8ca4063c6155f12e3c4a6b543609f6092dc6687bed16d0580b6200627a30da99

Analysis

max time kernel
149s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10/05/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26e6a35aecf906ec2c8639ca6d641de9.apk
Size

27.9MB
MD5

26e6a35aecf906ec2c8639ca6d641de9
SHA1

c8b353be5f24dfdc1b3d20d459faf2b6b399c5c9
SHA256

8ca4063c6155f12e3c4a6b543609f6092dc6687bed16d0580b6200627a30da99
SHA512

bece3d6bf4cb905a9e83bd97a1eb0a5f1326e983995cd4308cf1bae76d9a284b6f1319a1a3a67a4d1d642cd2c6026607a54f8d62d16e01cf60b4381ae9cd8fb2
SSDEEP

786432:ZBx8xWC0w/c8zLn3h19aWozw0qd6/wNRYNsDoGV9LbETXXJO:ZBxGW6/csj3hfbozw0X/yRYyDoGnQs

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xike.yipai

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xike.yipai
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xike.yipai:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xike.yipai:channel

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xike.yipai
Framework service call	android.app.IActivityManager.registerReceiver	com.xike.yipai:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.xike.yipai:channel

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xike.yipai
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xike.yipai:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xike.yipai:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.xike.yipai:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xike.yipai:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.xike.yipai:channel
Framework API call	javax.crypto.Cipher.doFinal	com.xike.yipai

com.xike.yipai
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269

com.xike.yipai:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4347

com.xike.yipai:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4729

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xike.yipai/app_crashrecord/1004

Filesize
213B

MD5
80cfe6e8a3c949011879874047c7046a

SHA1
f9b5bc2c9f287987682e587320cf4d15bc96ce08

SHA256
3d39a46fbdbb154d4104e04e7b69be82de7a0ca3297b28d151edafc07fca7474

SHA512
d3570ee4e1da6e9c1497d1d6450b99571bfe92faa9fbd3d93d54ebe8697dcf4f4380d805d9280617ed649f4e0bc556f8848f81ea6b90fe0160d500c1b83fe18f

Download Submit
/data/data/com.xike.yipai/app_crashrecord/1004

Filesize
237B

MD5
c9e61b2093cc6826d63bd0787db0ba52

SHA1
0f918061d32382d2506e11dc43d62ee90e284340

SHA256
ec995403e8e7834e28645d3d5486761b286504da7b0cc2f154a453d708d22d9d

SHA512
c22b9ad1f7f497cfa4fbab67724750295b3aaf09908fbbf52b45bec79e1a4553e3857b6a14a4cd0dd2ce35c6615d25b4b90830bce326a6ab00ab1489c277b89c

Download Submit
/data/data/com.xike.yipai/databases/MessageStore.db

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.xike.yipai/databases/MessageStore.db-journal

Filesize
512B

MD5
1ed75ba303e6d9a57458d4f42afc311c

SHA1
05c5a20fe5d2bafb9805bbe4fcda4abbc978a1b4

SHA256
0f8efb638dc7e6d6fea8fb8f1ee0f36ceed0b49a8d573311aa000ee8b6ef0d9c

SHA512
3b214c6300ae84bb9c5f213158ecdf54fb9d668ee695e0ca6d07ef78cf4726012d68049f2e23303e161865f967ce5e78204a4f0845c797319fdc34c38894b1b7

Download Submit
/data/data/com.xike.yipai/databases/MessageStore.db-shm

Filesize
28KB

MD5
8d0060837a37d96d24c3f758895a5deb

SHA1
72d0168bace3a475cd61bed3de299a4f52c62d0f

SHA256
fe743e00b9382cd2b8baa96a7f859933978defc521d885a125de0b0fb7818ffc

SHA512
8b9b7b841a951111cf35a5c43f36fb058ef0506218022f4e74560a51c2a4b064d1288b03dfbd963fdb1cc18a6d83ff71efe0b0310bbaff6d0ba63c345d4d765d

Download Submit
/data/data/com.xike.yipai/databases/MessageStore.db-wal

Filesize
48KB

MD5
5571766282884f282e8e62fee4540e68

SHA1
3f9f187c18cc61b6af6feea0ec55851e50565765

SHA256
cc214cd9372022e0df0797f9d29563bd37ce1f5f53132afdab897c9eccb31ee2

SHA512
44d1d6c468fa6de7deab85b637d0cad7cd18394b1302fddea8502ca64dea31d4f355c048ec6f04161ba97888074aab7bcfbbc06c3be083a61e5ddfa5a9a0d3db

Download Submit
/data/data/com.xike.yipai/databases/MsgLogStore.db-journal

Filesize
512B

MD5
f95c68817e69e09b00361657d06d292e

SHA1
5107f74510e36c1ee76f38f9774f56414ca9094f

SHA256
68e81b2887a3a15e2a9ff279e025488670a9d540e4342635c2686b9cbeac0e1b

SHA512
e5c693989e41f925ed5c642a5eb4b867a1b689226903734858fe31bfc4cd362bccc0cc443a727c47a99dc8c2f9771a21f364ca8c54d91ba916a82f56d6671b6f

Download Submit
/data/data/com.xike.yipai/databases/MsgLogStore.db-shm

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.xike.yipai/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
be09883fbc0973903bd6fdef2b8d3d3c

SHA1
1f1be0155eb4ece38405e22e97346036269afa64

SHA256
44b7dede9348fa8e20fee24eb5f213fd73b092a478cd3fcdfb4cfb1267027190

SHA512
d7c5eb5ef04f6d5ecbda6dc2ab02a2ebee89a3404b7c6f98f0c699dd7a84ee89b8f69814451ab8b74078960193d509d30ce6f8763f661a8772af1c1e99907d7e

Download Submit
/data/data/com.xike.yipai/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xike.yipai/databases/bugly_db_-journal

Filesize
124KB

MD5
99aa710a4565ec62bf2e2779465fd434

SHA1
494fb4219e6d81dc17328c592529aadcbfbcc408

SHA256
c1c9455737a3791177837b1366ac9c62c6941c2d54e6b99f52dadc499035cd19

SHA512
8e61fcaca1d3fcca1c7bb7cba2a03d49376a010624f6a565c7d89e2c286193a87bbf6bf50332b9582582db5a7853c4834fd5805bfad732f10fc5336ebd5fca2b

Download Submit
/data/data/com.xike.yipai/databases/bugly_db_-shm

Filesize
28KB

MD5
b354a3798d70ae0a36c4359aac6a5a58

SHA1
591bf4d73a4ea2ede29f25db14d53f0a63b0323d

SHA256
9e3ca451e62c6db03da38f24710d89f83aaa89b5278cecaee6931edb367c249f

SHA512
96a1831defe9bf18c8a1b5b22e7c102da6f63c2e42b30ddc9a428fde7a986d877f0fa848ba8d860946007557146c7d94a87ca9e967dde46e53574b56318eea96

Download Submit
/data/data/com.xike.yipai/databases/bugly_db_-wal

Filesize
80KB

MD5
a5bd9a6c4bb53c502ef7bc28b06679a6

SHA1
53353a7ec6ea5fc7a8eea3a09ca2198ab557c791

SHA256
55c17fe24146587f5908228f190eadfa508eb3bd31eaf14e47cbf5b43c43456e

SHA512
f5c917b1b33d4396d5309a774c33827111b4f70bad287ef72ae63c815563785b18d4513c7e28cbd2ea3a6bd953d61ffc5cb85f21574ff1ab359973a2deba3205

Download Submit
/data/data/com.xike.yipai/files/init_c1.pid

Filesize
14B

MD5
898c9ae7c6ebcad43ac7941eba13786a

SHA1
47bbe9529f47d967600f5958f4b109fcacb2d911

SHA256
7ea3dc3cf4621f0bcd4ba60aeba34da11d7ead9a6803b0540a683fca8f3dfc03

SHA512
f241916a09d65596dbcba427287149f2a133fd66ccae2abd2413a2b10a61179d13d05ac273eb4c2ce86df6e78532f6932f10f9559d62da5784e887d7efc95171

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
32KB

MD5
b15b00bf90b7c93b3665eda88fbc4808

SHA1
5d90cbaee0798753afcad7e6555a92d2567dd02a

SHA256
92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429

SHA512
cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
500a13be04a9eb7f3d5a42a094b99de9

SHA1
4308de3665abbe37e394e289bb90c387e22e0391

SHA256
f7936e2a5f9b97019e20e5dcf63c30a56f3331e63f43650e3190133628f7e269

SHA512
70b1742a1fb3badbbb0f1c73bfac130a85cc833fd4804128cc30bce0988b559c2ca7016e9b5651997580287b91498e22b50d69017dcf9a4e00ca9213bd8fb27a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
185KB

MD5
934e1a378b547fa8a389875c8f5bd779

SHA1
1bfd639517e644c25b4966d36223e6c2892a76db

SHA256
6ba1084ac423e32287eff1c2d5cd6e0277c524318729cf4b5ec79850b841ac70

SHA512
440c26fa87c8ebf0f4dff5a1b147ba1a00e2852d7abe6b72f485cc90111c88f114312af39cc28acf53ba93107e7d65e95960cf702a2b0bd0f8ca0397b402a64c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
48KB

MD5
a2594947ebe55d813fb37c281cdbbf18

SHA1
eeb79eceaf0c921147ef94bd28e507ab9f2ad4f1

SHA256
21eb943de1aea63c1f0815477f81c53a62405e66faa5647f2aa68f46f7875025

SHA512
b7f209c57c512c255ed5cf60edd1ba9927dcc5b8aeb901cd5e38255399e59e9851b4febf1bc415f3598d8453edd91ea4ed7e6af4a60ae777b0478e4233038c21

Download Submit
/storage/emulated/0/libs/com.xike.yipai.bin

Filesize
80B

MD5
3170a996902d557a7ef68248fe4ff96b

SHA1
38a9af37f53baa1b021d963f5ed9eabdf3b34dfb

SHA256
c97ffbe1783ebd81c9842eee9b0ba5d203a17c50c469e29a204431e71c46fa2a

SHA512
85d7377c71175c00c9e7bd27c881b9b8d93e5ffe46bcd81cd775a8d854123fe112ae35dc03c1a3a56fde1744d5627a3ab613ac1b9dc8059aefb753eb01d751df

Download Submit
/storage/emulated/0/libs/com.xike.yipai.bin

Filesize
80B

MD5
a5fd60588c305eac5908ffa043fe12ff

SHA1
9c252ec74bab9c17b4d5105c278d596a0cdc96e8

SHA256
95fef7b849d9efd773f7c7b22745050295dfe045aeed371292733cc557bb6158

SHA512
7d732498284132a2455945e88caf6b87fe3556864d64bb78428d9995affe651191298c3616d5b306b7dc860272eae31e525c11420a9f50517a7d1f6a505462cf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads