0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62

Analysis

max time kernel
67s
max time network
134s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WXPPlugin.apk
Size

278KB
MD5

d3d25e01f45cfd8136d1b59127006cd4
SHA1

7f742a068495d549415e2f9a2c0a58bc9b2d557b
SHA256

76dd9b46d5b5381591d207f0f9ed3d60f35f360ff5843f3b47026b0473c4a85f
SHA512

0499d3ce4e50ac7242b3ffbff77ba3f02dbd6b494685bb6d64bc6f7b6b2305d91f5e4a90854b34a6ebc78009bee42587edd1332dda5536961fdecfd85eea113b
SSDEEP

6144:zygvxl4yhexCpTttMgE5Qj+C3GVNKZBi1+nYg0MgRfNp:u2lw6htME+eB9181p

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.yj.cn.of.pg.ps

ioc process

/system/bin/su com.yj.cn.of.pg.ps
/system/xbin/su com.yj.cn.of.pg.ps
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yj.cn.of.pg.ps

description ioc process

File opened for read /proc/cpuinfo com.yj.cn.of.pg.ps
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yj.cn.of.pg.ps

description ioc process

File opened for read /proc/meminfo com.yj.cn.of.pg.ps
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.yj.cn.of.pg.ps

ioc pid process

/storage/emulated/0/Sonnenblume/res.apk 5149 com.yj.cn.of.pg.ps
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yj.cn.of.pg.ps
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yj.cn.of.pg.ps
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yj.cn.of.pg.ps
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yj.cn.of.pg.ps
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yj.cn.of.pg.ps
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.yj.cn.of.pg.ps

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yj.cn.of.pg.ps
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

ioc	process
/system/bin/su	com.yj.cn.of.pg.ps
/system/xbin/su	com.yj.cn.of.pg.ps

description	ioc	process
File opened for read	/proc/cpuinfo	com.yj.cn.of.pg.ps

description	ioc	process
File opened for read	/proc/meminfo	com.yj.cn.of.pg.ps

ioc	pid	process
/storage/emulated/0/Sonnenblume/res.apk	5149	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yj.cn.of.pg.ps

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yj.cn.of.pg.ps

com.yj.cn.of.pg.ps
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5149

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yj.cn.of.pg.ps/files/duration

Filesize
12B

MD5
05dc0b8103715335952fbfd5d1e0539d

SHA1
c5fcf45d54a91a3a1a8ed3b632b53af486c63dc6

SHA256
f9849405bbb68b0b5e7c7c0d193dd74a26ae23ab7c0a5959855ee279be3f0e46

SHA512
b17eb393b905a79b2abd876811759b6621288a3effc1879e97241aab6f5b40864519dd14b9cb28bdebe5f7b807629f5350e1f20f18ada731bd92862d268abbf8

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration

Filesize
12B

MD5
2193d5a0a05420316534e89245206301

SHA1
abbd96832c93da56c6161a0b44a20ab68d421bfc

SHA256
39c279682d8050173f47b5eb412032de0e06eb841f033e563317a73ff6b2a7c4

SHA512
5f04bca2dd937e8989230106aaabf9b3cf898784d61fa91d04805f48f66cb2d8f41e82002ad85c97055d73eabcc97ae0eacd30e8610fbaadfa477ee5b46b4d06

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration

Filesize
12B

MD5
0a2c7de797dbd8b8a9afddeefe409a9d

SHA1
1ddcf6a2c51694df30d69f15ecf9cfd57ea4bbce

SHA256
cf2c8bebc567ec66745702a082bc9dc2227c7e6fbc9d4456314c21660e5ca5c0

SHA512
40c1e0c79b09404804521bab94e52c48284c540af910e685ece21f1a890d48db8ad14252ea5f6160a28c0e024c845909aa8922e71c2d6e8fadf711d733cd9244

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration

Filesize
12B

MD5
0f027adcfc13003c67596aa196694c93

SHA1
b29181d01a27846d09ebd2d403a7a1bcfbce7b5a

SHA256
425a0f843c9a358e1f70af1c70e391cc623d2e53672f975d137719b400ffef82

SHA512
51f65d477c3e10aca3aa16e5bb4dfa62933f3432e18a5aa0afa225638c13c8f1755bea99b41b7693e78f41b2f8605d938c9cebe719f102e880f0cdc6f5229663

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/duration

Filesize
12B

MD5
a4afb7797e75c1f0accc574776ea9963

SHA1
8dc229cb709079d30a9bc9409922d5fce451c68c

SHA256
0965e9a3ecdc9f499c44f7b4d203bab121a44fd9d805d789acd31c31e8b79f3b

SHA512
60f993f029100ce63463dd7ab8880b58564918cb1789a5a0fe60a67b843370240d3e09c154ae0ed3ebd0de3662535ef528f66cf6feddc72190ec183d120f1284

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db

Filesize
28KB

MD5
6b79a383d2d27ca0934b482f29e3eb9c

SHA1
1eb2e30a79ca4bd5c0f92100830562de02593050

SHA256
871e6f9b338b01e24462d84317672db7307c444ed2faa183cd386c728270c84a

SHA512
d8e54737204fb4b8584518862bfac2a2eeac83e0cf372e08b3ef77490ff5062b7d36f667873c3dd774d757824bd46fa0052f2477c7354bae668cb6a808269d5e

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal

Filesize
512B

MD5
1afe18476814cba86e437d348e63e7ca

SHA1
93d3eb51068b3766b324e50e1c9dab426d629433

SHA256
2cc83595ff206a918a9b51681d13fdb4c47d8c2945024d95c86d6ab0a6b541f1

SHA512
08b13b050d87a976a3d70211b70ff0c813b3cf895472065ddbcb7a41d8280b892bfe2600b26bfd370a8536914dd68a721a9c096d45791f07dd791eaf75c6fe78

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal

Filesize
8KB

MD5
e26f573acc52b82e8784c3676f2f2f75

SHA1
609119c3ba6cde3f4a9f6795eb80ad65c46df010

SHA256
f5bc989cf07d0014962cfa2ce0fdaebf01295ab4b7b3343c85d02ce0c029f3a0

SHA512
09527c3a098523705f25e33b8dcce1b5e920bd7949d6b67c79ce08e0ee20b3377bab767570d288c3d596ded5255de38e765af8d2778535c65bf62aecbdee8d82

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal

Filesize
8KB

MD5
c84f956cf7be6783cfc7c1537321803a

SHA1
ca6d67cd805596c6e47386c98408e3a8d048d406

SHA256
aaa94c2c6ae533584f7551cd45770dbe8b899ceebfc94d73b753151f3213bf7a

SHA512
4f9bdb54b7d44946bea12e3ef6cfb216e7827c4240663f592cbd56f1c6cf8108c92b8b44d08ce81b8d7adb76741b49d91be72c80f4168fb534789f76e4163cc1

Download Submit
/data/data/com.yj.cn.of.pg.ps/files/st_database.db-journal

Filesize
12KB

MD5
d8968415d3aed26160fd3a747fa8a33d

SHA1
ec4b7ad375e8609f6a7b309df2d6258a088d4a36

SHA256
4e45ad10ad3998a1d246d38987e662f0ac546624b91d244a18ee87d18561ed6f

SHA512
4f98933b9af8b4cc4066c236aea703875c26e733388215f1a543c1206bf2ccb85f7bc8c85aab22e8b33a3afa8722eff28389d37a01e0a40b5fad0e644a76c93a

Download Submit
/storage/emulated/0/Sonnenblume/res.apk

Filesize
335KB

MD5
2bc5eedfa756ebcdedebdaa3646788e6

SHA1
99f113c6a451f01babfe7947c762a9072f70c24f

SHA256
c90c05c7fde144fb61c4a3bc8f283195e5651f61872b083b3a6f586897726a68

SHA512
c26607bae7641638a6df12b8f2d8ac28bdf29b270a58e8b5ff5909a972bb1ad4ebd1edb354c2825b5f9f504288a1a02dcde1ffffd4f815b6030ae12f2bd52b58

Download Submit
/storage/emulated/0/Sonnenblume/res.apk.u

Filesize
158KB

MD5
544b4b6cfde7c5a9f28b765d2bb245ec

SHA1
7e12d510d4601833ce1fa979ce99325804a8dc09

SHA256
f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e

SHA512
89c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e

Download Submit