988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a

Analysis

max time kernel
121s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a.apk
Size

3.9MB
MD5

7c8b3c00973ca3958f4e41e8950cce35
SHA1

824a227d09917582c8ecf5594b62454931fdba22
SHA256

988b57dbef854f64c336421be4ff779ae07bc3a184cefc2432f98966f862579a
SHA512

73b980b63bbdb97388cff1220deecfb507d903cda89ed3cde99a3f0a3dab67f49e43ae5ccb16642d0c33dc7eef99ddbd3f150f173b8cc9a1acbc7105b363a13b
SSDEEP

98304:2fZi2qb/g2nKAPQthA8Cm0IkxOLN9g2/Lo2PZtceey:s4h4j2l8SYY9E

Score

8^/10

defense_evasion discovery impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.GjIZIJIz

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

defense_evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	com.GjIZIJIz

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.GjIZIJIz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.GjIZIJIz

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.GjIZIJIz

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

defense_evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.GjIZIJIz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.GjIZIJIz

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.GjIZIJIz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.GjIZIJIz

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.GjIZIJIz

com.GjIZIJIz
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
84B

MD5
01205cf0ccfd328d6e1e27c97101dd84

SHA1
29f085d0588c64708173b9bb5ca68d879084eaba

SHA256
0f36d8c0d3a032f73c9ec684f9282684fec76da8e06fa60c4381277588c024c5

SHA512
25bb2a93abc9a46d953332e3dc1db61d9387e85701b15215e4c50dfc985010aacf5e7355eb7783ac590bc5dbaddaae8530938bb335108e88d47ac9c86a3a8799

Download Submit
/data/data/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
56B

MD5
8f7accabe06abdee911d1b6c29043721

SHA1
a0d3b7e4ceaf4b73cc6eb0653dbb7073cbce4211

SHA256
df5d82e3a26e33d50216e4fabb0203398e45d50febbd8f02f2d5994e0ce73e23

SHA512
3abe6fff9f1a82dfbd0e77104809229456957570ca8b3371a71f04171fbec8336f66e04d7ce692eaea99c78da32745c7845df21b815438c3bca8e56e021cddf5

Download Submit
/data/data/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
56B

MD5
a01d6c3338c5fba2a316f649af4f4aee

SHA1
ee45f23b655295af2e6c1144cfb83f00a9437457

SHA256
74bfedba25494467ed464675711d8b45f6f2792b1b666fd9224f0b744c39d8ed

SHA512
fcc5493ee3aa9a9efd051162263da388efcbfe930c6f640d2273dfadf15dc676a32c4d9b5b8bdd25c922d751541a20049e55b42764862487030058143f3cb6f0

Download Submit
/data/data/com.GjIZIJIz/app_tbs/core_private/download_upload

Filesize
84B

MD5
9c649ce3b440355e1c76310c8fb28f97

SHA1
735dd251d09424c2b880ce1db2e4dd21a6b7eb3b

SHA256
217fac4605f063759c3a049996d63202acb2058b4f3a2e58589cc0543e7cd4f9

SHA512
2eebcde84bf48384d443481883913b81bf6749e84ac507fb6afe398c88a14e1b4623a33a3b831263f65f17c7e2874a9ac31e1cfed8faa7d548d40958f85c98c5

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db

Filesize
40KB

MD5
a2c8ea957c4597e5db4c0a0d8e0c5ed9

SHA1
60e20b2855a3cf0725332849c7717c6d98875e1e

SHA256
c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866

SHA512
780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db

Filesize
24KB

MD5
7b284f803c5720c0442d281ba72940cc

SHA1
6833178aee1e34e353e89d8850cd8f685a438a5f

SHA256
9ae04300a14af9b1006df1734c950656cedbb56ba6626497fe9e04994a8a152f

SHA512
31909c88f7dd11355c2e391bdf7677083c1dfcde73c357e09b66576a3b92edb0040cb69015f420e97e8b22f46cc95cfb839534ec3ede369cbbe3fa3ed26fd0d1

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db

Filesize
32KB

MD5
483d0a2a2ac3ba13725630c42f7954e9

SHA1
0cdc898965ecc44f3f69f7eff1aba96578e3bc7a

SHA256
80ce5065f650a47bc4e3f0c1ddf70f2b3a1665f37e0ca7596574f5b688730a26

SHA512
7bbd3297ca035a6ea644e87c660da973531e40971a55019e7e5bd9a6de1b76bc4697a3b6d03c3c5cc22390576e9044750e8bfcd240a3a3ee902dc716a6fa8db1

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db

Filesize
32KB

MD5
9bc3617be0a6238397c3b324ff4848c2

SHA1
5cb5ab2bf1ed4c9e38a7b8ccd9033e9f2b4fdd93

SHA256
481ee03d59d2a32e35e37ff8b742f174eb3f7eb7f292f5f15a2242fb4e98c265

SHA512
00568cf2647c1fd6949fce08740e233800ed4bec8ee1a418a23bcad7ab043687ab877739f95383eaed9a3fd1df93e172214ffe3ccd67369915019c7f5b586cbf

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db

Filesize
16KB

MD5
cec6b369d02b6ad1643942fea5b7d284

SHA1
186e79e538f75c73a9fe793f7fb0d97ad8ef094b

SHA256
bc0060906dadca7a4b7535b569114cec94b7d8281ac0249fe9fe75e75159d36e

SHA512
74bcb72899ac1cccfd922ef5bf15d9a3f25a0a18e527acd66d6c026420c85347f6166ef7aa7cc2a1889991c97e0cf3cf2f7c4c0a21ac39b8c37b50907930b4b8

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-journal

Filesize
512B

MD5
d59165eca3e595c3e39f8fac75a0ed1f

SHA1
9dc9d362622c8785e0e45c9ed6242f2e6994e0a7

SHA256
65498f904ba3be9091510e5b24bb0389d37d130831fad5fbeffe48368ee190a0

SHA512
a701d7c29e421d861968c140975b582e7226735df35f7929dcea3a92d678e978b23b1c0075944d0b3c4daf20a7d88af85083f19d1f342d0b587081c21cbfad2a

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-wal

Filesize
52KB

MD5
a61b83e77ec0fcdd821b5b6fb4b6d1cb

SHA1
d7097e887456b5b99b86ca9a107d4bcf680cf8d2

SHA256
a96768e7135b8bc8d70752e66d96f6b470d282879b03179a67c0f9fa2ee02952

SHA512
9c9a4d886d9cf9ce5d6656dae0c1a9d18e3fa196c64cff3206084dc7f73ff802b2ca962de6a6eab34605a0fb5fed65188d98fd4deff929a45b6a4573726265b1

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-wal

Filesize
12KB

MD5
d50a0beaaac62e34880406b2640dbb4a

SHA1
e626acfdcda1d6154a9685db57cf2a12b84c4828

SHA256
1550969d06910350668675c4b2a619352637175ac6b7df842d5a0888a9e9c2f0

SHA512
86800919c586a7e0700ca9846a4421fa80fd09d681b4a956181f354c8e14e1232a94d51dc97850eb223dd343667b97e7b63edfa0cdc1d5908216e39414af4d88

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-wal

Filesize
12KB

MD5
081c05e1e1bf6119125f7299063825bb

SHA1
b7c0c5ebbf48bc12244beaa64d0ddb975777149e

SHA256
37e6c93bbafe24bf8b37ac20f6bf0570b3720132bd4647f9cb2b32425fbaf2ae

SHA512
c601a85c9f9993a664a339237c6a3191023745eddb8698023242270d1850bcdfa838fd6ef7796b1679ef4cff9a385726252e1a9db6d30a811b1c390f3cb4a38a

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-wal

Filesize
8KB

MD5
23247bb074c21fd56768c1a926e150f2

SHA1
79ad2fa429766ef27fc13b4e54f29b1d12fcb44f

SHA256
72fb6ecd3653f8ff956caa38b3eb8992aaafc94093054febac15f86281acf418

SHA512
b5f69e9568559c2f45660c7fe364b8f40b2ff3c0f918b8ce2f7acdfc29b9c104b60082f98aab35641c4b81cb36d8dbf84c181c7b44e3f2663011754086e656e0

Download Submit
/data/data/com.GjIZIJIz/databases/ua.db-wal

Filesize
4KB

MD5
a707d0e8274642dd513427100f8bdcea

SHA1
ed17eebe0ca24c22fc56ef100c676e8a10a18323

SHA256
4561929c4b97ee3fd3b4c73ae7771c2eafe8fa4ebe3e9186b4748b3e9839749d

SHA512
61a9bcc9667f4287edc003f81d920869e60b7f05459d1a2ad07cb7842b0cd5b383da6eb947bc1cbe246eb439b0fbdce1e70c905d85c1bd0e0d443612f5bf32c2

Download Submit
/data/data/com.GjIZIJIz/files/.envelope/i==1.2.0&&2.0_1743199868176_envelope.log

Filesize
2KB

MD5
8f8ab2d6742ba8e86d4922219fead3a6

SHA1
f1b9caa51240648174c33b4bab0f8c457a1ba1f8

SHA256
e5472e3d95332c844d50e4f0c99c800b17ac108fdc2542049df6ee97e7bf87b0

SHA512
f9086218f66902ac9b04535a36ff52028e578ce6544be9d053b1dad6f8ae7cbb3f2c134a4e341fbde8b8e1ed425a6e1e7c7f5f1c38aafab62b9524df684430e8

Download Submit
/data/data/com.GjIZIJIz/files/.envelope/t==8.0.0&&2.0_1743199869212_envelope.log

Filesize
1KB

MD5
2b6d3199d05598bb8e972a3d81726b88

SHA1
26bad90ad77be83ec3bfd093d1a7b40276bc08ff

SHA256
f4e2bc520a5fed36664c927b37107d4c0680e7051ad7235a98be20618d035ba8

SHA512
ed83a50c4fcca64645f729c5c86d5e2f142f4d3ec78d780936abc7cfb79d008edf8e688f57380a3967d48bb73f654629d2e982ac28964a2ee677654b55014829

Download Submit
/data/data/com.GjIZIJIz/files/.umeng/exchangeIdentity.json

Filesize
139B

MD5
b154f7531e689f59057c27d444cefed9

SHA1
eaa8b761afa2630b5dce4e7f4b9e3a70d50026cb

SHA256
f548e13c1ae249cf1ef6f4051536b27cc1eafd11095dc469656c4bee9072fff1

SHA512
db8259359a1f3b69637c06b612d8fa94dcc2f05ac3421aedad87031720fc07a457304199ad5836524bd7fd5b906265c68ffcd875c0a2b0959f72d0395a9e3f6b

Download Submit
/data/data/com.GjIZIJIz/files/exid.dat

Filesize
33B

MD5
ac5d9caec853c802cf26ed26a3e50046

SHA1
bff633ad0009f9e7313a5b5f1a2604af727e2d4f

SHA256
deb2e23c4d832424d49eee91addc366397514e9654f2b3b046f74cc0b407fe14

SHA512
89bd66b482c28ce36a866a8bd092976930aabb6540830982bd89e5e3bcfa8078fe58b81a668fc9c4fbf625cdaeec97c12d49fc087798d0fc6a02a499465cb08f

Download Submit
/data/data/com.GjIZIJIz/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzQzMTk5ODY3NTQ2

Filesize
1KB

MD5
38d3ce216a4c62c7df37994c210627bc

SHA1
5e8f30f376e26eebd944b7635f54c1266edac214

SHA256
928d9511663a659e2a872673d701380a1135130edae60bc47d65a86cdd30f2e7

SHA512
dc73e830d68e012a16b6bf9d0a2e9998e8147c825f3a7e9a695752883cc960d0fc9ff865227336958fc206cdf7b8a114528d8f7456c975f9424e2695a080b11e

Download Submit
/data/data/com.GjIZIJIz/files/umeng_it.cache

Filesize
350B

MD5
45ab441e68857c49748161d91913a669

SHA1
97ddfaf601bdb8754c1256d606d60c239b5099c9

SHA256
1e203974a2e2462897c603f0c2555e4e0e753b2a06d936ff380a300f83ea6a26

SHA512
77227beeef726245d38c0522d360b28bf3a115d02e0cb2feec665ea9392dd5202cee8f1b17b9a63cc20e88a102089c793293a3f75010d569cb6783b1664f0036

Download Submit
/storage/emulated/0/Android/data/com.GjIZIJIz/files/tbslog/tbslog.txt

Filesize
16KB

MD5
91d5d46ddf16fe669fa8a13340c7718c

SHA1
b4181dbe65695bc16d742981bb178eae08c12dad

SHA256
bbdb5b898126b6f9c81b2b4484016db884c04523d193fac7d8b571891df61763

SHA512
65f9236938aebbd80fc3ea2e403cd93f6f562c1fb318f6811f3c7afe0dd80e0467aecc08154326499312d9f7b35ebf86db91ec855b4a8c254160dbf5472d95c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads