Overview

overview

7

Static

static

6

9eec0463fe...18.apk

android-9-x86

7

com.iqiyi.paopao.apk

android-9-x86

1

Analysis

  • max time kernel
    84s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    26-11-2024 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9eec0463fed65d100672eb5fd1199b7a_JaffaCakes118.apk

  • Size

    20.1MB

  • MD5

    9eec0463fed65d100672eb5fd1199b7a

  • SHA1

    f7bf2b36633f31fc0706e5f34159b444ee5a2c9d

  • SHA256

    67fd44033013028eabf864d66b8514f619bf29e00af9f7d17670e9c150a6842e

  • SHA512

    7a18ba5e99ff3cae917ac956a3f7f9a153af90ed37acd94b685f857ed54cfcc4347c3a4dfe00774f82a72cea3762f8b4885984a5b873f27e1c2b3c74bea62fa5

  • SSDEEP

    393216:Tv5Lzr2LvmovIuIQabD76WxRiRRjVHvB6ddldKXuI5jmaTUIjOk:Tv5LWLuovPBK9LMRRHvBKdQjmZIx

Score
7/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 7 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about active data network 1 TTPs 5 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact
  • Checks CPU information 2 TTPs 3 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.qiyi.video
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4268
    • cat /proc/cpuinfo
      2⤵
      • Checks CPU information
      PID:4312
  • com.qiyi.video:pluginInstaller
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    PID:6620
  • com.qiyi.video:upload_service
    1⤵
    • Queries information about running processes on the device
    PID:6907
  • com.qiyi.video:downloader
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:6884
  • com.qiyi.video:bdservice_v1
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:6970
  • com.qiyi.video:plugin1
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:7231
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qiyi.video/app_pluginapp/com.iqiyi.paopao.apk --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.qiyi.video/app_pluginapp/oat/x86/com.iqiyi.paopao.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:7409
  • com.qiyi.video:plugin1
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:7863

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.qiyi.video/cache/content_cache/DISCOVERY_MENU
    Filesize

    1KB

    MD5

    fa3da56487b5f045aeb15ee05f375404

    SHA1

    0381241ac6d0ecbd96c593717df4e9bc404d75f1

    SHA256

    700b5998562c6ac4b5c1eb5972709dab2fb066052b86c392a00a3518c25a1b10

    SHA512

    0737210aa58511e7b127c317c779ed7cd46b1058fba9b542cff58099060c6138a40cf85565a9d9ed3320930739a6c9469f5a1f2c2200ac15eea5b1953c5b04cc

    Download Submit

  • /data/data/com.qiyi.video/cache/content_http/1edada2baf1e611a0e69578c18ba9da5
    Filesize

    76KB

    MD5

    34e396622b66015c1e0a2d01ad770adc

    SHA1

    844f0b6c1244bbf221b7b50e87a6cdf928ad5e60

    SHA256

    1969fd76beebe88840572424924f5219ce823275d1f4d95f6f3d0299045d753b

    SHA512

    e442f1af73bfa39153d6a68e74ce03042ac2b65ade4a509c73fbaf4ac0880b1bb9d9b1703ef38c62ae29f7af7b98b746624c65ec62923f84ad97bb19cce8a35b

    Download Submit

  • /data/data/com.qiyi.video/cache/content_http/2d1658edb475c7a82d51a3d092613aea
    Filesize

    28KB

    MD5

    6479a402e2b138e891f9ffb222493168

    SHA1

    e713263ff29321cabe0d57d2992005123585cad5

    SHA256

    e85b822c9572926773c5a6861800c47682a4e1a4548ad356fa8d7ef1ddddd1b8

    SHA512

    653346b731fc032b61b6a0f997052d944828326018aaa3bd515af8b251019274d4569ac02d776167344b933f028ca75c889cbe18c3793ed8b325a2b3b7d82cce

    Download Submit

  • /data/data/com.qiyi.video/cache/content_http/97726fb786b59c25c105cf1f93cd923e
    Filesize

