Analysis
-
max time kernel
63s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 09:04
Static task
static1
Behavioral task
behavioral1
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
-
Size
2.5MB
-
MD5
66bcf8031d4a4c701cf83bd9dfb87a7c
-
SHA1
68224ed4acf9327a25e1f09e8612052be3bdead1
-
SHA256
5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373
-
SHA512
4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4
-
SSDEEP
49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042ioc process /system/app/Superuser.apk com.yxxinglin.xzid586042 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/cpuinfo com.yxxinglin.xzid586042 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/meminfo com.yxxinglin.xzid586042 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid586042 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid586042 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxxinglin.xzid586042 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid586042 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid586042 -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid586042
Processes
-
com.yxxinglin.xzid5860421⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4281 -
ls /sys/class/thermal2⤵PID:4316
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5NTIyFilesize
1KB
MD5a7ed8a18168d2321a8e069aab7af6efc
SHA10cdfd079a0d6075aefeda6edba90b90306330e90
SHA256e6b914d026b3af36ef8af044c5adab4cb14fe7b72f1edf4ac0a56826d300632a
SHA5120b93d83317e4e57a5bf3410bdbe2a707dc50db044fc0d99202447caddd8f378298111813b019bcb4d16348ccb206f90d0e2afed823e1701928faa643bab5b72f
-
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5NjcwFilesize
1KB
MD55bb3b0d894f7abfbd0ae75e2c2657a31
SHA12e58095e9fefd9004757cb3cfcd841817c1c7113
SHA256e72f560affcabc4492074ff14020c1983eb5c0dc8756248373fd52e6598ba6ef
SHA51253b4ee6f09a9e4776e2e99bbbd176a079a452aed8f455aa61055efea28c4496f023b207882d5bce5363c0f43d66a1e2dc736bc65be9a5e955728ebbb9ffc1e88
-
/data/data/com.yxxinglin.xzid586042/files/umeng_it.cacheFilesize
352B
MD5c2441657adbb3c68f481c4d4264e8a70
SHA11f12676004a99422536ffe1f3370eedf76043d65
SHA256e95529e080cbb5d5268e347d0e45374ce6e4ddc7535da17cbb1abf0979d9780c
SHA5127ed02b8eb915176a4a4c816c38a8f9a2dacf2962954ee2cba0b0d6348affa3edd0545d1505e4532cc715b42b494a24de5b1e7c5091b2cba3bec75f8d408d9e0e