b851761640c18d6ce981b2caa46b0021562586ce2fcef0c2b6253c73ac9ab4d0

Analysis

max time kernel
174s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b851761640c18d6ce981b2caa46b0021562586ce2fcef0c2b6253c73ac9ab4d0.apk
Size

29.3MB
MD5

4dfa2a2812981b7b881a292aad4c03d9
SHA1

6752394057effe2e4fe89cd0c5c4575b7b042136
SHA256

b851761640c18d6ce981b2caa46b0021562586ce2fcef0c2b6253c73ac9ab4d0
SHA512

68f78e8af3ca9b8b3e2da1af90b79d65d1834e9a347597c4dc6640fa94b3a638101eee8b6af2a9cf9b7c55210c942031bc722e91591b6ca9f0b6e2d1379b8ee5
SSDEEP

786432:swCggntDWPsYz9SUDRZl8PGxRF+owaFbrf0PI:swCggFOfDuPGjdbFbrsPI

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ijingyi.buy
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ijingyi.buy

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ijingyi.buy

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ijingyi.buy

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ijingyi.buy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ijingyi.buy:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ijingyi.buy
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ijingyi.buy:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ijingyi.buy:pushservice
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ijingyi.buy

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ijingyi.buy

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ijingyi.buy:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.ijingyi.buy

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ijingyi.buy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ijingyi.buy:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ijingyi.buy
Framework API call	javax.crypto.Cipher.doFinal	com.ijingyi.buy:pushservice

com.ijingyi.buy
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4309
- /data/app/com.ijingyi.buy-h4bXXmidpYltTCkK2tjDoQ==/lib/x86//libweexjsb.so 46 47 1 /data/user/0/com.ijingyi.buy/app_crash/crash_dump.log
  2⤵
  PID:4343

com.ijingyi.buy:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4469

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/3633f4aea60087a3172ca815e8028876b98bb5e2882b6c1dfc0e02d108ea142b.0.tmp

Filesize
310B

MD5
30d1e3da722eecfdcbe0dd29a917ff07

SHA1
270cf9da2583ed840fb63e1aaf08ebcf0c496af8

SHA256
3293dc5faed55dbe9ed42892b964c6e29fd267fdfaf5e33a4339e94aad6cef58

SHA512
fd8b592bea9c6567b1172f6cbbd5c6b961a636442fbccb02e669b2f7b4b1da477342fac47acc2f3fae189cf03a70fac7d693aba286a4d3d0d578d0031814704e

Download Submit
/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/9ed1e417a79659ff517a3930dbb48115c728e1575520924147dc7a8309ca1e4a.0.tmp

Filesize
287B

MD5
024c554a1bc64d006509320157062bc5

SHA1
c4b3ad523fda2e63140a8fb62fef3e7a9c48e604

SHA256
3c4bf1482af05f8569b021870e4c5dd09a615ed7ea0f9e92ae065603d0159eaa

SHA512
521f640ac15725197b4eb41525c904327d68225101ed1fcbffe87af367c946c38c2cd72a9358d1d4d6264169fb318b3a81e3bdce1fdb95ddd0d8024d267416a2

Download Submit
/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/ceb4efcee8bbaac8fee8f9483de122e8e49cc1f1b7eb90d338c505ce26bbf208.0.tmp

Filesize
1KB

MD5
4da61df6d0c4ce2452c91bff017d7ce8

SHA1
391c63e86e2e863ff60f2b6c3ea00ffc6b765eb3

SHA256
3037557212fcb469f9b508fa094426584591d771527d5cbfbde1340d5f179b13

SHA512
64516e5f72ae7f037469ff2755f1b6b76f868b73d685385864befbf53cca77f321fad8a72fcbd68371d00caa4cec5234e92c474492bc615c913d06edad37c170

Download Submit
/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/e5aea0590df81b4da37b9dc1cdbe9fdcca272f9507a7592f89ce612c4fcae2f2.0.tmp

