Analysis
-
max time kernel
177s -
max time network
131s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 14:06
Static task
static1
Behavioral task
behavioral1
Sample
bc578bab172b8aae0329657e187d4a8d_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
1.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
1.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
1.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral10
Sample
2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
1.apk
-
Size
707KB
-
MD5
b1fcb89d11d09690037e6cdef4dd16af
-
SHA1
663895e25a9286363cfaf5186c40343f03603053
-
SHA256
1281704bdec6d366e6778b74798cf21e6d9744f97396a646037cb1f1453a241b
-
SHA512
9259f3f74443d8cdedc010ec4ab21618f330b7521577df1579f8a66921877a87ea166fb1721479a1560214087d66f0f46c43d78f7c7935a07ac19c6b413301a3
-
SSDEEP
12288:3h4UpR5DyyK45jEmJEU7ADMf7aoZ4P5TlLukTk+lJWsnnjw8EdGC+dXz/P:3h/wyvy0hED27aoZ4PLLu2TlJrnWGC6z
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.duowan.wdsjgl.mctoolsioc pid process /data/user/0/com.duowan.wdsjgl.mctools/app_e_qq_com_plugin/gdt_plugin.jar 4646 com.duowan.wdsjgl.mctools -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.duowan.wdsjgl.mctools -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.duowan.wdsjgl.mctools -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.duowan.wdsjgl.mctools -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.duowan.wdsjgl.mctools -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.duowan.wdsjgl.mctools -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.duowan.wdsjgl.mctools -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.duowan.wdsjgl.mctools -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.duowan.wdsjgl.mctools -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.duowan.wdsjgl.mctoolsdescription ioc process File opened for read /proc/meminfo com.duowan.wdsjgl.mctools
Processes
-
com.duowan.wdsjgl.mctools1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4646
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD59c9416e5b583e395df107443deab01e6
SHA19d7188b483bfe3dddc3d057a89a7f980006f26a9
SHA256340df5c81b4b9ac9154746fdb9a88ebfc4046b72b28951dfefb85f1ab2faf358
SHA51293f690db06ed593061e634c6a4316ab1bf466806a6f3cf0ff971521664cd379d249642549e04c899edd0749a6fe524109fbd1cba51d96dd9d50aa40d23b2ffa4
-
Filesize
410KB
MD5fb9bbe1555d1e51bc6b68f73306cb5e8
SHA1fb58a0adb1de330045ed2a7488f7512dd39e6e84
SHA256269761b21873b1eb7f433b5b8233e13b54d499765413edd555a115e154884a1c
SHA51210fd4b83b3b20333d1e54005342d5fcc50f83e3bd967a7b04c0991244a6e7f0bc0eabc74c19a4f746d34db7ece76f4b083101963ebe351c27b4b68c5259a55a6
-
Filesize
180B
MD5d720f5a76da8fd9c88b47bcc424a6ea8
SHA17d0d284268fd188d36ca806dbed0fdeef6a2a4bb
SHA2562fec1104f18fc9cc1e801bbe61642ee704a149248de06330ff141ca5238dd51e
SHA51202c34b3dea7d40c4d30052126cdcc2f8ae359d742fe25f87ad101dc1bd8f80330f149abe2e114663c53e47de9b70d2c3de8b7903d0ea22d2e1ce89cd52a901a9
-
Filesize
4B
MD5dce7c4174ce9323904a934a486c41288
SHA1e117797422d35ce52f036963c7e9603e9955b5c7
SHA2560c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143
-
Filesize
1B
MD50bcef9c45bd8a48eda1b26eb0c61c869
SHA14345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA51291972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812
-
Filesize
24KB
MD5d9546e7529040098de5b03ef296970a1
SHA17781f0f230dc2bd574bbea97194d0033431d350e
SHA256585184ebd52cf769be667e0b871dd9324197f21e37152fbd5fe1cefa5f523ccf
SHA512acf1935480b8b99c231fff1b1de32b7456094853cdf0d7819c57302100d608ae884bc2d44ad3ef3ff8c2cbf2d4d66ec8d77827e6c9605ebda1f31cfc522b542a
-
Filesize
8KB
MD5485c1d3d0f44d1d2b4387d4325cdb8f4
SHA194a44e48796de832ca107f6d0700e9762e86ec69
SHA25614d95b9e302d84e10b36e9d7d4c6638a776a5d80be250f0fe87c484710d525e1
SHA512721ddb45415c74fe44a8b16452b5e4af6122ff9a59959832946d3a4d95464d21cd9553040a2304ba27fa431541a9d3cc2d3e38c76ad2a4735f0f7155572a7a42
-
Filesize
512B
MD57cb9a8a42d7bf5f373f46f2fad9ffd5a
SHA1556c893dc88d4afe366c7fc2d105f4ef235e8c96
SHA25675025eeb1227b8b21c0ec2c07cfc55c9c9ddb29e682d1791e5ab1315b6669eb0
SHA51275c054157e1da3e67af918470626164420b1bf614e317da50021bd589bda29b1c8355758a05fdbb943a5c02dc0a16b887d1f563f9aede3c6dba7ce82290c5770
-
Filesize
8KB
MD5962c16c1a296ce0336f3dd0b30ecd2d2
SHA19c9b73942718401172885d2fb8b6a749bc4636cd
SHA25656aaef17ac448c70d431059bbdd82ade63f664a5084102748ecaed4d8cd814bc
SHA51260ab76b6942a41530803a60c3a605a663b7d6e777d9188ed49689246ff7d9c6e1f9f7aa135966ef11ad781b38102bedbfbd1b245432d1bc5005021223b28f26c