ae67811311af32eb2c66ed4d14fecc5d0cbee9c955a1be32ec4cbc6482f43965

Analysis

max time kernel
118s
max time network
158s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
27-06-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AE67811311AF32EB2C66ED4D14FECC5D0CBEE9C955A1BE32EC4CBC6482F43965.apk
Size

14.3MB
MD5

edda3b4db14b8ade9398ce9124bdc62e
SHA1

52e654d2fd5bc8b570c345b6762d268f3335d83d
SHA256

ae67811311af32eb2c66ed4d14fecc5d0cbee9c955a1be32ec4cbc6482f43965
SHA512

6dd5f37f870a349af91f3af122e9864092bae602030a7c019f521be36c822ba4397acd74e5fd7702dcdcc56b7cdc5d40fffd24bedcbeb7944e0636b50cc1a579
SSDEEP

393216:VylCuuMe8vEPO0Jud0uw8LKKG5rmd8g24PcVU:Z1X8s2L28LQmag24kK

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.copy.wzzapp

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.copy.wzzapp/.jiagu/classes.dex	4619	com.copy.wzzapp
/data/user/0/com.copy.wzzapp/.jiagu/classes.dex!classes2.dex	4619	com.copy.wzzapp

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.copy.wzzapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.copy.wzzapp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.copy.wzzapp

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.copy.wzzapp

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.copy.wzzapp

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.copy.wzzapp

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.copy.wzzapp

com.copy.wzzapp
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4619

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.copy.wzzapp/.oabugaij/.fsgkea

Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
/data/user/0/com.copy.wzzapp/.jiagu/classes.dex

Filesize
6.1MB

MD5
689f2e7b9a34b397034e23e05c23c443

SHA1
ccbc3743408f02e29c73ae7d99302dd590b07c9f

SHA256
66a37c834036311dea2c225827dd9df1a11843cdbf3148ff6cf88056ebe8f2e4

SHA512
4adce8e8eef866010d3722d372b6b77f82d06870bfeb3b0e0da9488a7cacf9188ea5657075541a53b5a535e97b4ce1424ab87e91bd826c15dc91dd3c9b3840b5

Download Submit
/data/user/0/com.copy.wzzapp/.jiagu/classes.dex!classes2.dex

Filesize
6.0MB

MD5
3594e1aeeabdb71d809a98124201c3d4

SHA1
91ed6cc61305b4bcedf5c31d732274b342200cbd

SHA256
1385a049c44be4b9c19d950978d3007284d3313411aee5c8b13cd1f423665aa2

SHA512
f55a918b4678530e3137b4c696846e4efe57b57002ed6438caaf692941b95ea0918b941059b015714f816cde52aa33e2afc9251c6f92b183af20189b38727a4c

Download Submit
/data/user/0/com.copy.wzzapp/.jiagu/libjiagu.so

Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/user/0/com.copy.wzzapp/.jiagu/libjiagu_64.so

Filesize
526KB

MD5
f3f377aff0413b6667306b3ad51a032e

SHA1
0e03658be45eb84be83a147329b82885da1b4702

SHA256
78bf69f4b3eea98355f96ae381547380263beb136fe29d630e2e3216780fdac8

SHA512
a23a89fb8721736f4c82f779f515fc2f702c0d98d696911802d57600ba4066762ade878535abdff7ba529e167d035f7b97e829dc3e1b7d04825b00d31f7d3b0b

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.ac

Filesize
32B

MD5
b0f2a9ce826dc27390d4f11370c3bfba

SHA1
4b825ff6bbc4d72ceab6269fa19d218942be1fb2

SHA256
98040e3f09f37ce181e8952b03c19096c3c67c75cce6e13d309a5987d96ac61a

SHA512
72bd547ad97e2960cb59b1cef6346240d60aa1252078b91caf02d306f14bf307945fb790bac76c3cbb8b773a2c164fe7b74216d2914267d01742cf10adddcba9

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.ic

Filesize
32B

MD5
ce8d137aba1528a2b4babaf5a58496f7

SHA1
97759e0acaaecf2e938e1555541644114210e233

SHA256
800acabf7836757e1aee98657a62712db133468f5e0c7ed0ebd53800adc8a9b0

SHA512
14ea187356cd77885765cf40306e2d735dfe71376045ae615df5a40a7a661d88b4f36787e04a783b0f84fa8e9082f1566946f9ede1fb57cf5943d44ee05c947b

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.pk

Filesize
32B

MD5
466ce05a43394b0bdb0e1844bba20afe

SHA1
08fa4f9844d7d417f1dc5df316c3bd4715dbbd4f

SHA256
5057df810e62fc6f18a7adc2871038af73407942613178c5e3320fc6822deeef

SHA512
82dcfb1efa0bb1ecc1479f8c06332ecb65f529ac1a9107f40fb00689677b593604919b75c8e072f9d78c304881613b0a695f91d7800660ce36921a1a5506d41b

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
e03c5ece97ee82b534cc9110267aa9e9

SHA1
26fdaa17b74503d21d2e92578634cc18fa0f4512

SHA256
691a7b3f2645229bcd1551c4b94771dbe652ac346a393847f8456ae17748be87

SHA512
1a9d6872c341757b7dcb59366c4a0f00e534f91f6900fc05f25840c1c6ce38e025d4576f3b336c264f171f40b0562ee64ebf91e4db8e2e5a6b05b635f29b13f1

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.rd

Filesize
32B

MD5
f0901a2e96ffa050da1aa774fcd7bfe8

SHA1
e3d801832f5279ce35b20060933ae2eb12a164c7

SHA256
ed406679b828d3314cc74e794dd9e36ef5d25f81817dd41ede77222cc5e7524d

SHA512
8383fc45cb593d987e49f465b3bd26dea05bd52658d5a9774dbfdc8aabc8d79ee1e64190fbde882c7eeb90f8c70fac566e6645ff8ed692e21b5bcea3d9fd04a9

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.ri

Filesize
307B

MD5
51a7f6774c60a1675f931bdce16d36d9

SHA1
500cc1e5e30c97aa498bc857c97fc60b38d77eac

SHA256
3b215788718161c97a4475db0c6d1257c59a171cb69a45b90b252b8fdea9d723

SHA512
294d34b86d57d2d47f0fa4bc37d1808cd4304e27a6c82a63b7b77141c207f12c0c65d2408c9cbccda5377d8be0103812f4b960e2def6035e706a04712dedc01b

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.ri

Filesize
314B

MD5
8e8e0b08947dcc9bf16d11e60c9c7724

SHA1
328e07dbd5284963d582253eb5524d3c0ccc86b3

SHA256
b374890489663b5ba9a253370c68b54c96b2f5a2f6492d75a66135e4c4554ee9

SHA512
7678ff7002de85e206c6d8d5ddacec66c7d1db5491e038bfee8034d4571c78e7638027e700efc38fefcd5a8bb446c6a9c619c18e6cf9ca91e816d1fdb4c62dca

Download Submit
/data/user/0/com.copy.wzzapp/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
bd97f4dc4d9434589f6f33452d96f9f8

SHA1
c2581ff5e6f04fcc940b189365a495995784bfe0

SHA256
edf3e94c4a54ae39e2e07d8829d2c5bc8cfc14b3b4a4c3629c9f9ae75171de2a

SHA512
842c949b34e072050ab71b60072d2dbfe10ecdd7ee2b3b79b4a1c20730cd4f7122a04c52276205cd55aeb703c73bba7723c161c22c2ce15df70ea90736a8d448

Download Submit
/data/user/0/com.copy.wzzapp/files/.jiagu.lock

Filesize
27B

MD5
3176756982f462a8d01f196263e50ea6

SHA1
f8e9fe9c3ebe2662d38d9c443e2a1fafbd1aaec0

SHA256
303d70190e30a220580211123ff6b33755a4fe3aac7b8314a6e7931a77d3a718

SHA512
a610a980a70e2f5ddee13947769ff1388a3c8524a41a0b70cdc22ad205581ac221c87a5f46717244f9661358d1e6d52a3bf8a8af91ebc636273bbf3f5f2602ce

Download Submit
/data/user/0/com.copy.wzzapp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE5NDg2NjQxNTU0

Filesize
1KB

MD5
7ad4d85ce2e32861a1ea17783e6f31a3

SHA1
cdcc9d9c2aec90c778057daba225c7c24d4854d7

SHA256
f2b05316ea600717c660e96e25728f4821593bb54d15b624f928d1eaccbe74be

SHA512
7b0ce9149937701ba70ff42c8e694da9489a485bacc9023d0c1a8119bb798906fcff838405ff39b4f5a08ffad390c5983a2442069a874c4ec8f0ad4bc096bace

Download Submit
/data/user/0/com.copy.wzzapp/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE5NDg2NjcxODkx

Filesize
1KB

MD5
51cad9854ec53fbac78bbc1ba5f2d20d

SHA1
24acca7f93fb30debdf70129bd224c460b4b0e5b

SHA256
175f40c18d8fc0a571b0d186992dce5d09c49d67c8da7470cb05abdbd5a20912

SHA512
b5301c97892155987877318808868fa007631d60bb149170f52f4978f415d6c40f2b3daf76e3c9d3171b825db8662f21a1e53b5f087371cbf78c84ec3fb8260d

Download Submit
/data/user/0/com.copy.wzzapp/files/umeng_it.cache

Filesize
350B

MD5
8855ee11fff3482764a6aae6a7e679f5

SHA1
9e9766e7f453e216add8ce1cc29409ba5ef569b6

SHA256
bf82dd4a81bc1e620fc92649ea125e3762ea49f388f807e7728cb4cf400f2d78

SHA512
2b5640fca08f4cc99468b37c06b0c54fa6b37a77131eabc4db89e6d383e0e8423837908ed93f9a96c1f00830ee0841be66e4fafc9ca53fbdbddede18df3bca0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads