a3a30aa5bef8c0f5f7a5c80d5a2af708d2283a61a37c202b1af494782ad7f88f

Analysis

max time kernel
179s
max time network
176s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stasdk_core.apk
Size

868KB
MD5

548a355e9ab43cc847930638ec1bdee2
SHA1

8e8d50b35d5059f91fe65d6829ff5dcad50aaa95
SHA256

bfb26b7f54e142193e59a4f7bc9b796c3d745cbe02cbbb670af417cec2d1e044
SHA512

6a7f1da871115347a90fe4c0cc6851239e4b96cb128a202c658b914f1036bd7dd7aae17d041b8a025c2645595972957b044eb5aa3d83f9852c8f0ccba4a0f46e
SSDEEP

24576:+zNimmnQFNSxDWoDNMWaY3Axlb6d6ZX93:kL+QF4N1aYKAeXB

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar	4393	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=63 --oat-fd=66 --oat-location=/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar	4274	com.muzhiwan.stacore

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.muzhiwan.stacore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.muzhiwan.stacore

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.muzhiwan.stacore

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.muzhiwan.stacore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.muzhiwan.stacore

com.muzhiwan.stacore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4274
- getprop ro.board.platform
  2⤵
  PID:4307
- getprop ro.mediatek.platform
  2⤵
  PID:4327
- getprop ro.board.platform
  2⤵
  PID:4353
- getprop ro.mediatek.platform
  2⤵
  PID:4372
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=63 --oat-fd=66 --oat-location=/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4393
- getprop ro.board.platform
  2⤵
  PID:4549
- getprop ro.mediatek.platform
  2⤵
  PID:4569
- getprop ro.board.platform
  2⤵
  PID:4605
- getprop ro.mediatek.platform
  2⤵
  PID:4625
- getprop ro.board.platform
  2⤵
  PID:4689
- getprop ro.mediatek.platform
  2⤵
  PID:4707
- getprop ro.board.platform
  2⤵
  PID:4726
- getprop ro.mediatek.platform
  2⤵
  PID:4745
- getprop ro.board.platform
  2⤵
  PID:4782
- getprop ro.mediatek.platform
  2⤵
  PID:4800
- getprop ro.board.platform
  2⤵
  PID:4819
- getprop ro.mediatek.platform
  2⤵
  PID:4837
- getprop ro.mediatek.platform
  2⤵
  PID:4884
- getprop ro.board.platform
  2⤵
  PID:4903
- getprop ro.mediatek.platform
  2⤵
  PID:4922
- getprop ro.board.platform
  2⤵
  PID:4953
- getprop ro.mediatek.platform
  2⤵
  PID:4971
- getprop ro.board.platform
  2⤵
  PID:4990
- getprop ro.mediatek.platform
  2⤵
  PID:5008

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
142KB

MD5
f0b930680aa93a62bb77d1916e64a3d7

SHA1
fc30b5641b8d32e4efeaf409d07a4d520a95a6da

SHA256
8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7

SHA512
2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

Download Submit
/data/data/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
b23a77c1c0b865c67e4fd0ca80eb41d1

SHA1
e290e2dde37e0e2f6b1274f0a69ac4ed0d26af37

SHA256
142c0b3bab77907907546d3f17089585f1086f7d9711bef8cca9175ea659e26f

SHA512
b93447f22e7bc98a663e3c9f7a8a76cc1c462ca6288deca746256154d61ac58cd54cac199e3462a33ccfce1c43f3ff6a93b15dbf7e1fd0421632044b29213707

Download Submit
/data/data/com.muzhiwan.stacore/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.muzhiwan.stacore/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/data/com.muzhiwan.stacore/databases/GDTSDK.db

Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/com.muzhiwan.stacore/databases/GDTSDK.db-journal

Filesize
512B

MD5
c91f855d26d6fa17df140f60eb0b810b

SHA1
815d79d24883df2fad60dc4d2638e0c464ac8cbc

SHA256
a0b0061700c6ef7d43d8ea4afbb84d85dcc17989ae245babe6257d54a8862c70

SHA512
76633994e5e37f14e29817f5f771bc807115a01fc9f4c69b62305695d36e80a217dccb0ec10d418f0f4253e362f6d4e4507e7ca2ec32d7d75bbe8525f46cc855

Download Submit
/data/data/com.muzhiwan.stacore/databases/GDTSDK.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.muzhiwan.stacore/databases/GDTSDK.db-wal

Filesize
36KB

MD5
35272f66a2d5798ec81cadf6205ae9a7

SHA1
855d66f39dbee511f8eba5e68501ac050c23e973

SHA256
e84de87eb2a95ffb0e87681bec18b0efaf58eaedafd409d0881ad9ee9e05cc28

SHA512
854cf27285ed9755d748049028668a9df048317b36df8624a93bec2cdeb54e7488cdfa4c33f3e2834b0166bf8a7c4f0cfd01d1bb3e9a525948efba68aeb52702

Download Submit
/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
336KB

MD5
8101f3176c78d3293d6355d20c363ae5

SHA1
56d99b70dae57fa9a0472d8fc9edf441202948d5

SHA256
130b2a91918da091eaf5b7229a737b1098bb8fad476bd937fe52e00c5168d2c4

SHA512
b08c60271e9a13a78504e65ac90dcf509bb5223c57a737a36ca3a11258e5e9b3aae490992e3a3c00cf6950b3315544f141ec80dcc947cd77072e342e5e30dca3

Download Submit
/data/user/0/com.muzhiwan.stacore/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
336KB

MD5
798f10a662a4848ed33d16790c751355

SHA1
4198fc8cb89d53e338c2bf12122cb4f53183513c

SHA256
6f52b12d38067a97b22917660e919d36232b409c1505dee37233cf7bdcc12eea

SHA512
70beba592750c2d9ebda28b13378a82b2ff7d0e39d0caff0529d8e3ae7c23eb3b243ecd82bc132b1c12b354e8b171e589bdd846b169e955607e11a87c362957a

Download Submit
/storage/emulated/0/data/.systemid

Filesize
36B

MD5
ee52e5dc7750b349368e6b4797194785

SHA1
2cebb853e347b232dd7d0a169d5a5de1122c69c7

SHA256
3304d18f410d9a7a175da7537282895f0b12ea51f45e2b329b60263a53b98a98

SHA512
6b731b570fbc2ecf601f98818d0d6144ef03ad666a4224bec732f9d57763433eff184f30ecf993de3625749852aec2415c7ac014cd340f9bf64112da26d7eff6

Download Submit
/storage/emulated/0/data/.systemmac

Filesize
17B

MD5
0f607264fc6318a92b9e13c65db7cd3c

SHA1
c1976429369bfe063ed8b3409db7c7e7d87196d9

SHA256
c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a

SHA512
9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads