98d2376f9f4ba8689e66da0084f13a167b2f2813ce38ad9aea24e8c761f0e6da

Analysis

max time kernel
68s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03-12-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be43cdd5f47035379aeb39682b6938aa_JaffaCakes118.apk
Size

20.8MB
MD5

be43cdd5f47035379aeb39682b6938aa
SHA1

d1541e19d9f7d62e4b2d19d1d2f271591aebdaf7
SHA256

98d2376f9f4ba8689e66da0084f13a167b2f2813ce38ad9aea24e8c761f0e6da
SHA512

04052f55437497e7c30aef2700acf177f320c480848025516a3dd14649847045bf4e0f2e41bdea128f513edd4f192149d0dfbf14503ed552cdd2371a18e67a76
SSDEEP

393216:yVWBLSGcmjTK5jQ9IsQ0Bu9TOiDa5s+F1Zgephqea2WYGzYTniHVeL5w0RWcsAtN:yGc0K5jQiSBu9Tvm5s+FDgepMcGzkni4

Score

7^/10

banker discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.qiyi.video/app_pluginapp/org.qiyi.android.pay.qywallet.apk	6511	com.qiyi.video:pluginInstaller

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qiyi.video
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qiyi.video:pluginInstaller
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qiyi.video:bdservice_v1
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qiyi.video:bdservice_v1

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qiyi.video

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qiyi.video

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.qiyi.video
Framework service call	android.app.IActivityManager.registerReceiver	com.qiyi.video:bdservice_v1
Framework service call	android.app.IActivityManager.registerReceiver	com.qiyi.video:bdservice_v1

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cat /proc/cpuinfo

com.qiyi.video
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4269
- cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4321

com.qiyi.video:pluginInstaller
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:6511

com.qiyi.video:bdservice_v1
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:6768

com.qiyi.video:bdservice_v1
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:7014

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qiyi.video/cache/content_cache/DISCOVERY_MENU

Filesize
1KB

MD5
5bd9300555c02d24fae0df97b5ce039c

SHA1
fb67655df64c3f8f18428da693cb955b52a7a827

SHA256
47b2003d905212d65bcf04a89e09ca65d708ef70e03248f7b3cd957a8c1f69aa

SHA512
5e5bf86e94dd91f9b4367da6a276a0cf7260c371c4ef27012ab098b43e451528a80007e37c78846e0472e5dbc7c0759f1888d4097191da3afcd8114e0e1bf2e9

Download Submit
/data/data/com.qiyi.video/cache/content_http/1edada2baf1e611a0e69578c18ba9da5

Filesize
94KB

MD5
cba5d4985d5866bb366dc38741daa44f

SHA1
4a8f9019a274ac643e0d4d2ab3db385214d1d4c0

SHA256
b852f20c7eba9046e5b6ec1037b0d2d0b02a443e2487e45159986aa4dd062d05

SHA512
63d90468faa763bf87c464c1a947112037e55e72e98e52dc4bc81e8e5d58330a52a2c3c5c7dbc94a553204b8d5841a398f73835d0c9b848580a4af85cf6162be

Download Submit
/data/data/com.qiyi.video/cache/content_http/2d1658edb475c7a82d51a3d092613aea

Filesize
28KB

MD5
6474c6aed2ffbd2907a294ff03c48dc1

SHA1
1d1073c53089968d62000dec7c764776180c0b0d

SHA256
7508b3c129d5a507ac2337d65f9ee310843ec23f0cfa355fce440fc6d1c74e24

SHA512
0f8b568f5a4fc29eca7ad32fcb792257c04152f360e699422496f8da066c1eb71752f394e1473893aed22b53a7b4d4949dba903dfaea262be74f8bdd7d59861e

Download Submit
/data/data/com.qiyi.video/cache/content_http/97726fb786b59c25c105cf1f93cd923e

Filesize
42KB

MD5
b6c2ea1b78d2c2290f22cff1950d3f08

SHA1
ca387e37b2fa20a42482477bb38af6c025f8e158

SHA256
fb0b9449c4a4cf50c088a61478d8803a1e8b1efbb8d9760766c4587a15967120

SHA512
1848478d308e3221170508834394f6c30ccb9d0daaa077f74f42846aba4acd157b4abf957c6defafd0ac4b3a2b47c625b95cb55d75d3d22ce51b80904293e6f3

Download Submit
/data/data/com.qiyi.video/cache/content_http/f5afcbb0fab5ee3ddc5da37a7d048437

Filesize
63KB

MD5
886c9e5fd9caa1ad8b64a305e396a1ea

SHA1
2cce07865819302e34bbfce0c5987224ef2ae8a7

SHA256
60e31e73382fff2a6321cc574927453820b680088bb2e872819a65ff72efcb68

SHA512
929451a5f255b07aee05fe293a725490949c1a708f79849fe41f4d5857a1fe7d0f1c84cbd552855b0e5d4db8aeb2d87a9d859e62c82ee37056157d0b00ea0227

Download Submit
/data/data/com.qiyi.video/databases/deliver.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qiyi.video/databases/deliver.db-journal

Filesize
512B

MD5
cc0abf16a5d28b3ef096a9dbbe971a86

SHA1
d8aa151dcdac00055ef57d854121b55e8f8e7f15

SHA256
8c451a9528076fd16924cbb27c19ae2d0b5bf53541318e8daf0d57ba35fcda17

SHA512
9ee9098dc59fcbff4efb4551859e38a9617653966db65d36738dd479076ac0180b38bc71d16f19c9ac9f07e583177583edad3a0ccfc8600f91f664e44c637201

Download Submit
/data/data/com.qiyi.video/databases/deliver.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.qiyi.video/databases/deliver.db-wal

Filesize
32KB

MD5
76219dfd7aa08d4fee4bc4dda3ecfeb0

SHA1
576574f217c69e49227899d78ac86a8158b6cc4c

SHA256
368257410b8f41967e6aca31b1bc8e944cafeb50f02da2d1a05a5c4e93d3d5f5

SHA512
47f167ac5f849c61f81b818875533861ab43806099d7d8a7173adb6ecfb9f1b1d97b6096164466292832d114102015a13aa78ff8d5bf7b4af626bec2f35e7f54

Download Submit
/data/data/com.qiyi.video/databases/qyvideo.db

Filesize
411KB

MD5
86796269e14a76f3727eae28ea4dc4bd

SHA1
41d1aeb52d1f89e1d68d68e40bef9e5d0f8f0d2a

SHA256
cd6daa74f98950bdbe29c22022e0d1277cc14fadfcb66ab7e7c00eb515961e8f

SHA512
5ad461548a7dca5904a3b5243947139dfdda08db7120131ff0c0e6575059fed6305e5bb6d538d0cac69fdf48436c7d0152e7309295bf0bd029f4e0cbe69e533c

Download Submit
/data/data/com.qiyi.video/databases/qyvideo.db-journal

Filesize
130KB

MD5
1ebf5f145064f44b91b96327fd35e347

SHA1
a18c5d1bfd210cc841ff25e9f250a54630eb7bac

SHA256
2021a2995dc2778b0f8caaa4dfe6c494427433cf56f1a9650290b97fb6e4efdc

SHA512
5cb0857e861d44f1b8a99cb5ad178e01749a4725132674cb0ccf369c314500cb977f56ab69d3715e2a006370a141048cea0b5af45776a35e146b40014cd9eca1

Download Submit
/data/data/com.qiyi.video/databases/qyvideo.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qiyi.video/databases/qyvideo.db-wal

Filesize
80KB

MD5
d483b87453dbc9984fc0029c4bb7b004

SHA1
9e744b0919cf2863143a7f9899fcdced00116c2f

SHA256
b0e6adbf633c3852fa3bcb0def14004f18ff9c896731e99c0dac9c4cc5064f8f

SHA512
6f8d88e2cc0daa798b0ba105c537b513073839687d536b7c96fdeee80d957ad4d754edd1569d5ad2fd542421f8cb144f28d207016b704805835dc8aff7f6eb27

Download Submit
/data/user/0/com.qiyi.video/app_pluginapp/org.qiyi.android.pay.qywallet.apk

Filesize
314KB

MD5
33b0cb07736683078d038bcbb03747bd

SHA1
f17421e6f8f2662d13c7c12785bd356eb641676e

SHA256
12009f40b2cd56898db97dc290a7f9a9676f3323c496741d780d527171707d28

SHA512
5f623e6d5538ade480f0759cf9c234ce1e68bbe5b55044232837f494c6034fa488d75338f261fd3acba6b12682c199779df71d7509f84e2008f9456548e1507d

Download Submit
/storage/emulated/0/QIYIVideo/uuid.data

Filesize
32B

MD5
71239ebd8302aeb428e22d13863652d8

SHA1
db8f67f3b98200ed00eed2f49d4b461e11aa5905

SHA256
7a5fb82496ea60638f12854272159ae4fba09f170b03d7aa84ec796fc2969820

SHA512
38db79c4ac029e766753cb22e16e6df6fc7d2ece1b965760866aab643a60d5b8384ac6340c84326d8e24e68b998c2b36232eecb7762234727bcfdbf3b9d1f10e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads