Analysis
-
max time kernel
151s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 06:50
Static task
static1
Behavioral task
behavioral1
Sample
3e39d7ec547db7f7ba8d6e9fe65dcf01_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
General
-
Target
3e39d7ec547db7f7ba8d6e9fe65dcf01_JaffaCakes118.apk
-
Size
30.4MB
-
MD5
3e39d7ec547db7f7ba8d6e9fe65dcf01
-
SHA1
5b4b3a0c23de10ef4732b4ec381c8a9da776cca2
-
SHA256
127f86b527fab0b4f80ae03496c08f138b7ec9bd290a99bf2d150ac7ec634f79
-
SHA512
2e0b2ad2aa9cfd9577d373259e4010122fcf3142f872ef9aa2e0d8d3ad74a6185c372550c78a4371111055e45164865f7993b30671d76b900e7f8cd4ae304d13
-
SSDEEP
786432:t8UP1bIC73uUMliiZ++ZP07sEG/GLWd7zMyiQ/SYuf:P1MC73u77+MP07sreLWpzMHF
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.yxxinglin.xzid39076 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.yxxinglin.xzid39076 -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid39076 Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid39076:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid39076 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid39076 Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid39076:channel -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid39076 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid39076:channel -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid39076:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid39076
Processes
-
com.yxxinglin.xzid390761⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4284 -
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4378
-
-
/system/bin/sh -c getprop2⤵PID:4444
-
-
getprop2⤵PID:4444
-
-
/system/bin/sh -c type su2⤵PID:4474
-
-
com.yxxinglin.xzid39076:channel1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4515
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
241B
MD5fd7ce028bc916138dbdfdd01a039a0e5
SHA19888e9503c1bf57c3126c17d07b158a190173677
SHA2566138ce7408b3cc3331693a293f8987a4ec35dd97ca9ae4c9db16ec95eace61d8
SHA512e2176742efdd997b7cec860fae5ac3383f721bff935435e1c1b732258848a67f490e5d89ba298e00fbcd2c944a5c7ad1a1feedd8e2b19574c7b4dc78ded10a1f
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD537a0c61fb010e6d55675e5eef179e23c
SHA1bcbc440fa66318718f5728bb5c7d95a1346b40b9
SHA25677908e18a1f62ba7a6f367b6fda2129dd66b8df99e1748ea32644cc5feee5e64
SHA51263241160065200660c93d0b1bf7c6213121bb1d8a9a13c61591b97dcccbb211386d5e9f3aa46cf4b59b1cdbf745f154aa840c3082c9bcef8d8a2e14e1c7d02ec
-
Filesize
32KB
MD56756c6627887c7d4bca424e03e84ca47
SHA1120afdda801e2dbf458d6d859f5230308a7614d9
SHA256dc6acca2c7112e39814fd5c8e181ce00254736bd61a6e41a4e5c1c3b5e0315dc
SHA512da524502e7e9ba97b8440e432c001d96ccba31b3c0a0e692ea8874199abadd45ceeca48e8a3240cb5162867117f22e1d97a94269d4c9bf888865507cf82169ad
-
Filesize
48KB
MD58437c5534c97471f637f402ed1b3701a
SHA116bc2ec0aa93b6d74d6474c198d9eb6c48b00f3f
SHA256158ced8915dbef9a27741cdda4b5437ea8909d796444f4611aea3245325c0fae
SHA51205551d45e2089d554f96bf4719bac958d81e542189cb9e333e396417bdc0ab07befbd261c97653d731cf4bf30416db3c8dfaa63806474dcbf28fbdfdff94d1a2
-
Filesize
4KB
MD5d219fdc623c7db74121484f15541c2b4
SHA1d8a77a77e3a1e99ca812e85c2f61f5d824bae5b9
SHA256a84129116ef45b1715e8851e79d604675b62b495358e720a6c446ee8e78310be
SHA512bb5da5a505885b9c750131625b1f9882e7cbbb14951e2c026f7498dae40064c2e3c1eb2ee759f145d4de4a166d74f941dc57e63942d4bc875f53a0e053d314c5
-
Filesize
512B
MD59ca3b5a1f5dd186bb21ffc55987c07ea
SHA144186f28cb9714799eebaa2a7d2ae591a071f69c
SHA2569d14bce79ab70e2f3485e7ce86c3fecebaa5b57e5f3e78020a8905e4fb339475
SHA51225f68f03f833bd2020611268be02c8b2217ad8b69d57d140eda0b4cc751cc59e21f67ef0474fc3b3f75dac6b3cd7a005e2587c49328f4e234278254162a9ecd0
-
Filesize
32KB
MD501d423692cfe4eea26d9f4ec356c64d4
SHA13e95c63263e505b6e07cc19b50cbdcdf5ce3475b
SHA25667071e09713c30ecafddb0c902632ab38aa340582113ad5b46e642dfe2c4bead
SHA512c95c4e349ae44b9457e9abffa6754885b10424838c9f2af4afa60858ac1c246b5a8159804f97e3a9367e07672c77bf7ac4ff886a882b46ed7eec82a1a85f146e
-
Filesize
68KB
MD580570ae17725e414f088a4c59ab02c4d
SHA1afcfaa5f626d36463fbdbcb96d8db6102f3c8a23
SHA256fb276e496053dc0291f269b5f64816b5670ea2de6f6b98cda0d3940f979db36b
SHA512e62933a532a20587212c3762a53427831b8bd5c1471709ff5f1ada0305cd7c79a6854c9a6459ae458e8e63b923fdd9c53c3d0f86a790037012de6a2b8e02d563
-
Filesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
Filesize
512B
MD59d1602a409ca392419076f2943d56bd0
SHA12852322cfb320092b0822343eb9ab8565d6faff6
SHA25616e83160717a70ad722a90414444d99195ee8601bca1b9ba0126c58d4268c529
SHA512fc85afb2e704843cca65f9141dea8df41708c771cf6fc3c932252c10f881e928fa24f2af7bb572cdee70b9a01b969ed583df1c517305c7f6a4dc69127f2d011f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
48KB
MD546a8eb15655fd37bda276b4681ac4e05
SHA11700325a63e8db9970a479d518f0ea687e8e23d3
SHA256a77168517494b4ffe0c94f9ea4b0890e7949c4f2105962c36f45b6c0b2c54749
SHA512396b93b05b6e3189746f096345f3168b1a1ba3021065d7bdd3ec404d5d9fec5fb0a0663430afc7e5dc0187d8180ae508914fcb774c284c79ef6cbb302e8e975d
-
Filesize
512B
MD5aa5848d4b4526adc8ca2aab9e34a42f3
SHA115f9f4bcba541cbb14c2c271a8e2e1dabce5fc2e
SHA256408a556f349c4338a079cb7ff742d584745eb888c01f628d1e1da23adf30bfdb
SHA512af5239ebb43715b6590cda6c432849ffe22d642e69d8517cfd1ae71f781fb972e368e9d1d4a6fcbe1aa8e796412cfcde9612fd4d828a0729c946bac76f7e1cf0
-
Filesize
72KB
MD5cc06dbc2c0f368c8afbad4eda43a3285
SHA125b1b07b348d043aafe1a7edb876e1c5e280f0d2
SHA256e0c8b941675145df14b91450d565992803f4ad027ff025a12a2cfdff017e189f
SHA512cc3ea05762fc3fdb0f623ebb91bbb1e4b281bd824dc6a94b1b6d9a2655e0030c52b051ebf55e5f13586b498f1a84276b0abf1db35512dcecc2709d1bbbaec696
-
Filesize
512B
MD520347afd8e8123663d1bc6be74e8131c
SHA10cd2f4cb972c820d890014a3e323a9d142a32e99
SHA256a2e609bff5b14f0ab0b9c2b1be9901f61fec9a39230c22755f960e300f4dd81f
SHA5120a113381ca74cfb226f7bb03c05bbb322be3350357aa12840939a86c7ef874e50ae80b6fec1bce0bd284bcea160a134d5015c3b2a865693bd79792f4fb2188f5
-
Filesize
76KB
MD50b8c34449c8a49d7537cb29a10be5346
SHA184a037436ba39d8501f4ca49363ba61e1a14616f
SHA256d9cc9b775571fcbf51a693597207b2411dfa7283719269570e0031329fcc12d2
SHA512a19b762301f1e6d2b22f12876ef6124974144e510b4ba05a7777e288041e81b6aa3e3ebc62a43a7637472a4abf8577af89a77ec8436a3b67941cfe347a90590e
-
Filesize
1KB
MD5b85e29fcffc3686c9ff8f5bd2750c0b4
SHA1208322ed9ffe2a98753aba0e2245b7d83d91e3ea
SHA2566429385129fc5fadca879b130fd44eafb16a98271eb06b62df13e799d8c8e122
SHA512206f7ad8db42fe6fce73bd6392b3dfa1a59ce16cf9ef9083a9ea45c12a959be47798b992b3564f5ba3b97f8860c662eae6c6feb89f0027ab553bc967e5c56e73
-
Filesize
1KB
MD5f526172de1566b34fdcea744710d9559
SHA1000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA2568572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d
-
Filesize
111B
MD5fdbdba5dbb68e66e52c76b68b0f5cf52
SHA110a7fa270308c6da4981b8d1b90bbe22f79221d2
SHA256d37c8e09e0c862caebd8e19c4453f9d7810d98ba0abdbfdac95dc8e6affe9b69
SHA5129e1d98969d2d6cc2521561f83ee3e312bb7ed0095df3fe271a9d1a86040b02ff47502f9b3d728a34f76c270806375e87ac60cd1a0b82a0448bddbe0f949f6fdc
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD53e6ec0b1733aa99ee8cc9a6679d7ff64
SHA15776bf4614c228eb98557138d51219521a660910
SHA256f9721a0cc05600c9a41504826c01b1076ee525a90bb8c9af99b5260b5245e7be
SHA5126787805101520740ff5d1f19aeac0e9926cdaf2046eb374431ad70c5e9e190a4b9f82a3a27cd80435b54494f5f8070ac240a2099a9809985859d171f699da8fa
-
Filesize
381B
MD56ff27076195d3d2bf7434e1f68cf456c
SHA19693f7cf05f98df6e479dda0b413d7542aa12371
SHA256d34f813450ca14b7c3b0fb9fc11b13bafe3578c31b78ae1b43794c4333b2b14d
SHA5126f537d500c37aefc406c37c92b5eafad3cd93bf9f165697113cbd179f0dd62e2856d668523085415deaade6dd4532c2b075751df25a3dd7adffc1346afa7cb3d