Filesize
489B

MD5
632e203efe2da11849a22490ccf89644

SHA1
8eeb6b9fe35ae7e015c33e777ec96026f33f4ec9

SHA256
717953fe14e41640d53100c0dec4f46b7d9fd390c9f09a56970c7618072983ee

SHA512
64236861ff0e9572a110ab2df1d1259180dc9438818f4a3b62cb3a9fc58ea0817aab59c4349cde843266a8fb230ece9d326a6789fc974b3489fd66e2103ce318

Download Submit
/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/journal

Filesize
974B

MD5
dcf1f178188c1d864ec24df2c5c4ebfd

SHA1
958793a44932b2b87863f09f8f34d63d4ea22c8d

SHA256
c46661bb73e2b3a4d3ab80a6f8431c71f6b51cc34b2537c3eb444a4f5d5f73ec

SHA512
afd2830b4dd9b03008d433171825cbdbc8a1da3372a1dc71c3a266d49300a5a957b2c40aae7c46a6e4483b02868f6920a9725e844c847faa277bfd7b914a0ca5

Download Submit
/data/data/com.ijingyi.buy/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.ijingyi.buy/cache/weex/libs/weexjsb/x86/libweexjsb.so

Filesize
32KB

MD5
5507ebec985f1ceec29e90ef15129934

SHA1
aa65901187678615a5dc9b8ab11cab09abae9988

SHA256
9a9824fa247724da36229b32c6a2db5bf7a6c837de08255e80cf9eba5843b796

SHA512
3a66ac864e5e8376ae1070ef839e970cc39ffdc452e56052ae56081cdb3a67b404e2e89efd7c021d8dce69e6c69c312d4b4a7ca7feb7c46e3f197f0b90091a9d

Download Submit
/data/data/com.ijingyi.buy/databases/logdb.db

Filesize
36KB

MD5
a7b5debf648af8527d38065f285c6754

SHA1
ad8513c878ca1483a2472c7f8dfc8a416418517e

SHA256
0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5

SHA512
c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

Download Submit
/data/data/com.ijingyi.buy/databases/logdb.db

Filesize
20KB

MD5
be5671c81eff187a640eae8b1b07c320

SHA1
ab35edf013dbaaa267db3c871bfc2c18ba68ca2d

SHA256
4351472efff537a26a79e22f26d027596234d9d5245342161103a33215494a40

SHA512
24658194aa0804bd1057a7f449ad7693162054519746b6e326730f5c6d4539ee9c31307d74bb81dc3c42c526dee84e257799fa6bf4b98409d1ab27c24c730bb4

Download Submit
/data/data/com.ijingyi.buy/databases/logdb.db-journal

Filesize
512B

MD5
f6cd287bdccb015d727cc618d001bce1

SHA1
c0138ec4d50ac0ca7079aa3a41530ee9e69f2561

SHA256
662cadaa0cacf0de76712c54b6d02235e2326f7f640b8c36732a225109310f8b

SHA512
76cfe8a53fff5dad108f39a28f9670e90c0ad9a7941e3ca363891a95fd85cc8b876708b054d95aea7c5832c474d269a62c63fd25fcf994ea3403de4fe84c03d9

Download Submit
/data/data/com.ijingyi.buy/databases/logdb.db-wal

Filesize
48KB

MD5
fa60e302fa1bfa29dd44c1ae2c298e61

SHA1
c435e2eea62cefdd819317feec7c893960729976

SHA256
999ea577e3f22f9d7b937552e0a30f1edc862d41a715498b9dd3613a2704ec25

SHA512
5ae141d23aa44ad5990234a294ba9bbfdea68a3b737fa6db2f2d4cb131f6f8ede0e72954b3becdc5286adcdd5b52a028866cf35f1794847425b9d300249c5703

Download Submit
/data/data/com.ijingyi.buy/databases/logdb.db-wal

Filesize
8KB

MD5
3059b1314a401b82f9f19dc32985839c

SHA1
03c1dfe91517da0a5982ed3ae76c7ad017f6e4ac

SHA256
e08e93ab8e948c123429162b36a00697b17f326a2bb4299a04c13c0fdb76da5c

SHA512
8de55e51db7978ee5a5528e3ef0d18f320a50329129ed78bd6ec98aa75e37c99deb23f4336bc4ac704679308bd8ad9b24e0ab89273e6c94bb7f932f78a4ce930

Download Submit
/data/data/com.ijingyi.buy/databases/pushg.db-journal

Filesize
512B

MD5
be3d19681c8eada5b9eb2378e43adbea

SHA1
ffbc513822f627fcb44f1481748c647592b34398

SHA256
d38dd2894b38a7af83515bed8e2da99f1d5de10c35eced39f758a90243b74aee

SHA512
8c4dfac6cdaed3f4ac6709d53d1ff1c1cdc757b101232b1b8b1e26770a9f8870744da109b8de0a940d64b0fe5283ff865fdb4978baf56f6882142b74e529ee86

Download Submit
/data/data/com.ijingyi.buy/databases/pushsdk.db-journal

Filesize
512B

MD5
127431feb2c7f369a5fa68ba7f884c9a

SHA1
d0cedf33b8cdf4bbe0ed85f823b0d373bf61e48b

SHA256
a6f97fed5a22edbd707203da1b99d743e22718101a3bd4dc26ce5eaf5c021dcf

SHA512
56bf3973c551489f72fa43bf3e59e172308aaa8403d6f3fa33c095637a372baf5d250aa4e414d420ebe763e8ff2d72cbffac7784178b80e49a3cd259b5440add

Download Submit
/data/data/com.ijingyi.buy/databases/pushsdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ijingyi.buy/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

Filesize
567B

MD5
1307ac254e83dbe2ec91014f74d91aff

SHA1
54f8bdf479025e067948dd40a006da58b4205c25

SHA256
bc79e551c8e2ca3bd3777daefc45f4315233d6b3d632fd339a416f90de661fb6

SHA512
eecda563b0ad2f9cd3d0c44012119cd5eef9e19e8a4ba573492db6917914fe3920c3ebc2aab7f3ec5b87b5dbe5b25b0a8ae5a8824ba1f4712d267f13cc2c2ed5

Download Submit
/data/data/com.ijingyi.buy/files/a/b/journal

Filesize
113B

MD5
0cf77f36c527abcba3e91da23011c1bf

SHA1
3bd240ceb6e24c9ceb3e2ac8cbaab6cec10cdfdf

SHA256
a6bb2d97757402adee9ec84cd2497f9e23a9408d3ac4f09f2d8fd23066cad0b6

SHA512
6e6e40d6ff7a2e539b81246e9176b4ee18937c9f7884592a91b7613f4eaa754c54c97dde39c6c7c81fbb6901231c3136a288c801bd3c654e58bf24a29112cca4

Download Submit
/data/data/com.ijingyi.buy/files/a/k.store

Filesize
32B

MD5
e826b47cc4810a6b0594b20bc276e5b3

SHA1
3e5172ab33315cb1e5524afedd9f084723d6e072

SHA256
b3356b40ab4f81880ad4af063c9b400f24860317c5457d82b1603ada8e691209

SHA512
6dd8816851e49db006ad374c1380bba94ca8ca3806c00776165783336da35d3cdfa6eefba70a1d342cb62e520c5a21d8a9805c7b62eda96a2b2ab8bffa96ceb1

Download Submit
/data/data/com.ijingyi.buy/files/cnc3ejE6/eje3cnc

Filesize
72KB

MD5
8fafd299e6d9ee9a9fabde5cab757a5c

SHA1
24fe98a8ad878367f9127674f15589e5dfe9be6d

SHA256
760edc1a4784e93419ff46f687c0521cd324b5e9ffdca646200a0097c288723b

SHA512
49b9071cfddb100c9775b68401ac0bea275490447d4866b048916c508ffe2c14a23f62a0ed511659c279e2d027f1c602bedcc9e2c4da280a58025935e3480309

Download Submit
/data/data/com.ijingyi.buy/files/init_c1.pid

Filesize
14B

MD5
b274af72f6815904f652f0c92e8aa84d

SHA1
889dac11af37ed11ab7e97c9382c79f74286c8e9

SHA256
3b1923626734f710bf28c5cf3d19494a2b54ec77f2da2fbd1ad6721020899768

SHA512
f5d597d085a9445584b646160107f471c25dbf121baa78631f4273a945e9e6c9fe9c5a1b5bfaa30ba89e9d2c038a8624b5f79761b8750be87fe89f8f4df84abe

Download Submit
/data/data/com.ijingyi.buy/lib-main/dso_deps

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ijingyi.buy/lib-main/dso_manifest

Filesize
512B

MD5
8091cae3d8189e52a5b6f218326b18cd

SHA1
81175b376eac2b2d4b580ff34cae089796ba62e3

SHA256
112b6669babdc78736e0be4a20f11f5df8a5838e8361fe64c55dc4844fb4fc0f

SHA512
bf1eef7540659d24ead9c2c47aa51bd4448b223b6e427ccf5e1f4c405242a1ce0c31332bace328009f58c4a57023de9b3a12e9df245500a0daa55bfe61c81388

Download Submit
/data/data/com.ijingyi.buy/lib-main/dso_state

Filesize
189KB

MD5
68543193d8d60263187b6fd61d17ced9

SHA1
78f834de8ee154b33119a8b8d5298681c260682d

SHA256
d7b35ce17446dc524f838d35dcefcd9718d6a07c2e4479bdcbdfbe7468e99431

SHA512
fa82c98cb6f730175bf6ce8b5bee58094d9f952143e7e0dc22d445f177d327f579decae4ce5bd5702f8366aaeac5b3ac41e78ab06eeeb951c82b633eaae86be0

Download Submit
/data/data/com.ijingyi.buy/lib-main/dso_state

Filesize
52KB

MD5
05c37885f9313223b902d088018cff2d

SHA1
ab747ba2d157184938694b60528d042a27fec489

SHA256
8da6a4fda5ee7ff98f62a28727df3e33cc4d5c4efcd14c15edcece0e5b8e8a8b

SHA512
114047143cf08297e498a0387713f5f3bdf9ada18111213a7ece21176c754c465f858b7cebdce3a080c6a002ecb30a103cb6fd0b1bc6d1959770a9623830f27f

Download Submit
/data/data/com.ijingyi.buy/shared_prefs_ext/test_app

Filesize
29B

MD5
dd22ecea781787dfa6bcfcd293b4e58b

SHA1
5eed97fa9faff121e290c8767ab495ce7feef0bb

SHA256
b7b0c27dfa0f55bf68cc933bf96d9bfc703439f49bbf2884411a5d952baf0c37

SHA512
81e67b8837239d26e4da5f076fc3d8bf4726f2ebbddb6ad65e4d2e0b382c6e251ceb7fa17710dd175682164795b6ce4e5d989a9025536e6ed9d5fd4219622045

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
0b2b86ae5ff191618e7403adc8a6bdb3

SHA1
4ad43293acdf7ca55874cc44202707ef8d177ceb

SHA256
d51f2348606f99c81b1278effa96ec999aafe84aabf65da0566c44204972f2f6

SHA512
12e546b6e889ca29d51d83f3a20716552e43ae5ef54568f2a00dd5c088820de76973665b3aee98acef9f70f9c217a0c7174d5cb32eb83f8dd923ee008cac7f3b

Download Submit
/storage/emulated/0/Android/data/com.ijingyi.buy/apps/__UNI__25C561C/temp/1715913324260

Filesize
1.1MB

MD5
4cfe3705082a2a9f27eb1b3d9ad4c462

SHA1
dbdf9948bdedefc7eb868e6e431de8b312d22fbe

SHA256
89329d624a082bd87c9ee1f638e858b85be1674fd72c6437e5edfa289773ff62

SHA512
b011c58e1ae44ef2d1d09f3e133ddabfa78065740062ae8abe0a740a981e4763c9ed5dfd2befa643fdc5c22a2270f94f43eb665b9c673fed91385296cc29f67a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads