e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484

Analysis

max time kernel
177s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
15-05-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484.apk
Size

24.1MB
MD5

46a8237ecbe0e5917ef9ce670c7ce422
SHA1

3842bc1cd7589b011e1e86289d18f6f3526b29f6
SHA256

e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
SHA512

8d25a58cffef4e5c78732e2cacd439acf67fa03cc584c340f3391623c876dd7c39bc5b6067b1e8eeed4f0cf7bf984254bce0b8ec4a1fe73849600b51388bc135
SSDEEP

393216:07KWMxmZpoM2W+wO9JtjQ19ggc5KbK7ylv4Os1rgnp7h+FJhlsxbjCTASe+oqNhi:ZWHZ1UrF2g95OieSUN8PGxRF+owad

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.wendenggu.jiuchou

description ioc process

File opened for read /proc/cpuinfo com.wendenggu.jiuchou
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description ioc process

File opened for read /proc/meminfo com.wendenggu.jiuchou
File opened for read /proc/meminfo com.wendenggu.jiuchou:pushservice

description	ioc	process
File opened for read	/proc/cpuinfo	com.wendenggu.jiuchou

description	ioc	process
File opened for read	/proc/meminfo	com.wendenggu.jiuchou
File opened for read	/proc/meminfo	com.wendenggu.jiuchou:pushservice

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

ioc	pid	process
/data/user/0/com.wendenggu.jiuchou/[email protected]	4485	com.wendenggu.jiuchou
/data/user/0/com.wendenggu.jiuchou/[email protected]	4688	com.wendenggu.jiuchou:pushservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.wendenggu.jiuchou

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.wendenggu.jiuchou

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.wendenggu.jiuchou

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wendenggu.jiuchou
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wendenggu.jiuchou:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wendenggu.jiuchou
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wendenggu.jiuchou:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.wendenggu.jiuchou:pushservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wendenggu.jiuchou:pushservice
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wendenggu.jiuchou:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wendenggu.jiuchou
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wendenggu.jiuchou:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wendenggu.jiuchou
Framework API call	javax.crypto.Cipher.doFinal	com.wendenggu.jiuchou:pushservice

com.wendenggu.jiuchou
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4485

com.wendenggu.jiuchou:pushservice
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4688

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wendenggu.jiuchou/cache/weex/libs/weexjsb/x86/libweexjsb.so

Filesize
32KB

MD5
aadc225bca90b1459fbc7274a6ee3ed2

SHA1
5d5f65257a934b57938d7501460df5709ded4719

SHA256
e0a7fd44fe80edea1a8f5cbcff891f4c1d2d2b677643683b10fc7a5179f9691d

SHA512
79e9a91f37db4a64cfeff293201c494a87928047a9f0452f47a150c14287cbccc7d2ad556fe3e98a335af598cfa7ac5a1a107bdee32deb4a484f5d313cc599ef

Download Submit
/data/data/com.wendenggu.jiuchou/shared_prefs_ext/test_app

Filesize
8KB

MD5
89a14bfa7aa2b9f5928503c3168c752a

SHA1
0f572606651fd4eeb6b46e9d3f9fad27ec8c13e2

SHA256
b7e4e047521b499410470b7ad93480b7a9e068522bb5426a093fc8211820d4d4

SHA512
ea3072560a60daf7c2ce1b20b1ed7dd06a961df51340c7a7e0d269804172f23eed293f5a64dbe50b690998506a5ed4e90e4bac5b8efb5d869c223c553cdc8fbf

Download Submit
/data/user/0/com.wendenggu.jiuchou/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
dfd4e5d67dbfdfd008428cd6302b14d4

SHA1
52d9b584b233afa4d6ba267500695bab41b62a22

SHA256
aab5417549f18b7cb456dd50e566bd51b4848e0aaf9bdd70eb8a1e2abdb8104e

SHA512
ab403fcbc130a8be36d1f0d6994c1a633751811483b2a0187873cdfc0e258ac54b7074e144bf4fecc0d2613f96c22b6c0f5d0198d37599c392df53379e0388eb

