Overview

overview

8

Static

static

6

259220968b...18.apk

android-9-x86

1

259220968b...18.apk

android-10-x64

1

fanli_lib.apk

android-9-x86

fanli_lib.apk

android-10-x64

fanli_lib.apk

android-11-x64

fraudmetrix.apk

android-9-x86

fraudmetrix.apk

android-10-x64

fraudmetrix.apk

android-11-x64

gson.apk

android-9-x86

gson.apk

android-10-x64

gson.apk

android-11-x64

qmf-pp-pay...21.apk

android-9-x86

8

umeng_analytics.apk

android-9-x86

umeng_analytics.apk

android-10-x64

umeng_analytics.apk

android-11-x64

Analysis

  • max time kernel
    87s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    08/05/2024, 15:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    qmf-pp-pay-unify_plugin_R_1.1.13(02)_20160321.apk

  • Size

    2.0MB

  • MD5

    f494f009798e30ec6b19fd1e4926601c

  • SHA1

    eb6c511a3ec4e7986f2b3fc90ab27825725d5ff2

  • SHA256

    a3dec01e7189ca3beddad9e62164fa8195f629577c80a0fb425c145e8e4b3ad3

  • SHA512

    e9ac9c5e17f07b40eb66181b0f1dea52c1e3aaebfd3be068afaf4d8f6381f35d7d441b7c698edc344345b9f4851263ba6e9e9254b0284b2b7f0aa032affea2de

  • SSDEEP

    49152:GjB0uJHbfiUY90PqfX+92JUtA4cWxhT4MyQUPs:GjBT1ys2ejcWfsMyQUU

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.chinaums.pppay
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4182

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.chinaums.pppay/files/INSTALLATION
          Filesize

          36B

          MD5

          2f2be654bd06cee9dbef528deec63e0f

          SHA1

          9129b1d17964c306839ac46142736edc880126a8

          SHA256

          d4edb0a5d85e43ba6f683756d3bd1953afc60b7e38b945bef049c12a449a6b94

          SHA512

          25ab383916fe76ef9cec75ab9f327e80aeea777a220a74cbdb4749ac80841d51e477d128e2324af084fcc3ec7dbd417bf9624492c88e694f8f6c7deb36e75f5c

          Download Submit

        • /data/data/com.chinaums.pppay/files/lldt/firll.dat
          Filesize

          76B

          MD5

          c90f626463111177b2ca4ef688ecc0b2

          SHA1

          e2b77445fb31563ba4b830dabe7e1975877c650f

          SHA256

          276598f99ff933ee894df21e21eb466a93540d8d4bfbc89a1d9c43a536b6d6c7

          SHA512

          657c20de7b63382876455eba6b8bbebce8f1d2c498208293aa48d361096d6be1f25cb294067307caa1c9f59a28894c841a89e6fc72c2854353d4925201ce8ac7

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl.config
          Filesize

          235B

          MD5

          037ce82e48d129bf5f7d2ef2f8161672

          SHA1

          724702e4277978764650c6137ad67b20d46e05d8

          SHA256

          d71bb73c089e42d89ff8de4d704e42bbbce0deb8380a751e5ee54cc443105ea8

          SHA512

          f4fd2b0e8957b2cc08201632be64ca1e2ab3b6374ef8a3073b64c3d673ec9559bb9de0801f104987d16134c1b864d016490986d45ca7cb4eaa875b288cf0264e

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db-journal
          Filesize

          512B

          MD5

          bb25c6276376cbc6da03c8e2afbcf505

          SHA1

          7ae1652970f8f34e322bd9aa7f8323ab69ddd9ed

          SHA256

          6b0c8669a21ca07f5bee9e20b0bc0c95e18a10708bf2baf64926cd9e1ca40a41

          SHA512

          061f8c96e72fa4d58a2d322cabef55c100bf1821cf157a4f678216993331005c4dc8bdc6edb3d03b65222f0725d3b9cbfd18b61e51188decce63de5fe5a30cb2

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl_location.db-wal
          Filesize

          48KB

          MD5

          f9325109b3b072ec90d1059cadf768c5

          SHA1

          c8ccc4bdeff3f61bcdcbbac3799780a59657f0d7

          SHA256

          7ccd02a50e53b3c2ed5d160a2d16be64af4f16c5b58a85b70a2b7cf41e5da5e0

          SHA512

          60c130a27270d94215aa18a89a6397e22321b858f37cb2fec0afa8c9682e8f3c925cce0cf83f6752c73ff1e696449c95dcaab4bcbd7e7a56dd3b1e99788e6f20

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl_statistics.db-journal
          Filesize

          512B

          MD5

          1c77d3f07c89edbb53290ab4c0795e27

          SHA1

          3a53c7f9d85dc344e0cdb3d479619d1894585eec

          SHA256

          c33f147105350df76109bafb6f27b81318b2c4d30798a34d6906b2aee3b5087a

          SHA512

          355d7c13f6173487a0a76f76879dcac8ace3690bf6896efcca019b684a13cb7cd8b7e1d11c21b8101100718afd1e997338b6069532428559351e34b855dd65aa

          Download Submit

        • /data/data/com.chinaums.pppay/files/ofld/ofl_statistics.db-wal
          Filesize

          156KB

          MD5

          1059cfb4af5b7a13102bad9f8d34250c

          SHA1

          641c7d07a260f1ffd2c1aa11acad5ee98f3518b2

          SHA256

          8bc4d1fd1dfdbdef584a7d60b34536427b1ff701e0a0c4136e562a1ea8b127cd

          SHA512

          b668a5458237bdff0a40582941d28440c5d479e742baf3c509b17d9cd218bc291ec910f1f4382d7466cdfa1f07f57f946172cd0f4e930a0cd67a1557f1cc6b79

          Download Submit

        • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/conlts.dat
          Filesize

          12B

          MD5

          8d80bc8ea90e9cac010d3ddf97bda5f5

          SHA1

          f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

          SHA256

          f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

          SHA512

          9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

          Download Submit

        • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/conlts.dat
          Filesize

          155B

          MD5

          28588609f8dc972b9fe55f4954934782

          SHA1

          3b67e0e5de2db9b9ddb989f75c87819ffaac90f4

          SHA256

          4cf3c144a9a1dfd76098d2cd2d4a3269ae171ff4060f019921f90942b93d484d

          SHA512

          cc9ccfc67b337fd7874d0cebb17352f63e3803a23ed41e2f6d85afc241e039a83e396722e446d699c6abdd045c381600ee39d764f5e23574b30e67fe33b36e87

          Download Submit

        • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/llg.dat
          Filesize

          24B

          MD5

          161557b06b4a4d3ce095528dea370eb7

          SHA1

          8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

          SHA256

          f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

          SHA512

          96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

          Download Submit

        • /storage/emulated/0/Android/data/com.chinaums.pppay/files/baidu/tempdata/llg.dat
          Filesize

          438B

          MD5

          777f03f89a802d693aedb0f1a6e9edaf

          SHA1

          426393b8c9137316f90fe1e7077c5409080fc6a0

          SHA256

          85b828636b2ca09f5cd917bf4b4688f47dd8d4dca37a3023abebf90219108ee5

          SHA512

          3f27578d27192d906752fc86e5d7540b3e048715d68760986f6300357b0206f1c34a6276a6ff085bf510a557327168a8a6d2d5b30119c14500b425c4993701b9

          Download Submit

        • /storage/emulated/0/baidu/.cuid
          Filesize

          89B

          MD5

          0113ff69ffd576a1333a930289462c7b

          SHA1

          e311b7de8798d35f568dc322e3e0883998d16887

          SHA256

          76d98af85017e2fe996a3aeb7d8b431224dfa7f40fc0eefcbf73d1b5a973171e

          SHA512

          0a8645d1c5784abb5a78a40b0bb343aad1c0e92fe12b83a6b19426bb5b7a2df5f95f7f78bda90545bf2f9e77065304a36d71fb75b17e4502ac3af7f6569cf511

          Download Submit

        • /storage/emulated/0/baidu/tempdata/lcvif.dat
          Filesize

          96B

          MD5

          c1203e84a938a71f7ac76e5347415860

          SHA1

          d589b3c9f99cc2d91bbb70fa07491b566d514aa4

          SHA256

          32e344733bf228801bb63bc0b5ae6c4472b7b93acf57d5c43852dfdd6ad42a11

          SHA512

          c1da974e37c367615702e803fb8fb7a8a0cafe54796a1bf1d5966bd0e478d8350c4c32dc13b1c48ae790a408ecb040198ba82f087e6402d44de0e564282a8a74

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db
          Filesize

          28KB

          MD5

          0d3e99204c6401ea499fe9e6d9855497

          SHA1

          09829f00ca458eab7374d5079393a2cd69a2348a

          SHA256

          63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

          SHA512

          8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-journal
          Filesize

          512B

          MD5

          1f6bcad8639d6accb6d2cc4220cdaa52

          SHA1

          8a8d72473d80ff3c9561dcf9299f32a743fbe83c

          SHA256

          fb5aca18604c32f1e36366296e404713674475ae9466d8f0edcf510b747f9bb3

          SHA512

          0528a654027f7b1c3aaa2d41119662585c9b1f36f81365afdbcc9350b0f1ee5e9eeee869eeffd55e9941775f95f744321bd88a88d970754634c7ec55cbe554a4

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /storage/emulated/0/baidu/tempdata/ls.db-wal
          Filesize

          52KB

          MD5

          97b65507cbb0cf7050177559ffb91c95

          SHA1

          7aebd3852484dc62a02dbd07f4584b63f61af59e

          SHA256

          5b288371f6dba97fe0a94a28546238318474ce71a4cce4865fe6d2fe5a663903

          SHA512

          ce3259928574e01ea9daa5114bff5f253eb096ce06b125152cae2228aee559a74d81623d62b09685819779fc95be8dc779bc16db4c6a64fbde1e2617f506fe76

          Download Submit