    39KB

    MD5

    142d1a3d3d6d2cd93cb5cfe5a99998c6

    SHA1

    c68613210af2fe7f95db33cd9d1bd417a5a3908b

    SHA256

    f9e0efb55dfb730a36ff9866adca62d60a927415989129f0fce968a56c9631c5

    SHA512

    0dcac967f19bc4b032c4b21a58b23ea1707b64b3174a17f8040323eefb22e01202b00205175cb30a0eaee38e7a3fb844649c081a8550cf9bee7c3df51745d8c3

    Download Submit

  • /data/data/com.qiyi.video/cache/content_http/f5afcbb0fab5ee3ddc5da37a7d048437
    Filesize

    64KB

    MD5

    9b7d3b5379bacf5d9d0bd897430f78d2

    SHA1

    7fecb31448300efe33ffaa0d9e559716c8d09c98

    SHA256

    2cb1cef7d7fcb698360663e735e3bda36bb9c2446da6668e3e330adaccdb8159

    SHA512

    277d7ad6f2bc7da18bd87f93c50b696422acb51bd1270360aa3dd92575646efae91f698e8615d6839313d8ed2379a721110ee8d94d5847e1f279f291375b9f0f

    Download Submit

  • /data/data/com.qiyi.video/databases/deliver.db
    Filesize

    465KB

    MD5

    f2db972894f04b85641a3561c932f0e6

    SHA1

    534c3b2e208bd2dd47d2175bbdf205b768b759ec

    SHA256

    6668cf4aa9d92d528cc5445dec9100d87ce1be968e3ede21a01292fc3556cc1c

    SHA512

    4869254e7dda292af583ee69fdd0bee77f2d4f9078eff617cbabeebf90fd59ad6d01664fad939e6de60f5adf2c469243b40e38870c0887ee7c078b22e42e4715

    Download Submit

  • /data/data/com.qiyi.video/databases/deliver.db-journal
    Filesize

    133KB

    MD5

    8fb6b96c6af7def65d589745c17748e1

    SHA1

    fc2263e5c4b4655704d0354132ec9b059d1fb944

    SHA256

    23b8c845ec60a68b82bace9d4eb57cf105cae2ecf6572a2b87a2c6d85cd8e9a1

    SHA512

    3149589a8a11eef76ce083523cf9fc3a3e22a178df119c44507eb341353f1dc6491a0c2c572d82dad58b6ccce6b13caca84ccb98c6a45821a917f049767aadce

    Download Submit

  • /data/data/com.qiyi.video/databases/deliver.db-shm
    Filesize

    28KB

    MD5

    b2e6a571e9645cc2bd4205229c91b9e1

    SHA1

    9d6565970e996beb66d7d1a5683fea92648d6667

    SHA256

    093c84596e8e124efc73e705a3eb0cb20ba0388cdd8ced42b492123a7bd33fc9

    SHA512

    4aabff93abc3b3d9a04e89282ee92e8acbdbde061ae20ffb299c6a509dbfb66800ae3ff0607470c442edf20207f5777da6610b58ca284162dbebef1ff27588c2

    Download Submit

  • /data/data/com.qiyi.video/databases/deliver.db-wal
    Filesize

    112KB

    MD5

    1cedbf2acdf59736ab026236816f0279

    SHA1

    f38cbd253fd6e542b940e38ed08409961f037415

    SHA256

    e2c5016a7f3b3a4cf6c644c4e00601330086fda9eafe4818a1658acfc4614a58

    SHA512

    d41d8b926a8173dfe8d69f1fc4e57b2d2a86dcbd85e35f613641ed449407ff34409f2a02f2896177d0246ab855ca19339229f128de47254669bb1fe48a204290

    Download Submit

  • /data/data/com.qiyi.video/databases/deliver.db-wal
    Filesize

    32KB

    MD5

    8e5991b7d5d63113448872359916449c

    SHA1

    04ef3d416b3985761c16f55eb7e00ff7df5bb61f

    SHA256

    ebe9e45f0d2669bd6ecab0d12ef719dae18a06c213f79f301147a55dfcb34c60

    SHA512

    2985b12e6eff39c3d49ea6ef437a35233e344e0354b1e760c2a3485ac476cf6343750ea8cac57d62c2426e6270bbba9917db9127714faa4872ecd7ca247ca16f

    Download Submit

  • /data/data/com.qiyi.video/databases/pushstat_4.6.2.db
    Filesize

    40KB

    MD5

    564077b10df0e6286902f718cc3e85d7

    SHA1

    4cf6c5fd374b0fafe77d7e2744db9c08b947c4d1

    SHA256

    08a24da3bc45b9308d4b133a6632992ffe8624987d7ef380c4be0680b33c7001

    SHA512

    d469a333b45d7107db46d109480706d6d0a205ea179a3ced9edbc76e2be036c1a2052201a6461a73d8bed2e7a2f39f369b1155da7a465b79a4ed51f22f6126a8

    Download Submit

  • /data/data/com.qiyi.video/databases/qyvideo.db
    Filesize

    5.2MB

    MD5

    9d414a4492367b2200c8f9b123a33f70

    SHA1

    220281c6daa9b91d07a3de34e195b3dbfedda5f6

    SHA256

    c83ffd2d7e931412811764551300318bb9c340303ea21b33cc6f8b7b806693ee

    SHA512

    f9fdec364bdaf999983d5ee307a270d9552bc9615083b223b8b7d27feb5d5bf18203e1fd5bebeba822aaaeb907fb996eb874f8a6e2a5d0a4663fe1da4b1df9cf

    Download Submit

  • /data/data/com.qiyi.video/databases/qyvideo.db-journal
    Filesize

    81KB

    MD5

    8d9511d9445d4b8cada54512d62b7a08

    SHA1

    9a82f5dffa7db20f96e629f54cd92d0129d4d6b2

    SHA256

    9a6250a3d7e4c1acb5a800bf0612844744ce25755db3c9e844c38afc7eceff1a

    SHA512

    69b59880909fdd45ac0590bc84cfcb52d6b2df70bfd8ab19b8bbecdc6dc0bd590d2427696decae2a7c0dea045b31deb9fb8f2c33ef5521b6d3c8b8e3bba3ef51

    Download Submit

  • /data/data/com.qiyi.video/databases/qyvideo.db-shm
    Filesize

    28KB

    MD5

    1eefcd88bcef932bd991051ec3dc8771

    SHA1

    86c0d6f46d2bcda166079af566050f9ca7e22d6d

    SHA256

    94625d9615d79e212318e633b3cbf56b29de3f88ab7a6cf945b8864113cba097

    SHA512

    8716eeeecf0517a19a32460db7640e71713ea86ba5d3dca3b1ec01183a831ad85526d2d28d36e30e8c0bd2b38747d04bb66dbefcfd1b819bbb751240713184b8

    Download Submit

  • /data/data/com.qiyi.video/databases/qyvideo.db-wal
    Filesize

    68KB

    MD5

    a9f58827d9ace7ac68fbef50cbca8565

    SHA1

    443bf87debc350cc52290da5ca5e4946f1b756d5

    SHA256

    68189f835f4bcd81a0a26df6fd204d703a8527ff071e5df23219a5ea884a3ff5

    SHA512

    74cbc143ad939f8b14754952ae5490fbee155b0d0dcba670d16fc284a33414f9f95bb7a8eac1a3e26c579a7ee7144c49e6927765e56c625279a6cab648de61a3

    Download Submit

  • /data/data/com.qiyi.video/databases/share.db
    Filesize

    29B

    MD5

    2256b4678a48e9c6ab584a3991a78387

    SHA1

    efcff63e6584038716a0cd6739b1921065b42365

    SHA256

    9bf6a98a096f95db05ae26ca90d55a05d9440301049e433a19c5ee793be00664

    SHA512

    69e2c9300fe60590223872914ee0386999dd3446e122a40bbecd0795429144741c539fc4a8bb2e1e315e13021ada21c79b02331345e72eca3f04340efc41c1b9

    Download Submit

  • /data/data/com.qiyi.video/databases/share.db
    Filesize

    56B

    MD5

    e6b9f2542d3112d4e9e6b17b98167660

    SHA1

    890e4faffdfe2e2f38bac9bb4f8f341208079764

    SHA256

    776d02b246c8454028f8e299c104710287fc12fb2164b76714dd428b0632c226

    SHA512

    a826520149775cf4b5c95a98f826bf2ed6b9210f2ef8700b81313eb9f4ca4c3e94ebe63f66ad08bf6d1defb52b3714b20450947e03ad29b2ce1b657f9ae3dc02

    Download Submit

  • /data/data/com.qiyi.video/databases/share.db
    Filesize

    86B

    MD5

    c84bffd8c650500201f75575ea8f42e8

    SHA1

    9ffc731bb0700f9615d9c440f0a60981cc11a908

    SHA256

    c2e4943e0f431c42a8f371c09c6f0cb462cb02e0949927c5ef12ad1f1c578e29

    SHA512

    6bb0da10e448a58938298c89df44292eecff5ce96dbc9230d7f2a6072cad7f6b0efea80ac38046196247ffa8a96ecb43c888cd0fcd263d4a5ac4cfc4a9b6515f

    Download Submit

  • /data/user/0/com.qiyi.video/app_pluginapp/com.iqiyi.paopao.apk
    Filesize

    4.6MB

    MD5

    9b704b481583b5e99bed5ab063adb329

    SHA1

    f1e9359992b1ff4feb2c183999c172464de21c8e

    SHA256

    e551a9ec78474368263f9c65ef23bbcc2d46ef11e8461288601c4c5aed3f3a33

    SHA512

    a88053b3a6bbbda0055506a38c7498d7ea16fa5032c41e9dcbd1d9e6357c8a6f1ad4e07f6656214160ead3e32e0a448a9220f5c3ae1ab815f7c8ee04bfaba6b0

    Download Submit

  • /data/user/0/com.qiyi.video/app_pluginapp/com.iqiyi.paopao.apk
    Filesize

    4.6MB

    MD5

    42cff75e70b1618c2bf21616b64981f3

    SHA1

    6c8012ef07d1d87bc7b5e5a2540352c63507c8b9

    SHA256

    d778aa12538b15d7dd148c95d6e19ed3aa184ca5b35240d5c61de9ff5640849e

    SHA512

    d7028ca85b152e9f8af71963d55d029f05784db238355771bc9a7364a933bc7aa80fb27345542fa6beea3140e0d5d288bcf683b77ddd91a0b97325161c45651b

    Download Submit

  • /storage/emulated/0/QIYIVideo/uuid.data
    Filesize

    56KB

    MD5

    72be17d69875f9f31412cf5e216743fa

    SHA1

    bc577d6c455a8929b2520570a2d0abcb9e1da637

    SHA256

    5c65edc00d777d0049f3c1477603897944533c710dbfcfa35496bdc298c709c8

    SHA512

    091ca7ee39fdc8cfa89c422c255e7b098adea354881d2907675e7870c96d67902d07566f225a296a88e3af5a9c5c42aad051a0ddae5d9f73ce6064f730c6e026

    Download Submit

  • /storage/emulated/0/baidu/pushservice/files/apps
    Filesize

    160B

    MD5

    a4fd07d91fa060a44bd2e430b16bf090

    SHA1

    9fb1ebe927b3474bafb9c730e339efa9851925c8

    SHA256

    e37494569ac4f47af8248bfbab3302a342179002c34f531b16a337e1f67190ae

    SHA512

    6a55515c9b64a1f7d27aad48c62af1bfd7827f69ca8814744d39bdee1ba9d40d0cb501354c9715f31e6a84fdd2b3f9a50494bf7ba4a9cd85ca06adbec0f7246c

    Download Submit