6c16f74852acda35f9f23ae1e8b403fd4346cab780aa87648245f1ebe6748782

Analysis

max time kernel
98s
max time network
166s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-06-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6C16F74852ACDA35F9F23AE1E8B403FD4346CAB780AA87648245F1EBE6748782.apk
Size

6.7MB
MD5

7b246583c74aa63c13b1e4d4d4ad718e
SHA1

6cc9aa1ff041fb7162debcff2dc3787bdb6707b2
SHA256

6c16f74852acda35f9f23ae1e8b403fd4346cab780aa87648245f1ebe6748782
SHA512

925401adad913d31a044a7d5a292de823467e61b0786bc82d74967d6948d1e5132168422994389e781d6763b3a6e27ea79c86d08f8e65a3b9fe1904ac6ccac84
SSDEEP

196608:2P9yuY7CuJFbNQxe4HgP+XL23Gwt8SWKE9xSMPY1uuGh:sytCuiM4Hn9SlE9oMABGh

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.lenzetech.traxxitt/.jiagu/classes.dex	4251	com.lenzetech.traxxitt
/data/data/com.lenzetech.traxxitt/.jiagu/classes.dex!classes2.dex	4251	com.lenzetech.traxxitt
/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex	4251	com.lenzetech.traxxitt
/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex	4281	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lenzetech.traxxitt/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex	4251	com.lenzetech.traxxitt

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lenzetech.traxxitt

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lenzetech.traxxitt

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lenzetech.traxxitt

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lenzetech.traxxitt

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lenzetech.traxxitt

com.lenzetech.traxxitt
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4251
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lenzetech.traxxitt/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4281
- sh -c ps -ef
  2⤵
  PID:4362
- ps -ef
  2⤵
  PID:4362

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lenzetech.traxxitt/.jiagu/classes.dex

Filesize
6.0MB

MD5
475303cadc663da9a26e7c83b4708953

SHA1
ebab9bf385b75e1fe6a351d96c1adea584ef367e

SHA256
f7f61da5dbefb0cbba4d393f5e38e9ead640b0e912f99b509aa3f62994cee60e

SHA512
e7580346cb38e55a34eff00128a795c0bfd6d0ad862704d7e23ee78ef87c1531238b738a14fbd6395975670714279c1dd407f1a1e4c9003d52bbea9cc513fa06

Download Submit
/data/data/com.lenzetech.traxxitt/.jiagu/classes.dex!classes2.dex

Filesize
730KB

MD5
a9e7e42fb39d032ae836859fbb3dd985

SHA1
de6aeb9f64d8176d3a8bc15165a7d620d36e1744

SHA256
a76a30f8ef4c475eb89c24e7172b785e7e46978334c4e5ed92f99ef1bd084fbb

SHA512
1b12e0b585e5390c953ce160d8c296d39e4734eb78a99e34b211b71fe8ed59b86007d3dedbbfad111c8837b0012e1c61f8fa6356ad2eda6feef7b63313ce7870

Download Submit
/data/data/com.lenzetech.traxxitt/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.lenzetech.traxxitt/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.lenzetech.traxxitt/databases/demo1.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lenzetech.traxxitt/databases/demo1.db-journal

Filesize
512B

MD5
bfd6deb3b86b76ad2477212a8eacacfe

SHA1
cacc62e4c720bde5bede3d524b8d8cd06cd0df08

SHA256
070d1a3e708d142e986f257482e92a46a36972805c967f64ded07e34077df13a

SHA512
b8010645dd4f262b8285856e6f8f8fb7f99b4a271014d8514a78f9d457585297d007ec375d58d41b9f2782a39af4e2ac3b85f68b8657118dea552f9fb75735df

Download Submit
/data/data/com.lenzetech.traxxitt/databases/demo1.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lenzetech.traxxitt/databases/demo1.db-wal

Filesize
52KB

MD5
116d4e762c79d39357fe3155747356b6

SHA1
ba4dd83e097a90db8aa917da8426a0cf8f3fa7ce

SHA256
228b905f57c6d8adaf468c196477c615c62ad0d0f1fecab1cc6cf496f3edacf9

SHA512
f9522ffeebdd9a6bde9a6aa6b982e7d5fbec5d03cb5140ec57d8822adaaad19ad3673862ed36d4cdefef7742442e6155f070fb4ab7b89e5df2a0e56f9b7eb408

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.ac

Filesize
32B

MD5
d8cb48ab4d605d78e63e87b77b163358

SHA1
24642929b9ffd30f6b49a5576019057acb2273f0

SHA256
4c28e36cc90be70b3a62baf49c3f5c86e09595016dca5fe8327206fe7835b59f

SHA512
a728af196c7f6d60c4af9f74ca1f2d2027c989d0a4359da32cbbca8a9b4bffba2388e1203f093a035a4874e6907c7e16977e038bd08ad3588eaa015b65e8333e

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.ic

Filesize
32B

MD5
20a64a4e6b8c088cfbf28b62a0824ad2

SHA1
ad4ae5b07036c85f50468949de08e3f26fb32f5a

SHA256
fdabeb4a0404d524488ab0b9d88ab1c4bc7a6b87ca70794c5d67bd9e463a0b90

SHA512
24f8684b3d19f9c152ff788969e717bfcaaf35774514dda8e6d3d7055cc4471f8204b6de322857c2a4ff957dc808637607be6ee9bc7902ad082843ec77efc561

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.pk

Filesize
32B

MD5
e695ca8e1241af7ca38605ec9cfc5f7f

SHA1
582676750af9552764d27b04b48ab7b97b396ee5

SHA256
028a30b8a948d21808e1de98f535968221c1a5e6d0cbab2968320efe09308d58

SHA512
f029679c7a50b8498e316283a7a8636c10448503bd8e2c7fcf79a431c197b6ec4db5ea8a00579a12ffe7949219475dfe5fa68f793722c37526c99015384bb668

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
a52f5c2c023dc0a3fcf4aebdbe619990

SHA1
821f793c91a21975424f7a8eecd777138f96a77a

SHA256
ed67bb8a6f72a00a6ce3b684701975372848521c4ff45d18bfc09fab61534a50

SHA512
310ec074eb8dcafe649524ce594566c82f3ee8da491300bfe34a7ca5b7e570b5e8d9b86653c0ec2fabe47f9d5d35ba342bfe1320cbc8963d999b5aab0472061d

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.rd

Filesize
32B

MD5
e424adb58240068dc79642da5159adec

SHA1
45b9f65bf01d80d850f30eb41b6e710678abcd9c

SHA256
c69b70e604a25c040146ca9b1e3831a5607c993bef137ced3ada6ad183289fad

SHA512
4dec96b72e4bef7ca6c8e4b9a53114e0a71913381a15f3ce91f97efe257701ae4fbae428a9205a23628704239be5f3c3459239c50490261534a04555ff299106

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.ri

Filesize
314B

MD5
3d9ed81f15e1957e911082d316613211

SHA1
e61001e7252a5792b35d2c1d6a81b1a0db4efdca

SHA256
51a832f6e66b42a118c4598e9293b66bb45aec7518cfd795156c24f5d06fbe55

SHA512
0822c672a4205bb5108a9e663f65fc07f2cde150a0cc6313f420e2fc797e6c00599c5dc8cee114b2911616af35314c0302353656bd0521b05e453b1ae72dc4bf

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.ri

Filesize
307B

MD5
1037c27ff6d07b3dd1ebd64d61ea970c

SHA1
136c1590ab0381697330a56dac2297c58aaf8c31

SHA256
3b9393ef52306b8eaa1955324b4b6cfd554bd4e558c119b77ffb60f67dd3c7b1

SHA512
5c6aa2d5851b1a1b3cad9286e6630dbcf4ffe76ed703b8a2b7f295b446bce52bd9d333f181f73d3560bdf3ba0ec83660b8e331a7bc61ac2bd9ac00df49924dfb

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.ri

Filesize
307B

MD5
60e6ed6643f3210d05b6ee7e7c7b18c5

SHA1
7608af0df4940bf0c334b485ffe0f8bcc0b9fbd2

SHA256
8b2fed9699830478e2c710e466df55cdb28c882d04e5b267c10d29aacaac1a49

SHA512
f98bf356b0ce7dddabf16fa351cbb597544da06da3fb8784d630a73d4b9bd9be541100f4478f6806d51cc3bef6b28fab8096fefcaa4ebb94548800bb27f76cf6

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
f52138ef68278f7293fdb2678c096400

SHA1
0d7db73618c88e2a32bb7817c14b5032fad9b4e5

SHA256
6b4aa0e0f8edbcf14b19f99460ca12651cf047f7f4677d33c6da8390c6b63e60

SHA512
784cc166e1041b90a6d01874df2fece6267f933778b1067389c7a555d3136dd8e0b2e57a1193bd2ad23fcb983d57fd985a4ef81168771fb70063b5734a6d0f4e

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
48337302036d1f3bb2c18d7fb2ba1cb5

SHA1
69a623bb1af4c4582350a13126781d6b72366a56

SHA256
8f8f312fcba13eddefe22245e450cf4fd17260662cfb6782d183d90628056485

SHA512
91ccc820eba1768aadb58d0877b6faf70a8164885f538f7f3f54090c93d37a0b00a3fda53e6add0dd40fa82ddabb0f1e4340117b1cd5973b5dd004f524e89339

Download Submit
/data/data/com.lenzetech.traxxitt/files/.jiagu.lock

Filesize
27B

MD5
a06f72ddae90dc306282ce42b59fb008

SHA1
6e20ddeff5e02eb50c7806e1ff963f8d87eb1289

SHA256
b85f23cdbce6729335a07104c4f9f08c76b01420c5b5f8607474e864216ad1cb

SHA512
b9696170113c64e5060806dc909f290bce5b1b24eaff28d4dcd6571c3221e36cb5a07a016f45e0f90eb28b2213dd195a55992a373bb4c9b9a30b338ed5d54a34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads