46a51db7bc9bfe13cf27f4e49bcad42b24d01c5d46091f3fe76ce3f799546751

Analysis

max time kernel
145s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

347d8016a7a887939ea54e1e1ca13440_JaffaCakes118.apk
Size

30.5MB
MD5

347d8016a7a887939ea54e1e1ca13440
SHA1

7d0409d63f739d4b7a0f609d7384e4d3311909a5
SHA256

46a51db7bc9bfe13cf27f4e49bcad42b24d01c5d46091f3fe76ce3f799546751
SHA512

a1bdf95f7cef527dee3109caa56f54e35e39889b3712c9eba02f23248032ee93bcd8367c86ed82a5007df2bdeb21c9efd2f203f107b01288e577d18dc3e6d3e1
SSDEEP

786432:qUwN1zIC73uIMiEWIqypW1ZP5+tsEab8vG7oTc2kQDT/3T:010C73uHjWTP56sT4vG0Tc67

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yxxinglin.xzid14696

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid14696
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yxxinglin.xzid14696

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid14696

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid14696

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid14696

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid14696
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid14696:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.yxxinglin.xzid14696

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid14696

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid14696

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid14696
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid14696:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid14696
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid14696:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.yxxinglin.xzid14696:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid14696:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.yxxinglin.xzid14696

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid14696

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid14696:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid14696

com.yxxinglin.xzid14696
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4367

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4387

/system/bin/sh -c getprop
2⤵
PID:4440

getprop
2⤵
PID:4440

com.yxxinglin.xzid14696:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4495

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid14696/app_crashrecord/1004
Filesize
241B

MD5
61bc61b64d201ddaee2ea0aa8798983e

SHA1
c858916f913df2f419fb133d258f0bbc57d5ae3b

SHA256
8468afb1498fdc648fa8bdd67094d6b7a02d89467b317ace669f8e53dc81607e

SHA512
477f4f2e57d96bd9771a0bd372e1fbe647b24d660773d3a1dfcecaa39cede147834921f175100b3e247a0df1c66fc73cc2f7cd1abf1efb03ba4faa9cd0c2bec2

Download Submit
/data/data/com.yxxinglin.xzid14696/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-journal
Filesize
512B

MD5
4674696a20deed2f5abbc63a0afa07e1

SHA1
a504d38aa6f2813eca0ba7cab816eeabd1c0b682

SHA256
f166d11006a08e7e40cf997908dde1edb4fd642876171be34214d51a0495195b

SHA512
1b468d32c871d34e47c399df1ea0e2b7ab79110f6889ce30f51339e3c7d574e9268973ab14285e567fca3a4a7a477c2235ca8f287caf16e5026f6deedc7ec241

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-shm
Filesize
32KB

MD5
8a699ca2813fd39e894cdfd87b17d684

SHA1
c049d01e24e273b8569df9dfc8193694c9d01165

SHA256
9335a4abcea39d9ddcfc2f919acb5c8aca9db0cef7a40110ebb99ef0e174ebce

SHA512
3c9e21158adeb73fa490e3e4c0b79a1e660635c4d4e64b578392824cd9fba1b6784ef6c261ddd0d28afbfef5edf273c47b4466c21884c1543c3e54b435453ff2

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-wal
Filesize
48KB

MD5
f2a19e51ceb897249afa9121a5857cd1

SHA1
54fdb554b4772e7087439c083b2dc1306d2e8c3f

SHA256
1c9d4ac182d51d0d2e26733eb490a1a550fa67e0f0d53eedf91f4c951474090d

SHA512
13a05c09fc2eb950eed3b4d6d96165c94d963132d1f236a6e9b604729c3c647c9ea480d44e3795890017e2052b8f9ad528f017e9f99535ecb131f97530aca702

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db
Filesize
4KB

MD5
790cef548a817110ab8440c11dbb2feb

SHA1
9f2e6a3dea6e54874f25e2f4d9c34af6007e9325

SHA256
4aff9449fa793ae019c108d4af22a7887838ff6245e647c5fd8b5f538124b98f

SHA512
f3283633a069d468faf5424d69a47afe2dfd6a336525ebb31fc09dc6aaeb48c43f4e2eeef68842b07ac3d9f47bfae52f4b8afc46281c85f810e29f087dc24730

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-journal
Filesize
512B

MD5
95b96169eb56fc22b6d3323a0f185c05

SHA1
2c381855ddc1d29ebc258a89ee4c212501a116b8

SHA256
c9215bdcfd47b36f8e7be2905be81f7a31c84149b4164495d459967910aa6fa9

SHA512
631e8336b83223828311828632fe8166ed637d96e6162d0d8c7d1e57938bad81770df026bdca64b5e9047daac7ad0a3eec12368051e39652386d566b4287641c

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
4a185d2be470249dd8f4f8e8ffed247c

SHA1
1a122a23e9d921f11a575e748daf46c9174f9cd2

SHA256
64d8af175df716bd8b2859df5bb7188924ecc29f4ac8926dda961d224e116dda

SHA512
949a978306e84f677c8bf5c08c214a1be2ba74d4bd996fce4263270a26a7a3e5cbc02f646dddcc53725221d42b4a42633c124235faf9fed4cf69938b70bb63e6

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
dcaa9305fbc15a6ca535e3fb15fb22c9

SHA1
37ad20f988734cfdd6a0f40f46b76737290da14b

SHA256
63089872bafb182add08dbb7b6e53d8aac28b844d0674e7d61cf95d9fb061feb

SHA512
e8d62031f5af4644b83e6ea30dc7d0b64be58e8a7ccd9107d4c907084e9193eacb859e186eb6c6703f58fe421ea41eeca8e7146870de706d9ce9ea45c9e49918

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/accs.db-journal
Filesize
512B

MD5
1e880e7dfb207c4efd06028a2fa671a4

SHA1
e393b38b6cddbc667de740467bdc843bcb3bdbc8

SHA256
d2832567cbfc81c44848498f9c3f10676335e36fffe54f9efeaf784c885be9b9

SHA512
10d50e2126ae754a5d1a701787a2696e53ea23dc269412517f264f85cad47f3c10f1c89fae02f0a9282a26d717b0dc1379a0faf8e5635b734c25fd0f601dae3d

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/accs.db-wal
Filesize
48KB

MD5
6cbedb8f40e38ba5f21961545f70ab99

SHA1
66807063f2329f362484e7a9709b952f3452c78f

SHA256
d012340a78267f35f71f1886355436d3587c4d4ede9f7c844f1c66a5f5610a08

SHA512
642163d34d2b0adf802b3584959de89487f3d9db82ec3e14ea48898aad05f6719b937ec5a8e9f30b6cb98dec5514047d532971bfafc75fec6d8c576c6de8ad7f

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/bugly_db_-journal
Filesize
512B

MD5
03fa8f522102368c636be12bcb76826b

SHA1
3765418ceb58844d2fc087d68fdefe00727d5f15

SHA256
895502504d5b2eaaa9582585059689a284b76e72251daccb7a3e0b9e1a5e4153

SHA512
a67774217fa4fd958ea479d787f3527cdec2e6c4aeba710ae78915b3b41b85698e9516a2b950059574139e94826a124c5b9ce6901f108a4ef02c6ecdc94e1115

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/bugly_db_-wal
Filesize
68KB

MD5
562ca681d4881ff4ae72821ecc37d175

SHA1
2899543a78eb4225aadde9287bf1c96d861269b2

SHA256
be1ddf1939b7e3e140688d208359c18b338c719f71ed7decac630e6d17704e49

SHA512
30da79d68e411ef1589aa4fdfe52a95df7dbc5b1a3f39f69f8bca47ee56ccc1370b7cde99d4e07483286a8c6f6e0ad9e151e773e1fd7f9dfbade68cb0f2d0c27

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/tencent_analysis.db-journal
Filesize
512B

MD5
c695faac1da159c18fcfdb9308df6d63

SHA1
9cef9de8b3297f9748011c9dbb57b4e491ffd9da

SHA256
25c662c4af98fd92d30c742a41450a580bce9db19b050c681616da2778b7dc98

SHA512
86b4b1bf235edc548e9bfe27d734a8e424156fccd4ed98f6659a152b3f8ec29f88d2574eb60b2b0c6a2f977d6f8064906ccf1bcae8a1cdbe98e6a0f76eba2305

Download Submit
/data/data/com.yxxinglin.xzid14696/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
66c428bd7f6c3725f09cb7d553fd6d31

SHA1
5302bf157df295e2cd46f57503138f8a1358aedd

SHA256
ecfb5f0d9a6d021ccb7bcb771b90511f625d91d49f3460c21056ccee2505aa19

SHA512
83d82f92d9b83b2a8200d5517e06275dae3d095d9e27cb2f7dcef286286206782121edb03d0f95de3ef9165ade3c534babb3823e75479f78d6840a79b8b6a8cc

Download Submit
/data/data/com.yxxinglin.xzid14696/files/cclogs/2024-05-11 120317.log
Filesize
1KB

MD5
925f87b8a0979273bac2ffa8dfef125f

SHA1
8ec7c1fef2f6bc9a0bf7fc4d6521a7860e344715

SHA256
243c108e245c65b4daf89cec1bc340ffcce9c73857ce09f5f8c010e288e9ab54

SHA512
764c201662a1c1144f91f0cc3379cab7dffbbcb971a9e8d02cd3c249e73382c9a1067d7b4290df4e40f8c73e01d1dc7f480a2de322948ec677744d826eb5c841

Download Submit
/data/data/com.yxxinglin.xzid14696/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
669296231604e5ff7b29f609db1ea3d1

SHA1
a0248e739e173aa46bcca8d8f1ee91fb72b1c87c

SHA256
245510f77ca48e9e11c40296f496e26d5d9cc0a9afa4fb97d2c2b622ac2d0a5a

SHA512
7a089e1dda979fc8fa3063eec4c0d90c1a9292bf39cfaa37a80f4596222c1900b8b63f222a2a767215d9f3522b86a528726bff5496fef953d3fdb54428764c83

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
162ee66e236e07e0911dca4b9235d572

SHA1
8ad87040c0bbf95acd05a56be9fda349c2d7440a

SHA256
58b0cc13aae2b7d7cefdc33431a8b0a4f008916acd00be9a4f3dadd3118d168e

SHA512
cc68aa43327201d3573ded5c59fdefcb35861aacedc249c90c6374793536c68c1df16afe13999fb5a00f7ea3ab40109ebba0e4ec0731d1cc1ddd3f1e1212ed30

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
221ae066b2e07bdfb317d344d516f937

SHA1
4588836c8220b9e5c5ec5fe2bbe7b389ada5fd2c

SHA256
a7a1358be3acb76649da3816b697426aba980d63a08be1ffd4ee67790be37856

SHA512
3f333893fe9d97039636cdee011def58b11806487a69c356382210245fbc7f66eb2e3864a30b83a3997da2b3bb57a2405316d913fea99db5d9a246c6a919011a

Download Submit