af28db2af862e286f32a335ec4ff274700bf1e37b12411d9ceb6ead6cef5989f

Analysis

max time kernel
151s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33cabd0ff64a0e9ffa989af15d0d641b_JaffaCakes118.apk
Size

30.3MB
MD5

33cabd0ff64a0e9ffa989af15d0d641b
SHA1

09b165784ddd59f4ab5265b468cd0d994057a50d
SHA256

af28db2af862e286f32a335ec4ff274700bf1e37b12411d9ceb6ead6cef5989f
SHA512

f72845529f5a5872c75f734745fa34176c46c0ca144a396a6a7d31c171b8343438631d76ead6c81258d04c48b4571fc42ab7e215269a48ab67bc554cd79e218d
SSDEEP

786432:g8qg1bIC7/GeMxg6RCt4aovsEWVul8hwN4+EQnSCwM:B1MC7/GNdCt4aovszIl8CN49C

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid29796

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid29796
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid29796

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid29796

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid29796

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid29796

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid29796com.yxxinglin.xzid29796:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid29796
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid29796:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid29796

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid29796

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid29796

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid29796com.yxxinglin.xzid29796:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid29796
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid29796:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid29796:channelcom.yxxinglin.xzid29796

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid29796:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid29796

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid29796:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid29796:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid29796

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid29796

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid29796:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid29796

com.yxxinglin.xzid29796
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4387

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4407

/system/bin/sh -c getprop
2⤵
PID:4458

getprop
2⤵
PID:4458

/system/bin/sh -c type su
2⤵
PID:4486

com.yxxinglin.xzid29796:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid29796/app_crashrecord/1004
Filesize
241B

MD5
640cb280032dcff8e8611c9f3f0281ce

SHA1
0ca7595369a18276b7afd0ad34462b1b13ad67fa

SHA256
730a59ec631e1e22f74acca48f5835d6f8ce4ef4bd63b9a770f7106dec67dfe3

SHA512
f187ed5c901e9e0dbb1224ecb17f34311ac3a76e28cfbdd5bfba99beb5c8b10627c75c2b2d8c8d374e9b7e424ce585122702037032af0eac86fea02e830da359

Download Submit
/data/data/com.yxxinglin.xzid29796/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MessageStore.db-journal
Filesize
512B

MD5
7dd56a0910a8e5bdd37491b77d33142b

SHA1
fa657b724e617ab8151898b046cdb0f4936e9b74

SHA256
39ba76e0bcf3cf37855c6ff6bbef0c0cdf17470230a6c6452afa4ef7326012fb

SHA512
78f0a8ed06c4ed8e6cd136d068346b112cf7b4ba14c8822bcb442af5340706be13ea13f830359d8a87803c1ae7e78f8822fb2a7f00b6f638d99728c35f00abf2

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MessageStore.db-shm
Filesize
32KB

MD5
e2459de6d7da192ae9dae661493ee8d4

SHA1
6ea5c96d5b4d82e94f129e3d23e40910bc5df08a

SHA256
80090da7266b096d75ed0fb58ffc4c7f07a2e3f652e37936857f1b17c838910b

SHA512
cd050f23e090830da21b16b1ce3fdaa158b1bb82f181534ee3dc08adbac898fe22f69997803d4a0e8a83ec487704a5bacac8d08c4c6b3290a78a0ad30f24ddc5

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MessageStore.db-wal
Filesize
48KB

MD5
0ad5e2846acba3cbe541f08ebbb4b95d

SHA1
b38cb3b479d03f4b560fe5757820ca0aa89b23bd

SHA256
34cf561021d5a776fced30edb22236b0d72c3ec70638536ab982c5997f7c8a51

SHA512
eae9fb8bcfb9507be10ddc506c4e281539b63f3be2ab280c72c0ee2b7c6abf080db97dce9f2522d17cb73e13dabef05052fea7065b5b967cbf0aab7884c68478

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MsgLogStore.db
Filesize
4KB

MD5
1153afc71f9314809a86ea5dc4bc2052

SHA1
cbd677f3155c28b504a03dbde9435821e449b875

SHA256
e3b5bf0edf2c786b119a89c1b249e26fc2f52d20d17bc7abafb77c3d81d7daa3

SHA512
6a5dfffe2e4098ce4bf06b50002d202885e1ca85ba119b57c29e413aba239115a85bbaee5cfdf07f3e4bc8ef93ebf0f3dfe989288671b8f8f3223b932f143707

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MsgLogStore.db-journal
Filesize
512B

MD5
b1d36611f5265d6069d7f9dc3310cae3

SHA1
5fc81ed2de307f94549843faa4fba54d0a25a403

SHA256
9bbcab3c8141e737693fc3345a9e40c67236fc0b2fdc95e74c350d46d264b8e7

SHA512
6fcbb66e3b70a0b1bd68bfcf967e77ff31627226545e55c5779a4f5bb812d209aa09d7b944f344601b9ebf1157f267ff56aa1a0474eebfc0a98f40a6e881b297

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
854e3445ae5486ba45ab89e15d83e7dd

SHA1
94e86aa136db515dd7439c48fcce4bfd6e6681a3

SHA256
bbf8c793eca16342ae164279356609d3995c181b03d0e03d7c71c3f58ec88cba

SHA512
0130407d74acbd491535d772fdc41679f454f6d361d45417244a20c72d6382805fbd1a598d8abf1057d002ec1e3ce02e0b4caf64edc525b5c991574e38503f5c

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
809f72f3c74e0310bd58479b9c0728b2

