6e8ffb457c755929741a683783401c1a57d1b67f7a53c94fb60cb1b4b85340b1

Analysis

max time kernel
174s
max time network
181s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65aa8c4e3e86038466da82c4ee61ef20_JaffaCakes118.apk
Size

18.8MB
MD5

65aa8c4e3e86038466da82c4ee61ef20
SHA1

06abfef7bfb587fc37a06b58a1fa8ab2448c0b6c
SHA256

6e8ffb457c755929741a683783401c1a57d1b67f7a53c94fb60cb1b4b85340b1
SHA512

ed27177f6f2dbcb94394c8b8f6c74c10049b5c973658c2cba3f96491488b156aee039e8be3ab609d8873d93c81376b2a42cb6cb982c151d8f62a74fda21f05ca
SSDEEP

393216:atozVQn2/7rbz2k+TLa1xPm/nVnMlA6SGbpK1eYG1NtW2vT:atq/32TLa1xPm/VMG3GNoepR7

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

/system/bin/sh -c type sucom.pinxiango.store

ioc process

/sbin/su /system/bin/sh -c type su
/system/app/Superuser.apk com.pinxiango.store
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.pinxiango.store

description ioc process

File opened for read /proc/meminfo com.pinxiango.store

ioc	process
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	com.pinxiango.store

description	ioc	process
File opened for read	/proc/meminfo	com.pinxiango.store

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.pinxiango.store/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pinxiango.store/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.pinxiango.store/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.pinxiango.store/mix.dex	4217	com.pinxiango.store
/data/data/com.pinxiango.store/mix.dex	4286	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pinxiango.store/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.pinxiango.store/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.pinxiango.store/mix.dex	4217	com.pinxiango.store

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.pinxiango.store

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.pinxiango.store
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.pinxiango.store

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.pinxiango.store

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pinxiango.store

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pinxiango.store

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.pinxiango.storecom.pinxiango.store:mult

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.pinxiango.store
Framework service call	android.app.IActivityManager.registerReceiver	com.pinxiango.store:mult

Acquires the wake lock 1 IoCs

Processes:

com.pinxiango.store

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.pinxiango.store
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.pinxiango.store

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pinxiango.store
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.pinxiango.store

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.pinxiango.store

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.pinxiango.store

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pinxiango.store

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.pinxiango.store

com.pinxiango.store
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4217

sh -c getprop ro.yunos.version
2⤵
PID:4261

getprop ro.yunos.version
2⤵
PID:4261

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pinxiango.store/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.pinxiango.store/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4286

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4449

logcat -d -v threadtime
2⤵
PID:4515

/system/bin/sh -c getprop ro.miui.ui.version.name
2⤵
PID:4537

getprop ro.miui.ui.version.name
2⤵
PID:4537

/system/bin/sh -c getprop ro.build.version.emui
2⤵
PID:4597

getprop ro.build.version.emui
2⤵
PID:4597

/system/bin/sh -c getprop ro.lenovo.series
2⤵
PID:4622

getprop ro.lenovo.series
2⤵
PID:4622

/system/bin/sh -c getprop ro.build.nubia.rom.name
2⤵
PID:4647

getprop ro.build.nubia.rom.name
2⤵
PID:4647

/system/bin/sh -c getprop ro.meizu.product.model
2⤵
PID:4672

getprop ro.meizu.product.model
2⤵
PID:4672

/system/bin/sh -c getprop ro.build.version.opporom
2⤵
PID:4699

getprop ro.build.version.opporom
2⤵
PID:4699

/system/bin/sh -c getprop ro.vivo.os.build.display.id
2⤵
PID:4724

getprop ro.vivo.os.build.display.id
2⤵
PID:4724

/system/bin/sh -c getprop ro.aa.romver
2⤵
PID:4751

getprop ro.aa.romver
2⤵
PID:4751

/system/bin/sh -c getprop ro.lewa.version
2⤵
PID:4775

getprop ro.lewa.version
2⤵
PID:4775

/system/bin/sh -c getprop ro.gn.gnromvernumber
2⤵
PID:4799

getprop ro.gn.gnromvernumber
2⤵
PID:4799

/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
2⤵
PID:4825

getprop ro.build.tyd.kbstyle_version
2⤵
PID:4825

/system/bin/sh -c getprop ro.build.fingerprint
2⤵
PID:4869

getprop ro.build.fingerprint
2⤵
PID:4869

/system/bin/sh -c getprop ro.build.rom.id
2⤵
PID:4897

getprop ro.build.rom.id
2⤵
PID:4897

com.pinxiango.store:mult
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4328

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pinxiango.store/cache/ACache/3053931

Filesize
6B

MD5
e94e8bd35fc8144f38fd1ebc1f81ab36

SHA1
99f1e46974c65e07664e0df1fd6267b3236789b2

SHA256
4906a49adc5c472b34483976104ec1d76992745367cc22d5fbc2a4db8e8e1ed7

SHA512
e5edfd704ad1861df7e2fcb6a3ac3f3e5a881d010418ce8bc34eb56a7942a7674eab6da3212309a297f908391a6cbef095d6c4b8b533906e62bfd98b03b190b7

Download Submit
/data/data/com.pinxiango.store/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.pinxiango.store/databases/bugly_db_legu-journal

Filesize
120KB

MD5
bc0f2f0884005c05ce9b5ec88babc886

SHA1
d001041a26db7479e220bb0614ad9fc0d4215723

SHA256
9308df6780897445896ea1e804cc534311f2c557a29ecaf0382216ebe169f5d7

SHA512
f4363edd342aec5953b60f933973fd57212011be1cb6a2bfc16df36937c1230233a291c52ba3a5d63b1445a24960f4cd156a079da23b130aff95747b506bbc73

Download Submit
/data/data/com.pinxiango.store/databases/bugly_db_legu-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.pinxiango.store/databases/bugly_db_legu-wal

Filesize
213KB

MD5
a978442c1a27a282da405a8998798104

SHA1
6bc580151e100757dfa8ad133f22429fb86dbc64

SHA256
26b5c61452416be3ff07d7ce34b9fb803ed636c9a82104b947a3ac27b049804b

SHA512
f8a52795a0dfc4604b4d42b743456cf53619949741cef63079d35ec56b3d8c3f4b2bb80aa769e203daf81ba31cfd99a1fbd67eb138bc135fbca0152318fe494e

Download Submit
/data/data/com.pinxiango.store/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
fe34a62f993e8be18dd4119ce9421876

SHA1
93b1bf6f4c5cf2864d844553a1b546c0180d90ab

SHA256
e6d2c7b7620f38f244661350d402e700d215b821e5e747390ab15c8f25f75f61

SHA512
9c84b89667d62c7cf0865801e1a87eee04f17987820e270c03adb387640f779ff63cd8962f857931565d415c91b0acc49c541643ba49ec1751425dfa2823b4dd

Download Submit
/data/data/com.pinxiango.store/databases/google_analytics_v4.db-wal

Filesize
52KB

MD5
fda7df7034d8d1371cdf5168f369fd1d

SHA1
11b21878e3f21a6915af1df2641c1b28254a92db

SHA256
acb4d00bf46aba1555c222968eb71167fa274b14b89f50eb3dcf5ab276fb2158

SHA512
4c2df03d32aca94bd98f8b553967cb98220801d508d7950ec72d4ba08b984f35ac34a141441b8d39d0496be1518b79e67cdfb79f97698f1440bc63b0075893aa

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ceef7fe171a73f638ff67384ce65204c

SHA1
3da721bec4cd789d623d4c3e82c03ad52ec26fc0

SHA256
f265903ad24f873e137c617b30b99c5c1ce040477ef378584219c024a407884a

SHA512
bcf02ddba1150341bcf2931a979758e692b8dedf84fb88738b60193130daceed588f52da419b675d574adb524a164b4a6e56ff5dc2a8984d5751a48dc21bb485

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d23d1dae4596ba9f00fe4052971b0d34

SHA1
45335ed2ee8561f31243cd2d764ab6a698337815

SHA256
75f97d92ef71b5af8f7799bb228ecafcb46f9e873e12cf5c3ca7eacfa3860209

SHA512
bb33d43b16a8f2d173ddd9e98d63187efa69766505ec7d721b94adfadab7b1c65c6b9037d18cf5f1876d476e9c3b7bb49c921506030352e4e6ab83b98eecc4e9

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db

Filesize
16KB

MD5
caab7eb18470504b8a6ff9821b7956e6

SHA1
48425abfedb12b87ec4be5095dc51c8425508336

SHA256
e2d9459819ed67c7aecac13efc258b3373068e6f9e7dcf3332bc7df41cb3baf6

SHA512
51cd8ec9a4b28d27ed5e50c172f42b70b831e399a6710420005075466c70a5d54050740090099eaa5f48bbedfe5b1bca862b87bef7d2d0d69385bad305fe3fca

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f564addbb290dcd0068c9ef2cfd3e986

SHA1
26f6d28390335e2c2b23cbbad55739013dd691e7

SHA256
f4a89322a91673195acb56930452ef0813676f309e781b57a915ed5a87ec58c1

SHA512
59b84120a167452514da5ee4440dcf71907d2ac39594ae2caaebc2e71489f133e799cf1adebaf665b9cfacf5b3763c974cc573634988beb5c970c5bdf866ba4d

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c34d851fae4f3eabfd3295c61f3633cc

SHA1
2bd0d609c8135c5f412a27b1ca0271bda5d3469d

SHA256
3b29a011dcf7322f5e5ee255f8093dd27c2aeda34cc5743da55103053bb40195

SHA512
ffed81daf04784d1e327d059bd8162761dfa091e047a972cb11058361be957b4aadc1c8b39efc3a0568aeaa0be650254136c577cbf2f11b9810df2970ebc0c5a

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
9753e4d2ce7d9e891d0d4ea8b10c1d39

SHA1
bdb1a2881e69b59458de37c73845647f2dca39c0

SHA256
3975c88e640e427f972bb3969dd2a703c0d6f808b6ca36eb5ea9859190205f37

SHA512
5753d5aeca8d175875fb97e2f25134ca421ff16bf606f6bf15333c9908bd70c81bb0896f768e71ac515ac735375f9d2e950847d4fc23fb4f59e16e71afb7ddf3

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a8bc073af56336fe966d2bd50f18a389

SHA1
6a56f9c5f31221a508c7edb58e873fb8c1316ec5

SHA256
f539920739fbaaf8de5e022d2de3be191807a77b6f3ec444b00b90b5f7f62fb0

SHA512
2c30bf526c0ddcc747f19e7b01043301e6f85c473e8e3dd128e02deadcdd696cee2781617125a991e0de19bfedaa9d39fa26b808e805f61a361d91ce3c601094

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b8173871f0a38b41e39ca1787b952b98

SHA1
b0c296d7583c442930c12f3631f855a938e06777

SHA256
52baf502a392e1a61f21ee711519943540f16d1fef5f420ae097aa18d146b27c

SHA512
2239940c3e294c10ddaa00ea38bbbd021e5dfe21b79667386daa7d3bfc13af70c8c4e7d5399a21e4efef5659833d58ac1753973924ce0a16d6376a4bda0c07b4

Download Submit
/data/data/com.pinxiango.store/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2552b17e15c5ebfbf07423ede695418d

SHA1
a6bcc8218cb40ef47840f7f27a9ce619f89eacb0

SHA256
b92c56c6478c69c5e338bab7c00acee619b1011ec73063d3cb560fa9ba5ccfce

SHA512
9a1c073839c1374e333cb83faae090723c0719d3e485567a7060448bd49a7d3c698daf2e0fb025fd437630393e90ed4c9ee32b82eaaadc723063cc4b57a8c6d9

Download Submit
/data/data/com.pinxiango.store/files/jpush_stat_cache.json

Filesize
149B

MD5
2c1a7478d50575a0207a6f251d1c71f9

SHA1
6b78e2d07c09a761b9a12ddf84a998d93ea7c8e9

SHA256
830e82579a43e9e19476a9b584806c63dfcc772aff13bc97c6da12374273152e

SHA512
5661cce5ff5502f7e592bc78a660de10f2faa954347641ac38165f222c758e46fb2a5694700c729e96a96c4472f5ce91535950e66ab661f764dc4f05f48c2a94

Download Submit
/data/data/com.pinxiango.store/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
13f85e43b17f69f73370a6d7e9304aa8

SHA1
d58cd51fa638c623a19aec00fc3db53ea2fa7293

SHA256
721b2d312b969fb36205b005b98b30803738342a2cb571d7011d012c5049deed

SHA512
810197f6279f671ba8a5ba7a321961ac3084009f1231c5b5750c728355e97f5b0756d5cd85ee34915140d87121288fff0340738758742b84715d20566e1e825c

Download Submit