38c4e8ecb9e899a88f1d38a939206ecc2cf83da8573735251b738461ca6b0f09

Analysis

max time kernel
145s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
30/04/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a71fc95ef53c3d3e570e42d7b3229ee_JaffaCakes118.apk
Size

30.2MB
MD5

0a71fc95ef53c3d3e570e42d7b3229ee
SHA1

2db5d3a08acf4ba0e37b98b8c4dd08ca30ac50bf
SHA256

38c4e8ecb9e899a88f1d38a939206ecc2cf83da8573735251b738461ca6b0f09
SHA512

afe050f8998ad7bc6704a862be5d042c58230c0d3e00e6035fe403c62716f2a36aa61bb653d3fdce4ae0e05df74df387323da8e8f5ae9b399b0642cd3dbb1e90
SSDEEP

786432:tk5c17IC73m+MwYCJCeZPuksEGZZJwPaRYWYQ3j2kt:l1sC73mtSCsPuksrTJwiRYI7

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid15001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid15001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid15001
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid15001:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid15001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid15001
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid15001:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid15001
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid15001:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid15001

com.yxxinglin.xzid15001
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4323
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4414
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4437

com.yxxinglin.xzid15001:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4546

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid15001/app_crashrecord/1004

Filesize
241B

MD5
0b6b5c210a7fe0ffa7e12e7e946b6c86

SHA1
64387d3d57e11642cd147f67a52033aac7d34a51

SHA256
8ef997944bfb6313f9b730feb5cbe89129eeeaac6b80ab930acdc479b39edc42

SHA512
bf3fa00a4d9b7f42dc73cab00654f4b39aa045ed0a3532721870ca754635d3af2716effc7b6c4715d211e5fd04eaeef91837bebbbb2bdd34f0017bb02a9be687

Download Submit
/data/data/com.yxxinglin.xzid15001/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MessageStore.db-journal

Filesize
512B

MD5
e55223d13954a67ee49291e0098b0961

SHA1
bc8167c150781e3def1361a526d1a5dcfa20ea7c

SHA256
773db2fa87a6779ed054683eb4808e74e69da52490d3147795e64c91c4155309

SHA512
9d2323a6bfb42abda0beba5f3d75b3b6e497f7267c2bdfcc22f1a581b6a469dc6b2408e4ffcf2ee0e3c222ed4e2680d39688f89cf5ebda7d03d31e02b471db2e

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MessageStore.db-shm

Filesize
32KB

MD5
a29313e15bec8f90ead4fc023d9c9a74

SHA1
04f09482b616ed735145faecaa4b1d52204fcf49

SHA256
d6447dda3e71c76caea9281119e73493368d7144b5b386f4b5977ea636d809b3

SHA512
78507ebc291e9f8719bf61670486d81af31bf2d1183968f340757afafb3ac8753b31da4e585c2db72800d07f0bd5ec0db72c2735d1cb01edf51d7d81d711b674

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MessageStore.db-wal

Filesize
48KB

MD5
f4d574afef8d8a0fb3127fa8edd69fa1

SHA1
a3c39043a15ca436a18968b7905480f029dd6075

SHA256
8d41955a8aa2240691fa5b9502964a9685cd598b3559ba8b70d4ea6bf52abc46

SHA512
a99e1a2c6ea57f9d66979c9ad88930e54bf2ad5846960e071e3bc7c3bfdf82104a4ec400e1178731125bb479e5174f33c3b31a67375b05b746347168fe9a0e47

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MsgLogStore.db

Filesize
4KB

MD5
daf9cfad29ab8cecadf80ff9180a112a

SHA1
6c0024e73d3beb2de696626e247460c5c82bb60b

SHA256
8be07467cd5d467ffcc926a340ca2263e3de30c7b785deb31d2443b896321745

SHA512
2155046863f35a7a86b09ddfd145a44ba3d55fa324883ffeb8fdef1daca2c60929fea13729ad0ac1ab3dd665ea0e77386a2be609cf8addba941660cde36a51b0

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MsgLogStore.db-journal

Filesize
512B

MD5
6f488486888a037402c82eb6d753d00e

SHA1
88f73102d72985f9947e75d1df92fd0f90966eab

SHA256
dd97f492fc31ef84e225926556eaec85ebafd0a6758881569bd35a11d199b170

SHA512
dfcaaa87df4f2d3b5a7f0d53e48c52e6ced474c66758c531f5babd967acbc825d3129e63b13f2f9c4de03b17147e1fd3797c7de6d2e4ae863d3d464018843ea9

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
1988dce390e4fc7492c40ecc9db3ce2b

SHA1
ce9b6fdb22de9951349e61bb25bfc689e8bb81c8

SHA256
764344ddc6386e5b8455e522b358b56a90b58753a3b524d8c428e58ad30b2ab0

SHA512
b58a703415f995b5f265211338b7c985d7e10cb795c162222d2db9576fcd06d4a450eb1efb93b12b7099b2b5022cef7ed8a7ca6b8707bc442d0fa56da9e09c8d

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
6dd8d5a12b798aac8d28386dd402a8ec

SHA1
5f345f76429e3c7aa896a9342127f92db626c09d

SHA256
39f6b4ec488cea5d2b29a830fbc6064fbd05f64f1fd7f855379078d23d045165

SHA512
515fa3e65c7ada3a49c8661a75a48a7078738e92de2e5a143c2099fff23785bd56362723d57b90754a18f525a5f8805d65cff591dbab66e245c20a6ca9ab63e3

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/accs.db-journal

Filesize
512B

MD5
4a84db3c1f46f6b7e680b17be29c2881

SHA1
8682c29e542548c5b888b5ac54efe82c9392f7f7

SHA256
596a1af8d6a91f2e750a434c3e0a98a77f5471c28d3b11693063ece1b7d221f3

SHA512
cc9c63ea8095332b1d83543390e7cefdace563cf2e6de4771304d8e94ca58d016f7d33bd874d9b46c018a7007b876e0df984ecce7e7729009bbcd0669ec17859

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/accs.db-wal

Filesize
48KB

MD5
f071ff4316951be755a7e6e8d0410271

SHA1
df4c9eefc83dbad5720d99074756aec9899b502b

SHA256
7e2923d01d328a99106b0856172f14ff2711065788b2fa1eb5f2e8f17c5fd65f

SHA512
a0738b99ca97c6950e326946300a933bac0387cc8d5222734bae868b804df9252f1cd8f33aefcdaa5c353f15c4c635f93a72825644ece817dea01c2b14f08f95

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/bugly_db_-journal

Filesize
512B

MD5
c197e3e0707bb792d9ee712ddf8c069e

SHA1
4f682932ebfbdf9a9638727c5dfe798964b8460d

SHA256
6bd509cc523f079c7e964b9798e01df8910a4feb6119d1b85d38bd1390e5938e

SHA512
018770fc05947f856ab352925515e367ecea86586c1a6bf5ca912ee24524024b1df02a4cfc35480b3ecb2424733367446a22cf53464b08b00b455dc2d7c7c602

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/bugly_db_-wal

Filesize
68KB

MD5
0c24688c5e411c6a817a0be0fd9a0c4d

SHA1
d7d108ff9d559b6ee06f7caf131a4b549b64c944

SHA256
8a8a27ba7f0f4da2306028c790c4b668100879c6384f868cedb9c060c6d8dbd1

SHA512
b34c4cab6c83de000b510dc69483aa6e6386376d07f443f930c48b2da713000a32209fd2cf7ead52a88f65fce3838504fa4489f31df812eb7677ed9b8c6b9011

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/tencent_analysis.db-journal

Filesize
512B

MD5
000468919595a33d52e7b0bef0413243

SHA1
43c6262b80651559fe089f3a43a737640c329f00

SHA256
c7a52fb69db43c3540e113655edbbc262ded5a05a593591495ed45c081b92602

SHA512
b445269963ac26d7183d6c107268b58909de76a07a73d0676cf11805ee7aa4f9aac3f080d012a8e571853e7b33a53c393327a9bf6026517df37c4837d9384ceb

Download Submit
/data/data/com.yxxinglin.xzid15001/databases/tencent_analysis.db-wal

Filesize
72KB

MD5
721b503cd926314675c3437c4eb97114

SHA1
772ab33c2c3179b9a63788d2518736442f64c381

SHA256
03f262f5b326be62db9d64157c5fce8c7514a67789e03fd9b2d39c09dbb1a1d8

SHA512
5059bd1bc39d523744ca32192aad0bfbd5fd119642796fdf4040281668f70d8b34372072a538dadff09c41077aa94d145193ad2aacbdd5e63de97a0c40497859

Download Submit
/data/data/com.yxxinglin.xzid15001/files/cclogs/2024-04-30 192842.log

Filesize
2KB

MD5
5dda5f7bcae41c2c4bd6ef4fbbbbe5f4

SHA1
f1cff00c0ba004a063f7589503b7728fadcc64b5

SHA256
2e81d8146f4066cd4e1ec0644103ddbcb3ad1a0cd01add8323c61f4caaf03ff7

SHA512
caa5e5e2dbf4bfd5457124ceca3588e0d54e7d7d4ab47d0b2c08c0cef6ba805b29e7527b444119ad947115b4a437510af89bc625feb9b0c25913fc80f93dd45f

Download Submit
/data/data/com.yxxinglin.xzid15001/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/UpdateInfo.lua

Filesize
9KB

MD5
4776de51fae102420db1502712ee18dd

SHA1
5291a62deee8d107657693da23e438ebb9c2075f

SHA256
885def9480ee803b1e9d6b2606f07e364873c2bf55ad271f3278202ce9175a5c

SHA512
46b1999736ac15550af0dab1e78dec9b990f5bfaa39617839d4d322dfa41745959aadf8e15d1e44b4f88decf7ed0c9168006fae2944ac12d0f1b0bc1a7187d13

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/app/Chess/ChessPublic/flist.lua.upd

Filesize
1KB

MD5
3e701f4f1ca3ce1bf06a067caf0c09db

SHA1
1e3aa1c7116072448e92ddfb7ca8bff86760c9d2

SHA256
eacff77f83563802cd1402f6aa2326ca10ffd21ce475f238a0433dfb658aa90f

SHA512
39c8eec56aa37b3b1a9c0b97bc28754d138ca6171f56ee5c729aa8c9de0349a7a0ba6f076e1d814344de42875eb0cc8a9d7e09aaca547e7348ca713b105e04bf

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/app/GamePublic/flist.lua.upd

Filesize
17KB

MD5
dc51fa3913eb3796af6c4f81699b6518

SHA1
d782d40f70ce9bf0211cfc3325756c2940b0f28a

SHA256
b91aad5056e822dd6838e5760be45a17bd75b66cb8babda059b64bc45ba10e90

SHA512
d0e1ecc9926c697e5e88083b6dae7c0b81790fe3e0e231368eb0096059411a007b16a9920c1a89a3583f7614370e480e3a178b7c1ea228960b4597bbbcee93ea

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/app/JustTotal/flist.lua.upd

Filesize
8KB

MD5
0ecb91e64366a3d891e0c6af63ce908e

SHA1
b54b47415f6b24a5e4397238417868e2b871565d

SHA256
849c20c78792511b5649337844f5a1e975389eac8bfd36a68e35492d43348d07

SHA512
9f5e043c768b36b174a31e7a932ae71a5c1c5b1c33f78e8143376ce67f7d3d9896da52956424afb7871e2361ed8c1221cb54afac53a8c7140213be4492a02757

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/app/Updater/flist.lua.upd

Filesize
845B

MD5
4fc96541db35a1c831200248931a4747

SHA1
fce92d4032fb5e6e0a6b5f3dc160e49b383ae0c7

SHA256
db48f076c177881815cf80d3273f67f6dc2e8235a645b6970725c73428288db5

SHA512
fc159ddd3c93e839bc49fc4bc3fac4cf8793835e19994fd8aa3f4453ef6173b7d32322e3a775945f78ef5bf388d748856e16b8f88e73efccf98b46d9355f77fb

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/cocos/flist.lua.upd

Filesize
3KB

MD5
54e06818b81c1c58f9088d8cd92176c9

SHA1
2c282c4980a57716c7ed07024c3106d6783c47b6

SHA256
6dcad7d3179ec4f253a106ab3a135d0e82e45f799aee34d9c8853b744bc84047

SHA512
1bdc763dc9d8c011fc1dbef775e34ad67668ba4b9d2eced42b904fdb10898ed768af8f855f3e64541bccec410c5a34398b8174889db3e626891c0defe3b78c0d

Download Submit
/data/data/com.yxxinglin.xzid15001/files/upd/src/framework/flist.lua.upd

Filesize
8KB

MD5
69772ea86096ff220ee9ac9b41d9b589

SHA1
65bf31a13f8ce4b86a504ffccda4851090615466

SHA256
71e8bd2ff594d847d252574361245c07a46f88f5d6141886f5de46c43b4da577

SHA512
b8e2f74461c5c861920aff12c1d80d5b81d662c73599f9a002ef307d8a84d218e14c17455cb0c40ee87fc4674fc5248fa859bf1f552442f20f0fb90bf4004347

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
99a2e1d526397597642a10f4e850960a

SHA1
a9680ed61c940173fef998fe6729e81685e8734a

SHA256
eeb4f0cc88a76e6194b2765d954be7272875b99f2d24994567f2066dc5f1aef7

SHA512
ebdc6c79e5a9d03726eb48af2e620c503dc0b444803fab8f144b6cfaef56d16b32b44b31a2c468641b4c33583f81596a94904be9b71663e31030ffbf7d278c2c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
56b4937ebae8d773f1a4e1d41c0dbc1e

SHA1
7cfe124a7cff499812ea8ac6bca633075e5555a8

SHA256
19841aaea33b18b647f57de7e850b66b605f4f197901708c512bfacfa31bbf43

SHA512
19d2ce9fd437f32b6c9e78fa5cb32430e8eaf5441698e40ed392af27ed52adedbd771949d49d6de384412c74e06f810e7e6d9677c74d5025d950b30d7f66dd1f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
5a839d7ec2b7352df3cd7fc631938b6a

SHA1
e0662be3ef088a485d9510c59e2204d4d18e9e8d

SHA256
7db60af03aa4bdcc942a26fbd5a37a4748b913348ce951f5541a26b5dbc019af

SHA512
820857ee0e93fd8ff0326d25b5970866c03fca1214bcf62b4a0979e6f7676a72ee10b3cc358d1f5e3ad88500b83d60f4b5ef49586c98415b76e68f1095dbe8bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads