0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62

Analysis

max time kernel
67s
max time network
134s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WXPPlugin.apk
Size

278KB
MD5

d3d25e01f45cfd8136d1b59127006cd4
SHA1

7f742a068495d549415e2f9a2c0a58bc9b2d557b
SHA256

76dd9b46d5b5381591d207f0f9ed3d60f35f360ff5843f3b47026b0473c4a85f
SHA512

0499d3ce4e50ac7242b3ffbff77ba3f02dbd6b494685bb6d64bc6f7b6b2305d91f5e4a90854b34a6ebc78009bee42587edd1332dda5536961fdecfd85eea113b
SSDEEP

6144:zygvxl4yhexCpTttMgE5Qj+C3GVNKZBi1+nYg0MgRfNp:u2lw6htME+eB9181p

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.yj.cn.of.pg.ps

ioc process

/system/bin/su com.yj.cn.of.pg.ps
/system/xbin/su com.yj.cn.of.pg.ps
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yj.cn.of.pg.ps

description ioc process

File opened for read /proc/cpuinfo com.yj.cn.of.pg.ps
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yj.cn.of.pg.ps

description ioc process

File opened for read /proc/meminfo com.yj.cn.of.pg.ps
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.yj.cn.of.pg.ps

ioc pid process

/storage/emulated/0/Sonnenblume/res.apk 5149 com.yj.cn.of.pg.ps
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yj.cn.of.pg.ps
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yj.cn.of.pg.ps
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yj.cn.of.pg.ps
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yj.cn.of.pg.ps
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yj.cn.of.pg.ps
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yj.cn.of.pg.ps
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

ioc	process
/system/bin/su	com.yj.cn.of.pg.ps
/system/xbin/su	com.yj.cn.of.pg.ps

description	ioc	process
File opened for read	/proc/cpuinfo	com.yj.cn.of.pg.ps

description	ioc	process
File opened for read	/proc/meminfo	com.yj.cn.of.pg.ps

ioc	pid	process
/storage/emulated/0/Sonnenblume/res.apk	5149	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yj.cn.of.pg.ps

com.yj.cn.of.pg.ps
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5149

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yj.cn.of.pg.ps/files/duration
Filesize
12B

MD5
05dc0b8103715335952fbfd5d1e0539d

SHA1
c5fcf45d54a91a3a1a8ed3b632b53af486c63dc6

SHA256
f9849405bbb68b0b5e7c7c0d193dd74a26ae23ab7c0a5959855ee279be3f0e46

SHA512
b17eb393b905a79b2abd876811759b6621288a3effc1879e97241aab6f5b40864519dd14b9cb28bdebe5f7b807629f5350e1f20f18ada731bd92862d268abbf8

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration
Filesize
12B

MD5
2193d5a0a05420316534e89245206301

SHA1
abbd96832c93da56c6161a0b44a20ab68d421bfc

SHA256
39c279682d8050173f47b5eb412032de0e06eb841f033e563317a73ff6b2a7c4

SHA512
5f04bca2dd937e8989230106aaabf9b3cf898784d61fa91d04805f48f66cb2d8f41e82002ad85c97055d73eabcc97ae0eacd30e8610fbaadfa477ee5b46b4d06

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration
Filesize
12B

MD5
0a2c7de797dbd8b8a9afddeefe409a9d

SHA1
1ddcf6a2c51694df30d69f15ecf9cfd57ea4bbce

SHA256
cf2c8bebc567ec66745702a082bc9dc2227c7e6fbc9d4456314c21660e5ca5c0

SHA512
40c1e0c79b09404804521bab94e52c48284c540af910e685ece21f1a890d48db8ad14252ea5f6160a28c0e024c845909aa8922e71c2d6e8fadf711d733cd9244

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration
Filesize
12B

MD5
0f027adcfc13003c67596aa196694c93

SHA1
b29181d01a27846d09ebd2d403a7a1bcfbce7b5a

SHA256
425a0f843c9a358e1f70af1c70e391cc623d2e53672f975d137719b400ffef82

SHA512
51f65d477c3e10aca3aa16e5bb4dfa62933f3432e18a5aa0afa225638c13c8f1755bea99b41b7693e78f41b2f8605d938c9cebe719f102e880f0cdc6f5229663

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration
Filesize
12B

MD5
a4afb7797e75c1f0accc574776ea9963

SHA1
8dc229cb709079d30a9bc9409922d5fce451c68c

SHA256
0965e9a3ecdc9f499c44f7b4d203bab121a44fd9d805d789acd31c31e8b79f3b

SHA512
60f993f029100ce63463dd7ab8880b58564918cb1789a5a0fe60a67b843370240d3e09c154ae0ed3ebd0de3662535ef528f66cf6feddc72190ec183d120f1284

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db
Filesize
28KB

MD5
6b79a383d2d27ca0934b482f29e3eb9c

SHA1
1eb2e30a79ca4bd5c0f92100830562de02593050

SHA256
871e6f9b338b01e24462d84317672db7307c444ed2faa183cd386c728270c84a

SHA512
d8e54737204fb4b8584518862bfac2a2eeac83e0cf372e08b3ef77490ff5062b7d36f667873c3dd774d757824bd46fa0052f2477c7354bae668cb6a808269d5e

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal
Filesize
512B

MD5
1afe18476814cba86e437d348e63e7ca

SHA1
93d3eb51068b3766b324e50e1c9dab426d629433

SHA256
2cc83595ff206a918a9b51681d13fdb4c47d8c2945024d95c86d6ab0a6b541f1

SHA512
08b13b050d87a976a3d70211b70ff0c813b3cf895472065ddbcb7a41d8280b892bfe2600b26bfd370a8536914dd68a721a9c096d45791f07dd791eaf75c6fe78

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal
Filesize
8KB

MD5
e26f573acc52b82e8784c3676f2f2f75

SHA1
609119c3ba6cde3f4a9f6795eb80ad65c46df010

SHA256
f5bc989cf07d0014962cfa2ce0fdaebf01295ab4b7b3343c85d02ce0c029f3a0

SHA512
09527c3a098523705f25e33b8dcce1b5e920bd7949d6b67c79ce08e0ee20b3377bab767570d288c3d596ded5255de38e765af8d2778535c65bf62aecbdee8d82

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal
Filesize
8KB

MD5
c84f956cf7be6783cfc7c1537321803a

SHA1
ca6d67cd805596c6e47386c98408e3a8d048d406

SHA256
aaa94c2c6ae533584f7551cd45770dbe8b899ceebfc94d73b753151f3213bf7a

SHA512
4f9bdb54b7d44946bea12e3ef6cfb216e7827c4240663f592cbd56f1c6cf8108c92b8b44d08ce81b8d7adb76741b49d91be72c80f4168fb534789f76e4163cc1

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal
Filesize
12KB

MD5
d8968415d3aed26160fd3a747fa8a33d

SHA1
ec4b7ad375e8609f6a7b309df2d6258a088d4a36

SHA256
4e45ad10ad3998a1d246d38987e662f0ac546624b91d244a18ee87d18561ed6f

SHA512
4f98933b9af8b4cc4066c236aea703875c26e733388215f1a543c1206bf2ccb85f7bc8c85aab22e8b33a3afa8722eff28389d37a01e0a40b5fad0e644a76c93a

Download Submit
/storage/emulated/0/Sonnenblume/res.apk
Filesize
335KB

MD5
2bc5eedfa756ebcdedebdaa3646788e6

SHA1
99f113c6a451f01babfe7947c762a9072f70c24f

SHA256
c90c05c7fde144fb61c4a3bc8f283195e5651f61872b083b3a6f586897726a68

SHA512
c26607bae7641638a6df12b8f2d8ac28bdf29b270a58e8b5ff5909a972bb1ad4ebd1edb354c2825b5f9f504288a1a02dcde1ffffd4f815b6030ae12f2bd52b58

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u
Filesize
158KB

MD5
544b4b6cfde7c5a9f28b765d2bb245ec

SHA1
7e12d510d4601833ce1fa979ce99325804a8dc09

SHA256
f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e

SHA512
89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads