Overview

overview

10

Static

static

10

e1f2ea8188...b1.apk

android-9-x86

8

UPPayPluginExPro.apk

android-9-x86

1

UPPayPluginExPro.apk

android-13-x64

Analysis

  • max time kernel
    179s
  • max time network
    185s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    15-05-2024 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1.apk

  • Size

    7.2MB

  • MD5

    47c3afe0e694eb4d16fa8a16f8e98a1b

  • SHA1

    a321504d96043583c15ab12f6d185aa4658b334a

  • SHA256

    e1f2ea8188f875f18a03c17014a4d772050846c0578b87f3fcf877e18049f7b1

  • SHA512

    f3adf8c38f691f7f36522f38282d5df098d646691cd47c1f30c700595599dcfc2a0c0aaabb6ca86a8525d86da594636e6696ada6a5a457226a14da4a5a4916d0

  • SSDEEP

    196608:vZ0CCV27+Ps5LxIKQ7wCgWOwrvKCiI8M6sow2:vOCC65nCbOwrvKzA6sow2

Score
8/10
bankercollectiondiscoveryimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 1 TTPs 3 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yixin.itoumi
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4266
  • com.yixin.itoumi:pushservice
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4322
  • com.yixin.itoumi:remote
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4430

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase
    Filesize

    20KB

    MD5

    a8067e17aa51b8233510a1eca43fdfd5

    SHA1

    3ba5831caa084443c98fd51ff5346409fb1a3037

    SHA256

    d209fe800bea0dba3f1838fa87d19de724bdcca13c0657feebf7bff5d1888f22

    SHA512

    e72049292512202abfb0aff2ddd998433f24f71edbb5240ea3d60d55d3d61982bd4d23d0743a7a18c767099c7464513d3a2dadafb2d71e4de65d7414c976f613

    Download Submit

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase-journal
    Filesize

    28KB

    MD5

    764aa7033f66e01e9ff3125bbd616ec9

    SHA1

    2e26a26ae8eac9eb4ea3349c104e15bccfd7a4af

    SHA256

    72bbebf222a5594b2d3b8c619890c1ffe1fc4408cd84904dec67139243a543de

    SHA512

    c83cc8d9ed5f65a7df112c0786967ae69094ca18402335d9a936fdf49fdd6cb693f517e1fab4572c56762222d87371cc9e73341a22e5d7262c3ac6b6c8620ca9

    Download Submit

  • /data/data/com.yixin.itoumi/databases/analysis_cache.mSqLiteDatabase-wal
    Filesize

    52KB

    MD5

    315bde4dccc2a287978a6a33e9d0b280

    SHA1

    fff65bddc2ebcef6c354f6d973f6cfda6a9e4eec

    SHA256

    89ac2d71a8139d193346a843ccd3577e2b94371571309f82a4711f490d9f4fec

    SHA512

    aeeaf9fdfdd8bae82e651e2d8cb5dadb41377568e3b3086c29417f526a65b301ce1c3a6fc6a702dba3c20b4efe52537bd1eaf096ba1c8c22af33ddf984b55106

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    20KB

    MD5

    53b4f9f93ec854d876ee2ead0fbf42bc

    SHA1

    cd8df366ff887d6b3326b9442db56783f2f386c7

    SHA256

    164935c85717b99428de65e1690dadc9d7d951d755a0060ae33efa68ac2a009e

    SHA512

    2267da2b33171f70cd928b53303b08aed7a72a54c5d720394a0d00386ab1a46539cb987f9ee85925be453221a8ade84bc8616e46910615f693848131c087ee1a

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    32KB

    MD5

    d7b51df81d23b9881f1723400092c0bf

    SHA1

    1d6dca556f10741f9068a597fb2caab8c24fcad7

    SHA256

    543d1ea2e208767c49f0997da2786dc1382cfc50f64b0c620b6677f7f2a28900

    SHA512

    aa6bdf4d05ec6d26194f535943106debeaeefdd326b06a8143e73973a01a8530f53c6cbd9afc1cb72d147b322b2924b64bd59a32fe43b7f26489cf1e80e958ea

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    32KB

    MD5

    f19e08d90f46afdacf5cf352f7ab823a

    SHA1

    b0424365bc958209f6e5945892a326a7e0c12aa5

    SHA256

    b794afbe5d2383b7273c32d538e04e40c0c0c4ecf831f09e5b53ae94b4005736

    SHA512

    561c48efd04da00bd76f8136dbee9220182007e26a82272e2bed9f6923917de6ea28532da3b1b879f62b798b7ca7afdf19048c2ac5d7a8b46f22febbd7107c6e

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db
    Filesize

    28KB

    MD5

    fd35a616267adf04e288c054291e0f80

    SHA1

    be712baadbfaba87b3b22dc753b2841ed4cca863

    SHA256

    72232e91798efd3b6d1d927510c259d3053fa54a75dfee6bd4fcad4344cbe988

    SHA512

    619c73a904930693517f0f9f09a39ef84f6fe4694221666270920a4a0a676c1d6223bd9384a9c5c664361e7d44c90c56d4187706621887a7e35cb12c8ed2cd85

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-journal
    Filesize

    28KB

    MD5

    241f10846a43a298b003f1785712847c

    SHA1

    9491adcc9b21fc6bd6505674a130139be90bcb52

    SHA256

    20523ad06f0c9799a730aec49c151f0dd0c39f7943749992876fdf9f3fafdeeb

    SHA512

    05ce92225ba02ef24417b304fe58ab9d94bca3d243f448952f91cd3880e68ad1334c8bf90b44b135256e3aaa591e4ba7738c1bfdcdbe3eed24a5303e98f83445

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    8KB

    MD5

    f83c06efe8b74892dee3386332af4d82

    SHA1

    6b960104285cb33aca93b3c45ca8cf8f30556c3c

    SHA256

    5b46f38c78123645157af9b774b77ee730dfe29d9fc3b3009987b9e4dd9cca54

    SHA512

    e5c9b3c756b920a7a6523ec1c9f4f776105c0727f558688c0c243f01779de5ae9808fae54472fceae5999a3dbe41ea3fd03c3dabbde0d4b386d475271d2424d7

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    48KB

    MD5

    049da7a20d1ab1388e1eea712dc571a5

    SHA1

    815aa8256b7fa0036b046ac1a44c20ae8ff176ce

    SHA256

    2a1e1bec8758bd86c109ee5a46d846437f9720cf099ec041d5adbd58aa951e52

    SHA512

    543245949f3e11aa69da2ec99b965ba387edc8fef80723d46d02f2edd5deffc01c1bfedd5863b819bc9eb9c85c6e8bc61929ed667ae037d6904978ffd99c19db

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    8KB

    MD5

    b37f878625d7397bcc11765c7f27f833

    SHA1

    305893b7907f2d0aefff7d322cab2fb009e3b430

    SHA256

    d856415b32fd7071ea5d95e885e895d87b068a0fd90ef251fd21ffe35dbe2f30

    SHA512

    2bdc10c2a6bf9c2800cf2bab8710942e3f4121cdbdd3046c5ed6ea972f1075e6cb6a245d511f6ba11ff826e8ef9593f5055d2c95bf391c5114def4643e0b281a

    Download Submit

  • /data/data/com.yixin.itoumi/files/TDtcagent.db-wal
    Filesize

    72KB

    MD5

    6b82e7ab1bc79fe9c73126c850f657d3

    SHA1

    2c16594263e2bd409b1b3d030a2408ebfcd2f6f8

    SHA256

    71bcf2ade65f62b6be96f01142545dd03706a9045d97ddc521655eeecbfc5ff6

    SHA512

    dd7377244013029b5dacaa3995e7e463347a879b468d27036beabdec10014bdfd18bef539f63d5217be0340b19bbc229eaccf714748523f350b5206b00b91469

    Download Submit

  • /data/data/com.yixin.itoumi/files/lldt/firll.dat
    Filesize

    76B

    MD5

    f65ab0625559da9d84f543fb20377b7e

    SHA1

    a5e6e5b3618a754c7fae60e31c048ab0501ca1d6

    SHA256

    27e1c4766ed7e2eaab9151136ef05adea950cce347a652ed348b5302ebbd6c9a

    SHA512

    7de8cde296595a83fafb6550267ccd9494a5b963a7a3fcb23c76c84360ac2344db357dfad86aa3d7530f3468dae2140c261399a372f2b659d335aeaf18c2c1a6

    Download Submit

  • /data/data/com.yixin.itoumi/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    9a0d985560d8407884f16a08f38185c2

    SHA1

    fe9088c59df7ebebf38cb775e12ea65c035cabde

    SHA256

    0abc08e4cd3d9d74ea0ad78d40bf46e45624edf4414d3e7f3cfb2dca4522223c

    SHA512

    3801aa6c23d0c3d6dc2857ccc180c0121da215e44ad4f00b5cc5c555f3805fccc2ec791058e9146c25b04b6c5addaf64a435d1aff2a1e4c1053409abd751dd74

    Download Submit

  • /data/data/com.yixin.itoumi/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    8ec7ee59b3193d90740faa2b0dc9e7a1

    SHA1

    0f21548e4ed20bc5f91ea8a5b0ed29fcbf3327b4

    SHA256

    d9f1eb271fbc400e277576f484a2bc20ffc18d334a5b2e75875e9fc4ce7514f4

    SHA512

    2c20e5bac25e6cc74947541d1a20225e9f8752de37be95c6c9f1d0f0de53709cb5d952c4b72c3922d67f1b1cdf1cf045fc15250a7af1a86c483aca9688dac7f6

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/llg.dat
    Filesize

    137B

    MD5

    8199b75e895e303d5276523669a28612

    SHA1

    c81379b9b219b7f6b79e69dc034490257f64bad7

    SHA256

    e344f05d0d84f05977741932c1ff531b2f0cd2d6d93040ffdcb10c1c2547f17a

    SHA512

    abfe78635e911a63ceb5467bfe4d7401cf592f9823a676928805758961698fa1cd9941a696d9bd33d6c4f18e214ad4c4da21d224886b7053b7953abd9440d887

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/llg.dat
    Filesize

    1KB

    MD5

    34d7125107f092b2e561258daa857dec

    SHA1

    52961c3c1d812598850ae4639ed6a2669ac46c82

    SHA256

    54348c39101c9f07ed006b98bdaed691f72afd7da225d91323296eeefae5fcf1

    SHA512

    d86cc9c67a8747ae70b9c970ccc1f4e2bda45161a7bdc377333fb53cdbccbd6c2b3201933b210ac5b9007056c0a12b413408c95b4a8396f80fb8e3a394455303

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/llg.dat
    Filesize

    2KB

    MD5

    31c168cabd8d89a5de2717a4165f820a

    SHA1

    623990c0a5ece4ba084c65a73e0bb9bebad79ced

    SHA256

    b6d08fb556edba36da58ad5d9092cacf5246bf35f991195e88a8fe16a92dac33

    SHA512

    f8c403a5048c57f466c0eb72db5a269a8e1bc7a7e4caa671bfa4038c7c3a4b35b3224c8325deb543af3dbd38b591822690fbff4ba9ac6ec2626a5e6989da8ec3

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/Android/data/com.yixin.itoumi/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit

  • /storage/emulated/0/baidu/.cuid
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    56c52b26ed35be260efca3c08a8256b5

    SHA1

    617bf82cff0d690ea15cf30d1a57fdd51cc13b9c

    SHA256

    290d32629ce48ff8a69a706b18ad2f4f2d27d0c7de9393a7b49c51700f3636a7

    SHA512

    c8b399a3fc2d33fde6c1270429394451b8a66f696bee54e18324a2c8e147ae5280bc0689a4e9b6ca1bfd95823889f03a233a74e342c554413c93d6407a72bfbf

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    7be0b71645153c6937c9e20fdf75a406

    SHA1

    551bb6a818159fee185e5687e7fb7dbc442ab264

    SHA256

    8418787af531cdf80c6e4da5888f46c715d8dbb275bee05e2b8763809cad72a5

    SHA512

    cf245b5f3052dc4f7efc72eb1970a0102eb2b3f6eb4b168f3bc0da364b637df3a705e31e3cbded07e227f64c440d50595b2f80fed1052c5f9ead5e8a583986b4

    Download Submit