6c2b4c08a92141ece1ab946c08011a4ccc1bd7022316f8cb220360c1db8beea2

Analysis

max time kernel
13s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
28/03/2025, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix_Premium.apk
Size

68.9MB
MD5

77ab42e053da13ebc952f69525d52504
SHA1

ae038837b9522456f79e9e63bfda02f7d16e4586
SHA256

6c2b4c08a92141ece1ab946c08011a4ccc1bd7022316f8cb220360c1db8beea2
SHA512

ddb9968f06ccfaafd8550d577be6f227d2c05bdd4d48c1051fcfe64c05c035aa44a2e447776b4b76cdffbc692aade3a52568747eb200586c5a851bb35267fc60
SSDEEP

1572864:0T7NMqW0T5cNgUwtldcjVlYp30JjmriGHriGsLOHVf:0XTTuz8LOVuaJS5V1f

Score

8^/10

defense_evasion discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

defense_evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.netflix.mediaclienz

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes2.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes3.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes4.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes5.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes6.dex	4808	com.netflix.mediaclienz
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes7.dex	4808	com.netflix.mediaclienz
/data/user/0/com.netflix.mediaclienz/[email protected]	4808	com.netflix.mediaclienz
/data/user/0/com.netflix.mediaclienz/[email protected]	4808	com.netflix.mediaclienz
/data/user/0/com.netflix.mediaclienz/[email protected]	4808	com.netflix.mediaclienz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.netflix.mediaclienz

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.netflix.mediaclienz

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.netflix.mediaclienz

com.netflix.mediaclienz
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4808

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.netflix.mediaclienz/.jiagu/classes.dex

Filesize
5.7MB

MD5
d9ff9dbdbe0ebd11bf8ed470f53ce5d8

SHA1
668be16b3ed4a418b123aa597ddee093499ba4bd

SHA256
cfaed3c7ad5064680c65673d4c47853881299f36a989527d30dbb673046f8369

SHA512
edbf4233e1ddc58ef772197cb712991ec7c718b18b4dab034c74cbb45c47e7c5851a50b171bf5e96e37e477fd834bda82107e46ea0096e4fe9940805187e0106

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes2.dex

Filesize
5.4MB

MD5
92edba4f1c7916fd6d8cf5a26b109b36

SHA1
6800f52b7e8f7b8daaedd48ee6103ee575939bd9

SHA256
6938c89451657fa4194406cac3c179e5fff8b25adaeb09602eea7ff86b3134e0

SHA512
0e0cacd31a4ff59ad45dfc0ce055e2b03ed0ad63851e538bb72d4c0d8c5c241feec9851edfacc47ae1ee148dcd4555df5c0deeb0c7b5e3844cea54646d9eecd5

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes3.dex

Filesize
5.3MB

MD5
f7c4895fc82f4f674c6226ecac003dfd

SHA1
82be18b83fa6e8e39874e3766a949890c58df816

SHA256
fcea888be8bf5f9cb2bf21276560c6ff0124f11a84e963f86fd16134790e29eb

SHA512
2d29f1b196a6e4080617e962e90102bf106fabcdbf55880b2a98f582f86b589c3946cbd47d007f7ff1e29455bb46f224902c3608fbcd83eca56dce8c65a6dd28

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes4.dex

Filesize
4.5MB

MD5
716583790191e6061d481988102da57d

SHA1
b485422d3c79bdb1ffbb967e488041494663c877

SHA256
98f9002b5d60c7b3434ea97a1543b37ff80f4487b00c106fb9b55957ee3b0822

SHA512
a5c4d2037a1a2add351c3db8556a2fe5136b8b2b566d05d45eb966c313adfc0cf4c41f0797f939d06673c9fc77dfa52f417eab8231cc9d96d290338cc1fbfa6a

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes5.dex

Filesize
6.6MB

MD5
433279828f3c82396fdc85f2bcf5caa2

SHA1
dc41929954988415e657dd4631b63e974db8a3bd

SHA256
c1f9e21f15d25f566e635adb5becb7b69bf5445b8c6e7246570b13c33cc9b27f

SHA512
1cbafeea79c9d9cb8a4ec782abcefada11c3be2085814dd84ce0e1576fe02ae383e207d3c545acc5eaed4aa0c5128bcacb01e054d28b8f0f371fbf41e59ec388

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes6.dex

Filesize
221KB

MD5
b7ca2a78a46efcb0a8aef8d9ca641a5f

SHA1
0ff75be5294fd7ef4c771f12bec79fbed0f303c8

SHA256
5d83a807a5bd97cb9a30dfab6a4e08ee55053a4937ba634cc371aa6341ffa233

SHA512
3eae58c24b2babf5e6230a766c4dfe2cc77afba0e99ef2a5762820e1ffe0e8a48a4854e0e67bea16b35e23783fd3fc1ed42300a2ab8a874715ba5a29391e64db

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/classes.dex!classes7.dex

Filesize
70KB

MD5
2f3b8c3116c5abb5451da182a5f8cdf8

SHA1
f23520f5ee7eec3531b6ff73fae0b48cdf318662

SHA256
39d63d10748345c40ff151bd9143924de8f8881f38d846da524aa2a1928c54ec

SHA512
03a01190bd64974b59bc70d9ae8d314a368574c6c262c865ac29eddd9318f76884974ca6a6ae2a7b2c56f5361048c3b4c98f2f0ae7b82d2eb1af27cb6d5d3bd5

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/libjiagu.so

Filesize
727KB

MD5
84e025faf105f2b355e7f6b151c60b80

SHA1
36b62f9de765760fe30f6589c7f1df420147c33a

SHA256
f14cbfe6e4aee541dabd743c9c233159c8964ed7b6d822f12e221ee4ccb0d325

SHA512
5e0f8da25482a0701e686b0f5aae6365fa1592abf966366cd6be92cb092c901a8aaae7c12cccf61e98551c547cc44fc282dd1b96701066ffc3a4c3659164dd63

Download Submit
/data/data/com.netflix.mediaclienz/.jiagu/libjiagu_64.so

Filesize
821KB

MD5
b514e3da39834f22142ce92f03c4a7fe

SHA1
3e94d01f4888fcf1794b4816416b0805a7306a06

SHA256
3e74a199c72ab26bb58acbce844e6538c3f3856b0d34ef59b62150fb3811a00d

SHA512
f7ae8022a2dba48d31f590ea7f1c11821d4baf72240429e8d3ff05d04ee403db628060eef6dbcef7f0f3ebf68de6c5b6068e76b419560cca0efeed5153bb6eec

Download Submit
/data/data/com.netflix.mediaclienz/cache/last-run-info

Filesize
67B

MD5
94e10e850bf39b9d0a6fef9969739ad4

SHA1
5a9424345b6455d1b84ed73ecdde7eeab7f83ac9

SHA256
da731d687400934bea5e647ed90766710215d2e224d53fd2912f6acbea356d5d

SHA512
8cb6f99259a95a259d7b3d15cd39f8973de6da14ef8691d77e320c71519921da6d8708f7d278b974e2bf5ea5e0854fbd16c31f44462cc36d4b93f9930a4768f0

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events

Filesize
32KB

MD5
7daa8bf70cba1177c0aaa35143f5ff54

SHA1
4ddb8e3e373296808fd5a3832a454ea9c0c60b0a

SHA256
f02ded6053bd0f124da16cdf40849fb201797ddfac5536ab36e1feceb21564a3

SHA512
7178eae8e99b2f8b571bd333a3c6916bd088c96dc2c6d5b074ac388e58a345de6a82daceb39994019cbdc5c2d4065912eb0c52787ec50d9e1f746ba92bcee22f

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1856ee90e9b5749e4005b1929ad9af29

SHA1
754b3781d3a525579c544591303579887824c3e5

SHA256
e77b0235a65e0f9f7ab3751c80edc8ad913b8ecddf5c1f5cee1fc6f47d698dd3

SHA512
622a6f6cde020109c9c7b5a88e6473180d9b834311effe6f8f9332c6525268d382f10323328c1128a7bce09a0a95d81d113099795f733f8359c5dd04558a1982

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4f49853d68e0c586b8b459d7ac428a7c

SHA1
824d95721c8b4991c24d8927b49c40fb8c7d29d8

SHA256
1bf8de42807e245b910b9077d9fd56abd716191468483fdbe136ac243f34851d

SHA512
393e820c44ea25422a97d6b0c2dbc4854458c28c2769ae818e51a576c7235d1687e394d4795a4afc1136601e4ee59e0dc2762ac98ed869719000033fdb8a5d7e

Download Submit
/data/data/com.netflix.mediaclienz/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
0fdd9ef22c4acca641ad56be79ea65af

SHA1
dc097516787c201a9fa84c6bf05575878d315587

SHA256
428164057813d3aac1742ccb32b71199a04025c3d43e31131ebd5e6635baeb4c

SHA512
d5298504be483464e2f71c10cca734e47cf533bb4e2d3d7f0cd36928b7b414fdda472e595955773b4615ff70653f51bb01a87e6a2811573deefede4ec40da018

Download Submit
/data/data/com.netflix.mediaclienz/files/device-id

Filesize
45B

MD5
99b93e4767ab96afb6a9da214da4c9f8

SHA1
32606777ef863730934195fca25fd1004ca8034a

SHA256
e615e6866b97001a8a0cff6be4a4098478413aee21a532a865483f784a620ab0

SHA512
f8649f13fea40db27a1b2c88cc29a1aba12067b5930326ae504a61d5393a7b698f2e9e02a107f17feea0d7044c59ed3f75f91ea61c2860ad32c6c87890ea2d24

Download Submit
/data/data/com.netflix.mediaclienz/files/ps1.txt

Filesize
108B

MD5
e19215c3fe57f75498389684aa1eb98f

SHA1
e949d061c50e2e71517a4f050173afaa088bccc2

SHA256
d70af50f65ee78007079cd8759b1f263e972f1107ef40c41a275de597c4dc6d2

SHA512
fcdb99d6b6540e3a271f37c5ef680401e4c7718f18dff8bbbd3c3b90123af58f6eb7196e2d88ee7e2da412a1fddc843280c91fb6381dda2cfb14186c079eb767

