Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-yc375sge79
Target 990bec6533c1a00a30a4eac39ce669fc_JaffaCakes118
SHA256 eee64ddf3cddc72a2be7e729d2a57fa1ec61ad6584ae6fdd1b178db2449bbfad
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eee64ddf3cddc72a2be7e729d2a57fa1ec61ad6584ae6fdd1b178db2449bbfad

Threat Level: Shows suspicious behavior

The file 990bec6533c1a00a30a4eac39ce669fc_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Loads dropped Dex/Jar

Queries the phone number (MSISDN for GSM devices)

Queries information about the current nearby Wi-Fi networks

Queries information about running processes on the device

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Queries information about active data network

Queries information about the current Wi-Fi connection

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 19:39

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:41

Platform

android-x64-arm64-20240603-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:44

Platform

android-x86-arm-20240603-en

Max time kernel

11s

Max time network

130s

Command Line

com.i6.FlightSimulator3DArmyPlane

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar N/A N/A
N/A /data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Processes

com.i6.FlightSimulator3DArmyPlane

getprop ro.board.platform

getprop ro.mediatek.platform

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar --output-vdex-fd=66 --oat-fd=69 --oat-location=/data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.187.234:443 semanticlocation-pa.googleapis.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 f092e006e583f016ff119f48c5802a85
SHA1 cea68b214990dca3c048258aec8bf6a31fa7917e
SHA256 96428cdae28d3c9b8e227b0a60c59c9e43e9a21e3cedbf89539c0b41e6fb8da7
SHA512 a82207d062833759183f15a580f2c56ca66bd5cce1f22af0ece8335669d2a8456c5d39047b635383d941cce91dd196fbd02d8276d8760b53415800f426d5ad03

/data/data/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar

MD5 9f2ba2f2ed15029d1ada6d8d52cf6237
SHA1 3624e212d99eeae25a47ab849159669de8245021
SHA256 aed8bc405b4abb29c5d43614177947b53346366eab46009497b60fb1c3f2b2af
SHA512 8cf3ad644d5ca71f178e187e48050d9006be46bd8587c89094c49305014a0fe256e6b3e4ebfe620b2daf82e50d7c033261169ea33cf6bf5b6d13a379a0719406

/data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar

MD5 b320215e837d16281388ba9970e65e4a
SHA1 7043a8584c502dd70f3c8f6189d60ca4a7c9ad00
SHA256 48d4f0acfaf28a65a8322236f6e05c0c04bfb85ae7009a8eaec7ff5e51cffea8
SHA512 6bf3093704f8f33557bf7bab92df570c46e3d2757a9c1e1344130c9ad4957504c78bed6675285e123c7764b4db6882642c17171af7248d35d5f19980bb9f34e0

/data/user/0/com.i6.FlightSimulator3DArmyPlane/files/stares/updates/sta.jar

MD5 c49b5789567586e7f99c5b7722bff4b8
SHA1 938a456b05d144cab37528030bebcea32635b529
SHA256 f1a7dce2845342cf9dabd73d3fa4ca67a321ffeff3e1c18c818340241136353b
SHA512 04ff5ba27010cceeee4f1e1ececf8903a79681840675110b96ecbdc8f886dc0a6cc53fa73b7867db1eec7fee39cbc1794dfa734683968f61d1e89393570ec5b5

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:44

Platform

android-x64-20240603-en

Max time kernel

179s

Max time network

179s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
GB 172.217.169.46:443 tcp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 c6011797264ea537ba17630f7a01ac2f
SHA1 ec30bf3d4a22c2bc9c14984587b23e1eb5c93bcd
SHA256 98abf849c9223bc68af13be174e39291b6d32bc2c3342e193d52a0832528c448
SHA512 5d39f8a2f0207fbbf43f09c73d2e7384407c65932e306d93ae8b3c038072be95a12a5fb96c92199adccfd1ba8d51632d833dfc14ae8c667c076d620e4eb188fc

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 b23a77c1c0b865c67e4fd0ca80eb41d1
SHA1 e290e2dde37e0e2f6b1274f0a69ac4ed0d26af37
SHA256 142c0b3bab77907907546d3f17089585f1086f7d9711bef8cca9175ea659e26f
SHA512 b93447f22e7bc98a663e3c9f7a8a76cc1c462ca6288deca746256154d61ac58cd54cac199e3462a33ccfce1c43f3ff6a93b15dbf7e1fd0421632044b29213707

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 f0b930680aa93a62bb77d1916e64a3d7
SHA1 fc30b5641b8d32e4efeaf409d07a4d520a95a6da
SHA256 8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7
SHA512 2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 798f10a662a4848ed33d16790c751355
SHA1 4198fc8cb89d53e338c2bf12122cb4f53183513c
SHA256 6f52b12d38067a97b22917660e919d36232b409c1505dee37233cf7bdcc12eea
SHA512 70beba592750c2d9ebda28b13378a82b2ff7d0e39d0caff0529d8e3ae7c23eb3b243ecd82bc132b1c12b354e8b171e589bdd846b169e955607e11a87c362957a

/data/data/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 52b789133ba2d8b138f656e8085843b8
SHA1 09f89172c7cd7e608d7203e94a40c118a21e6243
SHA256 102919def111a0637cf64c38528e873e29811db49db8bb7cce192f7a9f098bc5
SHA512 a63ac834fd950225c1a22ac3fc7e4973a3a217b02beb4bf022f53db60d3e39e2a9e0bb863abbc6061c360c6df53e52e673fa8d410969b3138da847e8ce654625

/data/data/com.dbgj.stacore/databases/GDTSDK.db

MD5 c350d05c3d4943baaf1accd6a39a18d3
SHA1 9bea162acc14706bb032be98e7a42dbd22d3d325
SHA256 2515f5e39ad8ab880de32bd4667da927364e7f0a492876ba4f91819bded63b9f
SHA512 cf8b698adaeba68c20015b951f1cf3e8a85361c9ef7e27dcdee1cea6310023eece05519a26c95e6b9ee369f2570584c3be69ddff3fb1e4ce65b40f89a45bdfac

/data/data/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 4d7a9c145e7d667c762812ea5ea12338
SHA1 e9a7508fc8db3611172872344c85261356e52319
SHA256 a60cf39f10c3452a7d3ffc4e5378654a39b6eb8dc9398a05670911599bdc4714
SHA512 ad67d37d843158a6dc44f3c95c524c7d47413cefa379b2215782d4c57ea19801e819f66be3aa73b8c5ecff721cf927d884d44c6130faf343ee1d9e715da1896c

/data/data/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 e0e66d5b27929d1d6da1da26d16755ff
SHA1 84e9aa93b37f50b1ad407dcfee6cf31a1ee66c86
SHA256 5271ee35ee32aedbd00a069e990c5d69b78ed14414af49d51556302a30a1b681
SHA512 a2af281cd008c6f71e2422c9be579f3653c56fa8e17cd9c2f9ec09245bb78818034ec15f266043479f8cf77d62ff2f6e3b1ab993bc0455e962bd93232c4788bc

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:41

Platform

android-x64-20240603-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:47

Platform

android-x86-arm-20240603-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:41

Platform

android-x64-20240603-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:44

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

181s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dbgj.stacore

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

getprop ro.board.platform

getprop ro.mediatek.platform

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 d6ebbd254870f2eef3c6d5cdaf0f9a1f
SHA1 697ba9980cc76a9deec8a8f29b4c71d777d004ec
SHA256 954abff52745df73af110b49d0626042651f162c8b04882da2c4af7aa30a46ee
SHA512 d48ccab063d43c17540d2976ce6ebc80492b2691180d497d4c77797d00e6fb73f6a49a4f5211a0cb45c0fa594efe26c31782983e8fe66242da4f2d72cea0c188

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 b23a77c1c0b865c67e4fd0ca80eb41d1
SHA1 e290e2dde37e0e2f6b1274f0a69ac4ed0d26af37
SHA256 142c0b3bab77907907546d3f17089585f1086f7d9711bef8cca9175ea659e26f
SHA512 b93447f22e7bc98a663e3c9f7a8a76cc1c462ca6288deca746256154d61ac58cd54cac199e3462a33ccfce1c43f3ff6a93b15dbf7e1fd0421632044b29213707

/data/data/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 f0b930680aa93a62bb77d1916e64a3d7
SHA1 fc30b5641b8d32e4efeaf409d07a4d520a95a6da
SHA256 8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7
SHA512 2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 798f10a662a4848ed33d16790c751355
SHA1 4198fc8cb89d53e338c2bf12122cb4f53183513c
SHA256 6f52b12d38067a97b22917660e919d36232b409c1505dee37233cf7bdcc12eea
SHA512 70beba592750c2d9ebda28b13378a82b2ff7d0e39d0caff0529d8e3ae7c23eb3b243ecd82bc132b1c12b354e8b171e589bdd846b169e955607e11a87c362957a

/data/data/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 421bf5aa712a6e16b5e107770396e349
SHA1 e275b0ab07f1238b556194e52ddc3911e24d77ea
SHA256 c0a73d52d282c8862ad0397b40a712bfeb28b9fbf341ab70917da2a3d78df351
SHA512 7c3cd37931da9553a33f3e937466df1fe820ecef40cc8e6e857684a3d42b22ad2014edc42b0e1e102e01b419e3268aaa00afc6a50e9faf54efc9c41760e8b79b

/data/data/com.dbgj.stacore/databases/GDTSDK.db

MD5 755d1d1b0599d7be973031b5a9ed3373
SHA1 3b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA256 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512 afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

/data/data/com.dbgj.stacore/databases/GDTSDK.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.dbgj.stacore/databases/GDTSDK.db-wal

MD5 2771b50f3db1b9c08a93aaa0de4ede60
SHA1 cba7b6b7d8befa35b43560675d0179ce576cee08
SHA256 c0fac511bb58ce3ae9c207e5e9675d39787705c657325172aa4421aab4b91797
SHA512 c7341259142d4a8971594a40f1db92a8982f23132c53ffb84037e456eb8184cbe06a656617de8c2bfd912c527220c2985a3b952fbf89e989c105390706815ed4

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:44

Platform

android-x64-arm64-20240603-en

Max time kernel

179s

Max time network

178s

Command Line

com.dbgj.stacore

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dbgj.stacore

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.202:443 tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 stat.anquanxia.com udp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
US 1.1.1.1:53 oth.update.mdt.qq.com udp
CN 116.128.134.253:8080 oth.update.mdt.qq.com tcp
US 107.149.163.133:80 stat.anquanxia.com tcp

Files

/storage/emulated/0/data/.systemid

MD5 40e38a3309e63199ec181714a54f1065
SHA1 ba42a3d06f383b22e3d563a0cbaeb6a7b10e5e7b
SHA256 03c5e8586ca657e185d9126619af6cf9f3e58b15cc88eb26d98d97f6c6e8dcd1
SHA512 05094666cac95ead95280c07c348a2e6b7ff162fc160ced0cce9d29a204657547cf09a8fa30b0484666b7655fe821ff25ac35439cc5ca3a38fabf3d5dc7e99d9

/storage/emulated/0/data/.systemmac

MD5 0f607264fc6318a92b9e13c65db7cd3c
SHA1 c1976429369bfe063ed8b3409db7c7e7d87196d9
SHA256 c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a
SHA512 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 b23a77c1c0b865c67e4fd0ca80eb41d1
SHA1 e290e2dde37e0e2f6b1274f0a69ac4ed0d26af37
SHA256 142c0b3bab77907907546d3f17089585f1086f7d9711bef8cca9175ea659e26f
SHA512 b93447f22e7bc98a663e3c9f7a8a76cc1c462ca6288deca746256154d61ac58cd54cac199e3462a33ccfce1c43f3ff6a93b15dbf7e1fd0421632044b29213707

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 f0b930680aa93a62bb77d1916e64a3d7
SHA1 fc30b5641b8d32e4efeaf409d07a4d520a95a6da
SHA256 8f109682334d43d811c7d56620c5eb30c9bc1a89f3f36b91232aeb142a6f6ba7
SHA512 2a503f3aefd5ed8634dbc85cd952d10625e4bc18badc0661c7cfcc3345cfb43ba1e153d9fb264703e4cf0d6c40ac601942e841b9537125072f884c283adb5b99

/data/user/0/com.dbgj.stacore/app_e_qq_com_plugin/gdt_plugin.jar

MD5 798f10a662a4848ed33d16790c751355
SHA1 4198fc8cb89d53e338c2bf12122cb4f53183513c
SHA256 6f52b12d38067a97b22917660e919d36232b409c1505dee37233cf7bdcc12eea
SHA512 70beba592750c2d9ebda28b13378a82b2ff7d0e39d0caff0529d8e3ae7c23eb3b243ecd82bc132b1c12b354e8b171e589bdd846b169e955607e11a87c362957a

/data/user/0/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 3536393758f6766c87c87f831a6cf99d
SHA1 c8dd3d25faf7cf37dc150d04c370bdd4dfca8493
SHA256 d0571b2c3484f6f71770ff496a273f962f6d1161253c010264be5e4759d94086
SHA512 9a3b05c71b48c76e5fef92ccf8ba4df8da52ee38feef8b1b9411e33d8ce4900144e00fc2d192b97f75866381372ab1467cbdd5628ca7f7641b257157506ec7d9

/data/user/0/com.dbgj.stacore/databases/GDTSDK.db

MD5 d9546e7529040098de5b03ef296970a1
SHA1 7781f0f230dc2bd574bbea97194d0033431d350e
SHA256 585184ebd52cf769be667e0b871dd9324197f21e37152fbd5fe1cefa5f523ccf
SHA512 acf1935480b8b99c231fff1b1de32b7456094853cdf0d7819c57302100d608ae884bc2d44ad3ef3ff8c2cbf2d4d66ec8d77827e6c9605ebda1f31cfc522b542a

/data/user/0/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 0a73a5d09a30d87485b0cb1621f3e937
SHA1 f137889692f290cd13865c4f93528e10417c2d21
SHA256 22cb9f7c89f4afe2a7ce1ef4d314a553c4a10302012efa302603a63a61c81af3
SHA512 bad20926ab51d60c028cebfe512746ff112756474348295f5a2b2f1ea29aa030791118643c4bc2418f8a4bf1a222eb8597f15b94568f8c176e5f087872789379

/data/user/0/com.dbgj.stacore/databases/GDTSDK.db-journal

MD5 200f3dbdf75b741234971e57692d08b8
SHA1 304ea99a1e3d1343c5c3e905f20d5bf8c049f959
SHA256 a013d8a4180a22911fae21d4888a2be7c17ea4eb2d543336c9bd86cf9f46c65b
SHA512 e98410de5f837885ad1d13dc3407acd2614dc73cb9b8affd1624c9dbb767f0cb351a6c0ab91e4e06a3b2359ac8981dbf05fee9f03a836884d7cae68dd7b64e8a

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:47

Platform

android-x86-arm-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-05 19:39

Reported

2024-06-05 19:41

Platform

android-x64-arm64-20240603-en

Max time network

10s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp

Files

N/A