Overview

overview

8

Static

static

6

2b65f12fb6...18.apk

android-9-x86

8

PlayerUIApk.apk

android-9-x86

1

PlayerUIApk.apk

android-10-x64

1

PlayerUIApk.apk

android-11-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    09/10/2024, 05:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2b65f12fb684b54738fdbb58d9cb47b9_JaffaCakes118.apk

  • Size

    9.7MB

  • MD5

    2b65f12fb684b54738fdbb58d9cb47b9

  • SHA1

    8e04054e31b1ee27934177b3f80a5a49eff9aae2

  • SHA256

    bc2c81e4b08c5d5b533ea95e937dddb761c2cafd548ce0c2a6a39d6048b63c07

  • SHA512

    568573e30d7e30902d328ebce59d0088587f5724eb1766f3ea67e4dcb0dad7ec471fd5b982fc790a5016d2f61ce3fcbb7180589c0e7056d05a4b302ca3e5adfc

  • SSDEEP

    196608:Bb5SOl7OjNA8UqR1rr7aDFJPSN8Q4lGrF1ToLC9eu5rJqCG0x2FCPL:2aOjNA8UqR1rr74y8Q4SFSCZjxRPL

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 3 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 4 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.duoduo.child.story
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4250
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4527
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4589
      • com.duoduo.child.story:pushservice
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks CPU information
        PID:4287
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.duoduo.child.story/app_plugin/oat/x86/PlayerUIApk.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4361
      • com.duoduo.child.story:push
        1⤵
        • Checks if the Android device is rooted.
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks CPU information
        • Checks memory information
        PID:4546
        • ls -l /system/xbin/su
          2⤵
          • Checks if the Android device is rooted.
          PID:4682
        • cat /proc/cpuinfo | grep Serial
          2⤵
          • Checks CPU information
          PID:4707

      Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
              Filesize

              137KB

              MD5

              3c98e401cf984ddb44c382199a71a51d

              SHA1

              988dca0fcd26b3441cf741500394a865c086effa

              SHA256

              b86e81b2504d175d78b9dee1dd50b44e53e06ce6216136b247010e8605cb2360

              SHA512

              f09102d6c5fd5268a2aee24183411b7f24ed6f7f66a07aa77020511269fe33b6973ce6ba8d060c92147ee75883706adccfa1fe7df063a974375bdf6e0634d0da

              Download Submit

            • /data/data/com.duoduo.child.story/app_plugin/oat/PlayerUIApk.apk.cur.prof
              Filesize

              155B

              MD5

              71e581537e5b9dfa47dc9900843790ac

              SHA1

              a781270772d4a72797f68b19a2d13dc1854bff19

              SHA256

              0af756ffe42bb17b93472a1a5656ce194908018c97c4bbd4a0f058c5a5039a95

              SHA512

              36cbfcb32cc9dc310f1ec2aa3adc31762f05bae758dd21cc05f68ca2797b2475367f0fd4f4e807636f0fe6a747144b2a8ecbac0ad3501069edff57e5a0c1cb9b

              Download Submit

            • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db
              Filesize

              4KB

              MD5

              f2b4b0190b9f384ca885f0c8c9b14700

              SHA1

              934ff2646757b5b6e7f20f6a0aa76c7f995d9361

              SHA256

              0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

              SHA512

              ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              Download Submit

            • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-journal
              Filesize

              512B

              MD5

              ae5b863675ee9bd912eb051b888a230b

              SHA1

              0664755630e0251e0b69c0cca0518ed6359c1a71

              SHA256

              a2b41008261fe757894e586768379cdd7f13f18fc5955133eeed10405d204a46

              SHA512

              a909eac7a50478ecda6a43295812e60323c168ac522d9021c768bda14d1650a3bf2c841b586b7ede45568a6e3020a811add67662ca178ae0f281236b6f0e0713

              Download Submit

            • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-shm
              Filesize

              32KB

              MD5

              bb7df04e1b0a2570657527a7e108ae23

              SHA1

              5188431849b4613152fd7bdba6a3ff0a4fd6424b

              SHA256

              c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

              SHA512

              768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

              Download Submit

            • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-wal
              Filesize

              40KB

              MD5

              05675a00a2f0681e7c6b1ee6e02db93f

              SHA1

              1d312255b333b6936809d16f53e36557dec25b87

              SHA256

              6c7adf94edcc49bfec6876d918e534c2739bd667a3e8742a52382fe66f422361

              SHA512

              87949fe097c4666f3ab779fb5a96a58d771b1602cb063cc6c45c90bbfd941a9690118c41dbf22870bfcefe03463c20caf265fa6f659d0dc97d80dcdfef395ab1

              Download Submit

            • /data/data/com.duoduo.child.story/databases/duoduo_story_house.db-journal
              Filesize

              512B

              MD5

              9433f41bf584ea05ffebe2196ccb5206

              SHA1

              fbe652b27d446ac862c0f2dcd76124d85c86abda

              SHA256

              649cac1e4bd86ecb807a96ee1ea1a6b339198c7ead8687c8f872b439938e8c2a

              SHA512

              4d0c0516d989f5756c8ad25cd2b3330142363ba14a4c624be96e1d982526f67f51895d5199856c7f4263d1edcbd215a2d6df6be4b812ba91467908fb77b2b154

              Download Submit

            • /data/data/com.duoduo.child.story/databases/duoduo_story_house.db-wal
              Filesize

              44KB

              MD5

              991d809b365908da5af517b1ad1264f2

              SHA1

              bd8d4c03eaac2927bdaa75254d393324f2cc7914

              SHA256

              f4cfcb4e697bb044ac0ddbdefae5d31e4fe20597f7d0f87a5c947f78f750f525

              SHA512

              f218a37158cd04dc6e09a0efff8aadfc36af53ebeed1ff416013e82486b98dda06fc865dd9cc761e2f26d6955bef12cacb53a9760b88fc4f2568961b428d7965

              Download Submit

            • /data/data/com.duoduo.child.story/databases/pri_wxop_tencent_analysis.db-journal
              Filesize

              512B

              MD5

              a40df7783f575d347928acbbb9de43e7

              SHA1

              484876bb8f0b4c1442239baa7b6654afde7bdfab

              SHA256

              7ab3cc50877fe2cd0b12c573d3d0b4306326e9cb250c4586f76df3c1c853b1ff

              SHA512

              a6efea13063479912f122a004e11d12ff16b7872f5d79ed8194b25fe217f715383119dca94e2cbcee9e073e25762c4729904a2ae877de46dcec59f29ee8996b9

              Download Submit

            • /data/data/com.duoduo.child.story/databases/pri_wxop_tencent_analysis.db-wal
              Filesize

              56KB

              MD5

              a137528fbbb1db98c8c948f622f01c01

              SHA1

              46dfe81af67937cf75f35cb51659dccd44c6656a

              SHA256

              bc1ef6811b27824a2b834c1e8ef1eb11059c2d664ef70fd1013cd9791c5793fc

              SHA512

              7fc3572f8dd1bf1615dececaba1b7dfe7a0e37ee35671ba2f761a092b9a9bdf0ad9a7fccfc60733c85f2d8c1670b4ba524019947e033d8d8f2b06c2eb1765c30

              Download Submit

            • /data/data/com.duoduo.child.story/databases/umeng_community.db-journal
              Filesize

              512B

              MD5

              d4a7c6a03309ec05ce483bd2624d5885

              SHA1

              3262fb79db5455097ce7db305e8cf685bf1a175c

              SHA256

              d93348feabcd165a7b51a25c0b59958ad91225b8027a73a882b580218f1e4ba0

              SHA512

              b46f95c841e99bd01b9ae4e7d50b01c627b0d7b9ce4d29d498f2f5da99caa6a680b05f680596bc2fe3deb30caeab96c8a9bcd91ed5f4fbfda7b97b784a42643a

              Download Submit

            • /data/data/com.duoduo.child.story/databases/umeng_community.db-wal
              Filesize

              181KB

              MD5

              fd13a457457a1d847134c2566cc6be95

              SHA1

              3ed594862ec4e7a8405544a03f006961ae261423

              SHA256

              4ea8a24a116a5e761db22c2d095cf3a5a643e85a3a2320335158e4d8a7e2c8c9

              SHA512

              57330ae04eea582c59e24dbedbc164fd8c92e9ef00cf3f01cde195f7857b44232875fc8f4de906ae597a7ab695a2c22a4ea7cabd9a9b10a7893c648ecbcd724a

              Download Submit

            • /data/data/com.duoduo.child.story/databases/wxop_tencent_analysis.db-journal
              Filesize

              512B

              MD5

              46fe69aae093813c6f99e488375419f2

              SHA1

              76c501bda4acb0a71c8470c3000fda8b8ae6ef24

              SHA256

              e119d09e8dd72e1ad2a33962423e710cf0ee9137e89b7fbe0e3312282a8cf4b8

              SHA512

              4c6d23a776e52f1ee2d99200ec9b9eefaee6188369d2a9951424e3821bfd33763757c81aa3393982d137e043e93f736b8a1e6e7dcdb271315987b5324a6d49d6

              Download Submit

            • /data/data/com.duoduo.child.story/databases/wxop_tencent_analysis.db-wal
              Filesize

              104KB

              MD5

              d4d1b117126b23a2a7296c362de63ea2

              SHA1

              6e8cdf731b910ea77dbeb8b2ada411d9bb80d818

              SHA256

              4d7a9ff0895feca31f21b268caf80369552103feed4430c82775df468fe31756

              SHA512

              08fd7cbc86c04d0cf883906c237d580dd0c5d6175cb68eab40da21d5cdbd060ecc4b6a409d3cb77e9038b8426bb5b4dd61ecfb8faa8d548b8b3f061232befdd1

              Download Submit

            • /data/data/com.duoduo.child.story/files/.um/um_cache_1728450568816.env
              Filesize

              706B

              MD5

              9aa6cd04d82f7abca6a87e79cd7c98b5

              SHA1

              12e2b35760c871225cf25a9a510bb6dee25adb9e

              SHA256

              ac5f1495cfb0f2f54915875cbc0372a4f0011c83a054b15be40c23a11c1dcab3

              SHA512

              0e99485dd6117212eadca7abb1b32712eb3040dc5a69fb71b5e82dcdf8badfb26eee96bf336c2a9ec1d5bfeabcf556aa921f45f7100b15bdd8e9be8515a8f8aa

              Download Submit

            • /data/data/com.duoduo.child.story/files/com.duoduo.child.story:pushservice
              Filesize

              2B

              MD5

              d751713988987e9331980363e24189ce

              SHA1

              97d170e1550eee4afc0af065b78cda302a97674c

              SHA256

              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

              SHA512

              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

              Download Submit

            • /data/data/com.duoduo.child.story/files/libsecuritysdkx-3.0.39.so.tmp
              Filesize

              327KB

              MD5

              3f3560b8cb3957ac2066c2ae587b6afe

              SHA1

              44ec56efbd17f922d211c4827cd3edc7b8fe9369

              SHA256

              cd4e1d5be6e1222b8fabd3d94fc2493c5dc47bc395fa2dea7f82f52a17ad3ee8

              SHA512

              a0a0080c1d0d98f0dfeb41dad67a813446704c5f682388b4cc8370a119ab8b9d059ab65242ffe6adc085a300e1758ad1f2d61fea319f8db1ad70409d9cb93cc1

              Download Submit

            • /data/data/com.duoduo.child.story/files/umeng_it.cache
              Filesize

              393B

              MD5

              c2e4a358c9ef83766811608bb1f1360b

              SHA1

              0ab59b148695ce3ab44f91a531208831f4a6bbe0

              SHA256

              72427b7ab9a922da377f8d03120dfa8855d2a89e49f3e5924b8f9a79223b7514

              SHA512

              961104f3cdffcedf298102eab7ae7ab714eeb1bb9bcc15704bc4100bdeb7df43d325a9e40b548af9b5ac86e5180237cb09f38de47e36a749a150b687e36a30bd

              Download Submit

            • /data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
              Filesize

              281KB

              MD5

              e351083e290976e5ca3191f0f6e1ad9a

              SHA1

              40c1d8e7a1f5d41911aeb5309b093fcb29f9c0db

              SHA256

              12b12319ad199a5cba2cf8f72344cab3cd898ed7a0f284041b94926520f0467f

              SHA512

              9b67c2db950d3a85849b69769b8ef1bc8de2d9ef2b80db9aee9a6fe038dd7d89b353ce2161af218cccad77cc5856b94bf6aa3ec0043d741cffa1104224864e35

              Download Submit

            • /data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
              Filesize

              281KB

              MD5

              752ea05f70a3122f73433fa190646478

              SHA1

              9da7b35c2b5f9fdeff2ddcdb4abfec755f3a6ead

              SHA256

              d44d9207bd5acc7e6458155c6e913e6061cb27caf34d1aa8bdc63280b0887f4e

              SHA512

              abcb0b4c9e561ba95a6e8394fd638fbfe781ac3d7025a6f5b5b1cd3c7c1bba3379bb11d434de2965548696e0dcee7aadb240717e128aa3b76af7303ccc6e97df

              Download Submit

            • /storage/emulated/0/.DataStorage/ContextData.xml
              Filesize

              111B

              MD5

              d85b4d617df9b6bc8a6007d689f7cccf

              SHA1

              6c69f7016e312dbbbf9d4c92d398afc4ec036991

              SHA256

              6a7ec572867cb5543be106ea60ac3b8daaac0938096ff97e16e65b909e3cecaf

              SHA512

              6db7735feee14b930eead4e8e42d96f9c68588112b4de02b8b36577e6e333fd3bd268844eef636e17e081c580c399e2114782237389a23adab4b9bfe346cb2c6

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              65B

              MD5

              9781ca003f10f8d0c9c1945b63fdca7f

              SHA1

              4156cf5dc8d71dbab734d25e5e1598b37a5456f4

              SHA256

              3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

              SHA512

              25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              111B

              MD5

              a939684150e131eff6cea500cd604b69

              SHA1

              a3442b443387a026fcd4847a5ecc93f1a5c8f0a8

              SHA256

              7e9c1170bb40363d8a589ea5e5cab2f7134dd48cae04738798a0a6a3de486767

              SHA512

              116e30ebf918d9061afcd51ece7c13c9b8bf6da59ae2f6289f23f1357d638e852f59b19198add6f8ec3d3ab1d396d9bb82999fad1e0e46e41c0332d791e87849

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              381B

              MD5

              0593d77460756044211db9e8d6d1ebd7

              SHA1

              376793d42d8bcfa63e26da5c76e69f56ae74d50c

              SHA256

              331b0de39331f3eac2bbffcca33d0f156cecfd16351055a85f702015c58cfc88

              SHA512

              6a0640d477cb47b4788f38694a632ab72ef422b32e792dce954fee94aad6bcb5a5e4cc09159cbe566f8360564b8c66285f4f86cf6c450cb375b3ccbd44ed8b37

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              381B

              MD5

              be5760d3763e7136c71a527103b0cff3

              SHA1

              f3089331dc6961be0ba92db245e090eab86f2ebc

              SHA256

              3e22799f430d404c45e6004891cea72ee08cdf5ab4679527d20f433b43d9e5d4

              SHA512

              ecbe3ee0a9f0ba5930e753418ad0e00645a9df9d71224087be5657d219a02f337e8a59cdf3a64b02a504ca94eba4bdb7e6b17c1e03976fb64aed10247935af26

              Download Submit

            • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
              Filesize

              381B

              MD5

              8dee20142382a52e38344ed68a8a2f2b

              SHA1

              375bba2c7e566fd609336a056a538f93ddd7bc96

              SHA256

              92ef30ba5334c633075260412dc85332cd6287788b849b6698961d035243446a

              SHA512

              ee8cf11dec5448799c6028b173dda437ffecfa0aa0b91990bea05aefcb57174fb26ad3a6cc1e8f97feccf19cba8c96801ca72c8f89ab107bf5bc6e16298aef80

              Download Submit

            • /storage/emulated/0/Android/data/com.duoduo.child.story/cache/bitmap/journal.tmp
              Filesize

              34B

              MD5

              652748fdcddea981a82f47a6847f487c

              SHA1

              172acd33e56f2dc372a0d23035a136db30315255

              SHA256

              5f530df08f4f7e36f20dfad79e6e8eac3bfb4dd5da1992dcadd8c646dd5ee765

              SHA512

              e0f0e923c992338b426eb9ac229712eda349e35e9a850423a2cde43fb2045430fc26c4d122edc563936248b41a7b38fc63e361fa7c38c481b009b8f5a66f771b

              Download Submit

            • /storage/emulated/0/DuoDuoHouse/cache/test.aac
              Filesize

              14KB

              MD5

              5bc9d569cb424f60ca236e2238f8dc16

              SHA1

              98ee40a9f4c5fabe8afee6a9c0025e81050de615

              SHA256

              a2b09fe3ea5ccc8f7d4c9a564395718cb1e0e9b993997a7d9a58f861acbe6347

              SHA512

              960ed83e7ddd4c9fb595600c8565a4dc8439874efde26465a4ffe81e6e0168e2db90f490b31930d5945acff29e9e5044c830537d67bd6241d6d0d3822258e9ba

              Download Submit

            • /storage/emulated/0/com.duoduo.child.story/asdklog_s
              Filesize

              135B

              MD5

              8efecb7aac1a48e2bb9ec4cfe6862e9b

              SHA1

              0cd1b76b8fff52511f055937b96026e8c6289c52

              SHA256

              e332e5ba72706875e429d4671fbb84ed393ac847b8dcc45e219ef6bc56ef2e42

              SHA512

              6cbe9733cbdf6ac5791fcb54895b7391fc6e5786f2269498e579bdbd58b6ff5789d353373cd7857779a19406a4b7c5f44f674c3774cd480ff2ca429b0377b006

              Download Submit