Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 06:50

General

  • Target

    3e39d7ec547db7f7ba8d6e9fe65dcf01_JaffaCakes118.apk

  • Size

    30.4MB

  • MD5

    3e39d7ec547db7f7ba8d6e9fe65dcf01

  • SHA1

    5b4b3a0c23de10ef4732b4ec381c8a9da776cca2

  • SHA256

    127f86b527fab0b4f80ae03496c08f138b7ec9bd290a99bf2d150ac7ec634f79

  • SHA512

    2e0b2ad2aa9cfd9577d373259e4010122fcf3142f872ef9aa2e0d8d3ad74a6185c372550c78a4371111055e45164865f7993b30671d76b900e7f8cd4ae304d13

  • SSDEEP

    786432:t8UP1bIC73uUMliiZ++ZP07sEG/GLWd7zMyiQ/SYuf:P1MC73u77+MP07sreLWpzMHF

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.yxxinglin.xzid39076
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4284
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4378
      • /system/bin/sh -c getprop
        2⤵
          PID:4444
        • getprop
          2⤵
            PID:4444
          • /system/bin/sh -c type su
            2⤵
              PID:4474
          • com.yxxinglin.xzid39076:channel
            1⤵
            • Queries information about running processes on the device
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            • Schedules tasks to execute at a specified time
            PID:4515

          Network

                MITRE ATT&CK Mobile v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/data/com.yxxinglin.xzid39076/app_crashrecord/1004

                  Filesize

                  241B

                  MD5

                  fd7ce028bc916138dbdfdd01a039a0e5

                  SHA1

                  9888e9503c1bf57c3126c17d07b158a190173677

                  SHA256

                  6138ce7408b3cc3331693a293f8987a4ec35dd97ca9ae4c9db16ec95eace61d8

                  SHA512

                  e2176742efdd997b7cec860fae5ac3383f721bff935435e1c1b732258848a67f490e5d89ba298e00fbcd2c944a5c7ad1a1feedd8e2b19574c7b4dc78ded10a1f

                • /data/data/com.yxxinglin.xzid39076/app_crashrecord/1004

                  Filesize

                  58B

                  MD5

                  0d210bfb2a0e1f1b4c082a6a0f79de07

                  SHA1

                  bb8ed9e364db79d1d9f2fcde3f15091893222faa

                  SHA256

                  988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

                  SHA512

                  536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

                • /data/data/com.yxxinglin.xzid39076/databases/MessageStore.db

                  Filesize

                  4KB

                  MD5

                  f2b4b0190b9f384ca885f0c8c9b14700

                  SHA1

                  934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                  SHA256

                  0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                  SHA512

                  ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                • /data/data/com.yxxinglin.xzid39076/databases/MessageStore.db-journal

                  Filesize

                  512B

                  MD5

                  37a0c61fb010e6d55675e5eef179e23c

                  SHA1

                  bcbc440fa66318718f5728bb5c7d95a1346b40b9

                  SHA256

                  77908e18a1f62ba7a6f367b6fda2129dd66b8df99e1748ea32644cc5feee5e64

                  SHA512

                  63241160065200660c93d0b1bf7c6213121bb1d8a9a13c61591b97dcccbb211386d5e9f3aa46cf4b59b1cdbf745f154aa840c3082c9bcef8d8a2e14e1c7d02ec

                • /data/data/com.yxxinglin.xzid39076/databases/MessageStore.db-shm

                  Filesize

                  32KB

                  MD5

                  6756c6627887c7d4bca424e03e84ca47

                  SHA1

                  120afdda801e2dbf458d6d859f5230308a7614d9

                  SHA256

                  dc6acca2c7112e39814fd5c8e181ce00254736bd61a6e41a4e5c1c3b5e0315dc

                  SHA512

                  da524502e7e9ba97b8440e432c001d96ccba31b3c0a0e692ea8874199abadd45ceeca48e8a3240cb5162867117f22e1d97a94269d4c9bf888865507cf82169ad

                • /data/data/com.yxxinglin.xzid39076/databases/MessageStore.db-wal

                  Filesize

                  48KB

                  MD5

                  8437c5534c97471f637f402ed1b3701a

                  SHA1

                  16bc2ec0aa93b6d74d6474c198d9eb6c48b00f3f

                  SHA256

                  158ced8915dbef9a27741cdda4b5437ea8909d796444f4611aea3245325c0fae

                  SHA512

                  05551d45e2089d554f96bf4719bac958d81e542189cb9e333e396417bdc0ab07befbd261c97653d731cf4bf30416db3c8dfaa63806474dcbf28fbdfdff94d1a2

                • /data/data/com.yxxinglin.xzid39076/databases/MsgLogStore.db

                  Filesize

                  4KB

                  MD5

                  d219fdc623c7db74121484f15541c2b4

                  SHA1

                  d8a77a77e3a1e99ca812e85c2f61f5d824bae5b9

                  SHA256

                  a84129116ef45b1715e8851e79d604675b62b495358e720a6c446ee8e78310be

                  SHA512

                  bb5da5a505885b9c750131625b1f9882e7cbbb14951e2c026f7498dae40064c2e3c1eb2ee759f145d4de4a166d74f941dc57e63942d4bc875f53a0e053d314c5

                • /data/data/com.yxxinglin.xzid39076/databases/MsgLogStore.db-journal

                  Filesize

                  512B

                  MD5

                  9ca3b5a1f5dd186bb21ffc55987c07ea

                  SHA1

                  44186f28cb9714799eebaa2a7d2ae591a071f69c

                  SHA256

                  9d14bce79ab70e2f3485e7ce86c3fecebaa5b57e5f3e78020a8905e4fb339475

                  SHA512

                  25f68f03f833bd2020611268be02c8b2217ad8b69d57d140eda0b4cc751cc59e21f67ef0474fc3b3f75dac6b3cd7a005e2587c49328f4e234278254162a9ecd0

                • /data/data/com.yxxinglin.xzid39076/databases/MsgLogStore.db-shm

                  Filesize

                  32KB

                  MD5

                  01d423692cfe4eea26d9f4ec356c64d4

                  SHA1

                  3e95c63263e505b6e07cc19b50cbdcdf5ce3475b

                  SHA256

                  67071e09713c30ecafddb0c902632ab38aa340582113ad5b46e642dfe2c4bead

                  SHA512

                  c95c4e349ae44b9457e9abffa6754885b10424838c9f2af4afa60858ac1c246b5a8159804f97e3a9367e07672c77bf7ac4ff886a882b46ed7eec82a1a85f146e

                • /data/data/com.yxxinglin.xzid39076/databases/MsgLogStore.db-wal

                  Filesize

                  68KB

                  MD5

                  80570ae17725e414f088a4c59ab02c4d

                  SHA1

                  afcfaa5f626d36463fbdbcb96d8db6102f3c8a23

                  SHA256

                  fb276e496053dc0291f269b5f64816b5670ea2de6f6b98cda0d3940f979db36b

                  SHA512

                  e62933a532a20587212c3762a53427831b8bd5c1471709ff5f1ada0305cd7c79a6854c9a6459ae458e8e63b923fdd9c53c3d0f86a790037012de6a2b8e02d563

                • /data/data/com.yxxinglin.xzid39076/databases/accs.db

                  Filesize

                  36KB

                  MD5

                  486e2bac2b3e9e1cb411d2838a4854bd

                  SHA1

                  81dd0a7537f4af319b830ae834908986be85da8b

                  SHA256

                  5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

                  SHA512

                  c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

                • /data/data/com.yxxinglin.xzid39076/databases/accs.db-journal

                  Filesize

                  512B

                  MD5

                  9d1602a409ca392419076f2943d56bd0

                  SHA1

                  2852322cfb320092b0822343eb9ab8565d6faff6

                  SHA256

                  16e83160717a70ad722a90414444d99195ee8601bca1b9ba0126c58d4268c529

                  SHA512

                  fc85afb2e704843cca65f9141dea8df41708c771cf6fc3c932252c10f881e928fa24f2af7bb572cdee70b9a01b969ed583df1c517305c7f6a4dc69127f2d011f

                • /data/data/com.yxxinglin.xzid39076/databases/accs.db-shm

                  Filesize

                  32KB

                  MD5

                  bb7df04e1b0a2570657527a7e108ae23

                  SHA1

                  5188431849b4613152fd7bdba6a3ff0a4fd6424b

                  SHA256

                  c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                  SHA512

                  768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                • /data/data/com.yxxinglin.xzid39076/databases/accs.db-wal

                  Filesize

                  48KB

                  MD5

                  46a8eb15655fd37bda276b4681ac4e05

                  SHA1

                  1700325a63e8db9970a479d518f0ea687e8e23d3

                  SHA256

                  a77168517494b4ffe0c94f9ea4b0890e7949c4f2105962c36f45b6c0b2c54749

                  SHA512

                  396b93b05b6e3189746f096345f3168b1a1ba3021065d7bdd3ec404d5d9fec5fb0a0663430afc7e5dc0187d8180ae508914fcb774c284c79ef6cbb302e8e975d

                • /data/data/com.yxxinglin.xzid39076/databases/bugly_db_-journal

                  Filesize

                  512B

                  MD5

                  aa5848d4b4526adc8ca2aab9e34a42f3

                  SHA1

                  15f9f4bcba541cbb14c2c271a8e2e1dabce5fc2e

                  SHA256

                  408a556f349c4338a079cb7ff742d584745eb888c01f628d1e1da23adf30bfdb

                  SHA512

                  af5239ebb43715b6590cda6c432849ffe22d642e69d8517cfd1ae71f781fb972e368e9d1d4a6fcbe1aa8e796412cfcde9612fd4d828a0729c946bac76f7e1cf0

                • /data/data/com.yxxinglin.xzid39076/databases/bugly_db_-wal

                  Filesize

                  72KB

                  MD5

                  cc06dbc2c0f368c8afbad4eda43a3285

                  SHA1

                  25b1b07b348d043aafe1a7edb876e1c5e280f0d2

                  SHA256

                  e0c8b941675145df14b91450d565992803f4ad027ff025a12a2cfdff017e189f

                  SHA512

                  cc3ea05762fc3fdb0f623ebb91bbb1e4b281bd824dc6a94b1b6d9a2655e0030c52b051ebf55e5f13586b498f1a84276b0abf1db35512dcecc2709d1bbbaec696

                • /data/data/com.yxxinglin.xzid39076/databases/tencent_analysis.db-journal

                  Filesize

                  512B

                  MD5

                  20347afd8e8123663d1bc6be74e8131c

                  SHA1

                  0cd2f4cb972c820d890014a3e323a9d142a32e99

                  SHA256

                  a2e609bff5b14f0ab0b9c2b1be9901f61fec9a39230c22755f960e300f4dd81f

                  SHA512

                  0a113381ca74cfb226f7bb03c05bbb322be3350357aa12840939a86c7ef874e50ae80b6fec1bce0bd284bcea160a134d5015c3b2a865693bd79792f4fb2188f5

                • /data/data/com.yxxinglin.xzid39076/databases/tencent_analysis.db-wal

                  Filesize

                  76KB

                  MD5

                  0b8c34449c8a49d7537cb29a10be5346

                  SHA1

                  84a037436ba39d8501f4ca49363ba61e1a14616f

                  SHA256

                  d9cc9b775571fcbf51a693597207b2411dfa7283719269570e0031329fcc12d2

                  SHA512

                  a19b762301f1e6d2b22f12876ef6124974144e510b4ba05a7777e288041e81b6aa3e3ebc62a43a7637472a4abf8577af89a77ec8436a3b67941cfe347a90590e

                • /data/data/com.yxxinglin.xzid39076/files/cclogs/2024-05-13 065045.log

                  Filesize

                  1KB

                  MD5

                  b85e29fcffc3686c9ff8f5bd2750c0b4

                  SHA1

                  208322ed9ffe2a98753aba0e2245b7d83d91e3ea

                  SHA256

                  6429385129fc5fadca879b130fd44eafb16a98271eb06b62df13e799d8c8e122

                  SHA512

                  206f7ad8db42fe6fce73bd6392b3dfa1a59ce16cf9ef9083a9ea45c12a959be47798b992b3564f5ba3b97f8860c662eae6c6feb89f0027ab553bc967e5c56e73

                • /data/data/com.yxxinglin.xzid39076/files/com.tencent.open.config.json.101400326

                  Filesize

                  1KB

                  MD5

                  f526172de1566b34fdcea744710d9559

                  SHA1

                  000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

                  SHA256

                  8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

                  SHA512

                  dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

                • /storage/emulated/0/.DataStorage/ContextData.xml

                  Filesize

                  111B

                  MD5

                  fdbdba5dbb68e66e52c76b68b0f5cf52

                  SHA1

                  10a7fa270308c6da4981b8d1b90bbe22f79221d2

                  SHA256

                  d37c8e09e0c862caebd8e19c4453f9d7810d98ba0abdbfdac95dc8e6affe9b69

                  SHA512

                  9e1d98969d2d6cc2521561f83ee3e312bb7ed0095df3fe271a9d1a86040b02ff47502f9b3d728a34f76c270806375e87ac60cd1a0b82a0448bddbe0f949f6fdc

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  65B

                  MD5

                  9781ca003f10f8d0c9c1945b63fdca7f

                  SHA1

                  4156cf5dc8d71dbab734d25e5e1598b37a5456f4

                  SHA256

                  3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

                  SHA512

                  25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  111B

                  MD5

                  3e6ec0b1733aa99ee8cc9a6679d7ff64

                  SHA1

                  5776bf4614c228eb98557138d51219521a660910

                  SHA256

                  f9721a0cc05600c9a41504826c01b1076ee525a90bb8c9af99b5260b5245e7be

                  SHA512

                  6787805101520740ff5d1f19aeac0e9926cdaf2046eb374431ad70c5e9e190a4b9f82a3a27cd80435b54494f5f8070ac240a2099a9809985859d171f699da8fa

                • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

                  Filesize

                  381B

                  MD5

                  6ff27076195d3d2bf7434e1f68cf456c

                  SHA1

                  9693f7cf05f98df6e479dda0b413d7542aa12371

                  SHA256

                  d34f813450ca14b7c3b0fb9fc11b13bafe3578c31b78ae1b43794c4333b2b14d

                  SHA512

                  6f537d500c37aefc406c37c92b5eafad3cd93bf9f165697113cbd179f0dd62e2856d668523085415deaade6dd4532c2b075751df25a3dd7adffc1346afa7cb3d