230f630740972d6d514976d694a51fb478e7f47dafba54186e9cf95d20d045b8

Analysis

max time kernel
3994836s
max time network
160s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
09/01/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e41a9e250bff25fa3d60f10202b17e3.apk
Size

8.0MB
MD5

4e41a9e250bff25fa3d60f10202b17e3
SHA1

ed7725adc9a00d59dcd674a9305b69f67f292068
SHA256

230f630740972d6d514976d694a51fb478e7f47dafba54186e9cf95d20d045b8
SHA512

d13bccd5efa8e63ef2c98161cca176e63143192f966533c6e2d3546e2b5e1a40b04bbcee8f9246dce71283eb7d91ebf67ea208ee65ce016a67feddb3d1816ac5
SSDEEP

196608:0i/05G1gnfZQkAIQZ0pfGQs/gWpSGsjACsQLb:W5G14fqIq0fG/gWSfsKb

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar	4299	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=58 --oat-fd=63 --oat-location=/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar	4256	org.musicplayer.mp3playerpro

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.musicplayer.mp3playerpro

org.musicplayer.mp3playerpro
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=58 --oat-fd=63 --oat-location=/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4299

org.musicplayer.mp3playerpro:main
1⤵
PID:4337

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
180KB

MD5
414bad5379daed838cdab3dbe7759a01

SHA1
424df61a4f0c48b5e40aff0b17204083c0f86944

SHA256
6beb6a735e5e7f882bdcd13c52110122c223da540a8d5872bea7c6af9a06935f

SHA512
b2af1aa3b7ac06be543d6d936a8511077e559ef84b2bf6c27586386f55c81796f39b25586d01d738ea35233a648e0840196fcf0d771345ad1b16f8ecdde02852

Download Submit
/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
f03aaf57a4f40d758b8761dbdb07922e

SHA1
49c8c1c88d227fbf7793182c1ad3627cfb1536a4

SHA256
98dd3ed4e3349324418cc4abde4cd276b0b62830624e5c23300fc61259af4499

SHA512
bc989f9195ebacbdfc11b9e3f40855f5bb7fbe1ebd7d355358f6d05d3601e5ad45bf8ef8dbc330ce8c842a1e35756cb1a7c264dc09549c821fb9a7139cf6350b

Download Submit
/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.tmp

Filesize
2KB

MD5
109b1ba3d6f0c8d732f1a87a702773b3

SHA1
225d716b79cbc3a6ef018e605f1af81cb08c139b

SHA256
c3e22dcbe078a6fb4e034a6e6fdb921570c17d4b289edf6e7a81f0c58804474a

SHA512
f404e2b6a84eb0d8edfadb8ae340247f0710d33f9be65d8b094998866930e55209feb256eba25bb67b77f4074464afcb5670b75ff4caafc7e06881c7c4dde032

Download Submit
/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_setting/devCloudSetting.cfg

Filesize
108B

MD5
93de08e83e9c02e1a1478e1895f8c5e3

SHA1
d31c6886d94d0a87eaf87b6e2bcf572b65fa663e

SHA256
c1b770d36cc85cd3cf7cd97988ea6e08cba9aeda3c9cb26ee99c11281793b198

SHA512
c9b8dd14c77f14c015f4b3c65d23f35e3ec64334d9c0a4c516f20dd1ab8feebf3da88fb051282afecad78657ee097d932ee350e316301c9ee555bdc8f67d8da1

Download Submit
/data/data/org.musicplayer.mp3playerpro/app_e_qq_com_setting/gdt_suid

Filesize
36B

MD5
308dce912f3086b485a697b6db8c0733

SHA1
8ffebbc4ce7d1ecdaf1479fc814876208aa3c921

SHA256
5347f53dad41bc117b8d55de2118e7dee07a7629b9e1f99fd457f4bd40380767

SHA512
36c064f89973649393701a426ad84608ae8108e9586fa64a3f2596cae453a6e1e477b72a3216403a6d2c93b9d7bc31dd0ae654426c908475043ea3336b0a4ead

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/GDTSDK.db

Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/GDTSDK.db-journal

Filesize
512B

MD5
416ac99caafd7cddfa5b35240e5b6bd2

SHA1
bcf4eb1a13694d91bb491ded13901dcd89feadb1

SHA256
ca29a7906073414fbe2d3481881bc724defa3e98517fe1aa9391dd368b04a25e

SHA512
3cbdf2cfd3e6758bb39c75566fdf893296540e4401844e1ee045c7b7dbfb8de1dbfd4ad6142744ece1a2e42c6aa3f46a8a218e19a3b5bf0e5aa54ea8e96f9722

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/GDTSDK.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/GDTSDK.db-wal

Filesize
36KB

MD5
81953844cf0718c22a0ff46f31df8e10

SHA1
e38351b96b9f34badc9a2af5892b9029cc50d44a

SHA256
13157f83052a5206a880338c3dfef37bb22501d7dd5a29b200ed2ae5e18fe90c

SHA512
91ab16a9a63052465eadef223197d725edd3c5f2e41e1023512fc480619645f2f301f16428ac4de5fa1f48257152b83cf0da4bfff5b8859e61c8d9e6ecc459ad

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/musicdb.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/musicdb.db-journal

Filesize
512B

MD5
0bb0d5ffc5b24416f492b77ce386bb32

SHA1
83623b351dc4cdd75ce93583d330c1b5d5bf71ac

SHA256
4786ff01ac3e86d50f2dea6ac3fd2b3a330e2bc279c77257bb83f6d8d81c54be

SHA512
70ff9bb3ba759292688da6ac376dd1ccdda6cd2d61b4a87813d5a97120229f3061010dcad59d0373576b1137a65b05a8f003747ab3235cb93e40d36da8a8b107

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/musicdb.db-shm

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/data/org.musicplayer.mp3playerpro/databases/musicdb.db-wal

Filesize
16KB

MD5
49f045aeb54d206575d70735e017c3e6

SHA1
1f8586d21ec59c5eb196f0439ae0f6e49b7cbf22

SHA256
96648771b4ff774d5e989effa2f9608c81a602ea13547921c1519ed1ed589dab

SHA512
b7b86755c860876c5fac8faac3b8fa0a8658e0a83a59ac7275faf7795e24f2f0ed8fb9c65bd7df9f63c4689e092f42db9383fb3594de2f446f806f0e99caa1a2

Download Submit
/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
402KB

MD5
cc3ff231aef7712d894801aea13cd5bc

SHA1
bc1a0e6e6bfb22e593fe8370a273f85a5fe583ef

SHA256
d73b404ac8c517becf45bae3257891812c071aaed5618b5948bfde6bc3850a66

SHA512
d70a8061e46d5ecc3b878ed21731fb13dab75218b30de70227815e83500d80dd5be976ad2c4698d706b7ef3e45b3e0a3f1b919a70da2612cde598aa8419bc814

Download Submit
/data/user/0/org.musicplayer.mp3playerpro/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
402KB

MD5
de8dfcf662ccca100050ef612baeda16

SHA1
288346ff935ac4cec172b9c4d7ddfb23053ab2c7

SHA256
5232a97917f0eada63ab573cffa4465487836b2658292554c029fd28e9922cbb

SHA512
b1721a57650df27aa88053b0a78965ffb403049f64d9c2765d5baa80adedf25e0ab1c642959e985c09d8a552a0620f90325053ae63983838f25f280163dae555

Download Submit