Overview
overview
7Static
static
68d91d7043e...18.apk
android-9-x86
78d91d7043e...18.apk
android-10-x64
7ForumPlugin.apk
android-9-x86
1ForumPlugin.apk
android-10-x64
1ForumPlugin.apk
android-11-x64
1RaidersPlugin.apk
android-9-x86
1RaidersPlugin.apk
android-10-x64
1RaidersPlugin.apk
android-11-x64
1SpeedUpPlugin.apk
android-9-x86
1SpeedUpPlugin.apk
android-10-x64
1SpeedUpPlugin.apk
android-11-x64
1TencentUnipay.apk
android-9-x86
7TencentUnipay.apk
android-10-x64
7gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
171s -
max time network
151s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 09:11
Static task
static1
Behavioral task
behavioral1
Sample
8d91d7043ed90a2a865051e4b0c55e75_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8d91d7043ed90a2a865051e4b0c55e75_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
ForumPlugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
ForumPlugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
ForumPlugin.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
RaidersPlugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
RaidersPlugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
RaidersPlugin.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
SpeedUpPlugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
SpeedUpPlugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
SpeedUpPlugin.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
TencentUnipay.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
TencentUnipay.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral15
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral16
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
TencentUnipay.apk
-
Size
1.1MB
-
MD5
f0af2f08a02174637d4f394f43265268
-
SHA1
8d83734e73c3175ded16863f8713b690287baa47
-
SHA256
17a021e33ca40a2cc0667bf6faef6a85602b7beccfd46123686d00a2ba972da3
-
SHA512
b96b9026d94565d5c6a0356d11ac0ffed7111fa9192daba46589dbd5de9b23b1ab6369126847d38917c6c4c5f40b9ce44150ee404adeeb665cd8e29ff62ae918
-
SSDEEP
24576:OxXOwDyKes8X4HtiV2wngT1cI2VjsXPUQWgbSO6/8cP81no5y:OxX7DySCngJOVjsXPUVgbS/dPIl
Malware Config
Signatures
-
Checks CPU information 2 TTPs 3 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
/system/bin/cat /proc/cpuinfocom.tencent.unipay/system/bin/cat /proc/cpuinfodescription ioc process File opened for read /proc/cpuinfo /system/bin/cat /proc/cpuinfo File opened for read /proc/cpuinfo com.tencent.unipay File opened for read /proc/cpuinfo /system/bin/cat /proc/cpuinfo -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.tencent.unipaydescription ioc process File opened for read /proc/meminfo com.tencent.unipay -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.tencent.unipaydescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tencent.unipay -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tencent.unipaydescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.unipay -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.tencent.unipaydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tencent.unipay -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.tencent.unipaydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tencent.unipay
Processes
-
com.tencent.unipay1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293 -
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4577
-
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
PID:4597 -
/system/bin/cat /proc/cpuinfo2⤵
- Checks CPU information
PID:4616
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5eab864ea56f5d71443b5dcd515a96e18
SHA1849eab9b2d0b14ce0d4037ee5ae6b1370a88847e
SHA2563d64d11a70f5f8de332d8310bad58996f91b50f7ea8c5779e84f5c7a90b84498
SHA512512802222268cf0a19d56172f6f97f779564e1b2c352cd004853c274039eb0326d7b3c4724e061c6b5f4c62c5778a4b97da867eddfc61243bc8b69907176e8b5
-
Filesize
60KB
MD5562b2b815709cb78501d06ae8cba03f4
SHA1b0f98af80c597e7249f46caa4e1108d6c6a4f2b4
SHA256bab737752bc62a024321eae7a49b6886dac6765eb5b7e6bc8a33679c36ae87e3
SHA512a79ff66cf3ce6a397530b2406b0a413390ea7ce1be93fd56e82976fd4c8c9a80cd8bd971b7cd80dd17e9747b307863ad80b4de7b3730de12af6dfccb44b37038
-
Filesize
20KB
MD5acb50d052d8aef43d1c29dff59b49262
SHA1cafbfafaf379e1864a842214f754638015bacdd5
SHA256dea95c2bfa8f1354116def16aa22ee7fc654959501775fa7abc02edefa28ad5a
SHA512cfd96248a56ee72148d5365b0f14f6068f0448a633ae3695e4e294fd7c029aa63febbd2ebe0860a54f7da0276033d6f47246a1de53914a0b2f33a11b3acff3e2
-
Filesize
20KB
MD5c4c2b7b5e0838495045ed3e050a8b798
SHA1f1a92ab5623a4e019e12b387f4646538bdd97886
SHA2564349763cd17a0adc477dbb70ca04967c35486b8c06d51929c605a85a08bc2b26
SHA512746b3c1f87194bc4554a069294e2a7c128f776211172cad01c468168d7f48bbf05256931504e359dd1ff5f68ca1b3ceebaa802eaa15bb0124dcad7aaae382905
-
Filesize
20KB
MD551abc14ea778beaaa3ba6c1bbb6d43a3
SHA180ca4507b993007c5e7bba027b1e7aaba612e75f
SHA256585914f6372b0941c0da6209898c82bfe7cf39a30d713db1a7d6447885464151
SHA51297ac06dd4ce80c02bbed49023cc5d0cd2369f0eab90cd2a805e93e8f02df9b9476b7748f6f106f894f8a549a2f226177f8a99842c79f7a67284abff9eee8e7c4
-
Filesize
20KB
MD59c863c74f3e7eed0a2435abc29d6325a
SHA1e397084981872fc034e30676327913f675b20d67
SHA25696b6d828fa41673df3825937ecf4731344c0ff52c0d42d14b31c6971be10793f
SHA51256b69d97dc113f01fcab19e699ab36df754d8a1434c9214d7e3b2c9be49f741bdccb6060cb654d17407e50b1feb68d375774447f475657b5906ac776b85c4488
-
Filesize
20KB
MD5ff94cc3a80b334d2baf3b2be20894c2b
SHA1dbcc43fe5060359b6ab9049ff4d28b1a5c515490
SHA256a1397ba70250b4c87330da8d9dd50433b78963b7f3e8ba6c92d2c8b7081c8d11
SHA51248e50028d797d8f04537b82c10da8e1c5897900484c72b02289a91be0a8f868954e49e30258b03c775624e6cab3fcb9c4e55131dce89fba404cf3a21de1b42c5
-
Filesize
40KB
MD58658b7e4aad90873feab27bb63aef078
SHA1bf67ed6496d4f45aa8971b8d4839d5f2f0f670e4
SHA256d471f54c746accafbfa33ae520d4e382276ebff6aaded608e8951f4741f2342f
SHA512f698c06ea2a578d0a056503b252f16ae5d50be1825409fcf97408aebc82a3e4f513a31b25971387f64ad61679c5970b00f2dde6a610731b6465307bec858e633
-
Filesize
512B
MD531ecdbbc1adcb93bdb15f837c0a5767d
SHA108644b89aaa0695f847ca9af76840066b258e83d
SHA2562aeb2d4fe92aef205df09491158a202b08e75d25a365d45d25c6acc09a903354
SHA51263ec7ba9515708b508d61d97c53d7953dde2979897815bcf0854e7b74cc96088a61a322472b35587afc41f0655b7fb48dc01e5f290916ee0a9989bcb7f14fe69
-
Filesize
16KB
MD5b8edb60cadb35b0666559502789ae59b
SHA174d9468af949c1806e1ce1395dc3b25277805dd3
SHA2563186ac4d5334efb9300e6e2588c5a77651d77973285becef4a9750f04194a991
SHA512dc6ffc47d277cb0ca5c069ec19d97d3d5168fc133bcd8696d88767a44d9edc239714a08bf119b1eb72b3f7a402002f582cd4ce777b6da3992046a86fcecd11f8
-
Filesize
16KB
MD5fe3e91947e6687e759c8c651e960755a
SHA1b2789127618356c4596e6fc8a067d3226d7462e3
SHA256e3af89ecc3143efe74f0c6ba73d96ab43696efc3a7d04fae46b5e42e65e974c7
SHA5122334f867bdf95ee201960becc90c2eaca0219e197385ae75ec5a0cd65c85bd190335b6ba5a6fe35097db490c8f15936501babfb547cdbc2e1160f7971d31f6a4
-
Filesize
8KB
MD56903cee8dcea245bcf0e1f8310297be1
SHA10908213a5460596b02b293147529d53e26431916
SHA256d302ae6e9f88a6268a8f3d7d28330cd9958185bd97a09c4d5af3c40aa7308599
SHA512ff613f7f6ed1dbe50c958cc8e41aa774b6cac420940faf00b4c843a1401b2530aadeb10d97acf88261f71bfad3079a3f2cd4943ff55c7b5b7cdb553a82929e7b
-
Filesize
12KB
MD54de26d9c8b148b6d0197902a2977229f
SHA1238e167b242163265912df3da4093835410bfc6d
SHA2565daf974e9a6ac1489ecbe905a899ef97bac689733b08d0477d0df5f3c99b518f
SHA5126b08f32fd08929ff297948c1a63adbe9fde11f4734106687bd9a498552b448605c5fc1cfd57c384492a6bd248409a99e07755b9dd4c414fca04989d90f3fe2cb
-
Filesize
16KB
MD5a4def9b1902c12ef9bcfc5f8ab21e5e2
SHA138350126c70bb7fe5c25fdcdd405190ba470ca2c
SHA25608dd463dd2313a8dfab81d713bcfdde96cb5a7564be49284a1e34fa48dd0410a
SHA512d3470524fbbfc29d99a8526c3d54f0257f0c9793e3d829f18fe5d5f59cded17fe17c7163525bff661399c8426e0ad9bd91efdab176a5eabdbaecb6cc4336071c
-
Filesize
52KB
MD577777a1ba1a5dbc31bf694c005333066
SHA1604b42c6d8d699c2243b75c63bf0294dce5cc176
SHA256a6fad47894d33fda42f59ca30d3abb875400d6bd35047824a3d540b14f3d8082
SHA512b69f4a838dd3c6ae44ed19fd64df0a6a8e409968fef1ea7dc87ba58a9a1aa9ddd26d95fc8f485ecef959104b9efe46e432a73dd54116a2d6f52935475ce1bd79
-
Filesize
44KB
MD5ea25a44c5f7c3d2763b0cec8ea033906
SHA1d4fd1e205f7ea89a879d8ac5bd8b0251da78f8a3
SHA256f0319d89aea03a0cc6295b5a43c784cc4f91954e141c520c2b9e8070f9171837
SHA5128f13640208499d841e6c0007909d2bab4f14e33ba20cc6e6440c429a7245bf352cc3fe9bd0538033668348415fbc20c9807fcee7201dba48e1070f56ab859cdd
-
Filesize
36KB
MD5bf9f5c88ba964a663a8f9411c1bf8d91
SHA154d91493df875d2fc171a1c5a6740329c1e56170
SHA256b87380a44715cdbf2fd4452862db8b42d4771d9c848d63e9cce66b1ef9744fa9
SHA512d173ee25712b6b52a67911d5114d611ff58e3a7ef78a4328d68917d2d1d18c703319939060b1694c6ca09091186a3bbf89541ae301974dac8799dec948e02d97
-
Filesize
16KB
MD54cfe3d512a26991c29fd6ffcdf32327d
SHA1cf991c652a79785a7e058e16927ad260204e6a36
SHA256366d96e5100bea421a41b634980f46d3dcd71b1cf19dbfa0d739cfed5c48ee2a
SHA51289ac0a77fd147f785f3669ef77c1618c6f7284f863bf9a218303c22666e861805e3a501679d1c170d92aa476d4a4a6a131f087c1153ac85a315f48f040d50874
-
Filesize
16KB
MD5a8ada0a65e2e1f109fe707664ce4fe43
SHA11e19dc928054214fee87df4393cdf4aaf0d9e1ec
SHA2564d4937a41caa3e939dee7b06ff6eb71d8c3262abcd51d39681b51112d0ba8fbd
SHA512f617f76d2054ea037e6ab30843094890131eab2ae354df2ed280a588c040f701e5718ae4cde163297ee11f8821f46bd9c218ef4271cf264e58f690aaa5622f4b
-
Filesize
16KB
MD551017f531391aeda2a16bb92b5b4dde8
SHA13775521d64886aa7f2efaf3e1f13314c06c1b8b0
SHA256ddec0c16e67b96e2e33607dd014f23e8dc30493f81fb8d8a9aade716d779f7d6
SHA5121cf63a0b27602c74229a2c365aef20cc194068b3eb27afab4bc7858baca14ae37cd6af12734e64f9c32d6a6afdd1f54832d3101843037fbe55fce609d5b4ae65
-
Filesize
16KB
MD55a4240c9761d340f7304f3feb8b76a6f
SHA17b489c555ed354e7076f4e17be4a2e3b462eea3c
SHA256a83b5c758260c340970776a8d208387fc4533a04bedaf2b667f80ff6fd852c90
SHA5120fa6609d64ac4ad040fafdd040d19e057d3977feb4eeb961df46783a3333950eeabdc67a9513b7d72729b8cd0be4144c6b54f781221a2137591d7c20b5cb8214
-
Filesize
512B
MD59a4adf4b58dbee7c7c08e7a07bcef818
SHA1075a8f67571a85a52adc2d4f84b680e70aec4ea4
SHA2569761dfddcd1abef3ef11fbd7f5e24703fa8b7e67adef41d8c728631149295159
SHA5122e240ebbea2313456c32c62a5e6b209747caecda4f63edfcdc680ceb1b77f7a45af59d393495c62e9e16c41f6ecafd77a3ddbec2fc01229ae8d8483f6f51b076
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
4KB
MD5ffe16c13efe4c1f159100f592f11cac1
SHA141cac53c93c2bfba522be9c4e5aaefe912c1197c
SHA2567039eac4ef168c04deaccdc39f8f163a7d180753e57b90b1ab0aa2e20b7a89d2
SHA51292dd20d8e598b33cbfbf87f8a6fa9db37ef76fc7c93419c647cf3a68fe506344457bfd13435658e51f857696e0f234732e68feaf128bf3afac0c79592aa05f63
-
Filesize
4KB
MD590c5e9ca3fbd23b809f0a098ef2bf2d3
SHA189f6221f9c2da26c9350cd3febb25a07672ba4c4
SHA256394c54ea5a0a704e9bfaef5bc8f7245d31d8f9107aaf7302b1ff129a9ce05b8c
SHA512a4e363a1315857a081c473309fcfcb8bb1c980e0507e5af2a37c156c860e39693131c2f799bf7329fbc455bfa9840e4d783a31f8efd19eca86acb8c762faa319
-
Filesize
8KB
MD58b873d5fc789d58643ad49c0de2cf75f
SHA19108ef7e85b03c067eab96b92e1b79fc60a53da5
SHA25608295aff595f817334a81cbdbf9ca363d44c319ed68b4d0ec2279242433faf3c
SHA512a1b24e51fd731560dcd0170a4eca6e829fa6e6d032a65cefb24719c229522f0a600e86a92f30205e657b9039c3daa666d0c78853b68032786813739a435d55ba
-
Filesize
8KB
MD5c74dda304b944af4083848f25c73ddf3
SHA1e138f034ae72825b938604c0e4f12855a07fc6e7
SHA25673342a8cea84f456925e5c0372692827a2e1383daa3793480eb4e0f0cf6dcbbf
SHA51264c4770e652dd66716937b14884c62d7d916b95ffa73f385cbe443a6443f51ba9f35e469cd6d293f5af7943b643b2e459d3cdfe7b91360334b1e060b08682be9
-
Filesize
8KB
MD5b475c527a1e266fba08b32a9df4e8ce8
SHA1274d75d4a4c10ae430148f6752056cecee270520
SHA2562030f4137471e78a0ef67968ceb08ee279e5570d164ad06322b7d3aafdfd1f5d
SHA51259296d950b9f80166a3d4fb80437b18a8eab6273330ca2016fed4c57ac4ef67fbed95cddd7044c95d476cacb02fbea38af0c18f1d3a1691e42d6d64627291c9d
-
Filesize
56KB
MD554bf5e4ce584d76e0ae4a01a3bff78dd
SHA1f673267f9f6c8f3bd8e7d73728d51f2ec4efa819
SHA256ef2bb25b4ff99bdced48a12b307608e454dd48d1829fd540dd1f8c0c71ebd58d
SHA51217c7b905fcd7d89c3ac60600c361f9c182a2c13c3b41ce9611bdb042955a99ba23a4b6302cbfca1cd852997c6511ccf649d5cfc71e91bf91bfb6f5e2bd88d3b8