Analysis
-
max time kernel
226816s -
max time network
166s -
platform
android_x64 -
resource
android-x64 -
submitted
15-06-2021 02:31
Static task
static1
Behavioral task
behavioral1
Sample
fab7bb800a9fca77cd354e47ef568d9dc1cbc229bb0755f7d0a2a6d7436aff17.apk
Resource
android-x64-arm64
Behavioral task
behavioral2
Sample
fab7bb800a9fca77cd354e47ef568d9dc1cbc229bb0755f7d0a2a6d7436aff17.apk
Resource
android-x64
General
-
Target
fab7bb800a9fca77cd354e47ef568d9dc1cbc229bb0755f7d0a2a6d7436aff17.apk
-
Size
2.7MB
-
MD5
a12c36a82245533a4a4b9ff567da0107
-
SHA1
a5c056954f1bd5205c337bce3f6ce3f5a4b95fb6
-
SHA256
fab7bb800a9fca77cd354e47ef568d9dc1cbc229bb0755f7d0a2a6d7436aff17
-
SHA512
03734d1a2cae4babf99e1ce2bfde2e90e881ed5ca91e5b46277f9e99d168447f7555e0bb8c485e615d32a0d0a7e2a91d30f29c92c2b4dcec7aeb78a274c94ae0
Malware Config
Signatures
-
Uses reflection 28 IoCs
Processes:
com.ploh.wxdcdescription pid process Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.get 3648 com.ploh.wxdc Invokes method dalvik.system.CloseGuard.open 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.getInstance 3648 com.ploh.wxdc Invokes method android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted 3648 com.ploh.wxdc
Processes
-
com.ploh.wxdc1⤵
- Uses reflection
PID:3648
-
com.ploh.wxdc:resident1⤵PID:3682
-
com.ploh.wxdc:assist11⤵PID:3732
-
com.ploh.wxdc:daemon1⤵PID:3787
-
com.ploh.wxdc:assist21⤵PID:3759
-
com.ploh.wxdc:assist11⤵PID:3867
-
com.ploh.wxdc:assist21⤵PID:3963
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
39ab38f26dcb8cf500a2018fe5ca9eed
SHA1182bf62f83fec70b680bd22da9fa46b4bf5caef0
SHA256d3c75ee1360189d5d382092ea594eac5dd386e704942837a34a2c93d5ce9199a
SHA5120a2bb1561f052bc57a06342de9997bf936ccbe463c3d10b6f2d174a4c6b3a8d239adefc2bd78f22e7680977c84e4fd8ae77318e2900a589ab65f9106526d16f1
-
MD5
d11f7acf22fa3e20c39019ce05d8abb6
SHA1808ce118732f5689e8b92f25058f01d93f063ebf
SHA2564d83058901aed65811e45a6ac46b23df63c33e2c7f9e8f4df92c378182fc9eff
SHA5120d30a4ca428e643af8c8012e1ffb719c3c522afe86f1beb7272aeb2c09172fd3dafd86ef2603bdd270b9640b038c540f471e12a50d32a644609d713659fb59ed
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
7681921e52d3d86089b70ce5a31252e9
SHA1f3620ee47862ba708f949808ffc8a51b829bb1d5
SHA2564b71067f7fa9b45c207c67c0381c42cb4d06544f514e2f634acd3a78e79cefb1
SHA512f24ee0510d62d435ee90053b98f4643585a16c39da60ddca0795270244d970f9cd1ba1bcf6721106394c89453cc74d48a557112a37dffc08ddf27c7bc112d4e2
-
MD5
4c430d78db9ae1dd52767725a61c2304
SHA1082a64cd6114eb9f90493c85156741a4d18f6d52
SHA2565c90b439be6cf4454bf3d1b860565756482dae196f4e31bca6821a8b5cebc424
SHA512d7d23a1ec96488c734c9eb5907bb4950da3f3a693aa4a82dc026d700bc6cb201e0348621479026f1611142f48f5b18aa72460ad869a0ad075448abbc0168d64c
-
MD5
597e748c2dc45db041fe54096b10bd6c
SHA1d1a212cfa3150af4c9bcf3931e6f8ae48e173c0e
SHA2569167cd0adb02f930ad28b24fb0c638644feb6ea73f9ea84be5d89a4d46c24fa1
SHA512fb2deae7d632d67ea12b359de113507cd62f1b787363ca39b3f22b4f25ce81e9d08a6c327a860c97f054259601198cb14600361e07c84a2bb18b9c92109feee2
-
MD5
278d03a8589879b3978279484d1a6abb
SHA1b6bc06c0e6999383678df0cd0f509ad22e66074e
SHA25607e52d733695cb3e532635c5b4fe89496517369853c0c2b3e3387f0da71caf63
SHA512ea74a1001127e8351c5da23bf8c4ee11ee9180fae70bc97ec3723225e808cb8df17ce680207537b64c3c053ad452732b13cd4061b23abb5ee719113b2cd8d848