e4db9da1ce50018da322df7ed6b2bba251f45ef8e7faa9f96280e7cf1f4bfd8a

Analysis

max time kernel
179s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stasdk_core.apk
Size

1.0MB
MD5

b1a590ed02c586df1e69c62749410853
SHA1

82528aeb58a3fd4fb242b3c4a9af855f42525e4f
SHA256

a174df995ead589eeb861d2396cc6ffa53c72ce66cc195beb28a5c9c13386591
SHA512

d4b11468f523b9cc688714ddb1be84a06e955b39cc0c3ff3071b8ed98428b6f0ddf909c1ea4bbf15015e6f06086d67b8a9be6dd68f4fe0b11c56c4f5a66f4532
SSDEEP

24576:VzNdQk4lV207V3DiIEJ5gA136syCblVuxMffl9U:ZjVGM07JDxEJ5v1qsyCbUUli

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.dbgj.stacore

ioc pid process

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar 4302 com.dbgj.stacore
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.dbgj.stacore

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.dbgj.stacore
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.dbgj.stacore

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dbgj.stacore
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.dbgj.stacore

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.dbgj.stacore
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.dbgj.stacore

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.dbgj.stacore
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.dbgj.stacore

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dbgj.stacore
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.dbgj.stacore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.dbgj.stacore

ioc	pid	process
/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar	4302	com.dbgj.stacore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dbgj.stacore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dbgj.stacore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dbgj.stacore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.dbgj.stacore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dbgj.stacore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dbgj.stacore

com.dbgj.stacore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4302

getprop ro.board.platform
2⤵
PID:4334

getprop ro.mediatek.platform
2⤵
PID:4354

getprop ro.board.platform
2⤵
PID:4379

getprop ro.mediatek.platform
2⤵
PID:4398

getprop ro.board.platform
2⤵
PID:4506

getprop ro.mediatek.platform
2⤵
PID:4525

getprop ro.board.platform
2⤵
PID:4568

getprop ro.mediatek.platform
2⤵
PID:4587

getprop ro.board.platform
2⤵
PID:4612

getprop ro.mediatek.platform
2⤵
PID:4631

getprop ro.board.platform
2⤵
PID:4675

getprop ro.mediatek.platform
2⤵
PID:4693

getprop ro.board.platform
2⤵
PID:4713

getprop ro.mediatek.platform
2⤵
PID:4731

getprop ro.board.platform
2⤵
PID:4777

getprop ro.mediatek.platform
2⤵
PID:4795

getprop ro.board.platform
2⤵
PID:4818

getprop ro.mediatek.platform
2⤵
PID:4837

getprop ro.board.platform
2⤵
PID:4862

getprop ro.mediatek.platform
2⤵
PID:4881

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar
Filesize
142KB

MD5
f0b930680aa93a62bb77d1916e64a3d7

SHA1
fc30b5641b8d32e4efeaf409d07a4d520a95a6da

SHA256
8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7

SHA512
2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

Download Submit
/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar.sig
Filesize
180B

MD5
b23a77c1c0b865c67e4fd0ca80eb41d1

SHA1
e290e2dde37e0e2f6b1274f0a69ac4ed0d26af37

SHA256
142c0b3bab77907907546d3f17089585f1086f7d9711bef8cca9175ea659e26f

SHA512
b93447f22e7bc98a663e3c9f7a8a76cc1c462ca6288deca746256154d61ac58cd54cac199e3462a33ccfce1c43f3ff6a93b15dbf7e1fd0421632044b29213707

Download Submit
/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc
Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc
Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/data/com.dbgj.stacore/databases/GDTSDK.db
Filesize
24KB

MD5
755d1d1b0599d7be973031b5a9ed3373

SHA1
3b13cffb97005729fc20cd9b9a8547e0fa32632d

SHA256
90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

SHA512
afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

Download Submit
/data/data/com.dbgj.stacore/databases/GDTSDK.db-journal
Filesize
512B

MD5
887b56d1f161b6af13e18fdc3a857815

SHA1
c5f5f7c750789adcdcecd26b76162e28f06c0802

SHA256
c1f5f0b2c30d57fcf8ba3cba450697dbd6b4f6a2b508c125d6e488d4aaa0558d

SHA512
b7efa167b2c7bbb9f32da2fb21f5a41f12140fbd5c46d2e2062ceacf6d2d9cb7555dafbf5b9464e07e5d4990c9e8267f22ac54dc8fc9a2ce09d8e0cf2a7b5f53

Download Submit
/data/data/com.dbgj.stacore/databases/GDTSDK.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.dbgj.stacore/databases/GDTSDK.db-wal
Filesize
36KB

MD5
742841f742badc37cdbf9409e13174ae

SHA1
5a8700b781d4e2a5e368882ed3eefd09a45f55fc

SHA256
fd7c5e7142d389175fe1c5e4bd61ca21d6daee41732c38a45c14d61172eb0ea0

SHA512
c56c01856e75c4932b06573f857972613880ee69d9ecf9f603ad4d42dbd146d9359890750ca21f5c7be0192e296117a062b7fc7c6623401975167c678b6cc6d7

Download Submit
/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar
Filesize
336KB

MD5
798f10a662a4848ed33d16790c751355

SHA1
4198fc8cb89d53e338c2bf12122cb4f53183513c

SHA256
6f52b12d38067a97b22917660e919d36232b409c1505dee37233cf7bdcc12eea

SHA512
70beba592750c2d9ebda28b13378a82b2ff7d0e39d0caff0529d8e3ae7c23eb3b243ecd82bc132b1c12b354e8b171e589bdd846b169e955607e11a87c362957a

Download Submit
/storage/emulated/0/data/.systemid
Filesize
36B

MD5
951dbfaee99d75adffe10b72f3395e7d

SHA1
a159820fe2b6273c00281b264f1ffff3186d2c2b

SHA256
b8bf0f110f0e510c3f9d4e966519aecb563369f08b2a12e014956852c72d6236

SHA512
b08a114d67546ac93aa25ad5b83ee6a3d17b7010c0190b47f7ce1238b48c536f6494d9b23fa0707979299a90b7c21ce111bd58f2822ff3246c47ba64ab35ceee

Download Submit
/storage/emulated/0/data/.systemmac
Filesize
17B

MD5
0f607264fc6318a92b9e13c65db7cd3c

SHA1
c1976429369bfe063ed8b3409db7c7e7d87196d9

SHA256
c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a

SHA512
9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

Download Submit