Download Submit
/data/user/0/com.wendenggu.jiuchou/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
fee5262ec07cfb8af2d74a2f08e0f13d

SHA1
000944e889b0e7720e78aa28d4a1e94121ae16b3

SHA256
99f8097935fe6125eecacf1f839c6c5e1e86c7672ef241f35e748f032f604e16

SHA512
5639290aa463f0cdbb796e954a328103b798b50d16176806e6d39092300338fff899cd6d3493f24d18cd95ffd092b5356e63c173793077a2b0e939562521cd21

Download Submit
/data/user/0/com.wendenggu.jiuchou/[email protected]

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/0541fae81656da68011350a561cf54552f7d9c7c22139f226fc6aafa2b5c82a2.0.tmp

Filesize
8KB

MD5
ccc9f5f0809d97c113e407cb1c0efadc

SHA1
81e05bbd62a3cab0ec480e9b65f42040ab771480

SHA256
2f5880511e6c644dacf91282bfb28fe284188454376eb06ec6d16b3b2cbdf002

SHA512
2691de0cc6ae4598173599d5dc5bd46835a6381b50dd90c3ddabac98c4d934cc5d48413ccd3038471ef6669af9675102dca13d9b34484a26cddfc3cc89a3de47

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/1ed61e973ce1600ff50d7633509cdf9f2119506cb17bae189b2ae88ca6a15587.0.tmp

Filesize
1KB

MD5
23ddc63879ba5f43b5c5b62431f9c0d4

SHA1
53ab64c34bc1ad081e3d41be2fea7c8ff2cceed4

SHA256
a70c9730c7c230ee4fa50c8aa45de0fdc7aee15b61c3b1cf02438ca813a63a0c

SHA512
721caf18d753058ac037aed3edc4e9e2548c15635d982275dd32cdb1666a9190dee4be2ed61ae5949f7416cfd89de052f524c2f125d1ad7f907371b8623e14c2

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/36ec08a1792bac8ecd73f05367cfd3145246c3e2b89064bedb155fba607b781a.0.tmp

Filesize
8KB

MD5
a47ca3327a256531866c020b55b66138

SHA1
748ec08b99f4ce7edd6dc40694e38706dd48049d

SHA256
8a1bbbb554c4a632d999f4398b80672d292c55ba9be3c53c836b42a855dde4d5

SHA512
b57e3364b4edbda0da18f5e00eed8002c96e1463790034da1fda8b248bc3c71af6fa96a173fb55ed10a3d6bc63516df6d02dd24b95510c9473f0990c80926a78

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/ac8200eeacbf4e2421fc08f41a4083c9f94653c4a824a2cf2dbd2c296a73dc40.0.tmp

Filesize
8KB

MD5
19af48cd48dbda088c4eac564b655f78

SHA1
02c723103b8dfb53f38b7057a107f8bdecf039f2

SHA256
04e456dd6fd365f9fecbf11fb85a8b132c628b37d90c9513ca8af9018e697ab9

SHA512
2ea6ca5d041d0c09b10c2d11b85c64f3f494b5ff52d46dd5451a02644daba714d7a514f5a00db8c421c3e23e4f279cf31c887df217f88e063dc7992d3dcc7daf

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/f7bf8ec55968737222e2db119c1b430cafc682e90bdb50966292531cf865c80b.0.tmp

Filesize
8KB

MD5
94ab04b661b7180da705e6dd9c580e2b

SHA1
fdb0e7fb29c29c1d5ddf67a3ee178074dd80a169

SHA256
121fbeced8a803789c3d719d527a88fc397786a1d0910e1cd1912ac7ebc8eb52

SHA512
e37d882e0378d1c5aaa3607b875d216326da7237467eace9f5fb1f7d107c8c9a9ed8c403e511a5b56e94b970008a3cad3a464bb4293b23eb0fd2d88506dd02d6

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/journal

Filesize
8KB

MD5
c3cf4287b3724c2211ebfdee5b8d01ab

SHA1
dec8d692b93a270db647aefae093db79a737bef2

SHA256
8222385632100b8fb20e6ee1a475d5634222935d1af9b55068d87e4e83b05195

SHA512
c39538704be70ed7d2fbf5ab07f6831e751e8ecdc8a5e6a95c2e548682e6b2e7bbfad7fd3abb978999714f0728b345997c56913d17529f66a6073f7bef952f01

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushext.db-journal

Filesize
512B

MD5
cec4f9d90b1c4d4e7909bc2ffcaa9a24

SHA1
d9caf52a61b440976e9654ce203357f3e106e0a1

SHA256
ac28cde211d998cb291a54cc850eecc44ce149a0b620d1630dec807ed323f127

SHA512
e4fd300721163aa911bcdf44838f87f25e205a39b7017875433f1d23b3aafecfbe997d80b22b64686b5fb9add656255142f97bcfb3b789379a6f825324ae1936

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushg.db-journal

Filesize
512B

MD5
a320782413fd32ba812bdfaf80a37961

SHA1
3c7b57e33de4d6cabaa1e9504ac7e31f39b27054

SHA256
20e8174461253a29b1e960c761116847e6ca1d1437e41e4758815fadc8a771fc

SHA512
088ceec98e6ca1269d355b10c28e76783f03854913b4261f6d1f246903059bfc264be0c1e65627cb7814b9202fd03fe50380774bb0e16aa82206bb15cb46b55b

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db

Filesize
48KB

MD5
b64f35ebbb0299d35d718fbf799fbd93

SHA1
720448ae6366fe4804c8c2c44727fac69145240d

SHA256
e14f9cf960a9bc0183b55074291efe891f7cb2a4dfe8a9cc74040a8649551b50

SHA512
14d1713b2e3d9c9698163324479ff90b708fb640b2a18d2703e1d38c77a7aecf6f5857566c9a1496a8544199ddd6384df6ee90d89263e163a8335f57ae5215df

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db-journal

Filesize
512B

MD5
c11f66f60d51ff19c427c1c637604804

SHA1
23654684b61e7cd9794d2e76c924a0dccfc6d6dc

SHA256
f96acedcea24b3e11cc2f86bbf4d9b0641a96ecc4f2ef9f7b19915652d45703e

SHA512
eb5fd43139f3cb7af8d93548c3f1888909547eddddd72eaf923edafb91c5d32bf416688fbb92319c0c0b6efe500a81922ba5a7c476450fe6e522e2f9df3638c9

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db-journal

Filesize
8KB

MD5
3ad501c02b6196ca46240fb03cd4b1de

SHA1
c0c23b43d506f0f114588e272c03851b5f087c12

SHA256
8adab3b929039cbf9cc541d310e9ff1af83a018841de445756cc983f3860ffa1

SHA512
a5474af7dfada50d27847a7c99941e52757f0ff2331107e3c425b1744da31b450c5fee646c9e9bd9d819f618bdefc98bc78e5de90aff818aae61a97e7158225e

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/.imei.txt

Filesize
8KB

MD5
cf07fcef7ea9999ffe36cf8cf13257eb

SHA1
716c887e7729f5992c5565d579110fe429c14235

SHA256
78a4a317511640d3f5add7231f03dc9e48ce92d4a27b0c6d152b7fbe28d995fc

SHA512
5ef21864531860d7aa4625c9f91c7283b7a224b824be784797589ae34733689984014e959df773c01bfe30965635b9bd96ee1337baf3e4cbe7194491d0b83090

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/cnc3ejE6/eje3cnc

Filesize
39B

MD5
7769d4507985f59116153463f09235a2

SHA1
b081e84d14300ac7a7947aade9c025fa83bc17fb

SHA256
5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

SHA512
ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/init_c1.pid

Filesize
14B

MD5
461e52889962f79faeb45d9d921c6d7f

SHA1
1b4d923bbd86942faef6975ef3b2548fac9cc549

SHA256
61b125d5798b7432a6cdc5765f5296272a7690b8adbc7dec38a04187661d64ca

SHA512
0236302a0854a9c002cd7188d72fa0446df34e43cc141ddc98a4287dc4f78071fa30f9ba72f25df5949fa49848af29974e3148a0149aa67d6e2169baf5acd928

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_deps

Filesize
4KB

MD5
505c10d482800d538f0af8bfdfa35d8f

SHA1
086075536ddcd48b615981bbc95eb3b251477a0f

SHA256
62efe68a5232d92fe5531a2bc4d33a3242c967c24d5e98ab3e936c8bf74dcf56

SHA512
eadbf53aed2d0f5575a7be4e9a6ab0ab0164a2a3bd0f99ca07089b59adf1535e6817f79b2bdf25c58be7293693a4683f4cfb0d3dab14edacddcac262eadb5c94

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_manifest

Filesize
8KB

MD5
3ec0e4374e8fde7b8babfa7ec1c60a44

SHA1
72e229ff5b3f39f8f255f6ebebdd7818fd0d6782

SHA256
29a56b2a966c8076a180f67c720571a636564c72826b7cbdaeeb9bdd67d5df15

SHA512
4c2dacbf76116921d10b5088e4f013b692bb562789a381bae32acd5aaa3940259354b19f14ae99a5016a7d57a32b85857696fa432c5e88f164ff35f555b41e08

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_state

Filesize
8KB

MD5
852530253c6707d8d1c4182071e5b3a2

SHA1
b34e3301291d439be869e190a4209b80bcfbef0b

SHA256
799bc6cc20df747d52270113979b609c68ceb482358cae9ab951f89b7595b205

SHA512
e663407ab0da4df6dc1a0a329749b59cb96f93d6ffa0b7e7a37fcdee7d9a7e5adce75262a681942258b9e80d826c53bbf7c1e174c990aa295635d38eda23db2f

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_state

Filesize
8KB

MD5
476dc72836cb58e16c6b0690c695d6b1

SHA1
0a0f2a7e85267abd11bee69b972eb54d818a52f7

SHA256
c5e661d518a7e6f81c0dc84234caa90b783e5d2a31659a91a655f89d537de958

SHA512
29327f55ebc152885c2d7c8edecadc2d9f8e31e6248ef53241a25488e185b33c0276e838029e6da1523a491f690b965476b1c643f2aec4fc74c372b944b75dc4

Download Submit
/storage/emulated/0/.imei.txt

Filesize
28KB

MD5
6028c7d6d46dc09fddfcb661629f0404

SHA1
c673b388d453d6f99a591968fb93d32e9e1526af

SHA256
1f943852a613b894ee147e5c9e7207cf259674e81c0ed7fa86ed98526b326303

SHA512
1c3c7377b4962816437bf28041d1d8923cb31d7ed126e611982effee98281279e012745b6f6e545193cf88bd6ccfeb5d7182a2e4beb7ebbe3bf113d11912de9d

Download Submit
/storage/emulated/0/Android/data/com.wendenggu.jiuchou/apps/__UNI__59240F3/temp/1715785806996 (deleted)

Filesize
398KB

MD5
b38211d704cc6f5cd0d86cc9e4b8ffb3

SHA1
7c4390c564f6583a98ea27b370f8b2c2d055ccb2

SHA256
d18c468a4461e4e8ca3fa3b7ab3b713258c242a837fd247524ba143b661cdfd8

SHA512
00b9d7e0fdff6f1c64f86a4783ed4e3dd8fba36221a4682483df057b0dde3d33612c853b997d985a7d8052a186399ec6b283406ca05af09c39fe4a1a0c6ceaa1

Download Submit