4de631f582fa4a85129cb5093d9c6a0d8af20b02240d643f3e1fe425ac55ddab

Analysis

max time kernel
145s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33bf811c0cd6cf4adc2f6363e93ca3df_JaffaCakes118.apk
Size

30.1MB
MD5

33bf811c0cd6cf4adc2f6363e93ca3df
SHA1

98393367f8d7fb7ebb2cdfa754135ef6ca672c5e
SHA256

4de631f582fa4a85129cb5093d9c6a0d8af20b02240d643f3e1fe425ac55ddab
SHA512

21c69b5d005b69ee8c7d7e80e1b15aa4fe6dcbca950207429b4042d669293ad6bf7ac17acafbde5cffca0770fccaf3efc099c529c0ba4d18b6af78b73be478e3
SSDEEP

786432:JXcCW1LIC73mOM0wiBiRZP2qsEYgjAB4EZImAQfS2Un:J+18C73m9Wi/P2qsRSABFZIXR

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid40186

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid40186
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid40186

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid40186

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid40186

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid40186

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid40186com.yxxinglin.xzid40186:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid40186
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid40186:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid40186

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid40186

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid40186

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid40186:channelcom.yxxinglin.xzid40186

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid40186:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid40186

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid40186com.yxxinglin.xzid40186:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid40186
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid40186:channel

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid40186:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid40186:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid40186

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid40186

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid40186:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid40186

com.yxxinglin.xzid40186
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4387

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4407

/system/bin/sh -c getprop
2⤵
PID:4459

getprop
2⤵
PID:4459

/system/bin/sh -c type su
2⤵
PID:4489

com.yxxinglin.xzid40186:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4533

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid40186/app_crashrecord/1004
Filesize
241B

MD5
af815682afd47ec55872139cf3dba35f

SHA1
1f1626d01200102db137333b465e9f90828fd5e3

SHA256
bc75b2fe7a50e20d2a9acd15100ce7eacc4b82838a378873c126b55589dad043

SHA512
4d5d7a7bceb77cbff8634e5c826e941752ec8fea4adbe2d7467d3cd1d93f9e34fee69e888c8fdf610822e63769ec597d206f56a5db72cd701e7524fdfbbf33d8

Download Submit
/data/data/com.yxxinglin.xzid40186/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MessageStore.db-journal
Filesize
512B

MD5
ae4fe516ffce21f3668512d535dee614

SHA1
e2711854c8b7a70ecf5c59ece85f7e73d6f3e42d

SHA256
efe3b71fecb260d624699fbc8f6ef4ff9d6b2573c02616ee1f63868fb6ac1aea

SHA512
9a515a38c80e416b8d73784cc87dbcdae58ea84701684e4c09e37ca455bd9f6369afd2085ecdab29e475834d9051da99215b6ac5805eec393667f85a57cc811e

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MessageStore.db-shm
Filesize
32KB

MD5
ee8db4f0d5ad4d0579002d268909d385

SHA1
c5a2fae040db088627e6e4bc2a86ee83a7325098

SHA256
a3119ed93a654addbef98df13baaf94ea1540341c0d7a9e28d53649260ae77c8

SHA512
f2a8d64b499a1aafb02c4d1b88993fbab7fa2b864cb25cc0532d65a4172ae65df0c811ff038786cba2bf8ede467d86b47509c14050b26836937103960557a322

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MessageStore.db-wal
Filesize
48KB

MD5
e3e687fa25bc555ec7d42edeccc8184f

SHA1
a06673b165de079e78474ab652400f8e2f79858c

SHA256
f28a5e3e044a876b838488a979a37ea0a36c1f2076906499f9e1c44f3f501086

SHA512
3e869028c85cd7c1af7a9081515cb858572a08dbe99f15ba1673e8c629ad619226fb12a427e44a96e457f7332d800c117799885803624525750c8592f5c8c48f

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MsgLogStore.db
Filesize
4KB

MD5
7f499862647d6ed89eb95bb4c24d46b9

SHA1
845905385378b8c82e3d72b5bbc519688ad3ca0f

SHA256
2d30c5838062fe656ed654e1b3d6b071f33f0985bd7bce1dfe6ffd85e6ea5117

SHA512
78ae5baf901d8254cee89a062dba0439f971e27e259bdfe9c0d268c4b4b6c18ed567accf113f0360370f263a2328cc7d658fe5dd0295c249fe76ca0493881ee9

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MsgLogStore.db-journal
Filesize
512B

MD5
e188c1aff55ec06faa71b8b7b1741570

SHA1
d3a7c32736faac9bff8bdf836cdba24c8b44ea0a

SHA256
137dfec2c1abadae02bc149b02ca848deb67cf2530607ef0837fd91538364004

SHA512
c2f1f15b089601281044d61ccc93ba78cd45b162fa492a745215668d4ad4b87472f54be7fc829d13047203e7914d54db51fb9d94cfe68bdc7f22e09049c4f4fd

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
36b09fa3a1c7be4d89f06ecceeac1f23

SHA1
e21191fff2a1a97df86c4ec95a498315f5bf8810

SHA256
1fdf031ab7da1249778d6961c470ba847a66e2cb0134f3839b60ab5c2887080e

SHA512
e590695441bff846ba2277e9bc9fbe887d1d6c755c1a36053715f1fbba2b5de72dd204c03e33c7d63ae51ee72af7ac071b301f51448d5c2b58059a07ed93ce97

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
e0043d63e6a276dea8f6dca21b6226bc

SHA1
ffd75b13bc8a69af64870270dc5014547dfe6f48

SHA256
9512885e434fc1399f7899a0f041202cec3c195581946cbe5a9bc37e43a177d9

SHA512
d10043a85cdbc94961a1b454bf765f75bb65ceb6175fe7ccf76a0c72a12d5f31b14fb6d49b15168bb38fe787e56e1685b4a2ed20aef9594a5c8a74bf8983ea87

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/accs.db-journal
Filesize
512B

MD5
0f1d19ce80ff7e86be0870515d3c276d

SHA1
c31fa69f2dd140b011dcdcecc2cea2879f9e819c

SHA256
bdd24c7a4ae8b2c3e570a1a0c526512906a30fec4e084326121af90719824a58

SHA512
21acb81473d35140d88f450dd37a285814266a4f282d43b598bcd2b24fca63b0a0e1f9c56dfcbad74cac7051e4dd033dd7975099990d0264da7cb03692c88e2b

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/accs.db-wal
Filesize
48KB

MD5
c81f15121ea32fce34584f92ec7312f0

SHA1
426f8f78d94f103c049a4da9580a7f2c43f1f898

SHA256
c28b25de11ab0ecfe0b9b274ee07e6852aeb7060ce7cb57a87fa29a295b7f206

SHA512
ca255e029e2656612e7c6c3e537e843e5996b6f48f271e3696c80423d619903883d0db921f5050ee09394aa09ef0f1f942844c844ea9b4ecdf0f434d8bf8d2d8

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/bugly_db_-journal
Filesize
512B

MD5
49e8dd833d0fd24feffdf9afafe660d9

SHA1
26922171e142de3fe6706509493e775bd38324a5

SHA256
5965f708040838be5ccb6aacd1584a9657e5bf274b696777d87ed4a86a3415ad

SHA512
a78a9de9ca7c5d2dae0484db3832147fb8bf7cd100ee5f5754e53db426f40a42403c1bcd317412d28cc99910ea45ae669983ef812792c927d61b3efa09125c2a

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/bugly_db_-wal
Filesize
72KB

MD5
d61f4b59913092bf78012db0b1ab923d

SHA1
3bf473235accf4d5fd69ecf607eca3295c96c7ba

SHA256
ffbacddc69b250094965825b536f91286e5008be56038ffe38521bce467a1718

SHA512
c499e7b08509394529f2ddd707ec5bc9b5b49a2c45c524ec2ecee1a9c0885aef94c4997b8d95c225e31cc295c5223457d6168a40e5b2f9496707e40b66d9a84c

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/tencent_analysis.db-journal
Filesize
512B

MD5
011b59e0f283d9c00599ff7054e11c3d

SHA1
f03066436cac743653202e77f56fbbedb692cb01

SHA256
d3e71917745dc93566f09872ff9d047ad2df4c84bff3b030a96a7c5be1471a6a

SHA512
6ea3bda854faf2b3b61ce51dfb2cb0ed9b07692475e27b064c4b1c420a8fc907fc00f103f931f44ef89ef2d2b4c74bdce86d3c962d8fc3e706b6fef40c7e3eb2

Download Submit
/data/data/com.yxxinglin.xzid40186/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
053be3161f097e0caeca6bd8fb19fd2b

SHA1
709eb1daf3e91ab2a169ec40404dc97b90783531

SHA256
19815eed3540d98a6bbf55eacf45969f105fc5878bb3bdabf1e05b36a2d554e1

SHA512
f0500bd8727bbf2d7c47300e4f79709d52306ee1ff13f5013cd7f7591fde46bc4f3cd2ec2e3b1a781fe3be3f3503f1227045612614f2202ffbc7d66c12ddd632

Download Submit
/data/data/com.yxxinglin.xzid40186/files/cclogs/2024-05-11 085232.log
Filesize
1KB

MD5
119dcd3d118a63b4eeb2418d02277340

SHA1
a6585248f7dea2593488de6800c066ddcc9550ba

SHA256
9d61b5371dde29c7e6c02e6f8ec499a01132e54181073bbf1cb02aaae1887ee7

SHA512
daeaf7bd08d1920b6e058b47e99c95a516bb55118c57793a3cf190b9dc96ca164b85a28805e63e5946ce5d354b6d5b572f6c7594d350ccb4c86779f3395a9c32

Download Submit
/data/data/com.yxxinglin.xzid40186/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
e756313f2e71151a149895309b05a7a8

SHA1
f87623fc52f1a010f429f25e1c76536e5e3e66fc

SHA256
51b58c19b2e68379a69cf22ba47a6848d6c935b58b4e3161d7bc24ed4c3d108a

SHA512
c3c34d1dde82d2fc4ac00a8ba4927381df5a0485044b48c227af4ab872535d62e41cb2918cb3bed665efdb3d4fca590a917d1d2b533b5ac02c5bdc95717c402c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
52198a9bac2e005cebcc571ee0be6c69

SHA1
efaf0878dfe1dc2b6bdc22a2aa45d6bbe32704a4

SHA256
ee5ff7706afc89570f8ea738d05572aeaf18cf785d979e08afb76ad6d97c8308

SHA512
0d0255f00958815113e90e8386279b886313e378a9ee5d84ebf47c344fdc91b861e844f150c84fad0c57979b330982a4a41f89f28ba2ce6a38bc59127f7f2611

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
dd31287d7079da7f947f3f886cb1ceee

SHA1
7d5bb95ad1d90f442f03a1a623741a28597c9235

SHA256
93640e0f51f74624afaa316a15959176c8084cd6cd7a794c5aa46ffd68ff6ee5

SHA512
f774b5b7bd0f386d183faefb7a5fb3c3b3445dc565599edec67ccdc197e0026f59018692fa54ddef82885e3ae712b39fd11c41dc441481e9fab23c444ab0d158

Download Submit