Analysis
-
max time kernel
145s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
11-05-2024 12:02
Static task
static1
Behavioral task
behavioral1
Sample
347d8016a7a887939ea54e1e1ca13440_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
General
-
Target
347d8016a7a887939ea54e1e1ca13440_JaffaCakes118.apk
-
Size
30.5MB
-
MD5
347d8016a7a887939ea54e1e1ca13440
-
SHA1
7d0409d63f739d4b7a0f609d7384e4d3311909a5
-
SHA256
46a51db7bc9bfe13cf27f4e49bcad42b24d01c5d46091f3fe76ce3f799546751
-
SHA512
a1bdf95f7cef527dee3109caa56f54e35e39889b3712c9eba02f23248032ee93bcd8367c86ed82a5007df2bdeb21c9efd2f203f107b01288e577d18dc3e6d3e1
-
SSDEEP
786432:qUwN1zIC73uIMiEWIqypW1ZP5+tsEab8vG7oTc2kQDT/3T:010C73uHjWTP56sT4vG0Tc67
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid14696description ioc process File opened for read /proc/cpuinfo com.yxxinglin.xzid14696 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid14696description ioc process File opened for read /proc/meminfo com.yxxinglin.xzid14696 -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channeldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid14696 Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid14696:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid14696description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid14696 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channeldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid14696 Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid14696:channel -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.yxxinglin.xzid14696com.yxxinglin.xzid14696:channeldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid14696 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid14696:channel -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.yxxinglin.xzid14696:channeldescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid14696:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid14696description ioc process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid14696
Processes
-
com.yxxinglin.xzid146961⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272 -
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4367
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵PID:4387
-
/system/bin/sh -c getprop2⤵PID:4440
-
getprop2⤵PID:4440
-
com.yxxinglin.xzid14696:channel1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4495
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid14696/app_crashrecord/1004Filesize
241B
MD561bc61b64d201ddaee2ea0aa8798983e
SHA1c858916f913df2f419fb133d258f0bbc57d5ae3b
SHA2568468afb1498fdc648fa8bdd67094d6b7a02d89467b317ace669f8e53dc81607e
SHA512477f4f2e57d96bd9771a0bd372e1fbe647b24d660773d3a1dfcecaa39cede147834921f175100b3e247a0df1c66fc73cc2f7cd1abf1efb03ba4faa9cd0c2bec2
-
/data/data/com.yxxinglin.xzid14696/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-journalFilesize
512B
MD54674696a20deed2f5abbc63a0afa07e1
SHA1a504d38aa6f2813eca0ba7cab816eeabd1c0b682
SHA256f166d11006a08e7e40cf997908dde1edb4fd642876171be34214d51a0495195b
SHA5121b468d32c871d34e47c399df1ea0e2b7ab79110f6889ce30f51339e3c7d574e9268973ab14285e567fca3a4a7a477c2235ca8f287caf16e5026f6deedc7ec241
-
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-shmFilesize
32KB
MD58a699ca2813fd39e894cdfd87b17d684
SHA1c049d01e24e273b8569df9dfc8193694c9d01165
SHA2569335a4abcea39d9ddcfc2f919acb5c8aca9db0cef7a40110ebb99ef0e174ebce
SHA5123c9e21158adeb73fa490e3e4c0b79a1e660635c4d4e64b578392824cd9fba1b6784ef6c261ddd0d28afbfef5edf273c47b4466c21884c1543c3e54b435453ff2
-
/data/data/com.yxxinglin.xzid14696/databases/MessageStore.db-walFilesize
48KB
MD5f2a19e51ceb897249afa9121a5857cd1
SHA154fdb554b4772e7087439c083b2dc1306d2e8c3f
SHA2561c9d4ac182d51d0d2e26733eb490a1a550fa67e0f0d53eedf91f4c951474090d
SHA51213a05c09fc2eb950eed3b4d6d96165c94d963132d1f236a6e9b604729c3c647c9ea480d44e3795890017e2052b8f9ad528f017e9f99535ecb131f97530aca702
-
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.dbFilesize
4KB
MD5790cef548a817110ab8440c11dbb2feb
SHA19f2e6a3dea6e54874f25e2f4d9c34af6007e9325
SHA2564aff9449fa793ae019c108d4af22a7887838ff6245e647c5fd8b5f538124b98f
SHA512f3283633a069d468faf5424d69a47afe2dfd6a336525ebb31fc09dc6aaeb48c43f4e2eeef68842b07ac3d9f47bfae52f4b8afc46281c85f810e29f087dc24730
-
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-journalFilesize
512B
MD595b96169eb56fc22b6d3323a0f185c05
SHA12c381855ddc1d29ebc258a89ee4c212501a116b8
SHA256c9215bdcfd47b36f8e7be2905be81f7a31c84149b4164495d459967910aa6fa9
SHA512631e8336b83223828311828632fe8166ed637d96e6162d0d8c7d1e57938bad81770df026bdca64b5e9047daac7ad0a3eec12368051e39652386d566b4287641c
-
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-shmFilesize
32KB
MD54a185d2be470249dd8f4f8e8ffed247c
SHA11a122a23e9d921f11a575e748daf46c9174f9cd2
SHA25664d8af175df716bd8b2859df5bb7188924ecc29f4ac8926dda961d224e116dda
SHA512949a978306e84f677c8bf5c08c214a1be2ba74d4bd996fce4263270a26a7a3e5cbc02f646dddcc53725221d42b4a42633c124235faf9fed4cf69938b70bb63e6
-
/data/data/com.yxxinglin.xzid14696/databases/MsgLogStore.db-walFilesize
68KB
MD5dcaa9305fbc15a6ca535e3fb15fb22c9
SHA137ad20f988734cfdd6a0f40f46b76737290da14b
SHA25663089872bafb182add08dbb7b6e53d8aac28b844d0674e7d61cf95d9fb061feb
SHA512e8d62031f5af4644b83e6ea30dc7d0b64be58e8a7ccd9107d4c907084e9193eacb859e186eb6c6703f58fe421ea41eeca8e7146870de706d9ce9ea45c9e49918
-
/data/data/com.yxxinglin.xzid14696/databases/accs.dbFilesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
/data/data/com.yxxinglin.xzid14696/databases/accs.db-journalFilesize
512B
MD51e880e7dfb207c4efd06028a2fa671a4
SHA1e393b38b6cddbc667de740467bdc843bcb3bdbc8
SHA256d2832567cbfc81c44848498f9c3f10676335e36fffe54f9efeaf784c885be9b9
SHA51210d50e2126ae754a5d1a701787a2696e53ea23dc269412517f264f85cad47f3c10f1c89fae02f0a9282a26d717b0dc1379a0faf8e5635b734c25fd0f601dae3d
-
/data/data/com.yxxinglin.xzid14696/databases/accs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yxxinglin.xzid14696/databases/accs.db-walFilesize
48KB
MD56cbedb8f40e38ba5f21961545f70ab99
SHA166807063f2329f362484e7a9709b952f3452c78f
SHA256d012340a78267f35f71f1886355436d3587c4d4ede9f7c844f1c66a5f5610a08
SHA512642163d34d2b0adf802b3584959de89487f3d9db82ec3e14ea48898aad05f6719b937ec5a8e9f30b6cb98dec5514047d532971bfafc75fec6d8c576c6de8ad7f
-
/data/data/com.yxxinglin.xzid14696/databases/bugly_db_-journalFilesize
512B
MD503fa8f522102368c636be12bcb76826b
SHA13765418ceb58844d2fc087d68fdefe00727d5f15
SHA256895502504d5b2eaaa9582585059689a284b76e72251daccb7a3e0b9e1a5e4153
SHA512a67774217fa4fd958ea479d787f3527cdec2e6c4aeba710ae78915b3b41b85698e9516a2b950059574139e94826a124c5b9ce6901f108a4ef02c6ecdc94e1115
-
/data/data/com.yxxinglin.xzid14696/databases/bugly_db_-walFilesize
68KB
MD5562ca681d4881ff4ae72821ecc37d175
SHA12899543a78eb4225aadde9287bf1c96d861269b2
SHA256be1ddf1939b7e3e140688d208359c18b338c719f71ed7decac630e6d17704e49
SHA51230da79d68e411ef1589aa4fdfe52a95df7dbc5b1a3f39f69f8bca47ee56ccc1370b7cde99d4e07483286a8c6f6e0ad9e151e773e1fd7f9dfbade68cb0f2d0c27
-
/data/data/com.yxxinglin.xzid14696/databases/tencent_analysis.db-journalFilesize
512B
MD5c695faac1da159c18fcfdb9308df6d63
SHA19cef9de8b3297f9748011c9dbb57b4e491ffd9da
SHA25625c662c4af98fd92d30c742a41450a580bce9db19b050c681616da2778b7dc98
SHA51286b4b1bf235edc548e9bfe27d734a8e424156fccd4ed98f6659a152b3f8ec29f88d2574eb60b2b0c6a2f977d6f8064906ccf1bcae8a1cdbe98e6a0f76eba2305
-
/data/data/com.yxxinglin.xzid14696/databases/tencent_analysis.db-walFilesize
76KB
MD566c428bd7f6c3725f09cb7d553fd6d31
SHA15302bf157df295e2cd46f57503138f8a1358aedd
SHA256ecfb5f0d9a6d021ccb7bcb771b90511f625d91d49f3460c21056ccee2505aa19
SHA51283d82f92d9b83b2a8200d5517e06275dae3d095d9e27cb2f7dcef286286206782121edb03d0f95de3ef9165ade3c534babb3823e75479f78d6840a79b8b6a8cc
-
/data/data/com.yxxinglin.xzid14696/files/cclogs/2024-05-11 120317.logFilesize
1KB
MD5925f87b8a0979273bac2ffa8dfef125f
SHA18ec7c1fef2f6bc9a0bf7fc4d6521a7860e344715
SHA256243c108e245c65b4daf89cec1bc340ffcce9c73857ce09f5f8c010e288e9ab54
SHA512764c201662a1c1144f91f0cc3379cab7dffbbcb971a9e8d02cd3c249e73382c9a1067d7b4290df4e40f8c73e01d1dc7f480a2de322948ec677744d826eb5c841
-
/data/data/com.yxxinglin.xzid14696/files/com.tencent.open.config.json.101400326Filesize
1KB
MD5f526172de1566b34fdcea744710d9559
SHA1000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA2568572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5669296231604e5ff7b29f609db1ea3d1
SHA1a0248e739e173aa46bcca8d8f1ee91fb72b1c87c
SHA256245510f77ca48e9e11c40296f496e26d5d9cc0a9afa4fb97d2c2b622ac2d0a5a
SHA5127a089e1dda979fc8fa3063eec4c0d90c1a9292bf39cfaa37a80f4596222c1900b8b63f222a2a767215d9f3522b86a528726bff5496fef953d3fdb54428764c83
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5162ee66e236e07e0911dca4b9235d572
SHA18ad87040c0bbf95acd05a56be9fda349c2d7440a
SHA25658b0cc13aae2b7d7cefdc33431a8b0a4f008916acd00be9a4f3dadd3118d168e
SHA512cc68aa43327201d3573ded5c59fdefcb35861aacedc249c90c6374793536c68c1df16afe13999fb5a00f7ea3ab40109ebba0e4ec0731d1cc1ddd3f1e1212ed30
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5221ae066b2e07bdfb317d344d516f937
SHA14588836c8220b9e5c5ec5fe2bbe7b389ada5fd2c
SHA256a7a1358be3acb76649da3816b697426aba980d63a08be1ffd4ee67790be37856
SHA5123f333893fe9d97039636cdee011def58b11806487a69c356382210245fbc7f66eb2e3864a30b83a3997da2b3bb57a2405316d913fea99db5d9a246c6a919011a