Analysis

  • max time kernel
    36s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    18-06-2024 14:06

General

  • Target

    1.apk

  • Size

    707KB

  • MD5

    b1fcb89d11d09690037e6cdef4dd16af

  • SHA1

    663895e25a9286363cfaf5186c40343f03603053

  • SHA256

    1281704bdec6d366e6778b74798cf21e6d9744f97396a646037cb1f1453a241b

  • SHA512

    9259f3f74443d8cdedc010ec4ab21618f330b7521577df1579f8a66921877a87ea166fb1721479a1560214087d66f0f46c43d78f7c7935a07ac19c6b413301a3

  • SSDEEP

    12288:3h4UpR5DyyK45jEmJEU7ADMf7aoZ4P5TlLukTk+lJWsnnjw8EdGC+dXz/P:3h/wyvy0hED27aoZ4PLLu2TlJrnWGC6z

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.duowan.wdsjgl.mctools
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4270

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    184KB

    MD5

    9c9416e5b583e395df107443deab01e6

    SHA1

    9d7188b483bfe3dddc3d057a89a7f980006f26a9

    SHA256

    340df5c81b4b9ac9154746fdb9a88ebfc4046b72b28951dfefb85f1ab2faf358

    SHA512

    93f690db06ed593061e634c6a4316ab1bf466806a6f3cf0ff971521664cd379d249642549e04c899edd0749a6fe524109fbd1cba51d96dd9d50aa40d23b2ffa4

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar.sig

    Filesize

    180B

    MD5

    d720f5a76da8fd9c88b47bcc424a6ea8

    SHA1

    7d0d284268fd188d36ca806dbed0fdeef6a2a4bb

    SHA256

    2fec1104f18fc9cc1e801bbe61642ee704a149248de06330ff141ca5238dd51e

    SHA512

    02c34b3dea7d40c4d30052126cdcc2f8ae359d742fe25f87ad101dc1bd8f80330f149abe2e114663c53e47de9b70d2c3de8b7903d0ea22d2e1ce89cd52a901a9

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    4B

    MD5

    dce7c4174ce9323904a934a486c41288

    SHA1

    e117797422d35ce52f036963c7e9603e9955b5c7

    SHA256

    0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

    SHA512

    d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    1B

    MD5

    0bcef9c45bd8a48eda1b26eb0c61c869

    SHA1

    4345cb1fa27885a8fbfe7c0c830a592cc76a552b

    SHA256

    bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

    SHA512

    91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db

    Filesize

    24KB

    MD5

    755d1d1b0599d7be973031b5a9ed3373

    SHA1

    3b13cffb97005729fc20cd9b9a8547e0fa32632d

    SHA256

    90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

    SHA512

    afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    512B

    MD5

    a3b7659687454c1475ff8b60adf2df79

    SHA1

    1cc3ffadec534b5727a57e01c88dad28933ab12c

    SHA256

    8dabd9586ea938b07f96166c2c58f6f32cc0205f535bb643e15f5f283f05a841

    SHA512

    361fe2f39c4f5bee251beb09d84c08d87d0a03a167ec2c475d6aad064412144b00b5014bd3a27ba724361db3d9b8d1304930ed7aea0dce646bb57edca879c641

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-wal

    Filesize

    36KB

    MD5

    6ac7858a07dd8ffc987819c032ea4fd3

    SHA1

    db9c41e8d7d1369fcc77f52c48cf888c2014fe18

    SHA256

    3ddc19ff7c974f3cd3845104453f24fa7fd812d76f038f98ecbf4718cc8ea73b

    SHA512

    78ebf2ccc48a36327c94274e898840e161ea7a52c45537dd395025a59f5280ccae282347f939dbcc7bca76ae6bba12705a78a0d4891f0098c3cd56553a38369a

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    410KB

    MD5

    fb9bbe1555d1e51bc6b68f73306cb5e8

    SHA1

    fb58a0adb1de330045ed2a7488f7512dd39e6e84

    SHA256

    269761b21873b1eb7f433b5b8233e13b54d499765413edd555a115e154884a1c

    SHA512

    10fd4b83b3b20333d1e54005342d5fcc50f83e3bd967a7b04c0991244a6e7f0bc0eabc74c19a4f746d34db7ece76f4b083101963ebe351c27b4b68c5259a55a6