6c2b4c08a92141ece1ab946c08011a4ccc1bd7022316f8cb220360c1db8beea2

Analysis

max time kernel
15s
max time network
150s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
28/03/2025, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix_Premium.apk
Size

68.9MB
MD5

77ab42e053da13ebc952f69525d52504
SHA1

ae038837b9522456f79e9e63bfda02f7d16e4586
SHA256

6c2b4c08a92141ece1ab946c08011a4ccc1bd7022316f8cb220360c1db8beea2
SHA512

ddb9968f06ccfaafd8550d577be6f227d2c05bdd4d48c1051fcfe64c05c035aa44a2e447776b4b76cdffbc692aade3a52568747eb200586c5a851bb35267fc60
SSDEEP

1572864:0T7NMqW0T5cNgUwtldcjVlYp30JjmriGHriGsLOHVf:0XTTuz8LOVuaJS5V1f

Score

8^/10

defense_evasion discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.netflix.mediaclienz

Loads dropped Dex/Jar 1 TTPs 13 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes2.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes3.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes4.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes5.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes6.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes7.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex	4215	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex	4289	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.netflix.mediaclienz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex	4215	com.netflix.mediaclienz
Anonymous-DexFile@0xcad48000-0xcaed90e4	4215	com.netflix.mediaclienz
Anonymous-DexFile@0xe81e7000-0xe81ea954	4215	com.netflix.mediaclienz
Anonymous-DexFile@0xcd78d000-0xcd79d17c	4215	com.netflix.mediaclienz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.netflix.mediaclienz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.netflix.mediaclienz

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.netflix.mediaclienz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.netflix.mediaclienz

com.netflix.mediaclienz
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4215
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.netflix.mediaclienz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4289
- chmod -R 777 /data/data/com.netflix.mediaclienz
  2⤵
  PID:4320

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.netflix.mediaclienz/.jiagu/classes.dex

Filesize
5.7MB

MD5
d9ff9dbdbe0ebd11bf8ed470f53ce5d8

SHA1
668be16b3ed4a418b123aa597ddee093499ba4bd

SHA256
cfaed3c7ad5064680c65673d4c47853881299f36a989527d30dbb673046f8369

SHA512
edbf4233e1ddc58ef772197cb712991ec7c718b18b4dab034c74cbb45c47e7c5851a50b171bf5e96e37e477fd834bda82107e46ea0096e4fe9940805187e0106

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes2.dex

Filesize
5.4MB

MD5
92edba4f1c7916fd6d8cf5a26b109b36

SHA1
6800f52b7e8f7b8daaedd48ee6103ee575939bd9

SHA256
6938c89451657fa4194406cac3c179e5fff8b25adaeb09602eea7ff86b3134e0

SHA512
0e0cacd31a4ff59ad45dfc0ce055e2b03ed0ad63851e538bb72d4c0d8c5c241feec9851edfacc47ae1ee148dcd4555df5c0deeb0c7b5e3844cea54646d9eecd5

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes3.dex

Filesize
5.3MB

MD5
f7c4895fc82f4f674c6226ecac003dfd

SHA1
82be18b83fa6e8e39874e3766a949890c58df816

SHA256
fcea888be8bf5f9cb2bf21276560c6ff0124f11a84e963f86fd16134790e29eb

SHA512
2d29f1b196a6e4080617e962e90102bf106fabcdbf55880b2a98f582f86b589c3946cbd47d007f7ff1e29455bb46f224902c3608fbcd83eca56dce8c65a6dd28

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes4.dex

Filesize
4.5MB

MD5
716583790191e6061d481988102da57d

SHA1
b485422d3c79bdb1ffbb967e488041494663c877

SHA256
98f9002b5d60c7b3434ea97a1543b37ff80f4487b00c106fb9b55957ee3b0822

SHA512
a5c4d2037a1a2add351c3db8556a2fe5136b8b2b566d05d45eb966c313adfc0cf4c41f0797f939d06673c9fc77dfa52f417eab8231cc9d96d290338cc1fbfa6a

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes5.dex

Filesize
6.6MB

MD5
433279828f3c82396fdc85f2bcf5caa2

SHA1
dc41929954988415e657dd4631b63e974db8a3bd

SHA256
c1f9e21f15d25f566e635adb5becb7b69bf5445b8c6e7246570b13c33cc9b27f

SHA512
1cbafeea79c9d9cb8a4ec782abcefada11c3be2085814dd84ce0e1576fe02ae383e207d3c545acc5eaed4aa0c5128bcacb01e054d28b8f0f371fbf41e59ec388

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes6.dex

Filesize
221KB

MD5
b7ca2a78a46efcb0a8aef8d9ca641a5f

SHA1
0ff75be5294fd7ef4c771f12bec79fbed0f303c8

SHA256
5d83a807a5bd97cb9a30dfab6a4e08ee55053a4937ba634cc371aa6341ffa233

SHA512
3eae58c24b2babf5e6230a766c4dfe2cc77afba0e99ef2a5762820e1ffe0e8a48a4854e0e67bea16b35e23783fd3fc1ed42300a2ab8a874715ba5a29391e64db

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes7.dex

Filesize
70KB

MD5
2f3b8c3116c5abb5451da182a5f8cdf8

SHA1
f23520f5ee7eec3531b6ff73fae0b48cdf318662

SHA256
39d63d10748345c40ff151bd9143924de8f8881f38d846da524aa2a1928c54ec

SHA512
03a01190bd64974b59bc70d9ae8d314a368574c6c262c865ac29eddd9318f76884974ca6a6ae2a7b2c56f5361048c3b4c98f2f0ae7b82d2eb1af27cb6d5d3bd5

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/libjiagu.so

Filesize
727KB

MD5
84e025faf105f2b355e7f6b151c60b80

SHA1
36b62f9de765760fe30f6589c7f1df420147c33a

SHA256
f14cbfe6e4aee541dabd743c9c233159c8964ed7b6d822f12e221ee4ccb0d325

SHA512
5e0f8da25482a0701e686b0f5aae6365fa1592abf966366cd6be92cb092c901a8aaae7c12cccf61e98551c547cc44fc282dd1b96701066ffc3a4c3659164dd63

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.netflix.mediaclienz/cache/last-run-info

Filesize
67B

MD5
94e10e850bf39b9d0a6fef9969739ad4

SHA1
5a9424345b6455d1b84ed73ecdde7eeab7f83ac9

SHA256
da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d

SHA512
8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
d43d8df2daebecd7a9b02ce0354ca1b1

SHA1
137a94b3c6d7fed223a174d4e5342771a2bdcbe1

SHA256
5b573e43735a7569e9bf7621eea5bca2992401c369529ed7ee98eab1d07f5d56

SHA512
a829e6cb05a82af47c461efc261ab58ed2dcae9daa97d96c6087934c79fe4de8f83a5b330b9323f2543a709299fc9352e31285a9041f5a08263ecf941e6eeff4

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-wal

Filesize
44KB

MD5
6b76ede9b9502b0e418de177a345d413

SHA1
d3995e0141db94eead2e9175c8778fd9a728f485

SHA256
6266ed5e99b6e8d4abd6fbd44a4b90bf8732684da9e2f3641ad652b2abba065b

SHA512
d46248735be841bb6a3a8217ae80095de066e9e8dfe8f7352fe59148ff9094f993d5862509d580d3d0bc3ba55382537b5c7d929a65655ca816722f359f1b1692

Download Submit
/data/data/com.netflix.mediaclienz/files/device-id

Filesize
45B

MD5
77bf794f42ebc5983ad42f178aa1f034

SHA1
75cc2cd8669fa2f494e3afbbab1a44bc8ca60f45

SHA256
8433fe2ecdc1a32f0a31c2bf46603c1befbf9f4804b55ab6d20843533f6591db

SHA512
e5da6822f5422baf5cb86201910189c987b9431657b977d7949574dd3ab1c56f0fee55f9412dd6b533c66bc23e656fec1441255ccd12dfc8a4404444c58df5e0

Download Submit
/data/data/com.netflix.mediaclienz/files/ps1.txt

Filesize
108B

MD5
e19215c3fe57f75498389684aa1eb98f

SHA1
e949d061c50e2e71517a4f050173afaa088bccc2

SHA256
d70af50f65ee78007079cd8759b1f263e972f1107ef40c41a275de597c4dc6d2

SHA512
fcdb99d6b6540e3a271f37c5ef680401e4c7718f18dff8bbbd3c3b90123af58f6eb7196e2d88ee7e2da412a1fddc843280c91fb6381dda2cfb14186c079eb767

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
500e4b57389f4f475f1fa0e50728499e

SHA1
9fe15a13fe23988efe6cead17e7854a29724370e

SHA256
e0889f377dcb9f594a966ca1c500f03b1b49b0d7e142325184c17ef7c24203d7

SHA512
5c7ed80266e1d6d3f0af64a8ee66cdfc36d6800880283953cffd03843fb2774204c0fcc54abbd0654d85a0a40c14928a9743e3c7d8032c538860b84e79c851f3

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
83ebdc3f682cf7d6c5d2eec4afdaa94f

SHA1
cac18f3ac2a03ef858174ab3d8fc57ca10ee2c5c

SHA256
9dfed1138c6c6f88eca831b99e6a8fe0800d8c86ea73e13e952f2458ff724de5

SHA512
d0f11429df054decb8e5cbe0639af310b7f9f6b8ce6dbfb379253f7473eaa5a791ad0918f67a09f58caff661c73f320595a505eb6a1536a09446960113f71d9d

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a98683ea6673f7566f282824705d2981

SHA1
066565327daec43e9472868654b3898afb617c3d

SHA256
d0c91432ceabe2935b8070fdb494169b90ccef24d1938042e0409d644c8b9012

SHA512
9e1e711a0188924967c4beba154f674df8127a1c4d351d64dd6d9db7f13b0e987bc51605a5f6be05275e4832abc6d14c574582e92b8d77a69215ebdce4a25fad

Download Submit
Anonymous-DexFile@0xcad48000-0xcaed90e4

Filesize
1.6MB

MD5
2523cf51b15eba52dea285a1e57da46b

SHA1
ae84739b57deeafb07747f269492672b5fedebd9

SHA256
0e76e17334620450d6c489d724355a26593c78fe5f2910ee5a6b653f488d56c0

SHA512
6770115d024dc95d8b1da5d0b8b0992c6b9ed7c71f961a1b5e7764bc1d44f3c6c530ee7443ece8d408bfc908ed8ebac14be70c499dbc285d2379ff29215b2450

Download Submit
Anonymous-DexFile@0xcd78d000-0xcd79d17c

Filesize
64KB

MD5
7af975d4dcfc8e4062a503344f18b457

SHA1
6550c4ef1d44edb37c9d7b0ecf8550bb09584f9b

SHA256
cb2344dc4f5d3dee16474d352bd46a2ef2028387accd9142221c078189445d4c

SHA512
f99c32798c0cbe7c2e64fb836bae590d923392d4058ba2c7309236d87cada054db6ba99dcee274006c2bf7e5304dd8ca93517c9a4d0a298796e1a114858ee35a

Download Submit
Anonymous-DexFile@0xe81e7000-0xe81ea954

Filesize
14KB

MD5
444476999a045ff07033df8c9186c34d

SHA1
57c169fa9237df5c26c2f48c5e1a5428f69852f0

SHA256
e3c0e91ee9b14365e1d48e41918a4ca245db735cfda7f689df8b94f349ca7ae5

SHA512
476d0eae2f9cffbc751fe6be5c5721f3ce62b39bcd5c810287fef5a7ff7b20811a05d043434f790cfd67ce4096d380b12e6b11ae643525cc32228ff75709357b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads