Analysis

  • max time kernel
    177s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    18-06-2024 14:06

General

  • Target

    1.apk

  • Size

    707KB

  • MD5

    b1fcb89d11d09690037e6cdef4dd16af

  • SHA1

    663895e25a9286363cfaf5186c40343f03603053

  • SHA256

    1281704bdec6d366e6778b74798cf21e6d9744f97396a646037cb1f1453a241b

  • SHA512

    9259f3f74443d8cdedc010ec4ab21618f330b7521577df1579f8a66921877a87ea166fb1721479a1560214087d66f0f46c43d78f7c7935a07ac19c6b413301a3

  • SSDEEP

    12288:3h4UpR5DyyK45jEmJEU7ADMf7aoZ4P5TlLukTk+lJWsnnjw8EdGC+dXz/P:3h/wyvy0hED27aoZ4PLLu2TlJrnWGC6z

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.duowan.wdsjgl.mctools
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4646

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    184KB

    MD5

    9c9416e5b583e395df107443deab01e6

    SHA1

    9d7188b483bfe3dddc3d057a89a7f980006f26a9

    SHA256

    340df5c81b4b9ac9154746fdb9a88ebfc4046b72b28951dfefb85f1ab2faf358

    SHA512

    93f690db06ed593061e634c6a4316ab1bf466806a6f3cf0ff971521664cd379d249642549e04c899edd0749a6fe524109fbd1cba51d96dd9d50aa40d23b2ffa4

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar

    Filesize

    410KB

    MD5

    fb9bbe1555d1e51bc6b68f73306cb5e8

    SHA1

    fb58a0adb1de330045ed2a7488f7512dd39e6e84

    SHA256

    269761b21873b1eb7f433b5b8233e13b54d499765413edd555a115e154884a1c

    SHA512

    10fd4b83b3b20333d1e54005342d5fcc50f83e3bd967a7b04c0991244a6e7f0bc0eabc74c19a4f746d34db7ece76f4b083101963ebe351c27b4b68c5259a55a6

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar.sig

    Filesize

    180B

    MD5

    d720f5a76da8fd9c88b47bcc424a6ea8

    SHA1

    7d0d284268fd188d36ca806dbed0fdeef6a2a4bb

    SHA256

    2fec1104f18fc9cc1e801bbe61642ee704a149248de06330ff141ca5238dd51e

    SHA512

    02c34b3dea7d40c4d30052126cdcc2f8ae359d742fe25f87ad101dc1bd8f80330f149abe2e114663c53e47de9b70d2c3de8b7903d0ea22d2e1ce89cd52a901a9

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    4B

    MD5

    dce7c4174ce9323904a934a486c41288

    SHA1

    e117797422d35ce52f036963c7e9603e9955b5c7

    SHA256

    0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

    SHA512

    d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

  • /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/update_lc

    Filesize

    1B

    MD5

    0bcef9c45bd8a48eda1b26eb0c61c869

    SHA1

    4345cb1fa27885a8fbfe7c0c830a592cc76a552b

    SHA256

    bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

    SHA512

    91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

  • /data/user/0/com.duowan.wdsjgl.mctools/databases/GDTSDK.db

    Filesize

    24KB

    MD5

    d9546e7529040098de5b03ef296970a1

    SHA1

    7781f0f230dc2bd574bbea97194d0033431d350e

    SHA256

    585184ebd52cf769be667e0b871dd9324197f21e37152fbd5fe1cefa5f523ccf

    SHA512

    acf1935480b8b99c231fff1b1de32b7456094853cdf0d7819c57302100d608ae884bc2d44ad3ef3ff8c2cbf2d4d66ec8d77827e6c9605ebda1f31cfc522b542a

  • /data/user/0/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    8KB

    MD5

    485c1d3d0f44d1d2b4387d4325cdb8f4

    SHA1

    94a44e48796de832ca107f6d0700e9762e86ec69

    SHA256

    14d95b9e302d84e10b36e9d7d4c6638a776a5d80be250f0fe87c484710d525e1

    SHA512

    721ddb45415c74fe44a8b16452b5e4af6122ff9a59959832946d3a4d95464d21cd9553040a2304ba27fa431541a9d3cc2d3e38c76ad2a4735f0f7155572a7a42

  • /data/user/0/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    512B

    MD5

    7cb9a8a42d7bf5f373f46f2fad9ffd5a

    SHA1

    556c893dc88d4afe366c7fc2d105f4ef235e8c96

    SHA256

    75025eeb1227b8b21c0ec2c07cfc55c9c9ddb29e682d1791e5ab1315b6669eb0

    SHA512

    75c054157e1da3e67af918470626164420b1bf614e317da50021bd589bda29b1c8355758a05fdbb943a5c02dc0a16b887d1f563f9aede3c6dba7ce82290c5770

  • /data/user/0/com.duowan.wdsjgl.mctools/databases/GDTSDK.db-journal

    Filesize

    8KB

    MD5

    962c16c1a296ce0336f3dd0b30ecd2d2

    SHA1

    9c9b73942718401172885d2fb8b6a749bc4636cd

    SHA256

    56aaef17ac448c70d431059bbdd82ade63f664a5084102748ecaed4d8cd814bc

    SHA512

    60ab76b6942a41530803a60c3a605a663b7d6e777d9188ed49689246ff7d9c6e1f9f7aa135966ef11ad781b38102bedbfbd1b245432d1bc5005021223b28f26c