03ab034a9af42d9674101800ec1cca343b6f72c4e3cd6fc4729a8dca111cef8b

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

690d92543c886a7fe6d6046554dd6021_JaffaCakes118.apk
Size

30.1MB
MD5

690d92543c886a7fe6d6046554dd6021
SHA1

e5785f4d77bdab2277a35934c5396b3ddfc0bc82
SHA256

03ab034a9af42d9674101800ec1cca343b6f72c4e3cd6fc4729a8dca111cef8b
SHA512

0c822112ee2e2b05d52a3b47e19a2452c3c1271ea128a356fbca19019f0adb32bc2cf0be23d9ffa084481237aac678af145e224c54da7a4aed8d35194e1ff138
SSDEEP

786432:wUoQPCduLsE7BIC7qzo0ZP3DSlOoFUcyMPFLs1f0d8:/LCGsaCC7qzouP3GjFUMP61X

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.yxxinglin.xzid640660

ioc process

/system/bin/su com.yxxinglin.xzid640660
/system/xbin/su com.yxxinglin.xzid640660
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid640660

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid640660
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid640660

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid640660

ioc	process
/system/bin/su	com.yxxinglin.xzid640660
/system/xbin/su	com.yxxinglin.xzid640660

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid640660

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid640660

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid640660com.yxxinglin.xzid640660:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid640660
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid640660:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid640660

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid640660

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid640660

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid640660com.yxxinglin.xzid640660:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid640660
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid640660:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid640660com.yxxinglin.xzid640660:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid640660
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid640660:channel

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid640660:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid640660:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid640660

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid640660

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid640660:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid640660

com.yxxinglin.xzid640660
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4310

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4405

com.yxxinglin.xzid640660:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4513

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid640660/app_crashrecord/1004
Filesize
242B

MD5
753b94143a76e3d49f55b18f7ab09523

SHA1
72da95dbbd31007e3ae86247632541862a4ddece

SHA256
0783c5bd2e8eb87c7411d154c68dc62b8af57a4354d937e7fce281f8e7224fcb

SHA512
a2433884171bd09655b2fe319ec43da277ce8686999f61c585e1c7f51c9af22cd14eda3ca2729723e0a88e294cbb4b2cde59fac737609dcec84ca40b2af68bd0

Download Submit
/data/data/com.yxxinglin.xzid640660/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MessageStore.db-journal
Filesize
512B

MD5
9b91e78e2d76f6ad9abf28f2189b3dc5

SHA1
55f56f6abf202af2508c428b48ffc2bc8e91be9a

SHA256
863a4f7c33fcd5cc371a90949e5d10a02861bf6f67df2d45e15b01ab4ee9e997

SHA512
96e9eef9b1c03fb10abe0e58924bfe620b6fe85895cdc58ca046a83df49fdaae2996f7930d618e14392a51ba69e1f6adf950a1b348240f523bb3d2a3b5958d4d

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MessageStore.db-shm
Filesize
32KB

MD5
25c5edbe3c7c6c3ee64a3bc52122d4ef

SHA1
2a17a4725b9adc6d4fa9bd1f57d6d66339005c8e

SHA256
24c78baac21eec643c1e7df5a16f024c9c18b97495eeff7d2a931df46e97ecbd

SHA512
e617a5a5a2a2f53876ef5eb3da80bc7568bd24aa3c621ca530dc8af7b8050a31ec7a16e2c69a6d65f103a97db2682e3fdb40cc3cd615489fa36c147106de6433

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MessageStore.db-wal
Filesize
48KB

MD5
ec45139ef239f9690769a6dbd048136b

SHA1
a896cbad34f24ae9daa954c2819da9544ccc5085

SHA256
02785c53b8f9ff6a3f1c8e659ee2c6a08d17122a71e27a027d17ce907c7b0ad5

SHA512
232c4e3e8a8807b7e6a29de653b2e6d2da2ebc5b9b72373d2a69c5f901160644ffb4488e467d837c77611e5d4a9a09ad607053227096d00fcf45ba73888300b6

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MsgLogStore.db
Filesize
4KB

MD5
30065ab9c1e40f9fdadb3b6285dcbbe3

SHA1
4d91b84f538121c3af5357251ec64c55b797257a

SHA256
2c6788541e4bd3c9e907976f7b32a82141fae980b1d1499b0da7a779359265e4

SHA512
0546ea4d03b8488f8cba8d4ef817d2d8faff235b1de7af0969949b944de64da3c9c73bed5bb98d59471240eef93b7c6b0f5b61a87b29ba139fd0ccae44e99f44

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MsgLogStore.db-journal
Filesize
512B

MD5
055e56b3a909c855cae1cbee5a46bcde

SHA1
83a19371680e60099a7d01053e45569ee6cfbd4f

SHA256
7dab83a6332c1961ef142b3e5508c36e0fde4f1540fbef6bc424f6e50e260cdc

SHA512
b65b379f108d22c8a21318aa427084256c05d06bc5629714429a8f6df740c4e4ca65dcc3102601fee4adf049caedde5dc2cbe6b766be5de50b80644086d43f11

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
f9b4ff7574d46d72c8a0b8a42ac69634

SHA1
c3b240d328fc8f5d6e351e948476d81a14926414

SHA256
574803406dca2431a9fafffcedfa94e9822faa96f84557eeffb640735c62348d

SHA512
0e987286da04b1a17dbfc0c60076f4c1703775772e301ef7278ef3f4eac7d0eb6b7ab08b13739d717c7fd5e50ecd28e8fc88d6a7ca26ba37a5ddb4479006a5c7

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
1ce98830b69ef7fb994a74061f5081e7

SHA1
d84d520d0033c36048274a312b4c3b786d918a74

SHA256
191a3973b984e37cd69f614923425bad559dab13f89cf39905bcfc081794bdef

SHA512
2b1202d5863fa8ce2e02b125b80fc71f859ab43852cb8f9255b4059cfad8c868b3b42ac1cecbf093bb390b0083677df2abbd6879bafb461caaf69b75fb438e79

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/accs.db-journal
Filesize
512B

MD5
536fee764b17b3e7a714d731ee2680cb

SHA1
54ddfcf35c222f842c276b2ebc84432e53b20361

SHA256
e74034634ae65095ea085412d846efc1b0116a093ca3a27ce82d27f244c2171b

SHA512
a548b59aeb515c25af335d7ed9c962a385f4774db97ca04755c01b5e0b0e2920084114460becb45d452aec3502c8902fe3a7c9cb59b0a534295199b14ea36508

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/accs.db-wal
Filesize
48KB

MD5
3016985bf76c332ca858624c324a9845

SHA1
173a98309ac7c93c442c17c03db573d69b0c2304

SHA256
96d101a2166cccff0818e2f15506ed00995a3e924593a6f8da138a81382686a7

SHA512
7bc7771a4fb136446d1505e33c1babc91189df58118723d9c2a4ba28a0bf9cc029ed81c76e255d0a14fdf8600dfe74d53f29a14cc42f6bd16ae6d114d234c46c

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/bugly_db_-journal
Filesize
512B

MD5
3f3f2bbe0252eb8abd9d9ca7bdad8b51

SHA1
788c674c98588908a08ee753ba3a7170f0e97a17

SHA256
7c94d09e4fb9c6677aab32f4d45be820442595a98f4817089ce28cb7d4634e32

SHA512
e3d72fe784f5d94dc04b0ccd1118b3dcf6ae63d8dca0b50e5b43da87ed83df09ad76c3271746a8e6a6bef05c765e228cc0c8e7e778bb29fa770aabc9c1f1d0fb

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/bugly_db_-wal
Filesize
68KB

MD5
a2eb368a1a01b577327104fb339b7350

SHA1
900be50a274bd7049fd2b9f8448143b5563b26c5

SHA256
a209b0b4d52ef6877e3789c09ce15e6e3b2c0f465228a7a489375f2547e95210

SHA512
0b9430584a975da5f01747a8bc09061033f7a7cdecb5c55ff1848e4c42c0d0840deadde2b91f077797d70cff1370796d9021dc452e750018b0f90c48f017f059

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/tencent_analysis.db-journal
Filesize
512B

MD5
ae721180727e137d0bd31c7d8e0f2faf

SHA1
ad72380761395010b56ee3044353b71d57535500

SHA256
208671bdf4c80ba3267444b22c89ba411a1ee0d63352631f76e202dcdce017a5

SHA512
5e1f3ef212b2e7edd435e9241d3d15b0fbafb7bd333d0b9b505d5895154abca480d35177e3da5af403d8d62702d730ffd874174a8418667b4c4f67c4a604e43e

Download Submit
/data/data/com.yxxinglin.xzid640660/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
af377a99245b43a97ad0d7e29581b1c5

SHA1
4f888c03430b6d35491d3937bec9a7daa4d3d09d

SHA256
d676949b85ff5bddef4f1dd9ba4409069a46e2a672fc005a365a267623976810

SHA512
090a786d048caade29cbeb10ba1793af67f3d1e9cd8cadc911d587b75e0e2bae059d328e2462cbc87fe70f73e4c803b7f94961e91b7914514a43d08cb89f10be

Download Submit
/data/data/com.yxxinglin.xzid640660/files/cclogs/2024-05-22 235055.log
Filesize
1KB

MD5
c5bfdcef9c24661ef5b2251d376d1938

SHA1
c49dc01ad3e2a1e91cf38607a7c6392a505ca5e2

SHA256
b743b8cd2cedac6b22c0053ba3b5bc356262f4af182291b3f8d1ded1a4a86f2b

SHA512
44e6e95a901a6be4589fd34765e16415b2b0ad1d83547a5a4e9a08d1564e3d5ae49ea224b6dbc5dca4705aeb65254ce541129842b9b9106e4129f3fce90acc9a

Download Submit
/data/data/com.yxxinglin.xzid640660/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
25df4456bc07301464f7c571a83ff10c

SHA1
ff49f0f23cd71e75f1ed2a1e8db05776126b532c

SHA256
a5a1c086e8f602051e10ac68b572bd947afd13cc8245feee0023c0e9c3dd2cda

SHA512
662f7534d5c47445e3ffe353e0597c17aba24664b013d6eac5645268d3449de9e3a9e0828090a3d7c58b55e8ccc2dd67b0e89029d962c7c859719c1375aba3d2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
c1d9ff17a4a94d79a348ac298ca31835

SHA1
9cf5713f02b55af7b271b029b814f48b110a7f3d

SHA256
cc13cd797ed69957597d758d99fc14eafa395d0d9d448bc13cbadecb36236e2f

SHA512
9482e2623bae4843b4b1c88972974882bff3446664d70738038c554a303bb57a67f923ff172e60f519b803e96ef70bf7b6068089a5a02a99aad071c533e6fe1a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
2b89399d61c00e2aa7dc900059c30a43

SHA1
6952605410a769bfa7bb1e07034b1765eda379bf

SHA256
f79c4b46f851a566aedae0c730cb87abb5667e0d0c525b5e62b6669b55754454

SHA512
426185979b6b2127ead5ea0d582e20ba10e54cc0b6d13083d011e66bd6d74e76d4df9b37b29ef45b77b1ba5262d1f98aadedd76380cd0bafa861491218ab1f6e

Download Submit