e826b0d3ea04a5dd13131922ef6540dac1a00d78797264b

Download Submit
/data/data/com.just_soft.apk_sign/files/.jglogs/.jg.ri

Filesize
314B

MD5
b0965f1dbf6cf7c2ad7592c61aa16bc9

SHA1
525fa262c9d93ca452cc4bf46f067d06b3e8aa2c

SHA256
822f653d5adb0e8549189b2be46b6360ef50d90a2fcef461cc38c96a39d618a4

SHA512
a5b56091492e3d208c01d0a8734f32421d7032ff8c3ffb0093ce77ed69fc5b69f4e78e7c989bccb20aad36fc37a52ec8c2803e264f95f9e019ec62fadd953c68

Download Submit
/data/data/com.just_soft.apk_sign/files/.jiagu.lock

Filesize
27B

MD5
6c045cb320b1dfdb2b99599afe24a823

SHA1
359051f453625a3bab52c502199bee871c5a83b5

SHA256
f243c41dab3a8058f2bb6847f282f21b4628a28ca73cef5c49cb5d16385d6149

SHA512
50bf9f99520c394a24c46d215366fac7015342801e07091241384ae33d454bae83735d41aeb9c6e1a3e7bdfdaf81d577bbe3861a128dfb80b642c62b15e13428

Download Submit
/data/data/com.just_soft.apk_sign/files/.um/um_cache_1711454910689.env

Filesize
580B

MD5
213ae152c6d4123af2132f120ab5ccaa

SHA1
d05a0ef7072e8875dfccd38b001e9b57b74b7e1e

SHA256
7013c818f62c33ba966bc643573120eddc19a9ef5bb8c88ef5fb4533ae8e62d4

SHA512
15829cae64de96e97ac04151f016f7cc566aa26954a23c853a9b0e627a1f00065a5c196c2543877dafba040a6e65eb8a3ef61cae605e6f6945563fed157c2829

Download Submit
/data/data/com.just_soft.apk_sign/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
035efab1cac7698cc93b778928ca2ac4

SHA1
e02e03b7e4bb2b948f72d217a5aaa90c0add8af9

SHA256
93e1b46c3397a999a2f1c4b31e636308024cf5ee41978992daa04fc6268d53a6

SHA512
04b8d92e8632124e3fabb065d294e3f2f27c7f34196b7ed204e73c682ad34c9b5bc5dcac1316db5706d79bc965b07f54b370df93194b3ffb6521ede687869e02

Download Submit
/data/data/com.just_soft.apk_sign/files/umeng_it.cache

Filesize
310B

MD5
6136aa2b8d7a2691f75bf42632caa3a9

SHA1
012de1ca7b47a35c38b4ee474a61395f53c5255a

SHA256
64b55d6573ae94297b26d6f234193b4d8b83b6c556a5004ccaef5e16124eb882

SHA512
16c5bcfb29fc87d467e3d0464a8c2cd64792c24743fcc400981746bebb5c5d6acac216557323511321ea629a74f6ca1425f4353ef4aa5303b883848db832c6b0

Download Submit
/data/user/0/com.just_soft.apk_sign/app_baidu_ad_sdk/__xadsdk__remote__final__running__.jar

Filesize
328KB

MD5
5e68682e5ead77a006b0ba834bef5781

SHA1
6d9790c6975efcda774bdc57852aeb5adebcbe38

SHA256
36c37dacb0b3825406316abf99d6d8140dd460f7dbcb048d04e44398a2e865c4

SHA512
aebe32a7f48b8195f6b76f4ba93134207df26f2ad306e64b941d92594b584837bff8281ea5d0accbfb226c40fbf8c46fa5a0756337f78209b0278265ba520aa5

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
d33c2c86bb29b0f5e68e8ab2efcad61b

SHA1
5ba3d82a9011b3694eb6536a1ed7be362a501937

SHA256
0244ad2b86e5a18226757d963e1da50efeb70aa87991271efd98ff024ba226e4

SHA512
637191887bf39b33a45811d482d8e30554f8345a5a661455834f1fed9f23595c703217649dbd1577bc98a60a38cfcf0aedf3e110a3952156207c9173071c1926

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads