Analysis

  • max time kernel
    51s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    18-06-2024 14:06

General

  • Target

    1.apk

  • Size

    707KB

  • MD5

    b1fcb89d11d09690037e6cdef4dd16af

  • SHA1

    663895e25a9286363cfaf5186c40343f03603053

  • SHA256

    1281704bdec6d366e6778b74798cf21e6d9744f97396a646037cb1f1453a241b

  • SHA512

    9259f3f74443d8cdedc010ec4ab21618f330b7521577df1579f8a66921877a87ea166fb1721479a1560214087d66f0f46c43d78f7c7935a07ac19c6b413301a3

  • SSDEEP

    12288:3h4UpR5DyyK45jEmJEU7ADMf7aoZ4P5TlLukTk+lJWsnnjw8EdGC+dXz/P:3h/wyvy0hED27aoZ4PLLu2TlJrnWGC6z

Malware Config

Signatures

Processes

  • com.duowan.wdsjgl.mctools
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:5023

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    184KB

    MD5

    9c9416e5b583e395df107443deab01e6

    SHA1

    9d7188b483bfe3dddc3d057a89a7f980006f26a9

    SHA256

    340df5c81b4b9ac9154746fdb9a88ebfc4046b72b28951dfefb85f1ab2faf358

    SHA512

    93f690db06ed593061e634c6a4316ab1bf466806a6f3cf0ff971521664cd379d249642549e04c899edd0749a6fe524109fbd1cba51d96dd9d50aa40d23b2ffa4

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar.sig

    Filesize

    180B

    MD5

    d720f5a76da8fd9c88b47bcc424a6ea8

    SHA1

    7d0d284268fd188d36ca806dbed0fdeef6a2a4bb

    SHA256

    2fec1104f18fc9cc1e801bbe61642ee704a149248de06330ff141ca5238dd51e

    SHA512

    02c34b3dea7d40c4d30052126cdcc2f8ae359d742fe25f87ad101dc1bd8f80330f149abe2e114663c53e47de9b70d2c3de8b7903d0ea22d2e1ce89cd52a901a9

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    4B

    MD5

    dce7c4174ce9323904a934a486c41288

    SHA1

    e117797422d35ce52f036963c7e9603e9955b5c7

    SHA256

    0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

    SHA512

    d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

  • /data/data/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    1B

    MD5

    0bcef9c45bd8a48eda1b26eb0c61c869

    SHA1

    4345cb1fa27885a8fbfe7c0c830a592cc76a552b

    SHA256

    bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

    SHA512

    91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db

    Filesize

    24KB

    MD5

    c350d05c3d4943baaf1accd6a39a18d3

    SHA1

    9bea162acc14706bb032be98e7a42dbd22d3d325

    SHA256

    2515f5e39ad8ab880de32bd4667da927364e7f0a492876ba4f91819bded63b9f

    SHA512

    cf8b698adaeba68c20015b951f1cf3e8a85361c9ef7e27dcdee1cea6310023eece05519a26c95e6b9ee369f2570584c3be69ddff3fb1e4ce65b40f89a45bdfac

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    8KB

    MD5

    412bdb51143c1170509c310a3b014561

    SHA1

    71d7d6ff39b712a0185f87c94262ed2084d88d47

    SHA256

    4695d7a9ae70c153cefcd6d86223069d3f9a69a01a3c59815e0c77346a7603c8

    SHA512

    f6ef2d3696f604ecda1735e8295507f9bd24f8dbbaed62f152b4ee54e11ec831c78fd1f007c1b8a38b11fde4d461a7a905bbcbd63578f3a95b521a8b7b2fa5ec

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    512B

    MD5

    46f9970b43558c8a2a1da8ff88d3ab7e

    SHA1

    da9eb77a04f25731a05247049ab44fda12b0b259

    SHA256

    0e544df7e6de26b2fc54276c56a2ddcfd1487e5710ea425cd0f796cfa8806f45

    SHA512

    b50e97e80ada14c8ceff2bc5d46088354fa5d645511f43ad93f782efeac46ee6e2a7eddd5aa3d9dceffb3cc0bead1a17cdca07faa382e8f38d924ffb810bde49

  • /data/data/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    8KB

    MD5

    f54eeaa20236c5529ecde5860a83387c

    SHA1

    14cd762fcc6146516cfe7ed8ecf78e2215e01b65

    SHA256

    bd634dddae2aa5e451a733292bee10a987b2a0383cfb87b5cca71ea7aa4d4b19

    SHA512

    c3cbe249c461fde34957b3500b908c0507dd87bd493ad9ca7752348234fb9231bdd486fa797912df78948d5558e23a16a3f63241b4a56fbb4528edbdee07ced4

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    410KB

    MD5

    fb9bbe1555d1e51bc6b68f73306cb5e8

    SHA1

    fb58a0adb1de330045ed2a7488f7512dd39e6e84

    SHA256

    269761b21873b1eb7f433b5b8233e13b54d499765413edd555a115e154884a1c

    SHA512

    10fd4b83b3b20333d1e54005342d5fcc50f83e3bd967a7b04c0991244a6e7f0bc0eabc74c19a4f746d34db7ece76f4b083101963ebe351c27b4b68c5259a55a6