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e8da4db42ba9cfdc365b18db7ba433c5

SHA1
d0c69374d09b5890c85337233d3304a02c68b08b

SHA256
60b227cc6de4d6c8b72151f476faae67ef269d0e80c32f0e98433d115b36769c

SHA512
98e51b015bca5152d0427aab8a4256f5a269d9373863958473c1db3e30e3cdbb646b252bdb0e82076689a7933143034952db5e0e3d54f864d35dabc36e09fe5c

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5edf03b9d4b743d38cda14955883bc4a

SHA1
621544de990c88564a406015d1e7bc91742ad37d

SHA256
f86f195cf54a107bba7df1ff052663036ffabc03028161bf7907e1a6936157ba

SHA512
314feac4fe10a26b2edea4171e5d188d69fa825f7bc98447849db3791d36abb4ec6dff4dfc0e595aea2a595650ecbcdd5c1f3685b4a8dd9b0443fd8912bfc8b7

Download Submit
/data/data/com.netflix.mediaclienz/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
332714c5454d12b149dcef0ee6daf6fe

SHA1
1fc74d06ad9a8e2e86ce1fa37715a1316b375683

SHA256
3474117972ba9185546318288154b8eda2e0a0342c2ae9df75da823a3b293b11

SHA512
9586a2b5feec24786573583dfe861e893ac0392b37762c79cb13280affe59bdc09823bf157f730424a72e2843de8e8636f303abefdb8fbd069e5d621b7185f17

Download Submit
/data/data/com.netflix.mediaclienz/oat/x86_64/[email protected]

Filesize
941B

MD5
769432f71fce13194736abcc92c7738e

SHA1
01083a78e3ead846bdc49c188b3654478c60e15b

SHA256
9bfc5cd8df56968b085c6b346e4879b355a888c8fe862d2baa7a4b2a481b4caa

SHA512
72a6a46d5dc5db4e26d7534de26ae2d4fe26f58104bba9eb64b8719a7e40d8cc4cba30a03059c57347d43bf649d799c86172c9b18fd63f2404cd0169f832290c

Download Submit
/data/data/com.netflix.mediaclienz/oat/x86_64/[email protected]

Filesize
1003B

MD5
ae45e30d4eb6527c745e6c1a0b4d9f63

SHA1
ec64b4cc023015dd032286368d000d07b59fa454

SHA256
002b9b1e9077253ee8d25c6e9f835e6e7d805752c27aa51c1d6af31f8dc2a983

SHA512
fd755fd1ff821959feece8a81bf722967f15a5bd1702099cd90658d7e7deb45ba55f14a3ca0fb947801757301ebb6077fadd6d04d81b9176e78e322c69b08cf0

Download Submit
/data/data/com.netflix.mediaclienz/oat/x86_64/[email protected]

Filesize
941B

MD5
b39009280f31cdbdbca7d85bebe41477

SHA1
a46ac6c233840f989f1f97e1e036b3d2104ed2ad

SHA256
a924b831e3ddf4fab0e0ff29d61093af829d89144db6ec6a64857519f2f20b25

SHA512
056f32d4e2fa672494347e9d5529b1ea8931de8d7488ec6c796a46998ef23b6689285b27dcb0782d7f86861a70c3d2f874e810a442dab8916f833af60e245bd3

Download Submit
/data/user/0/com.netflix.mediaclienz/[email protected]

Filesize
64KB

MD5
7af975d4dcfc8e4062a503344f18b457

SHA1
6550c4ef1d44edb37c9d7b0ecf8550bb09584f9b

SHA256
cb2344dc4f5d3dee16474d352bd46a2ef2028387accd9142221c078189445d4c

SHA512
f99c32798c0cbe7c2e64fb836bae590d923392d4058ba2c7309236d87cada054db6ba99dcee274006c2bf7e5304dd8ca93517c9a4d0a298796e1a114858ee35a

Download Submit
/data/user/0/com.netflix.mediaclienz/[email protected]

Filesize
1.6MB

MD5
2523cf51b15eba52dea285a1e57da46b

SHA1
ae84739b57deeafb07747f269492672b5fedebd9

SHA256
0e76e17334620450d6c489d724355a26593c78fe5f2910ee5a6b653f488d56c0

SHA512
6770115d024dc95d8b1da5d0b8b0992c6b9ed7c71f961a1b5e7764bc1d44f3c6c530ee7443ece8d408bfc908ed8ebac14be70c499dbc285d2379ff29215b2450

Download Submit
/data/user/0/com.netflix.mediaclienz/[email protected]

Filesize
14KB

MD5
444476999a045ff07033df8c9186c34d

SHA1
57c169fa9237df5c26c2f48c5e1a5428f69852f0

SHA256
e3c0e91ee9b14365e1d48e41918a4ca245db735cfda7f689df8b94f349ca7ae5

SHA512
476d0eae2f9cffbc751fe6be5c5721f3ce62b39bcd5c810287fef5a7ff7b20811a05d043434f790cfd67ce4096d380b12e6b11ae643525cc32228ff75709357b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads