Analysis Overview
SHA256
c6f1c5edb89e99f60ebedbaab432adff9eaf7ad1e88b63758c1b4b9f4c499432
Threat Level: Likely malicious
The file 564707abd96d4563b482c2fd098bc7fc_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Requests cell location
Checks CPU information
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Queries information about the current Wi-Fi connection
Queries information about the current nearby Wi-Fi networks
Requests dangerous framework permissions
Checks if the internet connection is available
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 18:51
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:57
Platform
android-x64-arm64-20240514-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:57
Platform
android-x86-arm-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:57
Platform
android-x64-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:58
Platform
android-x64-arm64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 19:00
Platform
android-x86-arm-20240514-en
Max time kernel
178s
Max time network
182s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.yangchehui360.user/files/stat_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.yangchehui360.user/files/stat_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar | N/A | N/A |
| N/A | /data/user/0/com.yangchehui360.user/files/stat_plugin.jar | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.yangchehui360.user
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/ixintui_plugin.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/stat_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/stat_plugin.odex --compiler-filter=quicken --class-loader-context=&
com.yangchehui360.user:remote
com.yangchehui360.user:ixintui_service_v1
sh
chmod 777 /data/user/0/com.yangchehui360.user/ixintui
sh
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.3:443 | tcp | |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | yangchehui360.com | udp |
| US | 1.1.1.1:53 | loc.map.baidu.com | udp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| HK | 103.235.47.89:80 | loc.map.baidu.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | push.ixintui.com | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | semanticlocation-pa.googleapis.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
| US | 1.1.1.1:53 | push.ixintui.com | udp |
Files
/data/data/com.yangchehui360.user/files/ixintui_plugin.jar
| MD5 | f40472fc3a9a0085c73e7e19dd35d763 |
| SHA1 | 6f331b341877ed9a2b4b34d48e9811199333ab3b |
| SHA256 | ae9aabddaf26d76905881342c6671bc2680079d111b9de6ef98775803235dc9a |
| SHA512 | 8812a67ca5f640e0d42db53645f2d3e78e0837579e7e0094874385960db401354333ed7e906aac2c71e46de3b58c4f8bcca6f67d4f5590d2e033d739a4972b76 |
/data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar
| MD5 | 7e36a7220c74bbf44c2fb3dc2e5735e1 |
| SHA1 | 9b867ca625cfcbea1ff5230602d2a974a382d951 |
| SHA256 | fe06a5d54bdb0dfe3755d037c7fac3f63d7cfbdf0faf5e527e75f30107aff593 |
| SHA512 | 80393119b1cc486d85232caa64e13b8236ec55d4850064fd0dbe151146e6dc5b5c19b36b7618165ff5560697494956881e359c125fbe84f1ee75cd2725455217 |
/data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar
| MD5 | 2e7b30b6ae0a4fb34cbb38bd55a17fca |
| SHA1 | 82e768f5e125cc7789dcb8402dadd5c6469c58df |
| SHA256 | dbf64eabd79c4688cb7a306f33c9e2e6710d37d5397505851f7c9ae75637817b |
| SHA512 | aca439acf8f4ffa4bad8931e2481115198d75b06035f9e3a13bc346334a7a8092101fbde441b36edcbf86551bd1a9dc52005d00a6dfc740d5733f8be3c158b0f |
/data/data/com.yangchehui360.user/files/stat_plugin.jar
| MD5 | 0e29fc65087a88f02b20d9404a60a8a7 |
| SHA1 | 8000633222db8f1b5c8797457e04f08fb3a0a518 |
| SHA256 | cba90de54e9cd76616d352449934128c1a862e9fa14a63bad4880cf3cb1bfccc |
| SHA512 | 7512bd83393be414d6c5ab41bab8fc8f6d31f60cefb3a3352bc7fc143dfd9775eae7c79238b2762b18a6d2582399b9464a4f0f5e11bdded78487dda923a9eee3 |
/data/user/0/com.yangchehui360.user/files/stat_plugin.jar
| MD5 | fbfd3d5c8dfdfb06f712bbc4db2645eb |
| SHA1 | 0bcaac6931feb1262c618c12040dd43ad13d0b61 |
| SHA256 | be9ad9cfad08657b6ebb1a4ed6ab1dc24d817cac644605bad6fa85b3ecbc8059 |
| SHA512 | 07401ec8e2024ffce0d8264e9ba6abd061c3c16f33acbb3836b9523e0969ff1fc48f8d84621fa7d2f50390d2cab730d2a3467e8e90f2f60dc929e63ee2af8537 |
/data/user/0/com.yangchehui360.user/files/stat_plugin.jar
| MD5 | 7486eeccead3c018ca4c6b726ec8cc8d |
| SHA1 | 8d4d804a2add0adbf7fe6a85aa72414a7cdcaca2 |
| SHA256 | f15d0d1efde75646c07b9356587dd22216199543fd2f990ad042f3596a6977c3 |
| SHA512 | 8a8cf20a4022bc4e5a7bc6f1ab69867aa6fa962e95c67c6cef99a881dd90839546f4e7f6dfe296e5dd777b5a433280391e98050b80e28ad615ef676f485b397d |
/data/data/com.yangchehui360.user/files/umeng_it.cache
| MD5 | 96f5d389ab762848f0300052e3e31e2d |
| SHA1 | 3b39f446ee4f5d0e5695bd1b4b5de3fb94c227ed |
| SHA256 | d4e420bcfbc2ce0cfe249ae7aff02f0b81efda6dce0f7809a98d5651945352e0 |
| SHA512 | cba8ca77c3e5897f2bd6e01d77b86407d5a92e00e5c9511ef0da4c196f0b395287c8a89750be23c59f6447c9c98cb44b21bde5efefb242553c7358c730a3b18e |
/data/data/com.yangchehui360.user/databases/com.ixintui.push.data-journal
| MD5 | 5e9dbe47b5656a3ccceff5e93b887c47 |
| SHA1 | 1361508cc9ad1fcc4b55929c6223135428ffc6db |
| SHA256 | b774a97f772f1bb5afa959fddc89dc1aece7692ae5a8f9592ae5da518da3336d |
| SHA512 | dbfaf023712a00b6af0ed8c061fc28b8ff0a88dbce74b7abce1dc6e20c8fec02c31509a01cb01a7b3d336ee1f341969822a0ad742eac141898296cc8ce858add |
/data/data/com.yangchehui360.user/databases/com.ixintui.push.data
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yangchehui360.user/databases/com.ixintui.push.data-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yangchehui360.user/databases/com.ixintui.push.data-wal
| MD5 | 9e64071e9c89fc4c03fdfa1239e934aa |
| SHA1 | d88321111bb19fac71c822a9b681a47103352a67 |
| SHA256 | eb87bed79b12100d177af52048a8b1eb97373fca971a61dc988e5674b4aaf9f8 |
| SHA512 | 3e408f18cd65c3e39092d053560fca50898a84d5159054b0fb56235b8827d2b7442aed1904eb2280cbbf91f3dc94f422b5c430ecd4b10f73ed2feeab0819e55f |
/storage/emulated/0/baidu/tempdata/ls.db-journal
| MD5 | efd33b8eeb54dee404d2a5209b0aef5c |
| SHA1 | 77bf516ed5f397638308b6ff33f4c26a9a766ce7 |
| SHA256 | 0c31fc4f4c6c20878a255beda401908c05db5ca26d4425a625222a3776ba40a9 |
| SHA512 | 1eed93f2436aec5e7e4e067ad70ea3a9ce28523ab289fbd73282e71f34804e6031b0749dd2560b3cf8b794a37f420ff9a83257783cbe93dd0a4f173c4ed30f3d |
/storage/emulated/0/baidu/tempdata/ls.db-wal
| MD5 | ee13fa0345b745c0ae996d2e2f8e7bab |
| SHA1 | cec170c834e2ec1827496848c13868cb67796f7a |
| SHA256 | fe70548f7c227200ee9b5e196572e2407ea27cd1becaf61362469bb6a3a78c69 |
| SHA512 | ebcb1236b06fa54e440045fb6d31ffc2345e4f50aa470a72c3352889aa6d3f37be00cef7f2222241c9923c94be3533253355d95f8e197c3455475506444d3256 |
/data/data/com.yangchehui360.user/databases/com.ixintui.stat.basic_db-journal
| MD5 | b554d3aa7b529ec9636189ed1d49d4fd |
| SHA1 | 236e4a87b2592a136780d432110e98139b49b927 |
| SHA256 | 023c3ad882d42f7472fa2f28deaf17ff23fe07dc2e9f52f60a16588d929a95fd |
| SHA512 | 4a80584be4b928e4e70051c8bec388c2e17faab6c2d3713b78225cb4084f634056a39ab8493e1d8740957fe15e0e5782991522c105735aef25ea45dc7167226f |
/data/data/com.yangchehui360.user/databases/com.ixintui.stat.basic_db-wal
| MD5 | 2cb1e004d4f0cfacf9e5b3018ea7a1b6 |
| SHA1 | 881814f157af29081599e6ecd727a14efcf943b6 |
| SHA256 | b110d5fdb4b123c9f9acaeedf0e8b2f82cee259467f927f823738e03ad880820 |
| SHA512 | ddd307a2e1920ac3a0b8f88144a3cba81c6ecd9909a9e7fcb5d33f3ed18abb4152a5fb1caa68815f59bb8786c0879c941ff0ee66934350feef97d2bef586e6b9 |
/data/data/com.yangchehui360.user/files/oat/ixintui_plugin.jar.cur.prof
| MD5 | 4ea93509a534580205da4bc7c41def3c |
| SHA1 | cf3dbd253569bfea2eb5722411f30c8e0a20bc3c |
| SHA256 | cf794b339f58506a79853b00cc3757b477941ff033cc68bda22dd43e66b73c01 |
| SHA512 | 942055dfe5c06d185ecc52a42cc52f9c11684911b109cce4e3d8b1d06efb4654ac6b33e70ef51604ab53e324070b1c329fa50d14c6d7557007477dbe2f59371e |
/data/data/com.yangchehui360.user/files/oat/stat_plugin.jar.cur.prof
| MD5 | 91f1dbe5d091a66d81428ac22a5cde67 |
| SHA1 | 042ea5c819cb5d273687d1b82ee564e17ee4683e |
| SHA256 | e4bb1b6a15dc8749b00dd30a819c04c0971ac86f1207aca9b9087db54af2249d |
| SHA512 | 89f77ac0ba3b3eef49fc9bbc440f7888a0038988b58d1952d9399a09f1e2ecc913fd3521caae132263bb92660839cc2210b3e625b6b169f08c5b3d1b884b320a |
/data/data/com.yangchehui360.user/files/mobclick_agent_sealed_com.yangchehui360.user
| MD5 | 74ffa9dbdb1639d8e2669f4775e2e3dc |
| SHA1 | 3e680d7c4d21ce54662037c282655555a6996faa |
| SHA256 | af1b44f8ac78f6c19928be06d7398af5ebd43ee8e4f4d30b0de2c5b972b5ef09 |
| SHA512 | e6ad5b48cd4f5f6e5a5374f638f69197b6cc9ed59c121e0f8b8cc4282bf59c51290710e560d85af1de2ce8110a0149f135a2188cbf5ecaefe87bd947ee661e76 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:57
Platform
android-x86-arm-20240514-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:57
Platform
android-x64-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |