Overview

overview

8

Static

static

6

254cfcf557...18.apk

android-9-x86

8

com.iqiyi.paopao.apk

android-9-x86

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    254cfcf55745d48c80270c1eeeaccbb1_JaffaCakes118

  • Size

    15.5MB

  • Sample

    241008-zpfs2svgrq

  • MD5

    254cfcf55745d48c80270c1eeeaccbb1

  • SHA1

    4e08ddf4caa56f578f58bc6087e9add3362c6428

  • SHA256

    344dec250f1a4a02fc42238d2ef3c5d09b02742f7297e5b36e3ae2803b087257

  • SHA512

    584b45169a452544382d49ebf18055ee4209a0229be5a4ebb65d98972e0d01f5d4350dc9dbad49b2a6b16f0a75957f12e030d1a12150869ae5d3b5fda5c497bd

  • SSDEEP

    393216:pScKoP86q8jw9iuaNyNul2Vph8LnT9Fc5wlXn4C3w:pzy8O3C202dkWwlX4L

Score
8/10
androidbankercollectiondiscoveryevasionimpactpersistence

Malware Config

Targets

    • Target

      254cfcf55745d48c80270c1eeeaccbb1_JaffaCakes118

    • Size

      15.5MB

    • MD5

      254cfcf55745d48c80270c1eeeaccbb1

    • SHA1

      4e08ddf4caa56f578f58bc6087e9add3362c6428

    • SHA256

      344dec250f1a4a02fc42238d2ef3c5d09b02742f7297e5b36e3ae2803b087257

    • SHA512

      584b45169a452544382d49ebf18055ee4209a0229be5a4ebb65d98972e0d01f5d4350dc9dbad49b2a6b16f0a75957f12e030d1a12150869ae5d3b5fda5c497bd

    • SSDEEP

      393216:pScKoP86q8jw9iuaNyNul2Vph8LnT9Fc5wlXn4C3w:pzy8O3C202dkWwlX4L

    Score
    8/10
    bankercollectiondiscoveryevasionimpactpersistence

    • Checks if the Android device is rooted.

      evasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1

    • Target

      com.iqiyi.paopao.apk

    • Size

      4.3MB

    • MD5

      befbba8d8712144b746672f6edeb632b

    • SHA1

      cbf9589dcfb93e95d482eaab78f41888de196a6e

    • SHA256

      f9667831c1eb66b4c49729cc28d4d345cc5855a9d99e331cac3d96fd92b46338

    • SHA512

      56c66ae919d768b89672bfd79ffa050110197ac0d399b78d8fd45bbc44931ea92ef1ca231131fa1be05bd1292beb18052267425b23b2483d7107b04807ebc3f9

    • SSDEEP

      98304:T9gsJTwJlrQb3pS/iYlmpB+YObh1qTGScoL4x7UvObrRYwpo:NTH4e+3Rfw

    Score
    1/10
    behavioral2

MITRE ATT&CK Mobile v15

Tasks