SHA1
7d96f282b0e33a8418dbebf5ebde6195113b6541

SHA256
7930caa5e0cbfbf2b112421c594e727f3f2b788aea3c2d5d11efb9af3797f919

SHA512
b1eebec0da52c97c31707addf3f4d68e7ecc047e91e536a79a416e2fee175e0e897336e4c5617860091688ba5b27f2e38b0961103021e6e8b9bd9add7d14be7e

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/accs.db-journal
Filesize
512B

MD5
8ab1d962c8f8ce7fcdb40d7a96cf0489

SHA1
e1f5341bf8f16952495df5b475ccc8aa8c4832ab

SHA256
959f27ab30a120a25880129aa2e271b75e1fff3438f5c30eef78b560a35c236d

SHA512
29cbd52b48eb791f4b9c61f55e6c52bf1b98955918947f555e02aa227fe3ff2e8467211f51aaa08e9e018c122e5ffb092dc9eacd9bedf2ec7fca98945dcbc956

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/accs.db-wal
Filesize
48KB

MD5
0c5645662774a87480837da865f82c85

SHA1
5cf9461d160194da2bbab0bc321b8bb32bab8cef

SHA256
a665c98e0a4140ec0f739c563ca4aea541f7cf76f67adc645cd93128fb743008

SHA512
cb1f771d4b233513cac066308e5628f00bbef6eb95afde72e7d3e00b66a5f7909a6def8df72338c5e174f04d959b73b69ef7a6168189407dd567c2f5cd66361a

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/bugly_db_-journal
Filesize
512B

MD5
34b8efd0ed6d8cabb7fd44cc41dca808

SHA1
9c9cd9d247fb87a8097909f50b31527650f92c0e

SHA256
0146e4f7f1ba8426d763c5dddff72b60a9b83a0a2de38490ddc4f34f27f46ec9

SHA512
02ecdca31a454815214bae22a9a3737156d6ae7f5184b6574bd62912b8e2a8f10eafe045c18f1a120bfc89c0012a94bbe27541636daddfecd1a581d6596e48f3

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/bugly_db_-wal
Filesize
72KB

MD5
bfa5255f72e89d91a3b72d2a02fac29c

SHA1
7ad85e0be082e344927f738db1a8f3bb2781657a

SHA256
b9eb7137a32f4a441e23bbd9803c935425452b1a726da4c697c4b88903afd694

SHA512
3f2b16991ca631ff01f7a5f7ac65ce5d96663b07f50fd152e236f65dfffc233c4144db675f409f44fa10d7556f8d31bc3d489773912e438c299cbbd081197ffc

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/tencent_analysis.db-journal
Filesize
512B

MD5
74daeafe96bf9ceee0e8a2ad1b5c6772

SHA1
6daa03f739513abd2229e31a1928be25203db188

SHA256
2cd09765b24768276a1c66423ad6d01b33f8db018709e3525d7d5409856d2480

SHA512
99b49fd8f300a09aa1c53f35678cfc24977241e39b62d864fcfd7ede61c47f9f54225739e7271a5e4daaf5adabe5d53da57d8a69a33fb0d0a1d02195880e2032

Download Submit
/data/data/com.yxxinglin.xzid29796/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
aa01f2e7da3a93d1c95e5f5ee2844fa6

SHA1
eadf8a8e6fb1c07c011d2992a6554887737dc6cc

SHA256
1d3bb92b4de3e2d4533cb4148bae51959447a758b50c783479ea3e5995be4442

SHA512
faf5eb557ee6667cd094264ca6a736f68169618b623e88510e94901d01d96c581f2a07a69e9648c8e1ea5d88fe2b799f8267e909cfb0cd53eab34fef69679499

Download Submit
/data/data/com.yxxinglin.xzid29796/files/cclogs/2024-05-11 090001.log
Filesize
1KB

MD5
a131f0605b1a84e4627811c330df7b11

SHA1
3868de781a56483977119bb1aa39734288c1c6eb

SHA256
22ba30f1d961bfa7c67f31663f06ca747c758675d4901bd1ff1bfb6a44956f1b

SHA512
fbc2afb128740b81fb66c36d43da78ae87db40a3cee26b4a467f1ea9d66d9e114206c1ede9e803433a8b2bafaa6ddd09ed4f721d35b351add0867fbacb5cde41

Download Submit
/data/data/com.yxxinglin.xzid29796/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
23f6df2d9cd85a4d934b3e7417c9723b

SHA1
2f813ee72063ca514a78d6f1fd70c8eac75e0b7e

SHA256
a3af0dee642c765a5f77c34cb4df95900673fcec5cac3edc8b0c47f216dc3530

SHA512
8e4c857db24e0c40e05b1e7015d94e90889ce1b5d32cb3389b10f5717ddf8fb79e28808aafccdc1c205f5890c6de0f068ddfb754435abba76d0f3b07601dff2d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
8cbc346dfe25913e1985272d704870fe

SHA1
68ba10d23497ab14a07d83def838cba80d58c6a3

SHA256
edc9047eba858dda1f96008f5135c6241961407db731c3452d08bba9151316a2

SHA512
54ef267f2d297f181181fc8920673650b3b89580e6f6319ce80490f7e86ecf4755846a6e2fbb2ed01ec0ea491f356863132ed5d8c05725992115e1c8a731e33c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
a0a61ad0198c65d51842b891b255e5e3

SHA1
8d709936d89ee80c9fb0d9dc5be6419f82242a0d

SHA256
af663d7db57752f2852cc265b1ff1b1924011f3d372aef9ce80b6265720af6f1

SHA512
b9d93342f2e476baf0005fc953ee926f4bdc917baebfd210db5cb3be7aa3f8e74ff865769377bd6c9f46f6f6c0bbf5f2dc8c44d3ed4c0a61648d9db8bf60cc0a

Download Submit